Virus? ColorMania.exe

Nejtt · Příspěvekod **Nejtt** » 22 čer 2021 20:15

Ahoj, mám pár dní zpět kompletně přeinstalovaný PC a zrovna sem si projížděl procesy a našel sem něco, co jsem nikdy ve svém PC neviděl. Proces pod jménem ColorMania,nicméně pokud to rozkliknu pravým a dám vlastnosti vyběhne na mě zase GoogleDiagnostics. Na googlu jsem o tom nic nenašel, když dám otevřít umístění souboru hodí mě to do AppData roaming a pak do prázdné složky kde nic není.
Nelze to ani vypnout, pokud to vypnu ihned se to zapne znovu?
Co to může být, dokáže mi prosím někdo pomoct?
Všem děkuji za rady
edit: provedl sem vše od ATF po Malware Bytes a poslední program mi našel:
Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 22.06.21
Čas skenování: 20:48
Logovací soubor: 7b8f1ea4-d38a-11eb-9be9-0c9d920fcebd.json

-Informace o softwaru-
Verze: 4.4.0.117
Verze komponentů: 1.0.1344
Aktualizovat verzi balíku komponent: 1.0.42099
Licence: Zkušební

-Systémová informace-
OS: Windows 10 (Build 19042.1052)
CPU: x64
Systém souborů: NTFS
Uživatel: DESKTOP-E04M61D\Tom

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 293762
Zjištěné hrozby: 7
Hrozby umístěné do karantény: 0
Uplynulý čas: 0 min, 55 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 3
Trojan.Tasker, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GoogleUpdateSoftware, Žádná uživatelská akce, 7622, 948162, , , , , ,
Trojan.Tasker, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4D7CACE7-A97B-45E1-8E64-9BD9BB1DC618}, Žádná uživatelská akce, 7622, 948162, , , , , ,
Trojan.Tasker, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{4D7CACE7-A97B-45E1-8E64-9BD9BB1DC618}, Žádná uživatelská akce, 7622, 948162, , , , , ,

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 4
Trojan.Tasker, C:\WINDOWS\SYSTEM32\TASKS\GoogleUpdateSoftware, Žádná uživatelská akce, 7622, 948162, 1.0.42099, , ame, , EF43C7C44E89180C9A2363CB7C867730, 26444D8D2D96411CFD6150520B037BBFB25DA6FC9B4367CA93EF6EBAC065AFA2
RiskWare.BitCoinMiner, C:\USERS\TOM\APPDATA\ROAMING\WINHOST\SYSWOW.EXE, Žádná uživatelská akce, 914, 877371, 1.0.42099, 1C500C3F1E6E48A6FFA8924F, dds, 01301351, F0D5D1447F91A88F0B4331E82A661EA5, 599393E258D8BA7B8F8633E20C651868258827D3A43A4D0712125BC487EABF92
MachineLearning/Anomalous.95%, C:\USERS\TOM\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\User Pinned\TaskBar\µTorrent.lnk, Žádná uživatelská akce, 0, 392687, , , , , 8F1061EA9570C3797159A5293F02E1C0, D864C98D9B9987FD927B18EA1FBFE3407A526D36AACC61C5DF8F30C9CC60FF43
MachineLearning/Anomalous.95%, C:\USERS\TOM\APPDATA\ROAMING\UTORRENT\UTORRENT.EXE, Žádná uživatelská akce, 0, 392687, 1.0.42099, , shuriken, , F683A8A64E4C06222E6C2110676FB271, 63FA8F89C50032DF889F06AB564CD2F266864918CCCA2F921C8F0242DADC4D9A

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

WMI: 0
(Nebyly zjištěny žádné škodlivé položky)

(end)
Nechápu třeba ten BitCoinMiner Riskware, v životě sem nic netěžil ani nevím jak se to dělá..

Reklama

Příspěvekod **ITCrowd** » 22 čer 2021 20:53

https://www.google.com/search?q=ColorMa ... CAg&uact=5

Nejtt · Příspěvekod **Nejtt** » 22 čer 2021 20:59

Ano, to jsem četl, ale není tam nic jak se toho zbavit. Nenašel sem to nikde v žádné podsložce nebo složce, kde by se to dalo odstranit.

Příspěvekod **ITCrowd** » 22 čer 2021 21:02

https://www.google.com/search?q=ColorMa ... CA4&uact=5

Nejtt · Příspěvekod **Nejtt** » 22 čer 2021 21:06

I to jsem zkoušel, nevidí to ani Revo Uninstaller, ani Advanced Uninstaller Pro, nic. Nikde není ani odinstalačka toho svinstva.

Příspěvekod **jaro3** » 22 čer 2021 22:58

Je to potřeba vyčistit.

Vlož log z HJT:
https://sourceforge.net/projects/hjt/fi ... e/download

. spusť znovu Malwarebytes' Anti-Malware a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si ATF Cleaner
https://www.majorgeeks.com/mg/getmirror ... ner,2.html
Poklepej na ATF Cleaner.exe, klikni na select all, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

Stáhni si TFC
http://www.geekstogo.com/forum/files/fi ... -oldtimer/
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/
http://www.adlice.com/downloadprogress/
pro majitele win7 stáhni zde:
https://filehippo.com/download_adwcleaner/ ( nedávej aktualizaci!)

Ulož si ho na svojí plochu . Klikni na „Souhlasím“ k povrzení podmínek.
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Skenování“
Po skenu se objeví log , který se otevře. ( jinak je uložen systémovem disku jako C:\AdwCleaner [C?].txt ), jeho obsah sem celý vlož.

