Prosím kontrolu Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Uživatelský avatar
Scanner
Level 3.5
Level 3.5
Příspěvky: 771
Registrován: srpen 11
Bydliště: Střední čechy
Pohlaví: Muž
Stav:
Offline
Kontakt:

Prosím kontrolu

Příspěvekod Scanner » 15 úno 2021 00:07

Spuštění trvá daleko déle než je obvyklé, po startu mi vyskočí černá tabulka check update, která po pár vteřinách zmizí a zapne se Chrome s odkazem na http://aporasal.net/ který po mě furt žádá nějaký povolení a když to všechno zamítnu a počkám, hází mě to na server s World of Warcraft. Po spuštění jsem kontroloval, nic takovýho tam nemám a ani nikde ve Chromu, se tahle adresa nezobrazuje, jen se to všechno spouští přímo při startu a pak už je klid. Díky za kontrolu.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:55:17, on 14.02.2021
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.19041.0001)
Boot mode: Normal

Running processes:
C:\Users\User\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O1 - Hosts: ::1 localhost
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O4 - HKCU\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "D:\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - Global Startup: update.bat
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Inc. - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: AtherosSvc - Unknown owner - C:\WINDOWS\System32\drivers\AdminService.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Tools (avast! Tools) - AVAST Software - C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
O23 - Service: AvastWscReporter - AVAST Software - C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_4f377 - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: @C:\WINDOWS\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\WINDOWS\system32\CxAudMsg64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - D:\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Freemake Improver - Freemake - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
O23 - Service: GDCAgent - Lenovo - C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.150\elevation_service.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Print Scan Doctor Service (HPPrintScanDoctorService) - HP Inc. - C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\WINDOWS\system32\HPSIsvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - D:\mbam\MBAMService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: RogueKiller RTP (rkrtservice) - Unknown owner - C:\Program Files\RogueKiller\RogueKillerSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\WINDOWS\system32\SAsrv.exe
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: Conexant UIU Service (UIUService) - Conexant Systems, Inc. - C:\WINDOWS\system32\UIUSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10505 bytes
Přílohy
as.jpg
When You smoke herb it reveals you to yourself. All the wickedness you do is revealed by the herb - it's you conscience and gives you an honest picture of yourself.
---------- Robert Nesta Marley ----------

Reklama
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím kontrolu

Příspěvekod jaro3 » 15 úno 2021 16:31

Stáhni si ATF Cleaner
https://www.majorgeeks.com/mg/getmirror ... ner,2.html
Poklepej na ATF Cleaner.exe, klikni na select all, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
http://www.geekstogo.com/forum/files/fi ... -oldtimer/
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/
http://www.adlice.com/downloadprogress/
pro majitele win7 stáhni zde:
https://filehippo.com/download_adwcleaner/ ( nedávej aktualizaci!)

Ulož si ho na svojí plochu . Klikni na „Souhlasím“ k povrzení podmínek.
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Skenování“
Po skenu se objeví log , který se otevře. ( jinak je uložen systémovem disku jako C:\AdwCleaner [C?].txt ), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
https://www.malwarebytes.com/mwb-download/thankyou/

na plochu , nainstaluj a spusť ho
-Pokud není program aktuální , klikni na možnost „Aktualizovat nyní“ či „Opravit nyní“.
- bude nalezena aktualizace a nainstaluje se.
- poté klikni na Spustit skenování
- po proběhnutí skenu se ti objeví hláška vpravo dole, tak klikni na Zobrazit zprávu a vyber Export a vyber Kopírovat do schránky a vlož sem celý log. Nebo klikni na „Textový soubor ( .txt)“ a log si ulož.
-jinak se log nachází v programu po kliknutí na „Zprávy“ , nebo je uložen zde: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs

- po té klikni na tlačítko Dokončit, a program zavři křížkem vpravo nahoře.
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
Scanner
Level 3.5
Level 3.5
Příspěvky: 771
Registrován: srpen 11
Bydliště: Střední čechy
Pohlaví: Muž
Stav:
Offline
Kontakt:

Re: Prosím kontrolu

Příspěvekod Scanner » 16 úno 2021 12:31

ATF, TFC, MBAM, JRT, RogueKiller, Sophos Virus Removal Tool a Zemana AntiMalware mi tady zůstalo od předchozího čištění.
Všechno jsem dělal (aby jsem nemusel hned psát) ale bez nálezů. Kromě teda JRT a dvoum klíčům v registrech. Posílám log.


Malwarebytes
http://www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 16.02.21
Čas skenování: 12:07
Logovací soubor: 17f8d250-7047-11eb-8b02-000000000000.json

-Informace o softwaru-
Verze: 4.3.0.98
Verze komponentů: 1.0.1130
Aktualizovat verzi balíku komponent: 1.0.37193
Licence: Bezplatná

-Systémová informace-
OS: Windows 10 (Build 19041.804)
CPU: x64
Systém souborů: NTFS
Uživatel: SIMONA-NOTEBOOK\Simona

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 279156
Zjištěné hrozby: 0
Hrozby umístěné do karantény: 0
Uplynulý čas: 18 min, 30 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Povoleno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

WMI: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)
Naposledy upravil(a) Scanner dne 16 úno 2021 12:32, celkem upraveno 1 x.
When You smoke herb it reveals you to yourself. All the wickedness you do is revealed by the herb - it's you conscience and gives you an honest picture of yourself.
---------- Robert Nesta Marley ----------

Uživatelský avatar
Scanner
Level 3.5
Level 3.5
Příspěvky: 771
Registrován: srpen 11
Bydliště: Střední čechy
Pohlaví: Muž
Stav:
Offline
Kontakt:

Re: Prosím kontrolu

Příspěvekod Scanner » 16 úno 2021 12:32

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by Simona (Administrator) on 14.02.2021 at 20:43:57,32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 2

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.02.2021 at 20:50:27,91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
When You smoke herb it reveals you to yourself. All the wickedness you do is revealed by the herb - it's you conscience and gives you an honest picture of yourself.
---------- Robert Nesta Marley ----------

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím kontrolu

Příspěvekod jaro3 » 16 úno 2021 18:10

Vypni antivir i firewall, RogueKiller, Malwarebytes Antimalware
Stáhni Zoek.exe
http://download.bleepingcomputer.com/smeenk/zoek.exe
https://uloz.to/file/nFH1LwSrGioP/zoek1-rar

Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
-pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log Zkopíruj sem celý obsah toho logu.
Pokud budou problémy , spusť zoek v nouz. režimu.

Vlož nový log z HJT

Vypni antivir i firewall.
Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
další odkaz:
http://www.bleepingcomputer.com/downloa ... scan-tool/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.

ten Wow nainstalován máš?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
Scanner
Level 3.5
Level 3.5
Příspěvky: 771
Registrován: srpen 11
Bydliště: Střední čechy
Pohlaví: Muž
Stav:
Offline
Kontakt:

Re: Prosím kontrolu

Příspěvekod Scanner » 16 úno 2021 21:26

WOW nainstalované nemám, nikdy jsem tu hru nehrál. Tam jde o náhodný spamy, protože potom co mi zoek restartoval počítač, zaplo se to znova ale přesměrovalo mě to na stránky s automatama a kasínem.

Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version)
Tool run by Simona on 16.02.2021 at 20:09:30,47.
Microsoft Windows 10 Home 10.0.19042 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\User\Desktop\zoek (1).exe [Scan all users] [Script inserted]