Nejtt · Příspěvekod **Nejtt** » 23 čer 2021 15:05

HiJackThis log:
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
D:\Program Files (x86)\Synapse3\Service\..\UserProcess\Razer Synapse Service Process.exe
D:\Program Files (x86)\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe
D:\Program Files (x86)\creative\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe
C:\Users\Tom\AppData\Roaming\Google\GoogleDiagnostics.exe
D:\Users\Tom\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\91.0.864.54\BHO\ie_to_edge_bho.dll
O4 - HKLM\..\Run: [VolPanel] "D:\Program Files (x86)\creative\Volume Panel\VolPanlu.exe" /r
O4 - HKCU\..\Run: [Synapse3] "D:\Program Files (x86)\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe" /StartMinimized
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_F6A43803F41C0EE8AA9068339E55A010] "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
O4 - HKUS\S-1-5-18\..\Run: [Synapse3] D:\Program Files (x86)\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe /StartMinimized (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Synapse3] D:\Program Files (x86)\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe /StartMinimized (User 'Default user')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\Windows\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_120886e - Unknown owner - C:\Windows\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA FrameView SDK service (FvSvc) - NVIDIA - C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) (GoogleChromeElevationService) - Google LLC - C:\Program Files\Google\Chrome\Application\91.0.4472.114\elevation_service.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @oem14.inf,%SocketHECIServiceName%;Intel(R) Capability Licensing Service TCP IP Interface (Intel(R) Capability Licensing Service TCP IP Interface) - Intel(R) Corporation - C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\SocketHeciServer.exe
O23 - Service: @oem14.inf,%TPMProvisioningServiceName%;Intel(R) TPM Provisioning Service (Intel(R) TPM Provisioning Service) - Intel(R) Corporation - C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\TPMProvisioningService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightKeeperService - Micro-Star INT'L CO., LTD. - C:\Program Files (x86)\MSI\One Dragon Center\Mystic_Light\LightKeeperService.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - D:\Program Files (x86)\bytes\MBAMService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MSI Foundation Service - Micro-Star International Co., Ltd. - C:\Program Files (x86)\MSI\One Dragon Center\Game_Summary\FoundationService\MSIAPService.exe
O23 - Service: MSI Central Service (MSI_Central_Service) - Micro-Star Int'l Co., Ltd. - C:\Program Files (x86)\MSI\One Dragon Center\MSI_Central_Service.exe
O23 - Service: MSI_Companion_Service - Micro-Star INT'L CO., LTD. - C:\Program Files (x86)\MSI\One Dragon Center\Game_Summary\MSI_Companion_Service.exe
O23 - Service: MSI Voice Control Service (MSI_VoiceControl_Service) - Micro-Star INT'L CO., LTD. - C:\Program Files (x86)\MSI\One Dragon Center\VoiceControl\VoiceControl_Service.exe
O23 - Service: Mystic_Light_Service - Micro-Star Int'l Co., Ltd. - C:\Program Files (x86)\MSI\One Dragon Center\Mystic_Light\Mystic_Light_Service.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Windows\System32\DriverStore\FileRepository\nvmdi.inf_amd64_6a0632b60438e56d\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: Razer Game Manager (Razer Game Manager Service) - Razer Inc - C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
O23 - Service: Razer Synapse Service - Razer Inc. - D:\Program Files (x86)\Synapse3\Service\Razer Synapse Service.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @oem31.inf,%RstMwService.ServiceName%;Intel(R) Storage Middleware Service (RstMwService) - Intel Corporation - C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_e43ec0fd38c7d43c\RstMwService.exe
O23 - Service: Razer Central Service (RzActionSvc) - Razer Inc. - C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\steamservice.exe
O23 - Service: SteelSeries Update Service (SteelSeriesUpdateService) - Unknown owner - C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesUpdateService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

Adw log:
# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build: 03-22-2021
# Database: 2021-05-17.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 06-22-2021
# Duration: 00:00:03
# OS: Windows 10 Pro
# Scanned: 31966
# Detected: 0

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

Příspěvekod **jaro3** » 23 čer 2021 16:44

spusť znovu Malwarebytes' Anti-Malware a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

kde je log?

Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
https://downloads.malwarebytes.com/file/JRT-EOL
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

Sophos Virus Removal Tool je praktický softwarový nástroj, který by mohl odstranit infekce, které antivirový program nedetekuje .
Stáhněte si ho zde z některého odkazu:
http://www.majorgeeks.com/files/details ... _tool.html
http://www.majorgeeks.com/mg/get/sophos ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,2.html

Viry mohou zpomalit počítač, nebo se snaží ukrást vaše data, a ani nevíte , že je máte. Co potřebujete, je rychlý a snadný způsob, jak je najít a zbavit se jich, pokud již máte antivirový program v počítači nainstalován , můžete nainstalovat i nástroj Sophos Virus Removal , který identifikuje a vyčistí zbylé infekce, které mohl Váš antivirový program přehlédnout.
K použití Sophos Virus Removal Tool na něj poklepejte a stiskněte tlačítko „Start scanning“ . Pak bude Sophos Virus Removal Tool vyhledávat a odstraňovat viry, které najde. Může být vyžadován restart.
Pokud byly nalezeny viry , tak po skenu klikni na „Details…“ a potom na „View log file“. Zkopíruj celý log a vlož ho sem. Potom zavři „threat detail“ a klikni na „Start cleanup“.
Jinak se log nachází zde:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs

Stáhni si RogueKiller by Adlice Software
http://www.adlice.com/download/roguekiller/
http://www.bleepingcomputer.com/download/roguekiller/
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7,8,10 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“
- Program skenuje procesy PC. Po proskenování klikni na „Open Report “ , v okně pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
-pokud bude mít log více než 60.000 znaků , rozděl ho a vlož do více příspěvků

Nejtt · Příspěvekod **Nejtt** » 23 čer 2021 17:39

Log Malware Bytes: omlouvám se.
Malwarebytes
http://www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 23.06.21
Čas skenování: 16:44
Logovací soubor: 879b4c02-d431-11eb-b75f-0c9d920fcebd.json

-Informace o softwaru-
Verze: 4.4.0.117
Verze komponentů: 1.0.1344
Aktualizovat verzi balíku komponent: 1.0.42137
Licence: Zkušební

-Systémová informace-
OS: Windows 10 (Build 19042.1052)
CPU: x64
Systém souborů: NTFS
Uživatel: DESKTOP-E04M61D\Tom

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 294023
Zjištěné hrozby: 0
Hrozby umístěné do karantény: 0
Uplynulý čas: 0 min, 37 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

WMI: 0
(Nebyly zjištěny žádné škodlivé položky)

(end)
log Junk removal tool
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Enterprise x64
Ran by Tom (Administrator) on 23.06.2021 at 16:47:27,72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 2

Successfully deleted: C:\Users\Tom\AppData\Roaming\imvuclient (Folder)
Successfully deleted: C:\Program Files (x86)\Common Files\innovative solutions (Folder)

Registry: 3

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_F6A43803F41C0EE8AA9068339E55A010 (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.06.2021 at 16:48:18,79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sophos log
2021-06-23 14:50:33.643 Sophos Virus Removal Tool version 2.9.0
2021-06-23 14:50:33.643 Copyright (c) 2009-2021 Sophos Limited. All rights reserved.

2021-06-23 14:50:33.643 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2021-06-23 14:50:33.643 Windows version 6.2 SP 0.0 build 9200 SM=0x100 PT=0x1 WOW64
2021-06-23 14:50:33.643 Checking for updates...
2021-06-23 14:50:33.648 Update progress: proxy server not available
2021-06-23 14:50:38.118 Downloading updates...
2021-06-23 14:50:38.119 Update progress: [I96736] sdds.svrt_v1.22: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2021-06-23 14:50:38.120 Update progress: [I95020] sdds.svrt_v1.22: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2021-06-23 14:50:38.120 Update progress: [I22529] sdds.svrt_v1.22: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2021-06-23 14:50:38.120 Update progress: [V81533] SU::createCachedPackageSource creating cached package source for http://d2.sophosupd.com/update: url=SOPHOS
2021-06-23 14:50:38.120 Update progress: [V81533] SU::createCachedPackageSource creating http_source_specific_data to download customer file
2021-06-23 14:50:38.120 Update progress: [V81533] SU::createCachedPackageSource creating package source to download customer file
2021-06-23 14:50:38.120 Update progress: [V81533] SU::createCachedPackageSource creating cached package source
2021-06-23 14:50:38.120 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: catalogue/sdds.data0910.xml
2021-06-23 14:50:38.120 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: catalogue/sdds.data0910.xml: 94 ms
2021-06-23 14:50:38.120 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: bdda2b7e04fbc8cf5c6e085f7e387bd6x000.xml: 2953 bytes
2021-06-23 14:50:38.120 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: bdda2b7e04fbc8cf5c6e085f7e387bd6x000.xml: 31 ms
2021-06-23 14:50:38.120 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 562a8bad4487ea1d640cd8fb01359fd0x000.xml: 8673 bytes
2021-06-23 14:50:38.120 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 562a8bad4487ea1d640cd8fb01359fd0x000.xml: 32 ms
2021-06-23 14:50:38.120 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE587/eab4ab0fcfc33c2d818f2776df5675bbx000.xml: 590 bytes
2021-06-23 14:50:38.120 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE587/eab4ab0fcfc33c2d818f2776df5675bbx000.xml: 31 ms
2021-06-23 14:50:38.120 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: SXLSUP/9658bb75e4104455fe802645d41af3dax000.xml: 598 bytes
2021-06-23 14:50:38.120 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: SXLSUP/9658bb75e4104455fe802645d41af3dax000.xml: 31 ms
2021-06-23 14:50:38.120 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE581/ae77cf03abc824850ff4f2327f91cb0dx000.xml: 599 bytes
2021-06-23 14:50:38.120 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE581/ae77cf03abc824850ff4f2327f91cb0dx000.xml: 78 ms
2021-06-23 14:50:38.120 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE584/1e39b9b7413246d49e0ee2940b4c73f6x000.xml: 601 bytes
2021-06-23 14:50:38.120 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE584/1e39b9b7413246d49e0ee2940b4c73f6x000.xml: 31 ms
2021-06-23 14:50:38.120 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE583/23adccafb6adbb7c7ce5b29d1c1b6e3fx000.xml: 601 bytes
2021-06-23 14:50:38.120 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE583/23adccafb6adbb7c7ce5b29d1c1b6e3fx000.xml: 32 ms
2021-06-23 14:50:38.120 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE579/26a1a097a14b8e0bbd28be53a2aafb1ex000.xml: 601 bytes
2021-06-23 14:50:38.120 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE579/26a1a097a14b8e0bbd28be53a2aafb1ex000.xml: 47 ms
2021-06-23 14:50:38.120 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE580/44559335c6f1bc63dde9d811db091136x000.xml: 601 bytes
2021-06-23 14:50:38.120 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE580/44559335c6f1bc63dde9d811db091136x000.xml: 31 ms
2021-06-23 14:50:38.120 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE577/55f0b0a4e526c2d0401e01357d48129ax000.xml: 601 bytes
2021-06-23 14:50:38.120 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE577/55f0b0a4e526c2d0401e01357d48129ax000.xml: 47 ms
2021-06-23 14:50:38.120 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE582/9e63ff578a72efd4cb6ee076fe03022bx000.xml: 601 bytes
2021-06-23 14:50:38.120 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE582/9e63ff578a72efd4cb6ee076fe03022bx000.xml: 47 ms
2021-06-23 14:50:38.120 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE585/d95e6b645ad26ad48e59aff63c9c1b7ax000.xml: 601 bytes
2021-06-23 14:50:38.120 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE585/d95e6b645ad26ad48e59aff63c9c1b7ax000.xml: 31 ms
2021-06-23 14:50:38.120 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE578/fd09277a9cc316c7820beadc29555583x000.xml: 601 bytes
2021-06-23 14:50:38.120 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE578/fd09277a9cc316c7820beadc29555583x000.xml: 47 ms
2021-06-23 14:50:38.120 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE586/805306883a751feb9352fc81f4648df8x000.xml: 2069 bytes
2021-06-23 14:50:38.120 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE586/805306883a751feb9352fc81f4648df8x000.xml: 31 ms
2021-06-23 14:50:38.120 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: f58908de1afce77b2fcb98c952917019x000.xml: 615 bytes
2021-06-23 14:50:38.120 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: f58908de1afce77b2fcb98c952917019x000.xml: 31 ms
2021-06-23 14:50:38.120 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: f80ea45cd6e07e5028912e97b56edb1dx000.xml: 320 bytes
2021-06-23 14:50:38.120 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: f80ea45cd6e07e5028912e97b56edb1dx000.xml: 31 ms
2021-06-23 14:50:38.120 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 0c458d84352f35f2b272f8b87e9f9576x000.xml: 753 bytes
2021-06-23 14:50:38.120 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 0c458d84352f35f2b272f8b87e9f9576x000.xml: 47 ms
2021-06-23 14:50:38.120 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 5c7f0eec8cb5f488397216dcfb7e98e8x000.xml: 331 bytes
2021-06-23 14:50:38.120 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 5c7f0eec8cb5f488397216dcfb7e98e8x000.xml: 31 ms
2021-06-23 14:50:38.120 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: da82c4321ed3a85c851dd96613257cf6x000.xml: 1027 bytes
2021-06-23 14:50:38.120 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: da82c4321ed3a85c851dd96613257cf6x000.xml: 31 ms
2021-06-23 14:50:38.120 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: d6f82f98826028071fb6ad3490b7ce39x000.xml: 336 bytes
2021-06-23 14:50:38.120 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: d6f82f98826028071fb6ad3490b7ce39x000.xml: 32 ms
2021-06-23 14:50:38.120 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: cc8cdc228495cbbb99d92b1850914692x000.xml: 1027 bytes
2021-06-23 14:50:38.120 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: cc8cdc228495cbbb99d92b1850914692x000.xml: 15 ms
2021-06-23 14:50:38.120 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 6cd9627416c52497edb46bcc9918460cx000.xml: 338 bytes
2021-06-23 14:50:38.120 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 6cd9627416c52497edb46bcc9918460cx000.xml: 47 ms
2021-06-23 14:50:38.120 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 053fa443b43f36e149e8f51833e0ce8cx000.xml: 1027 bytes
2021-06-23 14:50:38.120 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 053fa443b43f36e149e8f51833e0ce8cx000.xml: 16 ms
2021-06-23 14:50:38.120 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: e201f2c9f376a619ff4aae3b10e2203ax000.xml: 338 bytes
2021-06-23 14:50:38.120 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: e201f2c9f376a619ff4aae3b10e2203ax000.xml: 47 ms
2021-06-23 14:50:38.120 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: f68284d0c844770e160f65625b572b5ex000.xml: 1027 bytes
2021-06-23 14:50:38.120 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: f68284d0c844770e160f65625b572b5ex000.xml: 31 ms
2021-06-23 14:50:38.120 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: b6237eb64a0908d40c9415a7c7ba3843x000.xml: 338 bytes
2021-06-23 14:50:38.120 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: b6237eb64a0908d40c9415a7c7ba3843x000.xml: 31 ms
2021-06-23 14:50:38.120 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 664cf44531a491f6d94d8e883ebd8013x000.xml: 1027 bytes
2021-06-23 14:50:38.120 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 664cf44531a491f6d94d8e883ebd8013x000.xml: 31 ms
2021-06-23 14:50:38.120 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: e633c35f2a494780bd5b5266ac06f13ax000.xml: 338 bytes
2021-06-23 14:50:38.120 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: e633c35f2a494780bd5b5266ac06f13ax000.xml: 32 ms
2021-06-23 14:50:38.120 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: d48b68b7041bde7c1484c5cb94897672x000.xml: 1027 bytes
2021-06-23 14:50:38.120 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: d48b68b7041bde7c1484c5cb94897672x000.xml: 47 ms
2021-06-23 14:50:38.120 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 28bb8eb241a254452f85129686b027e5x000.xml: 338 bytes
2021-06-23 14:50:38.120 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 28bb8eb241a254452f85129686b027e5x000.xml: 156 ms
2021-06-23 14:50:38.120 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 878a18899586c560f619305502fcd768x000.xml: 1027 bytes