==== System Restore Info ======================

16.02.2021 20:14:06 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\PROGRA~3\ssh deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\WINDOWS\SysNative\config\systemprofile\AppData\Roaming\ETDCoInstaller.log deleted
C:\Users\User\AppData\Local\cache deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tpm-23a0-7cc-14faee.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-10b0-8a8-5708049.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-10b0-8a8-570876f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-10b0-8a8-57092ea.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-10b0-8a8-570934a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-10b0-8a8-5709688.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-10b0-8a8-57096c9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-10b0-8a8-57099f7.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-10b0-8a8-5709b32.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-10b0-8a8-570a2f4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-10b0-8a8-570a373.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-10b0-8a8-570a51b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-10b0-8a8-570a5d8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-10b0-8a8-570aa30.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-10b0-8a8-570ac84.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-10b0-8a8-570af35.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-10b0-8a8-570b13b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-10b0-8a8-570b8fd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-10b0-8a8-570ba38.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-10b0-8a8-570bf4a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-10b0-8a8-570bfba.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-10b0-8a8-570c411.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-10b0-8a8-570c471.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-10b0-8a8-570c5da.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-10b0-8a8-570c734.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-156c-17e8-def21.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-156c-17e8-def33.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-156c-17e8-def44.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-156c-17e8-def56.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-156c-17e8-def67.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-156c-17e8-defa8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-156c-17e8-defc9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-156c-17e8-defea.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-156c-17e8-df00c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-156c-17e8-df01d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-156c-17e8-df03f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-156c-17e8-df060.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-156c-17e8-df081.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-156c-17e8-df0a2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-156c-17e8-df0b4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-156c-17e8-df0c6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-156c-17e8-df0d7.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-156c-17e8-df127.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-156c-17e8-df139.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-159c-390-124b7274.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-159c-390-124b72a5.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-159c-390-124b72c6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-159c-390-124b72d8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-159c-390-124b7318.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-159c-390-124b7443.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-159c-390-124b7493.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-159c-390-124b74e3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-159c-390-124b7505.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-159c-390-124b7536.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-159c-390-124b7557.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-159c-390-124b7568.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-159c-390-124b7599.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-159c-390-124b75ab.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-159c-390-124b75bd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-159c-390-124b75de.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-159c-390-124b75ef.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-159c-390-124b7630.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-159c-390-124b7651.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1710-142c-51d541a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1710-142c-51d5c59.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1710-142c-51d5db3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1710-142c-51d5f1c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1710-142c-51d6057.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1710-142c-51d62e9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1710-142c-51d6443.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1710-142c-51d659c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1710-142c-51d66c7.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1710-142c-51d67f2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1710-142c-51d699a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1710-142c-51d6cd8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1710-142c-51d6e13.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1710-142c-51d6f6c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1710-142c-51d7097.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1710-142c-51d7230.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1710-142c-51d7639.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1710-142c-51d78bb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1710-142c-51d7a63.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1a78-d4c-51898ad.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1a78-d4c-51898fd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1a78-d4c-518994d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1a78-d4c-518996e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1a78-d4c-51899af.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1a78-d4c-51899ef.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1a78-d4c-5189a30.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1a78-d4c-5189a70.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1a78-d4c-5189aa1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1a78-d4c-5189ac2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1a78-d4c-5189b12.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1a78-d4c-5189b53.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1a78-d4c-5189b84.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1a78-d4c-5189c03.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1a78-d4c-5189c91.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1a78-d4c-5189d30.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1a78-d4c-5189d70.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1a78-d4c-5189dd0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1a78-d4c-5189e20.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-11e397.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-11e5bb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-11eb7a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-11ef26.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-11f5bf.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-11f6ea.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-120091.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-120100.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-120807.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-120876.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-120abb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-120b68.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-1214b1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-121502.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-12167b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-1216da.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-121873.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-1218a3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-1219ce.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-121ada.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-121bc6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-121c16.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-121ce4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-121d82.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-121ead.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-121f0c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-1221dd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-12224d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-122491.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-122696.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-1228da.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-12290b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-122a94.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-122ac5.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-122c0f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-122c30.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-122fcc.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-1230c8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-1230f9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-12338b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-1233eb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-123ac3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-124005.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-124268.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-124642.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-1247db.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-124b67.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-124ba7.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-125185.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-1251b6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-1252a3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-12538f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-1255c4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-125643.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-12571f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-12582b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1d54-169c-125956.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2054-1cf8-c1fc0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2054-1cf8-c1fd2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2054-1cf8-c1fe3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2054-1cf8-c1ff5.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2054-1cf8-c2006.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2054-1cf8-c20b4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2054-1cf8-c20e5.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2054-1cf8-c2106.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2054-1cf8-c2185.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2054-1cf8-c21d6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2054-1cf8-c2206.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2054-1cf8-c2218.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2054-1cf8-c222a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2054-1cf8-c223b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2054-1cf8-c224d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2054-1cf8-c225f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2054-1cf8-c2261.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2054-1cf8-c22e0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2054-1cf8-c2301.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2060-c18-411454.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2060-c18-41157f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2060-c18-4115b0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2060-c18-4115d1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2060-c18-41175a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2060-c18-41179a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2060-c18-4117bc.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2060-c18-4117cd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2060-c18-41185c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2060-c18-4118fa.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2060-c18-4119e7.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2060-c18-411b60.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2060-c18-411df2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2060-c18-411e52.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2060-c18-411ff9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2060-c18-412163.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2060-c18-4122fb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2060-c18-41255e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2060-c18-412e88.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23a0-7cc-14ec33.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23a0-7cc-14ec64.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23a0-7cc-14eca4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23a0-7cc-14ecb6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23a0-7cc-14ed25.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23a0-7cc-14ed47.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23a0-7cc-14ed97.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23a0-7cc-14edb8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23a0-7cc-14ee08.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23a0-7cc-14ee49.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23a0-7cc-14ee99.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23a0-7cc-14eeca.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23a0-7cc-14efc6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23a0-7cc-14efd7.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23a0-7cc-14f056.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23a0-7cc-14f087.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23a0-7cc-14f0d7.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23a0-7cc-14f0f9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23a0-7cc-14f149.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23a0-7cc-14f1a8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23a0-7cc-14f1f9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23a0-7cc-14f239.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23a0-7cc-14f2a8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23a0-7cc-14f2d9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23a0-7cc-14f349.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23a0-7cc-14f35a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23a0-7cc-14f3aa.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23a0-7cc-14f3bc.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23a0-7cc-14f3ed.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23a0-7cc-14f3ff.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23a0-7cc-14f45e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23a0-7cc-14f470.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23a0-7cc-14f5ca.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23a0-7cc-14f61a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23a0-7cc-14f699.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23a0-7cc-14f6ca.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23a0-7cc-14f97b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23a0-7cc-14f9db.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23a0-7cc-14fa3b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23a0-7cc-14fa8b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23a0-7cc-14fabc.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23a0-7cc-14fadd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2560-210c-6dfe12.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2560-210c-6e00e3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2560-210c-6e08f3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2560-210c-6e1077.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2560-210c-6e1646.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2560-210c-6e1771.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2560-210c-6e1d8d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2560-210c-6e2b99.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2560-210c-6e2f64.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2560-210c-6e331f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2560-210c-6e35c1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2560-210c-6e3d06.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2560-210c-6e5061.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2560-210c-6e519c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2560-210c-6e55e3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2560-210c-6e57aa.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2560-210c-6e5ae9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2560-210c-6e5f30.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2560-210c-6e6230.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2864-2c0c-3857e47.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2864-2c0c-3857e59.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2864-2c0c-3857f26.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2864-2c0c-3857f57.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2864-2c0c-3857f97.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2864-2c0c-3857fb8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2864-2c0c-3857fda.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2864-2c0c-3857ffb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2864-2c0c-385801c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2864-2c0c-385803d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2864-2c0c-385807e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2864-2c0c-38580de.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2864-2c0c-385811e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2864-2c0c-38581cc.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2864-2c0c-38583b2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2864-2c0c-3858441.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2864-2c0c-385858b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2864-2c0c-38585bc.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2864-2c0c-38585ed.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-288c-2878-171635.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-288c-2878-1717ed.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-288c-2878-171937.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-288c-2878-171996.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-288c-2878-1719f6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-288c-2878-171a37.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-288c-2878-171a87.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-288c-2878-171ae7.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-288c-2878-171b46.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-288c-2878-171b87.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-288c-2878-171bd7.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-288c-2878-171c27.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-288c-2878-171c77.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-288c-2878-171ce7.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-288c-2878-171d56.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-288c-2878-171db6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-288c-2878-171e25.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-288c-2878-171eb4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-288c-2878-171fbf.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-518-51c-19af10.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-518-51c-19af22.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-518-51c-19af33.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-518-51c-19af55.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-518-51c-19af66.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-518-51c-19af78.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-518-51c-19af8a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-518-51c-19af9b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-518-51c-19afad.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-518-51c-19afbe.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-518-51c-19afef.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-518-51c-19b001.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-518-51c-19b013.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-518-51c-19b024.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-518-51c-19b036.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-518-51c-19b057.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-518-51c-19b069.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-518-51c-19b07a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-518-51c-19b08c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5b4-530-18bdbb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5b4-530-18be69.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5b4-530-18be7a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5b4-530-18beab.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5b4-530-18bedc.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5b4-530-18befd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5b4-530-18bf9c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5b4-530-18bffb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5b4-530-18c03c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5b4-530-18c09c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5b4-530-18c0cd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5b4-530-18c12c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5b4-530-18c16d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5b4-530-18c1bd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5b4-530-18c1de.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5b4-530-18c21f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5b4-530-18c26f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5b4-530-18c2ee.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5b4-530-18c39c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-648-f2c-13ee1a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-648-f2c-13ee2c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-648-f2c-13ee4d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-648-f2c-13ee7e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-648-f2c-13eeaf.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-648-f2c-13eee0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-648-f2c-13ef01.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-648-f2c-13ef32.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-648-f2c-13ef53.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-648-f2c-13f214.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-648-f2c-13f245.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-648-f2c-13f257.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-648-f2c-13f304.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-648-f2c-13f326.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-648-f2c-13f337.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-648-f2c-13f349.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-648-f2c-13f35b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-648-f2c-13f37c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-648-f2c-13f3bc.tmp deleted
"C:\DumpStack.log.tmp" not deleted

==== Orphaned Tasks deleted from Registry ======================

Format FactoryLaunchAfterInstallation deleted

==== Chromium Look ======================

Google Chrome Version: 88.0.4324.150


Bob Marley Tribute - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahanpmgekmileoidjopjeghlchcigafk
Chrome Media Router - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{BD73967D-B1CD-4E24-A898-6A25B7119A4C}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{BD73967D-B1CD-4E24-A898-6A25B7119A4C} - http://www.bing.com/search?q={searchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{BD73967D-B1CD-4E24-A898-6A25B7119A4C}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{BD73967D-B1CD-4E24-A898-6A25B7119A4C} - http://www.bing.com/search?q={searchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE
HKCU\SearchScopes "DefaultScope"="{BD73967D-B1CD-4E24-A898-6A25B7119A4C}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
HKCU\SearchScopes\{BD73967D-B1CD-4E24-A898-6A25B7119A4C} - http://www.bing.com/search?q={searchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE

==== Reset Google Chrome ======================

C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Preferences was reset successfully
C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences was reset successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Web Data was reset successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Edge Cache ======================

Edge Cache Emptied Successfully

==== Empty Chrome Cache ======================

C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Guest Profile\Cache emptied successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile\Cache emptied successfully
C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=10 folders=353 135921 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\User\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\User\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\DumpStack.log.tmp" not deleted

==== EOF on 16.02.2021 at 21:17:57,75 ======================
When You smoke herb it reveals you to yourself. All the wickedness you do is revealed by the herb - it's you conscience and gives you an honest picture of yourself.
---------- Robert Nesta Marley ----------

Uživatelský avatar
Scanner
Level 3.5
Level 3.5
Příspěvky: 771
Registrován: srpen 11
Bydliště: Střední čechy
Pohlaví: Muž
Stav:
Offline
Kontakt:

Re: Prosím kontrolu

Příspěvekod Scanner » 16 úno 2021 21:32

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:30:00, on 16.02.2021
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.19041.0001)
Boot mode: Normal

Running processes:
C:\Users\User\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O1 - Hosts: ::1 localhost
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O4 - HKCU\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "D:\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - Global Startup: update.bat
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Inc. - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: AtherosSvc - Unknown owner - C:\WINDOWS\System32\drivers\AdminService.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Tools (avast! Tools) - AVAST Software - C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
O23 - Service: AvastWscReporter - AVAST Software - C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_7fa94 - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: @C:\WINDOWS\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\WINDOWS\system32\CxAudMsg64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - D:\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Freemake Improver - Freemake - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
O23 - Service: GDCAgent - Lenovo - C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.150\elevation_service.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Print Scan Doctor Service (HPPrintScanDoctorService) - HP Inc. - C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\WINDOWS\system32\HPSIsvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - D:\mbam\MBAMService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: RogueKiller RTP (rkrtservice) - Unknown owner - C:\Program Files\RogueKiller\RogueKillerSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\WINDOWS\system32\SAsrv.exe
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: Conexant UIU Service (UIUService) - Conexant Systems, Inc. - C:\WINDOWS\system32\UIUSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10505 bytes
When You smoke herb it reveals you to yourself. All the wickedness you do is revealed by the herb - it's you conscience and gives you an honest picture of yourself.
---------- Robert Nesta Marley ----------

Uživatelský avatar
Scanner
Level 3.5
Level 3.5
Příspěvky: 771
Registrován: srpen 11
Bydliště: Střední čechy
Pohlaví: Muž
Stav:
Offline
Kontakt:

Re: Prosím kontrolu

Příspěvekod Scanner » 16 úno 2021 21:46

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-02-2021
Ran by Simona (16-02-2021 21:42:05)
Running from C:\Users\User\Desktop
Windows 10 Home Version 20H2 19042.804 (X64) (2020-12-27 20:00:45)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1815535875-2732539743-2502002951-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1815535875-2732539743-2502002951-503 - Limited - Disabled)
Guest (S-1-5-21-1815535875-2732539743-2502002951-501 - Limited - Disabled)
Simona (S-1-5-21-1815535875-2732539743-2502002951-1002 - Administrator - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-1815535875-2732539743-2502002951-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.001.20138 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.)
Any Video Converter Professional 7.0.9 (HKLM-x32\...\Any Video Converter Professional_is1) (Version: - Any-Video-Converter.com)
Audio Record Wizard (HKLM-x32\...\Audio Record Wizard) (Version: 7.21 - NowSmart)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 20.10.2442 - Avast Software)
Catalyst Control Center Next Localization BR (HKLM\...\{DB929D3C-5DF3-95A0-456F-403306EE69B6}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{EE08C0D5-792F-B256-A499-ECEC56915562}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{37F9C96B-294A-D6A7-183D-930C8A2F5D68}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{DAC91F38-7D04-90FC-19CB-AC1C608012ED}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{40E57BA2-6029-7A5D-A2BE-7D47039159D0}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{7A54ECFD-70B7-08DF-D581-8CD04B4CDA09}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{C0F8A189-4C96-0179-ACEE-A98F618FD472}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{60694907-C4DE-A4AE-8DD0-E2E50E3A9C14}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{592C6F67-5D6B-8E34-90B9-2E9D44FC537B}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{5F16D84E-851C-29BB-3CBE-A480DBAE3A09}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{13D096A7-D644-944F-F99D-82A17015AAE0}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{06B55CAD-9FF0-EE80-954C-32FA86AED3BF}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{3B613BFA-C0AC-5FBF-29B1-3C362DFE417B}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{E3364BA9-283A-2B4C-2DED-90C284A54B8D}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{6E30A3B3-5427-9D91-5878-BD61820C5671}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{1E282415-8F60-005E-58C2-8FA7A7A391FB}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{8384ACC1-D00D-3818-8C45-E41E3C3FC6F9}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{DA4880B9-F477-386C-B07D-E13A7F4565C4}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{0FEDC0A5-8ED6-1A59-78A4-35E82784E3E0}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{3BF8C0EC-3127-F42D-78B7-7C5C9E682657}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{3F6354FB-8E86-4BEF-A53F-141D1493EE6D}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.76 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.27.55 - Conexant)
Conexant SmartAudio (HKLM\...\SAII) (Version: 6.0.259.0 - Conexant Systems)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.14.0.1567 - Disc Soft Ltd)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
FormatFactory 5.6.0.0 (HKLM-x32\...\FormatFactory) (Version: 5.6.0.0 - Free Time)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.150 - Google LLC)
GTA San Andreas CZ (HKLM-x32\...\GTA San Andreas CZ 1.3.0) (Version: 1.3.0 - Rockstar Games)
HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version: - )
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
LenovoUsbDriver 1.1.13 (HKLM-x32\...\LenovoUsbDriver) (Version: 1.1.13 - Lenovo)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.68 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.59 - )
Microsoft Excel 2019 - cs-cz (HKLM\...\Excel2019Retail - cs-cz) (Version: 16.0.13628.20380 - Microsoft Corporation)
Microsoft PowerPoint 2019 - cs-cz (HKLM\...\PowerPoint2019Retail - cs-cz) (Version: 16.0.13628.20380 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Word 2019 - cs-cz (HKLM\...\Word2019Retail - cs-cz) (Version: 16.0.13628.20380 - Microsoft Corporation)
MX5 (HKLM-x32\...\Maxthon5) (Version: 5.2.6.1000 - Maxthon International Limited)
NVIDIA Systémový software PhysX 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20380 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
qBittorrent 4.3.1 (HKLM-x32\...\qBittorrent) (Version: 4.3.1 - The qBittorrent project)
QuadcoreM2 (HKLM-x32\...\{03C42CFB-61F6-4EC4-8746-F9DD1EF34B05}) (Version: 2.2.0 - Quadcore)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.1 - Qualcomm Atheros)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
RogueKiller version 14.8.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 14.8.4.0 - Adlice Software)
Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 2.0.1 - HP)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.7.0 - Sophos Limited)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
UpdateAssistant (HKLM\...\{C4BE7550-ECE1-417D-A787-01266DC1F5A6}) (Version: 1.22.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.12 - VideoLAN)
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
Zemana AntiMalware verze 3.2.27 (HKLM-x32\...\{4E1F3677-C72E-4F7D-B66E-85467B1A289E}_is1) (Version: 3.2.27 - Zemana)
Zoom (HKU\S-1-5-21-1815535875-2732539743-2502002951-1002\...\ZoomUMX) (Version: 5.4.7 (59784.1220) - Zoom Video Communications, Inc.)