2021-06-23 14:50:38.120 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 878a18899586c560f619305502fcd768x000.xml: 31 ms
2021-06-23 14:50:38.120 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 8fccbc62ca697207b715b0fecc359aa1x000.xml: 338 bytes
2021-06-23 14:50:38.120 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 8fccbc62ca697207b715b0fecc359aa1x000.xml: 31 ms
2021-06-23 14:50:38.120 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 4f8f7605f7941cc82662b3cd7204b8a6x000.xml: 1027 bytes
2021-06-23 14:50:38.120 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 4f8f7605f7941cc82662b3cd7204b8a6x000.xml: 32 ms
2021-06-23 14:50:38.120 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 163cf4865efcb0d886db7332b8295e69x000.xml: 338 bytes
2021-06-23 14:50:38.121 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 163cf4865efcb0d886db7332b8295e69x000.xml: 31 ms
2021-06-23 14:50:38.121 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: ff82765819ae95b2d888a3384d7f2c2cx000.xml: 1027 bytes
2021-06-23 14:50:38.121 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: ff82765819ae95b2d888a3384d7f2c2cx000.xml: 125 ms
2021-06-23 14:50:38.121 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: d9a77a07892e11509435eeb503ebcbafx000.xml: 338 bytes
2021-06-23 14:50:38.121 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: d9a77a07892e11509435eeb503ebcbafx000.xml: 15 ms
2021-06-23 14:50:38.121 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 26c10a1863bd1a2a9f94c96204fdb55fx000.xml: 877 bytes
2021-06-23 14:50:38.121 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 26c10a1863bd1a2a9f94c96204fdb55fx000.xml: 32 ms
2021-06-23 14:50:38.121 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: e62b61b7c2fe833ff6b0de8de36d1401x000.xml: 336 bytes
2021-06-23 14:50:38.121 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: e62b61b7c2fe833ff6b0de8de36d1401x000.xml: 31 ms
2021-06-23 14:50:38.121 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: bbcce806230b3b255b669082dac43279x000.xml: 877 bytes
2021-06-23 14:50:38.121 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: bbcce806230b3b255b669082dac43279x000.xml: 31 ms
2021-06-23 14:50:38.121 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 9af81b974df2cc5ada9fc307c64210e1x000.xml: 336 bytes
2021-06-23 14:50:38.121 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 9af81b974df2cc5ada9fc307c64210e1x000.xml: 16 ms
2021-06-23 14:50:38.121 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 06c3754da6b751196382988bd2cddb9ax000.xml: 877 bytes
2021-06-23 14:50:38.121 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 06c3754da6b751196382988bd2cddb9ax000.xml: 31 ms
2021-06-23 14:50:38.121 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: ffe404ecb647a5fa8751acb87adb5a7ax000.xml: 336 bytes
2021-06-23 14:50:38.121 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: ffe404ecb647a5fa8751acb87adb5a7ax000.xml: 16 ms
2021-06-23 14:50:38.121 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: f0ef0171fbf5e374928cad6dbc99a4f2x000.xml: 1027 bytes
2021-06-23 14:50:38.121 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: f0ef0171fbf5e374928cad6dbc99a4f2x000.xml: 16 ms
2021-06-23 14:50:38.121 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: d5c9ff5f592c65ee02da38787bf13c95x000.xml: 336 bytes
2021-06-23 14:50:38.121 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: d5c9ff5f592c65ee02da38787bf13c95x000.xml: 31 ms
2021-06-23 14:50:38.121 Update progress: [I49502] sdds.data0910.xml: found supplement IDE585 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2021-06-23 14:50:38.121 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE585 LATEST path=
2021-06-23 14:50:38.121 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE585 LATEST path=
2021-06-23 14:50:38.121 Update progress: [I49502] sdds.data0910.xml: found supplement IDE586 LATEST path= baseVersion= [included from product IDE585 LATEST path=]
2021-06-23 14:50:38.121 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE586 LATEST path=
2021-06-23 14:50:38.121 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE586 LATEST path=
2021-06-23 14:50:38.121 Update progress: [I49502] sdds.data0910.xml: found supplement IDE587 LATEST path= baseVersion= [included from product IDE586 LATEST path=]
2021-06-23 14:50:38.121 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE587 LATEST path=
2021-06-23 14:50:38.121 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE587 LATEST path=
2021-06-23 14:50:38.121 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2021-06-23 14:50:38.121 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 3dcc4d8ea92036c73d686c8678cd34c5x000.xml: 61194 bytes
2021-06-23 14:50:38.121 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 3dcc4d8ea92036c73d686c8678cd34c5x000.xml: 79 ms
2021-06-23 14:50:38.121 Update progress: [I19463] Product download size 185409674 bytes
2021-06-23 14:50:39.768 Option all = no
2021-06-23 14:50:39.768 Option recurse = yes
2021-06-23 14:50:39.768 Option archive = no
2021-06-23 14:50:39.768 Option service = yes
2021-06-23 14:50:39.768 Option confirm = yes
2021-06-23 14:50:39.768 Option sxl = yes
2021-06-23 14:50:39.769 Option max-data-age = 35
2021-06-23 14:50:39.769 Option vdl-logging = yes
2021-06-23 14:50:39.773 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2021-06-23 14:50:39.773 Machine ID: 7af310aa80b942b8911ea504e4ae4f75
2021-06-23 14:50:39.774 Component SVRTcli.exe version 2.9.0
2021-06-23 14:50:39.774 Component control.dll version 2.9.0
2021-06-23 14:50:39.774 Component SVRTservice.exe version 2.9.0
2021-06-23 14:50:39.774 Component engine\osdp.dll version 1.44.1.2510
2021-06-23 14:50:39.774 Component engine\veex.dll version 3.81.0.2510
2021-06-23 14:50:39.775 Component engine\savi.dll version 9.0.23.2510
2021-06-23 14:50:39.775 Component rkdisk.dll version 1.5.33.1
2021-06-23 14:50:39.775 Version info: Product version 2.9.0
2021-06-23 14:50:39.775 Version info: Detection engine 3.81.0
2021-06-23 14:50:39.775 Version info: Detection data 5.82
2021-06-23 14:50:39.775 Version info: Build date 16.02.2021
2021-06-23 14:50:39.775 Version info: Data files added 208
2021-06-23 14:50:39.775 Version info: Last successful update (not yet updated)
2021-06-23 14:50:40.402 Update progress: [I19463] Syncing product IDE585 LATEST path=
2021-06-23 14:50:40.402 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 29c2a4edd6374086bb5f8f7b57847fadx000.xml: 27508 bytes
2021-06-23 14:50:40.402 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 29c2a4edd6374086bb5f8f7b57847fadx000.xml: 47 ms
2021-06-23 14:50:40.402 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 8097d70928d5bc3eea59f4432457c55ex000.xml: 397 bytes
2021-06-23 14:50:40.402 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 8097d70928d5bc3eea59f4432457c55ex000.xml: 31 ms
2021-06-23 14:50:40.402 Update progress: [I19463] Product download size 2909369 bytes
2021-06-23 14:50:48.522 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 7c0e10cd6afb8598ab6998a1a12b36f1x000.xml: 3609 bytes
2021-06-23 14:50:48.522 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 7c0e10cd6afb8598ab6998a1a12b36f1x000.xml: 31 ms
2021-06-23 14:50:48.562 Update progress: [I19463] Syncing product IDE586 LATEST path=
2021-06-23 14:50:48.562 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 4825318f2f6fca9028890896abfd6826x000.xml: 18054 bytes
2021-06-23 14:50:48.562 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 4825318f2f6fca9028890896abfd6826x000.xml: 31 ms
2021-06-23 14:50:48.562 Update progress: [I19463] Product download size 1478720 bytes
2021-06-23 14:50:53.274 Update progress: [I19463] Syncing product IDE587 LATEST path=
2021-06-23 14:50:53.274 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: f430c089bf466bb070b959d79391e4c2x000.xml: 124 bytes
2021-06-23 14:50:53.274 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: f430c089bf466bb070b959d79391e4c2x000.xml: 62 ms
2021-06-23 14:50:53.290 Installing updates...
2021-06-23 14:50:53.710 Error level 1
2021-06-23 14:50:55.390 Update successful
2021-06-23 14:51:01.583 Option all = no
2021-06-23 14:51:01.583 Option recurse = yes
2021-06-23 14:51:01.583 Option archive = no
2021-06-23 14:51:01.583 Option service = yes
2021-06-23 14:51:01.583 Option confirm = yes
2021-06-23 14:51:01.583 Option sxl = yes
2021-06-23 14:51:01.584 Option max-data-age = 35
2021-06-23 14:51:01.584 Option vdl-logging = yes
2021-06-23 14:51:01.587 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2021-06-23 14:51:01.587 Machine ID: 7af310aa80b942b8911ea504e4ae4f75
2021-06-23 14:51:01.587 Component SVRTcli.exe version 2.9.0
2021-06-23 14:51:01.587 Component control.dll version 2.9.0
2021-06-23 14:51:01.587 Component SVRTservice.exe version 2.9.0
2021-06-23 14:51:01.587 Component engine\osdp.dll version 1.44.1.2510
2021-06-23 14:51:01.588 Component engine\veex.dll version 3.81.0.2510
2021-06-23 14:51:01.588 Component engine\savi.dll version 9.0.23.2510
2021-06-23 14:51:01.588 Component rkdisk.dll version 1.5.33.1
2021-06-23 14:51:01.588 Version info: Product version 2.9.0
2021-06-23 14:51:01.588 Version info: Detection engine 3.81.0
2021-06-23 14:51:01.588 Version info: Detection data 5.84
2021-06-23 14:51:01.588 Version info: Build date 11.05.2021
2021-06-23 14:51:01.588 Version info: Data files added 182
2021-06-23 14:51:01.588 Version info: Last successful update 23.06.2021 16:50:55

2021-06-23 14:53:34.564 Could not open C:\hiberfil.sys
2021-06-23 14:53:34.568 Could not open C:\pagefile.sys
2021-06-23 14:55:50.701 Could not open C:\swapfile.sys
2021-06-23 14:55:50.733 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2021-06-23 14:55:50.733 Could not open C:\System Volume Information\{5a0ee3d3-d384-11eb-955d-0c9d920fcebd}{3808876b-c176-4e48-b7ae-04046e6cc752}
2021-06-23 14:55:50.733 Could not open C:\System Volume Information\{5a0ee3fa-d384-11eb-955d-0c9d920fcebd}{3808876b-c176-4e48-b7ae-04046e6cc752}
2021-06-23 14:55:50.733 Could not open C:\System Volume Information\{9d6d5f66-d425-11eb-9561-0c9d920fcebd}{3808876b-c176-4e48-b7ae-04046e6cc752}
2021-06-23 14:55:50.734 Could not open C:\System Volume Information\{9d6d61b8-d425-11eb-9561-0c9d920fcebd}{3808876b-c176-4e48-b7ae-04046e6cc752}
2021-06-23 14:55:50.734 Could not open C:\System Volume Information\{b0e099cf-d01f-11eb-9555-0c9d920fcebd}{3808876b-c176-4e48-b7ae-04046e6cc752}
2021-06-23 14:55:50.734 Could not open C:\System Volume Information\{b0e099da-d01f-11eb-9555-0c9d920fcebd}{3808876b-c176-4e48-b7ae-04046e6cc752}
2021-06-23 14:56:03.674 Could not open C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13268933758036412
2021-06-23 14:56:03.675 Could not open C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13268933300635426
2021-06-23 14:56:06.584 Could not open C:\Users\Tom\AppData\Local\Microsoft\WindowsApps\GameBarElevatedFT_Alias.exe
2021-06-23 14:56:06.586 Could not open C:\Users\Tom\AppData\Local\Microsoft\WindowsApps\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\python.exe
2021-06-23 14:56:06.586 Could not open C:\Users\Tom\AppData\Local\Microsoft\WindowsApps\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\python3.exe
2021-06-23 14:56:06.588 Could not open C:\Users\Tom\AppData\Local\Microsoft\WindowsApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
2021-06-23 14:56:06.589 Could not open C:\Users\Tom\AppData\Local\Microsoft\WindowsApps\Microsoft.SkypeApp_kzf8qxf38zg5c\Skype.exe
2021-06-23 14:56:06.591 Could not open C:\Users\Tom\AppData\Local\Microsoft\WindowsApps\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\GameBarElevatedFT_Alias.exe
2021-06-23 14:56:06.591 Could not open C:\Users\Tom\AppData\Local\Microsoft\WindowsApps\MicrosoftEdge.exe
2021-06-23 14:56:06.591 Could not open C:\Users\Tom\AppData\Local\Microsoft\WindowsApps\python.exe
2021-06-23 14:56:06.592 Could not open C:\Users\Tom\AppData\Local\Microsoft\WindowsApps\python3.exe
2021-06-23 14:56:06.592 Could not open C:\Users\Tom\AppData\Local\Microsoft\WindowsApps\Skype.exe
2021-06-23 15:01:12.839 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2021-06-23 15:01:12.841 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2021-06-23 15:01:14.474 Could not open C:\Windows\System32\config\BBI
2021-06-23 15:01:14.479 Could not open C:\Windows\System32\config\DRIVERS
2021-06-23 15:12:08.262 Could not open LOGICAL:0004:00000000
2021-06-23 15:12:08.263 Could not open E:\
2021-06-23 15:12:08.502 Could not open LOGICAL:0006:00000000
2021-06-23 15:12:08.764 Could not open G:\
2021-06-23 15:12:09.085 Could not open PHYSICAL:0082:0000:0000:0001
2021-06-23 15:12:09.497 Error level 0