Packages:
=========
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-26] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.2.834.0_x64__v10z8vjag6ke6 [2021-02-13] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-12-17] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => D:\AntiMalware\AM_ShellExt64.dll [2020-07-29] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-12-17] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => D:\ff\ShellEx_108.dll [2020-08-04] (Free Time) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => D:\DAEMON Tools Lite\dtshl64.dll [2020-12-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-12-17] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => D:\DAEMON Tools Lite\dtshl64.dll [2020-12-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\mbam\mbshlext.dll [2020-12-28] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => D:\ff\ShellEx_108.dll [2020-08-04] (Free Time) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-12-16] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => D:\AntiMalware\AM_ShellExt64.dll [2020-07-29] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-12-17] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\mbam\mbshlext.dll [2020-12-28] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsv64.dll [71680 2013-02-26] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [65536 2013-02-26] (Beepa P/L) [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2016-06-29 19:13 - 2016-06-29 19:13 - 000011776 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 002013696 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 000739840 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 000071168 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-08-07 06:39 - 2015-08-07 06:39 - 000127488 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 000049664 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qdds.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 000029696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 000037376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 000459776 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjp2.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 000236544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 000275456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qmng.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 000023552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 000022528 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 000351744 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtiff.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 000374784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 001212416 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 005496320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 005804544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 000912384 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Charts.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 001061376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 003187712 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 002924544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 000310784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 005444608 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 000277504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 000193024 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-1815535875-2732539743-2502002951-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
SearchScopes: HKU\S-1-5-21-1815535875-2732539743-2502002951-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-02-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-06] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 12:04 - 2021-02-16 20:16 - 000000841 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1815535875-2732539743-2502002951-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\20170326_154143.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-1815535875-2732539743-2502002951-1002\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-1815535875-2732539743-2502002951-1002\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-1815535875-2732539743-2502002951-1002\...\StartupApproved\Run: => "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{72DDF579-CA03-4D25-86E3-A2A779A0FAB4}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{0B61780D-86CB-4495-B67C-A4D3BC8D24DD}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{15FFA0B5-61E1-40F6-B147-22C7E3970091}] => (Allow) D:\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{B6603989-B04B-4872-8485-30EAA30EC2AF}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{DF89D26B-DBF0-4EB0-9B50-635F01206DC1}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{4DEAD85B-A943-4FA6-A471-37329C512226}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{FAD8919D-1B7B-4FAC-9623-3A755286B96B}] => (Allow) D:\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{592A4090-0BCA-4E30-B363-0EFD0B65ED81}] => (Allow) D:\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [TCP Query User{74B9DFE4-E1A6-47BE-83DF-9270BA096CAC}C:\quadcorem2\pack\core.bin] => (Block) C:\quadcorem2\pack\core.bin () [File not signed]
FirewallRules: [UDP Query User{AA461098-249A-425C-8BCF-1A4C53DEBB8E}C:\quadcorem2\pack\core.bin] => (Block) C:\quadcorem2\pack\core.bin () [File not signed]
FirewallRules: [{4C169921-33DA-4283-8497-8E9C2D7C4C28}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
FirewallRules: [{E1B18EA0-6743-4424-9C9A-3324C9A79C68}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
FirewallRules: [{E3BE1CF2-3A24-4E67-A150-AE8C0BBE3637}] => (Allow) LPort=1688
FirewallRules: [{E1151F91-C1F5-42BA-B597-20FCA424EF46}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{939CDD5F-5ECF-4B02-AC04-83DF7D3E87A9}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{D490A365-5B40-481B-B6A7-7B6A81242702}] => (Allow) D:\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [TCP Query User{B716ECD6-BA22-4484-B7DE-F647CAFA414D}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{2EEBE96B-126B-4B6D-8F26-FFDF5F908D65}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{F91E4C04-4036-4A7C-860F-52D33A5FE87F}] => (Allow) D:\ff\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.)
FirewallRules: [{4EB8E57B-9FB9-4D8C-9193-A50389D6FC34}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

13-02-2021 20:21:48 Instalační služba modulů systému Windows
14-02-2021 20:44:03 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (02/16/2021 09:15:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: FreemakeUtilsService.exe, verze: 1.0.0.0, časové razítko: 0x5e0346af
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.804, časové razítko: 0xb610d74d
Kód výjimky: 0xe0434352
Posun chyby: 0x0012a8b2
ID chybujícího procesu: 0xfc4
Čas spuštění chybující aplikace: 0x01d704a0745e657a
Cesta k chybující aplikaci: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: 2b903263-036e-451e-9e42-2848d45a1ec5
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/16/2021 09:15:23 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: FreemakeUtilsService.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.IO.FileNotFoundException
na FreemakeUtilsService.Program.Main(System.String[])

Error: (02/16/2021 08:14:24 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (02/16/2021 06:38:32 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na LENOVO (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (02/16/2021 06:38:31 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Windows (C:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (02/16/2021 03:29:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: backgroundTaskHost.exe, verze: 10.0.19041.546, časové razítko: 0x1d3a15e7
Název chybujícího modulu: biwinrt.dll, verze: 10.0.19041.746, časové razítko: 0x57062a91
Kód výjimky: 0xc000027b
Posun chyby: 0x00000000000053c5
ID chybujícího procesu: 0x638
Čas spuštění chybující aplikace: 0x01d7046ff1fbf200
Cesta k chybující aplikaci: C:\WINDOWS\system32\backgroundTaskHost.exe
Cesta k chybujícímu modulu: C:\Windows\System32\biwinrt.dll
ID zprávy: bd78d98f-d79f-4a96-9c4e-f1632bdf919a
Úplný název chybujícího balíčku: AD2F1837.HPPrinterControl_122.2.834.0_x64__v10z8vjag6ke6
ID aplikace související s chybujícím balíčkem: AD2F1837.HPPrinterControl

Error: (02/14/2021 11:45:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: FreemakeUtilsService.exe, verze: 1.0.0.0, časové razítko: 0x5e0346af
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.804, časové razítko: 0xb610d74d
Kód výjimky: 0xe0434352
Posun chyby: 0x0012a8b2
ID chybujícího procesu: 0xf5c
Čas spuštění chybující aplikace: 0x01d7032326a3f255
Cesta k chybující aplikaci: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: 5b0a5666-d428-4b97-b4de-bd9d1f4a9c84
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/14/2021 11:45:54 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: FreemakeUtilsService.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.IO.FileNotFoundException
na FreemakeUtilsService.Program.Main(System.String[])


System errors:
=============
Error: (02/16/2021 09:20:14 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Optimalizace doručení přestala během spouštění reagovat.

Error: (02/16/2021 09:16:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Freemake Improver neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (02/16/2021 09:16:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Freemake Improver bylo dosaženo časového limitu (45000 ms).

Error: (02/16/2021 09:00:11 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (02/16/2021 09:00:10 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (02/16/2021 09:00:10 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (02/16/2021 09:00:09 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (02/16/2021 09:00:08 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Windows Defender:
=================

CodeIntegrity:
===============
Date: 2021-02-16 21:34:10
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: LENOVO A2CN45WW(V2.13) 08/04/2016
Motherboard: LENOVO Lancer 5B2
Processor: AMD A4-6210 APU with AMD Radeon R3 Graphics
Percentage of memory in use: 41%
Total physical RAM: 7128.26 MB
Available physical RAM: 4192.88 MB
Total Virtual: 7576.26 MB
Available Virtual: 4544.89 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:884.53 GB) (Free:500.16 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:1.61 GB) NTFS

\\?\Volume{ca53823b-9dd1-4a14-b06c-4e27393f2d0e}\ () (Fixed) (Total:0.98 GB) (Free:0.45 GB) NTFS
\\?\Volume{42c09fca-7a0a-452b-ac37-91860c039ec1}\ (LENOVO_PART) (Fixed) (Total:19.76 GB) (Free:5.8 GB) NTFS
\\?\Volume{46db2df8-adca-4905-aa98-b458bf0abed6}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 7E332520)

Partition: GPT.

==================== End of Addition.txt =======================
When You smoke herb it reveals you to yourself. All the wickedness you do is revealed by the herb - it's you conscience and gives you an honest picture of yourself.
---------- Robert Nesta Marley ----------

Uživatelský avatar
Scanner
Level 3.5
Level 3.5
Příspěvky: 771
Registrován: srpen 11
Bydliště: Střední čechy
Pohlaví: Muž
Stav:
Offline
Kontakt:

Re: Prosím kontrolu

Příspěvekod Scanner » 16 úno 2021 21:48

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] (Fortemedia Inc -> )
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [919768 2014-11-20] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [5052120 2015-06-01] (Realtek Semiconductor Corp -> Realtek semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [117352 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8029064 2016-12-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1815535875-2732539743-2502002951-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32440376 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1815535875-2732539743-2502002951-1002\...\Run: [DAEMON Tools Lite Automount] => D:\DAEMON Tools Lite\DTAgent.exe [409280 2020-12-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-1815535875-2732539743-2502002951-1002\...\MountPoints2: {2f30c8ab-efb0-11e7-9bf0-507b9d809398} - "F:\SISetup.exe"
HKLM\...\Windows x64\Print Processors\HPM1210PrintProc: C:\Windows\System32\spool\prtprocs\x64\HPM1210PP.dll [74240 2010-03-31] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\HPM1210LM: C:\WINDOWS\system32\HPM1210LM.DLL [407040 2010-03-31] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.150\Installer\chrmstp.exe [2021-02-06] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat [2018-07-16] () [File not signed]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0334D9C9-BE62-4BBA-93A7-53691FC58084} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {0C46983F-7F89-431D-848B-AAA8D67D8952} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe
Task: {0C96F49E-2538-4CB9-9EBC-18234344C69A} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe
Task: {1299F086-898D-4392-BD9A-EEBDCD6CB6BB} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1741416 2020-09-17] (Avast Software s.r.o. -> Avast Software)
Task: {266D700E-CB1F-48F3-B452-79429C3747BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-08-27] (Google Inc -> Google Inc.)
Task: {2E0D1B6A-2100-4FEE-AFC9-0B20E78C8818} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {2F2922C8-7287-42FE-8D95-1BA518A688D8} - System32\Tasks\Microsoft\Windows\UpdateAssistant\UpdateAssistantAllUsersRun => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe
Task: {3269D01D-CC09-4968-AADB-E45CA51395FA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5199792 2021-02-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {326D1BF6-15E7-4D68-8F1D-69BB1C401696} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-08-27] (Google Inc -> Google Inc.)
Task: {3DED5BD8-C441-49AA-AB0D-0B4449797B4B} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe
Task: {45BC0476-8389-44CC-9513-0791C52A3BAA} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142216 2021-02-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {46C3DA6F-B770-4803-98EB-BC21FE26A3FF} - System32\Tasks\Maxthon5 Update => C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe [170776 2019-06-20] (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
Task: {4726C7C6-A33D-472E-8DE8-D20BEDCC4425} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
Task: {5355E5C4-4AED-4606-8989-3CFA25ECD471} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-1815535875-2732539743-2502002951-1002 => C:\Users\User\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe
Task: {6ADEA85A-A202-4547-9D05-80555C2D1A41} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5199792 2021-02-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {7727C503-0200-48B0-A917-9DA1C0651D1B} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4621920 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
Task: {82CF52CC-D50D-4CC6-B886-718A0EDFF6BE} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [35464 2021-02-04] (HP Inc. -> HP Inc.)
Task: {876E884A-8484-469B-87C5-D33C35897FE3} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142216 2021-02-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {9C2FA790-9998-44EF-9828-3B45742044E5} - System32\Tasks\Microsoft\Windows\UpdateAssistant\UpdateAssistantWakeupRun => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe
Task: {B15F46CA-5785-4123-A8EC-10589F9F327F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {B90D8998-25BA-42F2-9DED-638D2E27F1C3} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993800 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {CA1B0FA0-48BB-4B03-BE94-DB752D53D478} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26913848 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {CBF92074-769F-4677-A6B3-63B50BAC9EFF} - System32\Tasks\Microsoft\Windows\UpdateAssistant\UpdateAssistant => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe
Task: {CCA4B301-E77E-4C9D-900A-025449A96FF3} - System32\Tasks\AMHelper => D:\AntiMalware\AntiMalware.exe [658808 2020-07-29] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Task: {E32CAE2F-DC82-4AD1-BB31-BB31514C0FA0} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [35464 2021-02-04] (HP Inc. -> HP Inc.)
Task: {E38D8757-7B89-4D4F-8F5C-D373478041FB} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1815535875-2732539743-2502002951-500 => C:\Users\User\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {E79AE9B5-963D-4E8D-8E22-C92263398DF2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993800 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {F1A12CF7-CA8E-4DB6-88F3-D981CE810829} - System32\Tasks\Microsoft\Windows\UpdateAssistant\UpdateAssistantCalendarRun => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1531de3d-ed5c-4a10-a2b3-ace891322719}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge DefaultProfile: Default

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-02-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-02-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-02-15] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2021-02-16]
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Extension: (Prezentace) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-02-16]
CHR Extension: (Bob Marley Tribute) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahanpmgekmileoidjopjeghlchcigafk [2021-02-16]
CHR Extension: (Dokumenty) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-02-16]
CHR Extension: (Disk Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-02-16]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-02-16]
CHR Extension: (Tabulky) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-02-16]
CHR Extension: (Dokumenty Google offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-02-16]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-02-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-16]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-02-16]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-02-16]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-07] (Advanced Micro Devices, Inc.) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8477080 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [621728 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [351848 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [58048 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8905608 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
R3 Disc Soft Lite Bus Service; D:\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [5030592 2020-12-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [81280 2019-12-25] (Mixbyte Inc -> Freemake)
R2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1155512 2015-07-30] (LENOVO -> Lenovo)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [284808 2021-02-04] (HP Inc. -> HP Inc.)
R2 HPSIService; C:\WINDOWS\system32\HPSIsvc.exe [127800 2010-04-29] (Hewlett-Packard Company -> HP)
S3 MBAMService; D:\mbam\MBAMService.exe [7456464 2020-12-28] (Malwarebytes Inc -> Malwarebytes)
S2 MxService; C:\Program Files (x86)\Maxthon5\Bin\MxService.exe [176928 2019-06-20] (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
S3 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13686080 2021-01-13] (Adlice -> )
R2 UIUService; C:\WINDOWS\SysWOW64\UIUSrv.exe [105984 2020-12-27] (Conexant Systems, Inc.) [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-13] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 amsdk; C:\WINDOWS\system32\drivers\amsdk.sys [232792 2020-12-28] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [36792 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [208672 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [332880 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [247888 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [97360 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16832 2020-12-17] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42424 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [176384 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [522480 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [108928 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84496 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851256 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [468888 2021-01-08] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [214808 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [324904 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2019-04-16] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2019-04-16] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-12-28] (Malwarebytes Inc -> Malwarebytes)
S3 mvusbews; C:\WINDOWS\System32\Drivers\mvusbews.sys [20480 2010-04-28] (Microsoft Windows Hardware Compatibility Publisher -> Marvell Semiconductor, Inc.)
S3 tesrsdt; C:\WINDOWS\system32\drivers\tesrsdt.sys [442128 2019-10-05] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
S3 TesSafe; C:\WINDOWS\system32\TesSafe.sys [555064 2019-10-05] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45664 2019-12-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [355760 2019-12-13] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-13] (Microsoft Windows -> Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2019-01-19] (Zemana Ltd. -> Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-01-14] (Zemana Ltd. -> Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-16 21:35 - 2021-02-16 21:37 - 000018847 _____ C:\Users\User\Desktop\FRST.txt
2021-02-16 21:34 - 2021-02-16 21:36 - 000000000 ____D C:\FRST
2021-02-16 21:33 - 2021-02-16 21:34 - 002297856 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2021-02-16 21:13 - 2014-02-13 23:59 - 000024064 _____ C:\WINDOWS\zoek-delete.exe
2021-02-16 20:09 - 2021-02-16 21:00 - 000000000 ____D C:\zoek_backup
2021-02-16 20:08 - 2020-09-06 23:04 - 002038755 _____ C:\Users\User\Desktop\zoek (1).exe
2021-02-15 16:23 - 2021-02-15 16:26 - 733908992 _____ C:\Users\User\Desktop\Jack Hunter 3-Nebeska hvezda-Dobr.-2009-CZ-adriatic.avi
2021-02-15 16:03 - 2021-02-15 16:07 - 725753572 _____ C:\Users\User\Desktop\Jack Hunter 2-Ztracený poklad Ugaritů-Dobr.-2008-CZ-adriatic.avi
2021-02-15 16:01 - 2021-02-15 16:05 - 731310080 _____ C:\Users\User\Desktop\Jack Hunter 1-Prokleti Hrobky Achnatona-Dobr.-2008-CZ-adriatic.avi
2021-02-15 16:00 - 2021-02-15 16:56 - 599379500 _____ C:\Users\User\Desktop\Ordinace v růžové zahradě 2 1009 - Důstojný soupeř.avi
2021-02-14 23:53 - 2021-02-14 23:53 - 000388608 _____ (Trend Micro Inc.) C:\Users\User\Desktop\hijackthis.exe
2021-02-14 20:37 - 2021-02-14 20:37 - 000000000 ____D C:\Users\User\AppData\Local\Adobe
2021-02-13 22:10 - 2021-02-13 22:10 - 000231232 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-02-13 22:10 - 2021-02-13 22:10 - 000010892 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-02-13 19:48 - 2021-02-13 19:37 - 2123850448 _____ C:\Users\User\Desktop\Slunečná 81 Biologický otec_S81.mkv
2021-02-13 19:14 - 2021-02-13 19:12 - 939893250 _____ C:\Users\User\Desktop\Slunečná 82 - Konec jednoho přátelství (celý díl) NOVINKA.mp4
2021-02-13 19:13 - 2021-02-13 19:11 - 963874602 _____ C:\Users\User\Desktop\Slunečná 83. Úkoly tisíce a jedné noci.mp4
2021-02-13 17:44 - 2021-02-13 21:11 - 2071495094 _____ C:\Users\User\Desktop\Slunečná 80 Jak se Denisa vdávala_S80.mkv
2021-02-09 10:46 - 2021-02-09 10:46 - 000062509 _____ C:\Users\User\Desktop\Equabank - Potvrzeni o zrizeni uctu.pdf
2021-02-09 10:42 - 2021-02-09 10:42 - 001606201 _____ C:\Users\User\Desktop\myDL.pdf
2021-02-09 10:39 - 2021-02-09 10:39 - 003402520 _____ C:\Users\User\Desktop\myID.pdf
2021-02-08 19:24 - 2021-02-08 20:18 - 571883259 _____ C:\Users\User\Desktop\Ordinace v růžové zahradě 2 (1008) Jediná naděje (11.02.2021).mp4
2021-02-06 20:35 - 2021-02-06 20:35 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-02-06 20:35 - 2021-02-06 20:35 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-02-06 20:33 - 2021-02-06 20:33 - 001314112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-02-05 19:58 - 2021-02-05 19:58 - 000000000 ____D C:\FFOutput
2021-02-05 19:40 - 2021-02-05 19:54 - 000000000 ____D C:\Fraps
2021-02-05 19:40 - 2021-02-05 19:40 - 000000616 _____ C:\Users\Public\Desktop\Fraps.lnk
2021-02-05 19:40 - 2021-02-05 19:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2021-02-05 02:31 - 2021-02-05 02:31 - 000003472 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-02-05 02:31 - 2021-02-05 02:31 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-02-05 01:45 - 2021-02-05 01:45 - 000001650 _____ C:\Users\Public\Desktop\GTA San Andreas.lnk
2021-02-05 01:45 - 2021-02-05 01:45 - 000000000 ____D C:\ProgramData\Caphyon
2021-02-04 17:40 - 2021-02-04 17:40 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2021-02-04 17:40 - 2021-02-04 17:40 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2021-02-02 12:25 - 2021-02-05 02:05 - 000000000 ____D C:\Users\User\Documents\GTA San Andreas User Files
2021-01-31 18:45 - 2021-01-31 18:45 - 000000000 ____D C:\WINDOWS\system32\9475f6af1225907f0aabc56947f60..bin
2021-01-30 16:56 - 2021-01-30 18:32 - 1723574272 _____ C:\Users\User\Desktop\Psí detektiv - CZ daing 2018 (Show dogs).avi
2021-01-30 15:41 - 2021-01-30 15:45 - 736073260 _____ C:\Users\User\Desktop\Alvin.a.Chipmunkové.4.CZ.Dabing.Dobra.Kvalita.avi
2021-01-30 15:35 - 2021-01-30 16:43 - 734373246 _____ C:\Users\User\Desktop\Alvin-a-Chipmunkove-3-CZ-2011.avi
2021-01-30 10:51 - 2021-01-30 11:33 - 740636750 _____ C:\Users\User\Desktop\Alvin-a-Chipmunkové-2-CZ-Dabing-AVI-USB-TV.avi
2021-01-30 09:21 - 2021-01-30 10:03 - 734019427 _____ C:\Users\User\Desktop\Alvin a Chipmunkové 1 CZ.avi
2021-01-26 19:48 - 2021-01-26 19:48 - 000000000 ____D C:\Users\User\AppData\Local\DOSBox
2021-01-26 19:46 - 2021-01-27 14:14 - 000000000 ____D C:\Users\User\Desktop\BOG
2021-01-26 19:44 - 2021-01-26 19:44 - 000000684 _____ C:\Users\User\Desktop\DOSBox 0.74-3.lnk
2021-01-26 19:44 - 2021-01-26 19:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74-3
2021-01-25 14:51 - 2021-02-02 21:47 - 000000000 ____D C:\Users\User\Desktop\Krimi Horory
2021-01-24 10:16 - 2021-01-24 10:24 - 950591488 _____ C:\Users\User\Desktop\Nezvaná 2009 CZdub.avi
2021-01-24 10:13 - 2021-01-24 10:24 - 1330877144 _____ C:\Users\User\Desktop\Python (2000) CZ dabing Horor Thriller.avi
2021-01-24 09:35 - 2021-01-24 10:32 - 987709867 _____ C:\Users\User\Desktop\Cabin Fever 2 (2009) CZ dab.mkv
2021-01-23 13:36 - 2021-01-23 13:49 - 000000000 ____D C:\Users\User\AppData\Local\FTMod
2021-01-23 13:36 - 2021-01-23 13:36 - 000000000 ____D C:\Users\User\AppData\Roaming\AMD
2021-01-23 13:35 - 2021-01-23 14:00 - 000000570 _____ C:\Users\User\Desktop\Format Factory.lnk
2021-01-23 13:35 - 2021-01-23 13:48 - 000000000 ____D C:\Users\User\Documents\FormatFactory
2021-01-23 13:35 - 2021-01-23 13:35 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2021-01-23 12:26 - 2021-01-23 13:59 - 000000000 ____D C:\Users\User\Desktop\Hospoda
2021-01-21 18:47 - 2021-01-21 20:11 - 1508222976 _____ C:\Users\User\Desktop\Porotci--horor-thriller-2013-cz Maruska.avi
2021-01-19 18:33 - 2021-01-19 19:22 - 862217842 _____ C:\Users\User\Desktop\Černá-smrt--DvD-rip--2010-cz-dabing.avi
2021-01-19 17:23 - 2021-01-19 18:10 - 838823936 _____ C:\Users\User\Desktop\Sam v temnote 2 (2008) (Horor,Thriller,Fantasy).avi
2021-01-19 11:58 - 2021-01-19 14:17 - 1432989948 _____ C:\Users\User\Desktop\Daria.2020.CZ.film_xvid.avi
2021-01-18 20:10 - 2021-01-18 21:06 - 1006591704 _____ C:\Users\User\Desktop\Pád do tmy 2(2009)cz.dabing.mp4
2021-01-18 19:00 - 2021-01-18 19:48 - 859192252 _____ C:\Users\User\Desktop\Pád do tmy 1 - Horor 2005 CZdab (dublsoft).mp4