Nejtt · Příspěvekod **Nejtt** » 23 čer 2021 17:42

Log RogueKiller
RogueKiller Anti-Malware V15.0.3.0 (x64) [Jun 15 2021] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19042) 64 bits
Started in : Normal mode
User : Tom [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20210622_084611, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2021/06/23 17:40:25 (Duration : 00:02:01)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> XX - Software
[PUP.InnovativeSolutions (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Innovative Solutions -- N/A -> Found
[PUP.InnovativeSolutions (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-2836779333-1781334385-2212767649-1001\Software\Innovative Solutions -- N/A -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Miner.Gen (Malicious)] (folder) WinHost -- C:\Users\Tom\AppData\Roaming\WinHost -> Found
[PUP.InnovativeSolutions (Potentially Malicious)] (folder) Innovative Solutions -- C:\Users\Tom\AppData\Local\Innovative Solutions -> Found
[PUP.InnovativeSolutions (Potentially Malicious)] (folder) Innovative Solutions -- C:\ProgramData\Innovative Solutions -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Příspěvekod **jaro3** » 23 čer 2021 18:18

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“,
po jeho skončení - vše zatrhni (dej zatržítka vlevo od nálezů , do bílých políček)
- pak klikni na "Remove Selected"
- Počkej, dokud Status box nezobrazí " Removal finished, please review result "
- Klikni na "Open report " a pak na " Open TXT“ a zkopíruj ten log a vlož obsah té zprávy prosím sem. Log je možno nalézt v C:\ProgramData\RogueKiller\Logs - Zavři RogueKiller.

Vypni antivir i firewall, RogueKiller, Malwarebytes Antimalware, windowsDefender
Stáhni Zoek.exe
http://download.bleepingcomputer.com/smeenk/zoek.exe
https://uloz.to/file/nFH1LwSrGioP/zoek1-rar

Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
-pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log Zkopíruj sem celý obsah toho logu.
Pokud budou problémy , spusť zoek v nouz. režimu.

Stáhni si Zemana AntiMalware Free z tohoto odkazu:
https://www.zemana.com/Download/AntiMal ... .Setup.exe
a ulož si ho na plochu.
Poklepej na tento soubor na ploše a postupuj podle pokynů k instalaci programu.
Přijmi licenci k používání programu EULA , pokud se nabídne.
Pokud je k dispozici aktualizace programu , klepni na tlačítko „Update now“ ( aktualizovat nyní).
Můžeš si zatrhnout i vytvoření bodu obnovy:
Klikni na ozubené kolečko , poté na „Skenování“ a zatrhni „vytvářet body obnovy“.
Vrať se zpět ( klikni na domeček).
Zavři všechny otevřené soubory, složky a prohlížeče
Neměň žádné nastavení. Klikni na „Skenovat“.
Po skenu lze vidět , zda jsou nějaké nákazy. Klikni na „Další“. Nákazy budou přemístěny do karantény.
Když je skenování dokončeno, objeví se tisková zpráva , zkopíruj sem celý obsah té zprávy.
Jinak můžeš zprávy vidět , když klikneš vpravo nahoře na „ zprávy“.

Vlož nový log z HJT + informuj o problémech.

Nejtt · Příspěvekod **Nejtt** » 23 čer 2021 19:13

Zoek log
Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version)
Tool run by Tom on 23.06.2021 at 18:50:20,23.
Microsoft Windows 10 Pro 10.0.19042 x64
Running in: Normal Mode Internet Access Detected
Launched: D:\Users\Tom\Desktop\zoek1\zoek (1).exe [Scan all users] [Script inserted]

==== System Restore Info ======================

23.06.2021 18:51:31 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\PROGRA~3\ssh deleted successfully
C:\Users\Tom\AppData\Local\DBG deleted successfully
C:\Users\Tom\AppData\Local\PeerDistRepub deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\PROGRA~3\krosqm.txt deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Tom\AppData\Local\Software deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2fc0-3c98-2a1c696.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1640-2ccc-a0c03.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1640-2ccc-a0c05.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1640-2ccc-a0c07.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1640-2ccc-a0c09.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1640-2ccc-a0c1b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1640-2ccc-a0c1d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1640-2ccc-a0c1f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1640-2ccc-a0c21.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1640-2ccc-a0c23.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1640-2ccc-a0c25.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1640-2ccc-a0c36.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1640-2ccc-a0c38.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1640-2ccc-a0c3a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1640-2ccc-a0c3c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1640-2ccc-a0c3e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1640-2ccc-a0c40.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1640-2ccc-a0c52.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1640-2ccc-a0c54.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1640-2ccc-a0c56.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-19c4-19ac-9b42f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-19c4-19ac-9b450.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-19c4-19ac-9b461.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-19c4-19ac-9b463.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-19c4-19ac-9b485.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-19c4-19ac-9b4d5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-19c4-19ac-9b544.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-19c4-19ac-9b546.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-19c4-19ac-9b548.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-19c4-19ac-9b54a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-19c4-19ac-9b56b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-19c4-19ac-9b58d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-19c4-19ac-9b58f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-19c4-19ac-9b591.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-19c4-19ac-9b5d1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-19c4-19ac-9b5d3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-19c4-19ac-9b5d5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-19c4-19ac-9b5e7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-19c4-19ac-9b5e9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ab8-814-1a4ff4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ab8-814-1a4ff6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ab8-814-1a4ff8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ab8-814-1a4ffa.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ab8-814-1a500b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ab8-814-1a500d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ab8-814-1a500f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ab8-814-1a5011.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ab8-814-1a5013.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ab8-814-1a5025.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ab8-814-1a5027.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ab8-814-1a5029.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ab8-814-1a502b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ab8-814-1a502d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ab8-814-1a502f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ab8-814-1a5041.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ab8-814-1a5043.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ab8-814-1a5045.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ab8-814-1a5047.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1c34-1b64-9e021.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1c34-1b64-9e023.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1c34-1b64-9e034.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1c34-1b64-9e036.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1c34-1b64-9e038.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1c34-1b64-9e03a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1c34-1b64-9e03c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1c34-1b64-9e03e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1c34-1b64-9e050.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1c34-1b64-9e052.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1c34-1b64-9e054.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1c34-1b64-9e056.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1c34-1b64-9e058.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1c34-1b64-9e069.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1c34-1b64-9e06b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1c34-1b64-9e06d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1c34-1b64-9e06f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1c34-1b64-9e071.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1c34-1b64-9e073.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20f8-37b8-b6096.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20f8-37b8-b60a8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20f8-37b8-b60aa.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20f8-37b8-b60ac.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20f8-37b8-b60ae.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20f8-37b8-b60c0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20f8-37b8-b60c2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20f8-37b8-b60c4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20f8-37b8-b60c6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20f8-37b8-b60c8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20f8-37b8-b60d9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20f8-37b8-b60db.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20f8-37b8-b60dd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20f8-37b8-b60df.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20f8-37b8-b60e1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20f8-37b8-b60e3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20f8-37b8-b60f5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20f8-37b8-b60f7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-20f8-37b8-b60f9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2164-f74-9b7a9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2164-f74-9b7ab.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2164-f74-9b7ad.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2164-f74-9b7bf.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2164-f74-9b7c1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2164-f74-9b7c3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2164-f74-9b7c5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2164-f74-9b7c7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2164-f74-9b7d8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2164-f74-9b7da.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2164-f74-9b7dc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2164-f74-9b7de.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2164-f74-9b7e0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2164-f74-9b7e2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2164-f74-9b7f4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2164-f74-9b7f6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2164-f74-9b7f8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2164-f74-9b7fa.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2164-f74-9b7fc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-26ac-2474-10266a0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-26ac-2474-10266b2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-26ac-2474-10266c3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-26ac-2474-10266c5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-26ac-2474-10266c7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-26ac-2474-10266c9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-26ac-2474-10266cb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-26ac-2474-10266dd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-26ac-2474-10266ee.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-26ac-2474-1026700.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-26ac-2474-1026702.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-26ac-2474-1026714.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-26ac-2474-1026725.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-26ac-2474-1026737.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-26ac-2474-1026749.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-26ac-2474-102675a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-26ac-2474-102678b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-26ac-2474-10267ac.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-26ac-2474-10267ae.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2894-2710-7bbb58.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2894-2710-7bbb79.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2894-2710-7bbb9b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2894-2710-7bbbbc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2894-2710-7bbbcd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2894-2710-7bbbef.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2894-2710-7bbbf1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2894-2710-7bbc12.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2894-2710-7bbc62.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2894-2710-7bbc74.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2894-2710-7bbc85.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2894-2710-7bbc97.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2894-2710-7bbc99.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2894-2710-7bbcba.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2894-2710-7bbccc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2894-2710-7bbcdd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2894-2710-7bbcdf.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2894-2710-7bbce1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2894-2710-7bbce3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2a00-1c70-246e1a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2a00-1c70-246e1c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2a00-1c70-246e1e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2a00-1c70-246e20.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2a00-1c70-246e31.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2a00-1c70-246e33.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2a00-1c70-246e35.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2a00-1c70-246e37.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2a00-1c70-246e49.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2a00-1c70-246e4b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2a00-1c70-246e4d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2a00-1c70-246e4f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2a00-1c70-246e51.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2a00-1c70-246e63.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2a00-1c70-246e65.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2a00-1c70-246e67.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2a00-1c70-246e88.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2a00-1c70-246e9a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2a00-1c70-246eab.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2fc0-3c98-2a1c682.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2fc0-3c98-2a1c694.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-30ec-1658-a1e14.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-30ec-1658-a1e26.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-30ec-1658-a1e47.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-30ec-1658-a1e58.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-30ec-1658-a1e5a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-30ec-1658-a1e5c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-30ec-1658-a1e6e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-30ec-1658-a1e70.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-30ec-1658-a1eb1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-30ec-1658-a1eb3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-30ec-1658-a1ec4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-30ec-1658-a1ed6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-30ec-1658-a1ed8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-30ec-1658-a1eda.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-30ec-1658-a1efb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-30ec-1658-a1f1c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-30ec-1658-a1f3e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-30ec-1658-a1f5f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-30ec-1658-a1f80.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3268-1f74-9f917.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3268-1f74-9f919.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3268-1f74-9f92b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3268-1f74-9f92d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3268-1f74-9f92f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3268-1f74-9f931.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3268-1f74-9f933.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3268-1f74-9f935.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3268-1f74-9f946.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3268-1f74-9f948.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3268-1f74-9f94a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3268-1f74-9f94c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3268-1f74-9f94e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3268-1f74-9f950.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3268-1f74-9f962.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3268-1f74-9f983.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3268-1f74-9f985.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3268-1f74-9f987.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3268-1f74-9f989.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-355c-fcc-9ea62.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-355c-fcc-9ea64.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-355c-fcc-9ea75.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-355c-fcc-9ea77.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-355c-fcc-9ea79.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-355c-fcc-9ea7b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-355c-fcc-9ea7d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-355c-fcc-9ea7f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-355c-fcc-9ea91.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-355c-fcc-9ea93.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-355c-fcc-9ea95.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-355c-fcc-9ea97.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-355c-fcc-9ea99.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-355c-fcc-9ea9b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-355c-fcc-9eaac.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-355c-fcc-9eaae.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-355c-fcc-9eab0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-355c-fcc-9eab2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-355c-fcc-9eab4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3788-18f4-950d1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3788-18f4-950e3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3788-18f4-950e5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3788-18f4-950e7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3788-18f4-950e9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3788-18f4-950eb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3788-18f4-950ed.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3788-18f4-950fe.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3788-18f4-95100.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3788-18f4-95102.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3788-18f4-95104.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3788-18f4-95106.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3788-18f4-95108.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3788-18f4-9511a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3788-18f4-9511c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3788-18f4-9511e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3788-18f4-95120.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3788-18f4-95122.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3788-18f4-95124.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3938-2628-3cfa0cb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3938-2628-3cfa0dd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3938-2628-3cfa0df.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3938-2628-3cfa0e1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3938-2628-3cfa0e3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3938-2628-3cfa0e5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3938-2628-3cfa0e7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3938-2628-3cfa0f8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3938-2628-3cfa0fa.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3938-2628-3cfa0fc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3938-2628-3cfa0fe.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3938-2628-3cfa100.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3938-2628-3cfa102.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3938-2628-3cfa114.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3938-2628-3cfa116.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3938-2628-3cfa118.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3938-2628-3cfa11a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3938-2628-3cfa11c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3938-2628-3cfa11e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ec-968-a2075.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ec-968-a2077.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ec-968-a2079.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ec-968-a208b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ec-968-a208d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ec-968-a208f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ec-968-a2091.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ec-968-a2093.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ec-968-a2095.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ec-968-a20a7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ec-968-a20a9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ec-968-a20ab.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ec-968-a20ad.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ec-968-a20af.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ec-968-a20c0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ec-968-a20c2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ec-968-a20c4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ec-968-a20c6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ec-968-a20c8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-407c-43d0-ab0adb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-407c-43d0-ab0aed.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-407c-43d0-ab0b0e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-407c-43d0-ab0b10.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-407c-43d0-ab0b12.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-407c-43d0-ab0b33.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-407c-43d0-ab0b45.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-407c-43d0-ab0b56.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-407c-43d0-ab0b58.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-407c-43d0-ab0c06.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-407c-43d0-ab0c18.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-407c-43d0-ab0c39.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-407c-43d0-ab0c5a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-407c-43d0-ab0c6c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-407c-43d0-ab0c7e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-407c-43d0-ab0c80.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-407c-43d0-ab0c82.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-407c-43d0-ab0c84.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-407c-43d0-ab0c95.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-57c-1ad0-1cacfe.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-57c-1ad0-1cad00.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-57c-1ad0-1cad02.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-57c-1ad0-1cad14.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-57c-1ad0-1cad16.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-57c-1ad0-1cad18.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-57c-1ad0-1cad1a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-57c-1ad0-1cad1c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-57c-1ad0-1cad1e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-57c-1ad0-1cad30.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-57c-1ad0-1cad32.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-57c-1ad0-1cad34.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-57c-1ad0-1cad36.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-57c-1ad0-1cad38.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-57c-1ad0-1cad49.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-57c-1ad0-1cad4b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-57c-1ad0-1cad4d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-57c-1ad0-1cad4f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-57c-1ad0-1cad51.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6b8-375c-9c4b9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6b8-375c-9c4cb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6b8-375c-9c4cd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6b8-375c-9c4cf.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6b8-375c-9c4d1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6b8-375c-9c4e2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6b8-375c-9c4e4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6b8-375c-9c4e6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6b8-375c-9c4e8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6b8-375c-9c4fa.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6b8-375c-9c4fc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6b8-375c-9c4fe.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6b8-375c-9c500.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6b8-375c-9c502.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6b8-375c-9c504.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6b8-375c-9c515.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6b8-375c-9c517.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6b8-375c-9c519.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6b8-375c-9c51b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-82c-828-f625.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-82c-828-f627.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-82c-828-f629.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-82c-828-f62b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-82c-828-f63d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-82c-828-f63f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-82c-828-f641.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-82c-828-f643.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-82c-828-f645.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-82c-828-f647.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-82c-828-f649.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-82c-828-f65a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-82c-828-f65c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-82c-828-f65e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-82c-828-f660.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-82c-828-f662.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-82c-828-f664.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-82c-828-f666.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-82c-828-f678.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-840-3e54-610749.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-840-3e54-61075a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-840-3e54-61075c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-840-3e54-61075e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-840-3e54-610760.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-840-3e54-610772.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-840-3e54-610774.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-840-3e54-610776.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-840-3e54-610778.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-840-3e54-61077a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-840-3e54-6107ab.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-840-3e54-6107ad.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-840-3e54-6107bf.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-840-3e54-6107c1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-840-3e54-6107c3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-840-3e54-6107c5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-840-3e54-6107c7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-840-3e54-6107d8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-840-3e54-6107ea.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-928-3a50-9b74b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-928-3a50-9b75d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-928-3a50-9b75f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-928-3a50-9b761.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-928-3a50-9b763.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-928-3a50-9b765.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-928-3a50-9b767.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-928-3a50-9b779.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-928-3a50-9b77b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-928-3a50-9b77d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-928-3a50-9b77f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-928-3a50-9b781.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-928-3a50-9b792.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-928-3a50-9b794.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-928-3a50-9b796.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-928-3a50-9b798.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-928-3a50-9b79a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-928-3a50-9b7ac.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-928-3a50-9b7ae.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-b54-1cd0-9697a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-b54-1cd0-9697c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-b54-1cd0-9697e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-b54-1cd0-9698f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-b54-1cd0-96991.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-b54-1cd0-96993.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-b54-1cd0-96995.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-b54-1cd0-96997.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-b54-1cd0-969a9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-b54-1cd0-969ab.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-b54-1cd0-969ad.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-b54-1cd0-969af.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-b54-1cd0-969b1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-b54-1cd0-969b3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-b54-1cd0-969c4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-b54-1cd0-969c6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-b54-1cd0-969c8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-b54-1cd0-969ca.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-b54-1cd0-969cc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-c78-2640-11d8e6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-c78-2640-11d8e8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-c78-2640-11d8fa.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-c78-2640-11d8fc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-c78-2640-11d8fe.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-c78-2640-11d900.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-c78-2640-11d902.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-c78-2640-11d904.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-c78-2640-11d915.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-c78-2640-11d917.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-c78-2640-11d919.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-c78-2640-11d91b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-c78-2640-11d91d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-c78-2640-11d92f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-c78-2640-11d931.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-c78-2640-11d933.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-c78-2640-11d935.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-c78-2640-11d937.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-c78-2640-11d939.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-d34-a6c-40a1e3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-d34-a6c-40a1f5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-d34-a6c-40a1f7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-d34-a6c-40a1f9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-d34-a6c-40a1fb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-d34-a6c-40a1fd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-d34-a6c-40a20f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-d34-a6c-40a211.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-d34-a6c-40a213.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-d34-a6c-40a215.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-d34-a6c-40a217.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-d34-a6c-40a219.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-d34-a6c-40a22a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-d34-a6c-40a22c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-d34-a6c-40a22e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-d34-a6c-40a230.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-d34-a6c-40a232.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-d34-a6c-40a244.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-d34-a6c-40a246.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-fc4-51c-26233c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-fc4-51c-26234e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-fc4-51c-262350.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-fc4-51c-262352.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-fc4-51c-262354.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-fc4-51c-262356.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-fc4-51c-262367.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-fc4-51c-262369.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-fc4-51c-26236b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-fc4-51c-26236d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-fc4-51c-26236f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-fc4-51c-262381.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-fc4-51c-262383.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-fc4-51c-262385.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-fc4-51c-262387.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-fc4-51c-262389.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-fc4-51c-26239b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-fc4-51c-26239d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-fc4-51c-26239f.tmp deleted
C:\Users\Tom\AppData\LocalLow\Unity deleted
"C:\DumpStack.log.tmp" not deleted