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-16 21:40 - 2018-01-14 22:58 - 000210136 _____ C:\WINDOWS\ZAM.krnl.trace
2021-02-16 21:40 - 2018-01-14 22:58 - 000075207 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2021-02-16 21:25 - 2017-08-27 14:59 - 000000000 ____D C:\ProgramData\AVAST Software
2021-02-16 21:20 - 2017-08-27 15:01 - 000000000 ____D C:\Program Files\CCleaner
2021-02-16 21:18 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-16 21:15 - 2020-12-27 20:11 - 000008192 ___SH C:\DumpStack.log.tmp
2021-02-16 21:15 - 2020-11-19 00:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-02-16 21:14 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-02-16 21:14 - 2017-08-27 19:45 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2021-02-16 20:33 - 2018-01-10 14:35 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-02-16 20:04 - 2020-11-18 23:29 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-02-16 18:33 - 2020-12-27 20:58 - 000004210 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{63D458F5-851E-41EC-8FE4-DA27A83D20D1}
2021-02-16 15:29 - 2018-01-14 18:05 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
2021-02-16 12:05 - 2020-12-27 20:58 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-02-15 19:09 - 2018-06-20 16:44 - 000000000 ____D C:\Users\User\AppData\Roaming\vlc
2021-02-14 23:38 - 2020-12-26 22:07 - 000000000 ____D C:\Users\User\AppData\Local\AMSDK
2021-02-14 23:02 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-02-14 20:56 - 2020-12-28 18:22 - 000000000 ____D C:\Users\User\Desktop\antiviry
2021-02-14 20:55 - 2020-12-28 19:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2021-02-14 20:55 - 2020-12-28 19:29 - 000000000 ____D C:\Program Files\RogueKiller
2021-02-14 20:18 - 2018-02-07 15:33 - 000000000 ____D C:\Users\User\AppData\Local\AMD
2021-02-14 16:40 - 2020-12-27 20:37 - 001693136 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-02-14 16:40 - 2019-12-07 15:41 - 000703550 _____ C:\WINDOWS\system32\perfh005.dat
2021-02-14 16:40 - 2019-12-07 15:41 - 000140878 _____ C:\WINDOWS\system32\perfc005.dat
2021-02-14 16:35 - 2020-11-18 23:29 - 000328272 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-02-14 16:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-02-14 16:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-02-14 16:33 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-02-13 22:42 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-02-13 20:22 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-13 20:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-02-13 20:17 - 2020-12-27 20:58 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-02-13 20:16 - 2020-11-19 00:32 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-02-13 20:16 - 2020-11-19 00:32 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-02-13 20:08 - 2017-08-27 16:43 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-02-13 20:00 - 2017-12-17 11:29 - 000000000 ____D C:\Program Files\Microsoft Office
2021-02-13 19:55 - 2017-08-27 16:43 - 130141752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-02-13 19:53 - 2020-11-19 00:32 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-02-13 19:53 - 2020-11-19 00:32 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-02-06 22:19 - 2017-08-27 14:49 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-06 22:19 - 2017-08-27 14:49 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-02-06 21:48 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-02-06 21:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-02-06 21:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-02-06 21:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-02-06 21:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-02-06 21:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-02-06 21:48 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2021-02-05 20:18 - 2017-08-29 16:21 - 000000000 ____D C:\Users\User\Desktop\Filmy
2021-02-05 14:24 - 2020-12-27 20:58 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-02-04 13:22 - 2017-11-25 17:59 - 000000000 ____D C:\Users\User\AppData\Local\PlaceholderTileLogoFolder
2021-02-02 13:02 - 2019-12-07 10:10 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2021-02-02 13:02 - 2019-12-07 10:10 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2021-02-02 13:02 - 2019-12-07 10:10 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2021-02-02 13:02 - 2019-12-07 10:10 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2021-02-02 13:02 - 2019-12-07 10:10 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2021-02-02 13:02 - 2019-12-07 10:10 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2021-02-02 13:02 - 2019-12-07 10:10 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2021-02-02 13:02 - 2019-12-07 10:10 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2021-02-02 13:02 - 2019-12-07 10:10 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2021-02-02 13:02 - 2019-12-07 10:10 - 000005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2021-02-02 13:02 - 2019-12-07 10:10 - 000005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2021-02-02 13:02 - 2019-12-07 10:09 - 000494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2021-02-02 13:02 - 2019-12-07 10:09 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2021-02-02 13:02 - 2019-12-07 10:09 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2021-02-02 13:02 - 2019-12-07 10:09 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2021-02-02 13:02 - 2019-12-07 10:09 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2021-02-02 13:02 - 2019-12-07 10:09 - 000006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2021-02-02 13:02 - 2019-12-07 10:09 - 000006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2021-02-02 11:17 - 2017-08-27 15:01 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2021-01-31 18:16 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-01-28 16:54 - 2017-11-05 18:49 - 000000000 ____D C:\Users\User\AppData\Local\Packages
2021-01-27 08:56 - 2017-08-29 17:35 - 000000000 ____D C:\Users\User\Desktop\Pohádky
2021-01-22 10:28 - 2018-06-20 16:42 - 000001150 _____ C:\Users\Public\Desktop\VLC media player.lnk
2021-01-17 17:20 - 2020-12-27 18:09 - 000000000 ___DC C:\WINDOWS\Panther

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
When You smoke herb it reveals you to yourself. All the wickedness you do is revealed by the herb - it's you conscience and gives you an honest picture of yourself.
---------- Robert Nesta Marley ----------

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím kontrolu

Příspěvekod jaro3 » 16 úno 2021 22:00

FRST - chybí Ti tam začátek , doplň.

a udělej ještě roguekiller , něco měl smazat a je to v frst...

+
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O1 - Hosts: ::1 localhost
O4 - Global Startup: update.bat
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
Scanner
Level 3.5
Level 3.5
Příspěvky: 771
Registrován: srpen 11
Bydliště: Střední čechy
Pohlaví: Muž
Stav:
Offline
Kontakt:

Re: Prosím kontrolu

Příspěvekod Scanner » 16 úno 2021 23:32

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-02-2021
Ran by Simona (administrator) on SIMONA-NOTEBOOK (LENOVO 80E3) (16-02-2021 21:55:48)
Running from C:\Users\User\Desktop
Loaded Profiles: Simona
Platform: Windows 10 Home Version 20H2 19042.804 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <4>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) D:\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) D:\DAEMON Tools Lite\DTShellHlp.exe
(Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Conexant Systems, Inc.) [File not signed] C:\Windows\SysWOW64\UIUSrv.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Fortemedia Inc -> ) C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Hewlett-Packard Company -> HP) C:\Windows\System32\HPSIsvc.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2012.21.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Realtek Semiconductor Corp -> Realtek semiconductor) C:\Windows\RTFTrack.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] (Fortemedia Inc -> )
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [919768 2014-11-20] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [5052120 2015-06-01] (Realtek Semiconductor Corp -> Realtek semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [117352 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8029064 2016-12-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1815535875-2732539743-2502002951-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32440376 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1815535875-2732539743-2502002951-1002\...\Run: [DAEMON Tools Lite Automount] => D:\DAEMON Tools Lite\DTAgent.exe [409280 2020-12-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-1815535875-2732539743-2502002951-1002\...\MountPoints2: {2f30c8ab-efb0-11e7-9bf0-507b9d809398} - "F:\SISetup.exe"
HKLM\...\Windows x64\Print Processors\HPM1210PrintProc: C:\Windows\System32\spool\prtprocs\x64\HPM1210PP.dll [74240 2010-03-31] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\HPM1210LM: C:\WINDOWS\system32\HPM1210LM.DLL [407040 2010-03-31] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.150\Installer\chrmstp.exe [2021-02-06] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat [2018-07-16] () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat [2018-07-16] () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat [2018-07-16] () [File not signed]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0334D9C9-BE62-4BBA-93A7-53691FC58084} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {0C46983F-7F89-431D-848B-AAA8D67D8952} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe
Task: {0C96F49E-2538-4CB9-9EBC-18234344C69A} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe
Task: {1299F086-898D-4392-BD9A-EEBDCD6CB6BB} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1741416 2020-09-17] (Avast Software s.r.o. -> Avast Software)
Task: {266D700E-CB1F-48F3-B452-79429C3747BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-08-27] (Google Inc -> Google Inc.)
Task: {2E0D1B6A-2100-4FEE-AFC9-0B20E78C8818} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {2F2922C8-7287-42FE-8D95-1BA518A688D8} - System32\Tasks\Microsoft\Windows\UpdateAssistant\UpdateAssistantAllUsersRun => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe
Task: {3269D01D-CC09-4968-AADB-E45CA51395FA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5199792 2021-02-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {326D1BF6-15E7-4D68-8F1D-69BB1C401696} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-08-27] (Google Inc -> Google Inc.)
Task: {3DED5BD8-C441-49AA-AB0D-0B4449797B4B} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe
Task: {45BC0476-8389-44CC-9513-0791C52A3BAA} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142216 2021-02-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {46C3DA6F-B770-4803-98EB-BC21FE26A3FF} - System32\Tasks\Maxthon5 Update => C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe [170776 2019-06-20] (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
Task: {4726C7C6-A33D-472E-8DE8-D20BEDCC4425} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
Task: {5355E5C4-4AED-4606-8989-3CFA25ECD471} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-1815535875-2732539743-2502002951-1002 => C:\Users\User\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe
Task: {6ADEA85A-A202-4547-9D05-80555C2D1A41} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5199792 2021-02-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {7727C503-0200-48B0-A917-9DA1C0651D1B} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4621920 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
Task: {82CF52CC-D50D-4CC6-B886-718A0EDFF6BE} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [35464 2021-02-04] (HP Inc. -> HP Inc.)
Task: {876E884A-8484-469B-87C5-D33C35897FE3} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142216 2021-02-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {9C2FA790-9998-44EF-9828-3B45742044E5} - System32\Tasks\Microsoft\Windows\UpdateAssistant\UpdateAssistantWakeupRun => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe
Task: {B15F46CA-5785-4123-A8EC-10589F9F327F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {B90D8998-25BA-42F2-9DED-638D2E27F1C3} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993800 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {CA1B0FA0-48BB-4B03-BE94-DB752D53D478} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26913848 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {CBF92074-769F-4677-A6B3-63B50BAC9EFF} - System32\Tasks\Microsoft\Windows\UpdateAssistant\UpdateAssistant => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe
Task: {CCA4B301-E77E-4C9D-900A-025449A96FF3} - System32\Tasks\AMHelper => D:\AntiMalware\AntiMalware.exe [658808 2020-07-29] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Task: {E32CAE2F-DC82-4AD1-BB31-BB31514C0FA0} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [35464 2021-02-04] (HP Inc. -> HP Inc.)
Task: {E38D8757-7B89-4D4F-8F5C-D373478041FB} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1815535875-2732539743-2502002951-500 => C:\Users\User\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {E79AE9B5-963D-4E8D-8E22-C92263398DF2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993800 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {F1A12CF7-CA8E-4DB6-88F3-D981CE810829} - System32\Tasks\Microsoft\Windows\UpdateAssistant\UpdateAssistantCalendarRun => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1531de3d-ed5c-4a10-a2b3-ace891322719}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge DefaultProfile: Default

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-02-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-02-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-02-15] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2021-02-16]
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Extension: (Prezentace) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-02-16]
CHR Extension: (Bob Marley Tribute) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahanpmgekmileoidjopjeghlchcigafk [2021-02-16]
CHR Extension: (Dokumenty) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-02-16]
CHR Extension: (Disk Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-02-16]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-02-16]
CHR Extension: (Tabulky) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-02-16]
CHR Extension: (Dokumenty Google offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-02-16]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-02-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-16]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-02-16]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-02-16]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-07] (Advanced Micro Devices, Inc.) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8477080 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [621728 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [351848 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [58048 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8905608 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
R3 Disc Soft Lite Bus Service; D:\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [5030592 2020-12-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [81280 2019-12-25] (Mixbyte Inc -> Freemake)
R2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1155512 2015-07-30] (LENOVO -> Lenovo)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [284808 2021-02-04] (HP Inc. -> HP Inc.)
R2 HPSIService; C:\WINDOWS\system32\HPSIsvc.exe [127800 2010-04-29] (Hewlett-Packard Company -> HP)
S3 MBAMService; D:\mbam\MBAMService.exe [7456464 2020-12-28] (Malwarebytes Inc -> Malwarebytes)
S2 MxService; C:\Program Files (x86)\Maxthon5\Bin\MxService.exe [176928 2019-06-20] (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
S3 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13686080 2021-01-13] (Adlice -> )
R2 UIUService; C:\WINDOWS\SysWOW64\UIUSrv.exe [105984 2020-12-27] (Conexant Systems, Inc.) [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-13] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 amsdk; C:\WINDOWS\system32\drivers\amsdk.sys [232792 2020-12-28] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [36792 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [208672 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [332880 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [247888 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [97360 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16832 2020-12-17] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42424 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [176384 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [522480 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [108928 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84496 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851256 2020-12-17] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [468888 2021-01-08] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [214808 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [324904 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2019-04-16] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2019-04-16] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-12-28] (Malwarebytes Inc -> Malwarebytes)
S3 mvusbews; C:\WINDOWS\System32\Drivers\mvusbews.sys [20480 2010-04-28] (Microsoft Windows Hardware Compatibility Publisher -> Marvell Semiconductor, Inc.)
S3 tesrsdt; C:\WINDOWS\system32\drivers\tesrsdt.sys [442128 2019-10-05] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
S3 TesSafe; C:\WINDOWS\system32\TesSafe.sys [555064 2019-10-05] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45664 2019-12-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [355760 2019-12-13] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-13] (Microsoft Windows -> Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2019-01-19] (Zemana Ltd. -> Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-01-14] (Zemana Ltd. -> Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-16 21:42 - 2021-02-16 21:54 - 000038398 _____ C:\Users\User\Desktop\Addition.txt
2021-02-16 21:42 - 2021-02-16 21:54 - 000038398 _____ C:\Users\User\Desktop\Addition.txt
2021-02-16 21:42 - 2021-02-16 21:54 - 000038398 _____ C:\Users\User\Desktop\Addition.txt
2021-02-16 21:35 - 2021-02-16 21:57 - 000022928 _____ C:\Users\User\Desktop\FRST.txt
2021-02-16 21:35 - 2021-02-16 21:57 - 000022928 _____ C:\Users\User\Desktop\FRST.txt
2021-02-16 21:35 - 2021-02-16 21:57 - 000022928 _____ C:\Users\User\Desktop\FRST.txt
2021-02-16 21:34 - 2021-02-16 21:56 - 000000000 ____D C:\FRST
2021-02-16 21:33 - 2021-02-16 21:34 - 002297856 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2021-02-16 21:33 - 2021-02-16 21:34 - 002297856 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2021-02-16 21:33 - 2021-02-16 21:34 - 002297856 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2021-02-16 21:13 - 2014-02-13 23:59 - 000024064 _____ C:\WINDOWS\zoek-delete.exe
2021-02-16 20:09 - 2021-02-16 21:00 - 000000000 ____D C:\zoek_backup
2021-02-16 20:08 - 2020-09-06 23:04 - 002038755 _____ C:\Users\User\Desktop\zoek (1).exe
2021-02-16 20:08 - 2020-09-06 23:04 - 002038755 _____ C:\Users\User\Desktop\zoek (1).exe
2021-02-16 20:08 - 2020-09-06 23:04 - 002038755 _____ C:\Users\User\Desktop\zoek (1).exe
2021-02-15 16:23 - 2021-02-15 16:26 - 733908992 _____ C:\Users\User\Desktop\Jack Hunter 3-Nebeska hvezda-Dobr.-2009-CZ-adriatic.avi
2021-02-15 16:23 - 2021-02-15 16:26 - 733908992 _____ C:\Users\User\Desktop\Jack Hunter 3-Nebeska hvezda-Dobr.-2009-CZ-adriatic.avi
2021-02-15 16:23 - 2021-02-15 16:26 - 733908992 _____ C:\Users\User\Desktop\Jack Hunter 3-Nebeska hvezda-Dobr.-2009-CZ-adriatic.avi
2021-02-15 16:03 - 2021-02-15 16:07 - 725753572 _____ C:\Users\User\Desktop\Jack Hunter 2-Ztracený poklad Ugaritů-Dobr.-2008-CZ-adriatic.avi
2021-02-15 16:03 - 2021-02-15 16:07 - 725753572 _____ C:\Users\User\Desktop\Jack Hunter 2-Ztracený poklad Ugaritů-Dobr.-2008-CZ-adriatic.avi
2021-02-15 16:03 - 2021-02-15 16:07 - 725753572 _____ C:\Users\User\Desktop\Jack Hunter 2-Ztracený poklad Ugaritů-Dobr.-2008-CZ-adriatic.avi
2021-02-15 16:01 - 2021-02-15 16:05 - 731310080 _____ C:\Users\User\Desktop\Jack Hunter 1-Prokleti Hrobky Achnatona-Dobr.-2008-CZ-adriatic.avi
2021-02-15 16:01 - 2021-02-15 16:05 - 731310080 _____ C:\Users\User\Desktop\Jack Hunter 1-Prokleti Hrobky Achnatona-Dobr.-2008-CZ-adriatic.avi
2021-02-15 16:01 - 2021-02-15 16:05 - 731310080 _____ C:\Users\User\Desktop\Jack Hunter 1-Prokleti Hrobky Achnatona-Dobr.-2008-CZ-adriatic.avi
2021-02-15 16:00 - 2021-02-15 16:56 - 599379500 _____ C:\Users\User\Desktop\Ordinace v růžové zahradě 2 1009 - Důstojný soupeř.avi
2021-02-15 16:00 - 2021-02-15 16:56 - 599379500 _____ C:\Users\User\Desktop\Ordinace v růžové zahradě 2 1009 - Důstojný soupeř.avi
2021-02-15 16:00 - 2021-02-15 16:56 - 599379500 _____ C:\Users\User\Desktop\Ordinace v růžové zahradě 2 1009 - Důstojný soupeř.avi
2021-02-14 23:53 - 2021-02-14 23:53 - 000388608 _____ (Trend Micro Inc.) C:\Users\User\Desktop\hijackthis.exe
2021-02-14 23:53 - 2021-02-14 23:53 - 000388608 _____ (Trend Micro Inc.) C:\Users\User\Desktop\hijackthis.exe
2021-02-14 23:53 - 2021-02-14 23:53 - 000388608 _____ (Trend Micro Inc.) C:\Users\User\Desktop\hijackthis.exe
2021-02-14 20:37 - 2021-02-14 20:37 - 000000000 ____D C:\Users\User\AppData\Local\Adobe
2021-02-14 20:37 - 2021-02-14 20:37 - 000000000 ____D C:\Users\User\AppData\Local\Adobe
2021-02-14 20:37 - 2021-02-14 20:37 - 000000000 ____D C:\Users\User\AppData\Local\Adobe
2021-02-13 22:10 - 2021-02-13 22:10 - 000231232 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-02-13 22:10 - 2021-02-13 22:10 - 000010892 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-02-13 19:48 - 2021-02-13 19:37 - 2123850448 _____ C:\Users\User\Desktop\Slunečná 81 Biologický otec_S81.mkv
2021-02-13 19:48 - 2021-02-13 19:37 - 2123850448 _____ C:\Users\User\Desktop\Slunečná 81 Biologický otec_S81.mkv
2021-02-13 19:48 - 2021-02-13 19:37 - 2123850448 _____ C:\Users\User\Desktop\Slunečná 81 Biologický otec_S81.mkv
2021-02-13 19:14 - 2021-02-13 19:12 - 939893250 _____ C:\Users\User\Desktop\Slunečná 82 - Konec jednoho přátelství (celý díl) NOVINKA.mp4
2021-02-13 19:14 - 2021-02-13 19:12 - 939893250 _____ C:\Users\User\Desktop\Slunečná 82 - Konec jednoho přátelství (celý díl) NOVINKA.mp4
2021-02-13 19:14 - 2021-02-13 19:12 - 939893250 _____ C:\Users\User\Desktop\Slunečná 82 - Konec jednoho přátelství (celý díl) NOVINKA.mp4
2021-02-13 19:13 - 2021-02-13 19:11 - 963874602 _____ C:\Users\User\Desktop\Slunečná 83. Úkoly tisíce a jedné noci.mp4
2021-02-13 19:13 - 2021-02-13 19:11 - 963874602 _____ C:\Users\User\Desktop\Slunečná 83. Úkoly tisíce a jedné noci.mp4
2021-02-13 19:13 - 2021-02-13 19:11 - 963874602 _____ C:\Users\User\Desktop\Slunečná 83. Úkoly tisíce a jedné noci.mp4
2021-02-13 17:44 - 2021-02-13 21:11 - 2071495094 _____ C:\Users\User\Desktop\Slunečná 80 Jak se Denisa vdávala_S80.mkv
2021-02-13 17:44 - 2021-02-13 21:11 - 2071495094 _____ C:\Users\User\Desktop\Slunečná 80 Jak se Denisa vdávala_S80.mkv
2021-02-13 17:44 - 2021-02-13 21:11 - 2071495094 _____ C:\Users\User\Desktop\Slunečná 80 Jak se Denisa vdávala_S80.mkv
2021-02-09 10:46 - 2021-02-09 10:46 - 000062509 _____ C:\Users\User\Desktop\Equabank - Potvrzeni o zrizeni uctu.pdf
2021-02-09 10:46 - 2021-02-09 10:46 - 000062509 _____ C:\Users\User\Desktop\Equabank - Potvrzeni o zrizeni uctu.pdf
2021-02-09 10:46 - 2021-02-09 10:46 - 000062509 _____ C:\Users\User\Desktop\Equabank - Potvrzeni o zrizeni uctu.pdf
2021-02-09 10:42 - 2021-02-09 10:42 - 001606201 _____ C:\Users\User\Desktop\myDL.pdf
2021-02-09 10:42 - 2021-02-09 10:42 - 001606201 _____ C:\Users\User\Desktop\myDL.pdf
2021-02-09 10:42 - 2021-02-09 10:42 - 001606201 _____ C:\Users\User\Desktop\myDL.pdf
2021-02-09 10:39 - 2021-02-09 10:39 - 003402520 _____ C:\Users\User\Desktop\myID.pdf
2021-02-09 10:39 - 2021-02-09 10:39 - 003402520 _____ C:\Users\User\Desktop\myID.pdf