==== Chromium Look ======================

BTTV - Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped
Into The Mist - Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgihmkgobaljfehcadcckdggpeojaadh
Twitch Now - Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmbdmpjmlijibeockamioakdpmhjnpk
Chrome Media Router - Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

==== Reset Google Chrome ======================

C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Tom\AppData\Local\Microsoft\Edge\User Data\Default\Preferences was reset successfully
C:\Users\Tom\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences was reset successfully
C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Web Data will be reset at reboot
C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal will be reset at reboot
C:\Users\Tom\AppData\Local\Microsoft\Edge\User Data\Default\Web Data was reset successfully
C:\Users\Tom\AppData\Local\Microsoft\Edge\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Tom\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Tom\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Edge Cache ======================

Edge Cache Emptied Successfully

==== Empty Chrome Cache ======================

C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Cache will be emptied at reboot
C:\Users\Tom\AppData\Local\Microsoft\Edge\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=889 folders=1341 407961154 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Tom\AppData\Local\Temp will be emptied at reboot
C:\Windows\SysNative\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Tom\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\DumpStack.log.tmp" not deleted
"C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Web Data" not found
"C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal" not found
"C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0" deleted
"C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1" deleted
"C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2" deleted
"C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3" deleted
"C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Cache\index" deleted

==== EOF on 23.06.2021 at 19:01:54,76 ======================

Rogue log
RogueKiller Anti-Malware V15.0.3.0 (x64) [Jun 15 2021] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19042) 64 bits
Started in : Normal mode
User : Tom [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20210622_084611, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2021/06/23 18:48:28 (Duration : 00:01:54)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.InnovativeSolutions (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Innovative Solutions -- -> Deleted
[PUP.InnovativeSolutions (Potentially Malicious)] HKEY_USERS\S-1-5-21-2836779333-1781334385-2212767649-1001\Software\Innovative Solutions -- -> Deleted
[Miner.Gen (Malicious)] WinHost -- %_Tom_appdata%\WinHost -> Deleted
[PUP.InnovativeSolutions (Potentially Malicious)] Innovative Solutions -- %localappdata%\Innovative Solutions -> Deleted
[PUP.InnovativeSolutions (Potentially Malicious)] Innovative Solutions -- %programdata%\Innovative Solutions -> Deleted

Virus? ColorMania.exe Vyřešeno

Virus? ColorMania.exe

Re: Virus? ColorMania.exe

Re: Virus? ColorMania.exe

Re: Virus? ColorMania.exe

Re: Virus? ColorMania.exe

Re: Virus? ColorMania.exe Vyřešeno

Re: Virus? ColorMania.exe

Re: Virus? ColorMania.exe

Re: Virus? ColorMania.exe

Re: Virus? ColorMania.exe

Re: Virus? ColorMania.exe

Re: Virus? ColorMania.exe

Kdo je online