2021-02-09 10:39 - 2021-02-09 10:39 - 003402520 _____ C:\Users\User\Desktop\myID.pdf
2021-02-08 19:24 - 2021-02-08 20:18 - 571883259 _____ C:\Users\User\Desktop\Ordinace v růžové zahradě 2 (1008) Jediná naděje (11.02.2021).mp4
2021-02-08 19:24 - 2021-02-08 20:18 - 571883259 _____ C:\Users\User\Desktop\Ordinace v růžové zahradě 2 (1008) Jediná naděje (11.02.2021).mp4
2021-02-08 19:24 - 2021-02-08 20:18 - 571883259 _____ C:\Users\User\Desktop\Ordinace v růžové zahradě 2 (1008) Jediná naděje (11.02.2021).mp4
2021-02-06 20:35 - 2021-02-06 20:35 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-02-06 20:35 - 2021-02-06 20:35 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-02-06 20:33 - 2021-02-06 20:33 - 001314112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-02-05 19:58 - 2021-02-05 19:58 - 000000000 ____D C:\FFOutput
2021-02-05 19:40 - 2021-02-05 19:54 - 000000000 ____D C:\Fraps
2021-02-05 19:40 - 2021-02-05 19:40 - 000000616 _____ C:\Users\Public\Desktop\Fraps.lnk
2021-02-05 19:40 - 2021-02-05 19:40 - 000000616 _____ C:\Users\Public\Desktop\Fraps.lnk
2021-02-05 19:40 - 2021-02-05 19:40 - 000000616 _____ C:\Users\Public\Desktop\Fraps.lnk
2021-02-05 19:40 - 2021-02-05 19:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2021-02-05 19:40 - 2021-02-05 19:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2021-02-05 19:40 - 2021-02-05 19:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2021-02-05 02:31 - 2021-02-05 02:31 - 000003472 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-02-05 02:31 - 2021-02-05 02:31 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-02-05 01:45 - 2021-02-05 01:45 - 000001650 _____ C:\Users\Public\Desktop\GTA San Andreas.lnk
2021-02-05 01:45 - 2021-02-05 01:45 - 000001650 _____ C:\Users\Public\Desktop\GTA San Andreas.lnk
2021-02-05 01:45 - 2021-02-05 01:45 - 000001650 _____ C:\Users\Public\Desktop\GTA San Andreas.lnk
2021-02-05 01:45 - 2021-02-05 01:45 - 000000000 ____D C:\ProgramData\Caphyon
2021-02-05 01:45 - 2021-02-05 01:45 - 000000000 ____D C:\ProgramData\Caphyon
2021-02-05 01:45 - 2021-02-05 01:45 - 000000000 ____D C:\ProgramData\Caphyon
2021-02-04 17:40 - 2021-02-04 17:40 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2021-02-04 17:40 - 2021-02-04 17:40 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2021-02-02 12:25 - 2021-02-05 02:05 - 000000000 ____D C:\Users\User\Documents\GTA San Andreas User Files
2021-02-02 12:25 - 2021-02-05 02:05 - 000000000 ____D C:\Users\User\Documents\GTA San Andreas User Files
2021-02-02 12:25 - 2021-02-05 02:05 - 000000000 ____D C:\Users\User\Documents\GTA San Andreas User Files
2021-01-31 18:45 - 2021-01-31 18:45 - 000000000 ____D C:\WINDOWS\system32\9475f6af1225907f0aabc56947f60..bin
2021-01-30 16:56 - 2021-01-30 18:32 - 1723574272 _____ C:\Users\User\Desktop\Psí detektiv - CZ daing 2018 (Show dogs).avi
2021-01-30 16:56 - 2021-01-30 18:32 - 1723574272 _____ C:\Users\User\Desktop\Psí detektiv - CZ daing 2018 (Show dogs).avi
2021-01-30 16:56 - 2021-01-30 18:32 - 1723574272 _____ C:\Users\User\Desktop\Psí detektiv - CZ daing 2018 (Show dogs).avi
2021-01-30 15:41 - 2021-01-30 15:45 - 736073260 _____ C:\Users\User\Desktop\Alvin.a.Chipmunkové.4.CZ.Dabing.Dobra.Kvalita.avi
2021-01-30 15:41 - 2021-01-30 15:45 - 736073260 _____ C:\Users\User\Desktop\Alvin.a.Chipmunkové.4.CZ.Dabing.Dobra.Kvalita.avi
2021-01-30 15:41 - 2021-01-30 15:45 - 736073260 _____ C:\Users\User\Desktop\Alvin.a.Chipmunkové.4.CZ.Dabing.Dobra.Kvalita.avi
2021-01-30 15:35 - 2021-01-30 16:43 - 734373246 _____ C:\Users\User\Desktop\Alvin-a-Chipmunkove-3-CZ-2011.avi
2021-01-30 15:35 - 2021-01-30 16:43 - 734373246 _____ C:\Users\User\Desktop\Alvin-a-Chipmunkove-3-CZ-2011.avi
2021-01-30 15:35 - 2021-01-30 16:43 - 734373246 _____ C:\Users\User\Desktop\Alvin-a-Chipmunkove-3-CZ-2011.avi
2021-01-30 10:51 - 2021-01-30 11:33 - 740636750 _____ C:\Users\User\Desktop\Alvin-a-Chipmunkové-2-CZ-Dabing-AVI-USB-TV.avi
2021-01-30 10:51 - 2021-01-30 11:33 - 740636750 _____ C:\Users\User\Desktop\Alvin-a-Chipmunkové-2-CZ-Dabing-AVI-USB-TV.avi
2021-01-30 10:51 - 2021-01-30 11:33 - 740636750 _____ C:\Users\User\Desktop\Alvin-a-Chipmunkové-2-CZ-Dabing-AVI-USB-TV.avi
2021-01-30 09:21 - 2021-01-30 10:03 - 734019427 _____ C:\Users\User\Desktop\Alvin a Chipmunkové 1 CZ.avi
2021-01-30 09:21 - 2021-01-30 10:03 - 734019427 _____ C:\Users\User\Desktop\Alvin a Chipmunkové 1 CZ.avi
2021-01-30 09:21 - 2021-01-30 10:03 - 734019427 _____ C:\Users\User\Desktop\Alvin a Chipmunkové 1 CZ.avi
2021-01-26 19:48 - 2021-01-26 19:48 - 000000000 ____D C:\Users\User\AppData\Local\DOSBox
2021-01-26 19:48 - 2021-01-26 19:48 - 000000000 ____D C:\Users\User\AppData\Local\DOSBox
2021-01-26 19:48 - 2021-01-26 19:48 - 000000000 ____D C:\Users\User\AppData\Local\DOSBox
2021-01-26 19:46 - 2021-01-27 14:14 - 000000000 ____D C:\Users\User\Desktop\BOG
2021-01-26 19:46 - 2021-01-27 14:14 - 000000000 ____D C:\Users\User\Desktop\BOG
2021-01-26 19:46 - 2021-01-27 14:14 - 000000000 ____D C:\Users\User\Desktop\BOG
2021-01-26 19:44 - 2021-01-26 19:44 - 000000684 _____ C:\Users\User\Desktop\DOSBox 0.74-3.lnk
2021-01-26 19:44 - 2021-01-26 19:44 - 000000684 _____ C:\Users\User\Desktop\DOSBox 0.74-3.lnk
2021-01-26 19:44 - 2021-01-26 19:44 - 000000684 _____ C:\Users\User\Desktop\DOSBox 0.74-3.lnk
2021-01-26 19:44 - 2021-01-26 19:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74-3
2021-01-26 19:44 - 2021-01-26 19:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74-3
2021-01-26 19:44 - 2021-01-26 19:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74-3
2021-01-25 14:51 - 2021-02-02 21:47 - 000000000 ____D C:\Users\User\Desktop\Krimi Horory
2021-01-25 14:51 - 2021-02-02 21:47 - 000000000 ____D C:\Users\User\Desktop\Krimi Horory
2021-01-25 14:51 - 2021-02-02 21:47 - 000000000 ____D C:\Users\User\Desktop\Krimi Horory
2021-01-24 10:16 - 2021-01-24 10:24 - 950591488 _____ C:\Users\User\Desktop\Nezvaná 2009 CZdub.avi
2021-01-24 10:16 - 2021-01-24 10:24 - 950591488 _____ C:\Users\User\Desktop\Nezvaná 2009 CZdub.avi
2021-01-24 10:16 - 2021-01-24 10:24 - 950591488 _____ C:\Users\User\Desktop\Nezvaná 2009 CZdub.avi
2021-01-24 10:13 - 2021-01-24 10:24 - 1330877144 _____ C:\Users\User\Desktop\Python (2000) CZ dabing Horor Thriller.avi
2021-01-24 10:13 - 2021-01-24 10:24 - 1330877144 _____ C:\Users\User\Desktop\Python (2000) CZ dabing Horor Thriller.avi
2021-01-24 10:13 - 2021-01-24 10:24 - 1330877144 _____ C:\Users\User\Desktop\Python (2000) CZ dabing Horor Thriller.avi
2021-01-24 09:35 - 2021-01-24 10:32 - 987709867 _____ C:\Users\User\Desktop\Cabin Fever 2 (2009) CZ dab.mkv
2021-01-24 09:35 - 2021-01-24 10:32 - 987709867 _____ C:\Users\User\Desktop\Cabin Fever 2 (2009) CZ dab.mkv
2021-01-24 09:35 - 2021-01-24 10:32 - 987709867 _____ C:\Users\User\Desktop\Cabin Fever 2 (2009) CZ dab.mkv
2021-01-23 13:36 - 2021-01-23 13:49 - 000000000 ____D C:\Users\User\AppData\Local\FTMod
2021-01-23 13:36 - 2021-01-23 13:49 - 000000000 ____D C:\Users\User\AppData\Local\FTMod
2021-01-23 13:36 - 2021-01-23 13:49 - 000000000 ____D C:\Users\User\AppData\Local\FTMod
2021-01-23 13:36 - 2021-01-23 13:36 - 000000000 ____D C:\Users\User\AppData\Roaming\AMD
2021-01-23 13:36 - 2021-01-23 13:36 - 000000000 ____D C:\Users\User\AppData\Roaming\AMD
2021-01-23 13:36 - 2021-01-23 13:36 - 000000000 ____D C:\Users\User\AppData\Roaming\AMD
2021-01-23 13:35 - 2021-01-23 14:00 - 000000570 _____ C:\Users\User\Desktop\Format Factory.lnk
2021-01-23 13:35 - 2021-01-23 14:00 - 000000570 _____ C:\Users\User\Desktop\Format Factory.lnk
2021-01-23 13:35 - 2021-01-23 14:00 - 000000570 _____ C:\Users\User\Desktop\Format Factory.lnk
2021-01-23 13:35 - 2021-01-23 13:48 - 000000000 ____D C:\Users\User\Documents\FormatFactory
2021-01-23 13:35 - 2021-01-23 13:48 - 000000000 ____D C:\Users\User\Documents\FormatFactory
2021-01-23 13:35 - 2021-01-23 13:48 - 000000000 ____D C:\Users\User\Documents\FormatFactory
2021-01-23 13:35 - 2021-01-23 13:35 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2021-01-23 13:35 - 2021-01-23 13:35 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2021-01-23 13:35 - 2021-01-23 13:35 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2021-01-23 12:26 - 2021-01-23 13:59 - 000000000 ____D C:\Users\User\Desktop\Hospoda
2021-01-23 12:26 - 2021-01-23 13:59 - 000000000 ____D C:\Users\User\Desktop\Hospoda
2021-01-23 12:26 - 2021-01-23 13:59 - 000000000 ____D C:\Users\User\Desktop\Hospoda
2021-01-21 18:47 - 2021-01-21 20:11 - 1508222976 _____ C:\Users\User\Desktop\Porotci--horor-thriller-2013-cz Maruska.avi
2021-01-21 18:47 - 2021-01-21 20:11 - 1508222976 _____ C:\Users\User\Desktop\Porotci--horor-thriller-2013-cz Maruska.avi
2021-01-21 18:47 - 2021-01-21 20:11 - 1508222976 _____ C:\Users\User\Desktop\Porotci--horor-thriller-2013-cz Maruska.avi
2021-01-19 18:33 - 2021-01-19 19:22 - 862217842 _____ C:\Users\User\Desktop\Černá-smrt--DvD-rip--2010-cz-dabing.avi
2021-01-19 18:33 - 2021-01-19 19:22 - 862217842 _____ C:\Users\User\Desktop\Černá-smrt--DvD-rip--2010-cz-dabing.avi
2021-01-19 18:33 - 2021-01-19 19:22 - 862217842 _____ C:\Users\User\Desktop\Černá-smrt--DvD-rip--2010-cz-dabing.avi
2021-01-19 17:23 - 2021-01-19 18:10 - 838823936 _____ C:\Users\User\Desktop\Sam v temnote 2 (2008) (Horor,Thriller,Fantasy).avi
2021-01-19 17:23 - 2021-01-19 18:10 - 838823936 _____ C:\Users\User\Desktop\Sam v temnote 2 (2008) (Horor,Thriller,Fantasy).avi
2021-01-19 17:23 - 2021-01-19 18:10 - 838823936 _____ C:\Users\User\Desktop\Sam v temnote 2 (2008) (Horor,Thriller,Fantasy).avi
2021-01-19 11:58 - 2021-01-19 14:17 - 1432989948 _____ C:\Users\User\Desktop\Daria.2020.CZ.film_xvid.avi
2021-01-19 11:58 - 2021-01-19 14:17 - 1432989948 _____ C:\Users\User\Desktop\Daria.2020.CZ.film_xvid.avi
2021-01-19 11:58 - 2021-01-19 14:17 - 1432989948 _____ C:\Users\User\Desktop\Daria.2020.CZ.film_xvid.avi
2021-01-18 20:10 - 2021-01-18 21:06 - 1006591704 _____ C:\Users\User\Desktop\Pád do tmy 2(2009)cz.dabing.mp4
2021-01-18 20:10 - 2021-01-18 21:06 - 1006591704 _____ C:\Users\User\Desktop\Pád do tmy 2(2009)cz.dabing.mp4
2021-01-18 20:10 - 2021-01-18 21:06 - 1006591704 _____ C:\Users\User\Desktop\Pád do tmy 2(2009)cz.dabing.mp4
2021-01-18 19:00 - 2021-01-18 19:48 - 859192252 _____ C:\Users\User\Desktop\Pád do tmy 1 - Horor 2005 CZdab (dublsoft).mp4
2021-01-18 19:00 - 2021-01-18 19:48 - 859192252 _____ C:\Users\User\Desktop\Pád do tmy 1 - Horor 2005 CZdab (dublsoft).mp4
2021-01-18 19:00 - 2021-01-18 19:48 - 859192252 _____ C:\Users\User\Desktop\Pád do tmy 1 - Horor 2005 CZdab (dublsoft).mp4

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-16 21:58 - 2018-01-14 22:58 - 000243360 _____ C:\WINDOWS\ZAM.krnl.trace
2021-02-16 21:58 - 2018-01-14 22:58 - 000093134 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2021-02-16 21:44 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-02-16 21:25 - 2017-08-27 14:59 - 000000000 ____D C:\ProgramData\AVAST Software
2021-02-16 21:25 - 2017-08-27 14:59 - 000000000 ____D C:\ProgramData\AVAST Software
2021-02-16 21:25 - 2017-08-27 14:59 - 000000000 ____D C:\ProgramData\AVAST Software
2021-02-16 21:20 - 2017-08-27 15:01 - 000000000 ____D C:\Program Files\CCleaner
2021-02-16 21:18 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-16 21:18 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-16 21:18 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-16 21:15 - 2020-12-27 20:11 - 000008192 ___SH C:\DumpStack.log.tmp
2021-02-16 21:15 - 2020-11-19 00:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-02-16 21:14 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-02-16 21:14 - 2017-08-27 19:45 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2021-02-16 20:33 - 2018-01-10 14:35 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-02-16 20:33 - 2018-01-10 14:35 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-02-16 20:33 - 2018-01-10 14:35 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-02-16 20:04 - 2020-11-18 23:29 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-02-16 18:33 - 2020-12-27 20:58 - 000004210 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{63D458F5-851E-41EC-8FE4-DA27A83D20D1}
2021-02-16 15:29 - 2018-01-14 18:05 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
2021-02-16 15:29 - 2018-01-14 18:05 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
2021-02-16 15:29 - 2018-01-14 18:05 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
2021-02-16 12:05 - 2020-12-27 20:58 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-02-15 19:09 - 2018-06-20 16:44 - 000000000 ____D C:\Users\User\AppData\Roaming\vlc
2021-02-15 19:09 - 2018-06-20 16:44 - 000000000 ____D C:\Users\User\AppData\Roaming\vlc
2021-02-15 19:09 - 2018-06-20 16:44 - 000000000 ____D C:\Users\User\AppData\Roaming\vlc
2021-02-14 23:38 - 2020-12-26 22:07 - 000000000 ____D C:\Users\User\AppData\Local\AMSDK
2021-02-14 23:38 - 2020-12-26 22:07 - 000000000 ____D C:\Users\User\AppData\Local\AMSDK
2021-02-14 23:38 - 2020-12-26 22:07 - 000000000 ____D C:\Users\User\AppData\Local\AMSDK
2021-02-14 20:56 - 2020-12-28 18:22 - 000000000 ____D C:\Users\User\Desktop\antiviry
2021-02-14 20:56 - 2020-12-28 18:22 - 000000000 ____D C:\Users\User\Desktop\antiviry
2021-02-14 20:56 - 2020-12-28 18:22 - 000000000 ____D C:\Users\User\Desktop\antiviry
2021-02-14 20:55 - 2020-12-28 19:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2021-02-14 20:55 - 2020-12-28 19:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2021-02-14 20:55 - 2020-12-28 19:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2021-02-14 20:55 - 2020-12-28 19:29 - 000000000 ____D C:\Program Files\RogueKiller
2021-02-14 20:18 - 2018-02-07 15:33 - 000000000 ____D C:\Users\User\AppData\Local\AMD
2021-02-14 20:18 - 2018-02-07 15:33 - 000000000 ____D C:\Users\User\AppData\Local\AMD
2021-02-14 20:18 - 2018-02-07 15:33 - 000000000 ____D C:\Users\User\AppData\Local\AMD
2021-02-14 16:40 - 2020-12-27 20:37 - 001693136 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-02-14 16:40 - 2019-12-07 15:41 - 000703550 _____ C:\WINDOWS\system32\perfh005.dat
2021-02-14 16:40 - 2019-12-07 15:41 - 000140878 _____ C:\WINDOWS\system32\perfc005.dat
2021-02-14 16:35 - 2020-11-18 23:29 - 000328272 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-02-14 16:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-02-14 16:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-02-14 16:33 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-02-13 22:42 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-02-13 20:22 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-13 20:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-02-13 20:17 - 2020-12-27 20:58 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-02-13 20:16 - 2020-11-19 00:32 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-02-13 20:16 - 2020-11-19 00:32 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-02-13 20:16 - 2020-11-19 00:32 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-02-13 20:16 - 2020-11-19 00:32 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-02-13 20:16 - 2020-11-19 00:32 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-02-13 20:16 - 2020-11-19 00:32 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-02-13 20:08 - 2017-08-27 16:43 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-02-13 20:00 - 2017-12-17 11:29 - 000000000 ____D C:\Program Files\Microsoft Office
2021-02-13 19:55 - 2017-08-27 16:43 - 130141752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-02-13 19:53 - 2020-11-19 00:32 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-02-13 19:53 - 2020-11-19 00:32 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-02-06 22:19 - 2017-08-27 14:49 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-06 22:19 - 2017-08-27 14:49 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-06 22:19 - 2017-08-27 14:49 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-06 22:19 - 2017-08-27 14:49 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-02-06 22:19 - 2017-08-27 14:49 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-02-06 22:19 - 2017-08-27 14:49 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-02-06 21:48 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-02-06 21:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-02-06 21:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-02-06 21:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-02-06 21:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-02-06 21:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-02-06 21:48 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2021-02-05 20:18 - 2017-08-29 16:21 - 000000000 ____D C:\Users\User\Desktop\Filmy
2021-02-05 20:18 - 2017-08-29 16:21 - 000000000 ____D C:\Users\User\Desktop\Filmy
2021-02-05 20:18 - 2017-08-29 16:21 - 000000000 ____D C:\Users\User\Desktop\Filmy
2021-02-05 14:24 - 2020-12-27 20:58 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-02-04 13:22 - 2017-11-25 17:59 - 000000000 ____D C:\Users\User\AppData\Local\PlaceholderTileLogoFolder
2021-02-04 13:22 - 2017-11-25 17:59 - 000000000 ____D C:\Users\User\AppData\Local\PlaceholderTileLogoFolder
2021-02-04 13:22 - 2017-11-25 17:59 - 000000000 ____D C:\Users\User\AppData\Local\PlaceholderTileLogoFolder
2021-02-02 13:02 - 2019-12-07 10:10 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2021-02-02 13:02 - 2019-12-07 10:10 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2021-02-02 13:02 - 2019-12-07 10:10 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2021-02-02 13:02 - 2019-12-07 10:10 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2021-02-02 13:02 - 2019-12-07 10:10 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2021-02-02 13:02 - 2019-12-07 10:10 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2021-02-02 13:02 - 2019-12-07 10:10 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2021-02-02 13:02 - 2019-12-07 10:10 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2021-02-02 13:02 - 2019-12-07 10:10 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2021-02-02 13:02 - 2019-12-07 10:10 - 000005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2021-02-02 13:02 - 2019-12-07 10:10 - 000005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2021-02-02 13:02 - 2019-12-07 10:09 - 000494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2021-02-02 13:02 - 2019-12-07 10:09 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2021-02-02 13:02 - 2019-12-07 10:09 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2021-02-02 13:02 - 2019-12-07 10:09 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2021-02-02 13:02 - 2019-12-07 10:09 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2021-02-02 13:02 - 2019-12-07 10:09 - 000006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2021-02-02 13:02 - 2019-12-07 10:09 - 000006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2021-02-02 11:17 - 2017-08-27 15:01 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2021-02-02 11:17 - 2017-08-27 15:01 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2021-02-02 11:17 - 2017-08-27 15:01 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2021-01-31 18:16 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-01-28 16:54 - 2017-11-05 18:49 - 000000000 ____D C:\Users\User\AppData\Local\Packages
2021-01-28 16:54 - 2017-11-05 18:49 - 000000000 ____D C:\Users\User\AppData\Local\Packages
2021-01-28 16:54 - 2017-11-05 18:49 - 000000000 ____D C:\Users\User\AppData\Local\Packages
2021-01-27 08:56 - 2017-08-29 17:35 - 000000000 ____D C:\Users\User\Desktop\Pohádky
2021-01-27 08:56 - 2017-08-29 17:35 - 000000000 ____D C:\Users\User\Desktop\Pohádky
2021-01-27 08:56 - 2017-08-29 17:35 - 000000000 ____D C:\Users\User\Desktop\Pohádky
2021-01-22 10:28 - 2018-06-20 16:42 - 000001150 _____ C:\Users\Public\Desktop\VLC media player.lnk
2021-01-22 10:28 - 2018-06-20 16:42 - 000001150 _____ C:\Users\Public\Desktop\VLC media player.lnk
2021-01-22 10:28 - 2018-06-20 16:42 - 000001150 _____ C:\Users\Public\Desktop\VLC media player.lnk
2021-01-17 17:20 - 2020-12-27 18:09 - 000000000 ___DC C:\WINDOWS\Panther

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
When You smoke herb it reveals you to yourself. All the wickedness you do is revealed by the herb - it's you conscience and gives you an honest picture of yourself.
---------- Robert Nesta Marley ----------

Uživatelský avatar
Scanner
Level 3.5
Level 3.5
Příspěvky: 771
Registrován: srpen 11
Bydliště: Střední čechy
Pohlaví: Muž
Stav:
Offline
Kontakt:

Re: Prosím kontrolu

Příspěvekod Scanner » 16 úno 2021 23:39

Tohohle se nemůžu v HJT zbavit, fixnu je, udělám novej a jsou tam zpátky, už jsem to zkoušel 2x.
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=
O1 - Hosts: ::1 localhost


RogueKiller Anti-Malware V14.8.5.0 (x64) [Feb 12 2021] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19042) 64 bits
Started in : Normal mode
User : Simona [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20210216_091606, Driver : Loaded
Mode : Quick Scan, Scan -- Date : 2021/02/16 23:36:15 (Duration : 00:00:39)
Switches : -minimize

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
When You smoke herb it reveals you to yourself. All the wickedness you do is revealed by the herb - it's you conscience and gives you an honest picture of yourself.
---------- Robert Nesta Marley ----------


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 8 hostů