prosim o kontrolu logu

Zpráva

radoslav · #1 Příspěvek od **radoslav** » 17 úno 2020 23:55

info.txt logfile of random's system information tool 1.10 2020-02-17 23:52:34

======MBR======

0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F850E0183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731CFE4E11750C807E00800F848A00B280EB845532E48A5600CD135DEB9E813EFE7D55AA756EFF7600E88D007517FAB0D1E664E88300B0DFE660E87C00B0FFE664E87500FBB800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C007409BB0700B40ECD10EBF2F4EBFD2BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000637B9A10B833FB00008020210007DF130C000800000020030000DF140C07FEFFFF002803000060DB0F00FEFFFF07FEFFFF0088DE0F00C83D0D0000000000000000000000000000000055AA

======Uninstall list======

Adobe Acrobat Reader DC - Slovak-->MsiExec.exe /I{AC76BA86-7AD7-1051-7B44-AC0F074E4100}
Adobe Refresh Manager-->MsiExec.exe /I{AC76BA86-0804-1033-1959-000182435289}
Alcor Micro Smart Card Reader Driver-->C:\Program Files (x86)\InstallShield Installation Information\{F24F876B-7D71-4BD6-88E9-614D3BB84238}\setup.exe -runfromtemp -removeonly
Alcor Micro Smart Card Reader Driver-->MsiExec.exe /X{F24F876B-7D71-4BD6-88E9-614D3BB84238}
amuleC-->MsiExec.exe /I{19539992-061C-4E8B-9053-07B175303AF4}
amuleC-->MsiExec.exe /I{418DDAC3-E16C-47C2-B5FE-4FBCAB0E10D0}
amuleC-->MsiExec.exe /I{B2EFFD4E-D098-4845-9D56-DE75BEB35913}
Avast Free Antivirus-->C:\Program Files\AVAST Software\Avast\setup\Instup.exe /control_panel
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
DAEMON Tools Lite-->C:\Program Files\DAEMON Tools Lite\uninst.exe
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Installer\setup.exe" --uninstall --system-level --verbose-logging
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HiSuite-->C:\Program Files (x86)\HiSuite\uninst.exe
HP 3D DriveGuard-->MsiExec.exe /X{F8C604AC-1939-4B74-B847-CB59417F1FF2}
HP Hotkey Support-->MsiExec.exe /X{C97CC14E-4789-4FC5-BC75-79191F7CE009}
HP Software Framework-->MsiExec.exe /X{0BFFE87D-A1BD-4086-BF6F-292711E74F58}
IDT Audio-->"C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\Setup.exe" -remove -removeonly
Intel(R) Control Center-->C:\Program Files (x86)\Intel\Intel Control Center\uninstaller\SetupICC.exe -uninstall -force -confirm
Intel(R) Management Engine Components-->C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall
Intel(R) Network Connections Drivers-->Prounstl.exe
Intel(R) Processor Graphics-->C:\Program Files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe -uninstall
Intel(R) Rapid Storage Technology-->C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\Uninstall\setup.exe -uninstall
Intel(R) SDK for OpenCL - CPU Only Runtime Package-->C:\Program Files (x86)\Intel\OpenCL SDK\2.0\Uninstall\setup.exe -uninstall
Java 8 Update 111-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F32180111F0}
JMicron Flash Media Controller Driver-->"C:\Program Files (x86)\JMicron\JMCR_DIR\setup.exe" delpkg
Microsoft .NET Framework 4.5.2-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\\Setup.exe /repair /x86 /x64
Microsoft .NET Framework 4.5.2-->MsiExec.exe /X{26784146-6E05-3FF9-9335-786C7C0FB5BE}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Mozilla Firefox 73.0 (x64 sk)-->"C:\Program Files\Mozilla Firefox\uninstall\helper.exe"
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
Need for Speed™ Carbon-->C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\EAUninstall.exe
OpenOffice 4.1.1-->MsiExec.exe /I{456408C1-3BDE-48CC-9A5A-79B1BB4C4787}
Picasa 3-->"C:\Program Files (x86)\Google\Picasa3\Uninstall.exe"
Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
VLC media player-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
WinRAR 5.40 (64-bitová verzia)-->C:\Program Files\WinRAR\uninstall.exe
WinSnare-->MsiExec.exe /I{6B9B0FDA-3C20-4497-B62A-45102358B3C2}
YAC(Yet Another Cleaner!)-->C:\Program Files (x86)\Elex-tech\YAC\uninstall.exe

======Hosts File======

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net

======System event log======

Computer Name: PC-PC
Event Code: 4321
Message: The name "PC-PC :0" could not be registered on the interface with IP address 192.168.1.9. The computer with the IP address 192.168.1.2 did not allow the name to be claimed by this computer.
Record Number: 1376
Source Name: NetBT
Time Written: 20151209091934.284833-000
Event Type: Error
User:

Computer Name: PC-PC
Event Code: 4321
Message: The name "PC-PC :20" could not be registered on the interface with IP address 192.168.1.9. The computer with the IP address 192.168.1.2 did not allow the name to be claimed by this computer.
Record Number: 1375
Source Name: NetBT
Time Written: 20151209091934.284833-000
Event Type: Error
User:

Computer Name: PC-PC
Event Code: 2505
Message: The server could not bind to the transport \Device\NetBT_Tcpip_{7089B032-EEC8-4628-97C0-462905BBAAF4} because another computer on the network has the same name. The server could not start.
Record Number: 1374
Source Name: Server
Time Written: 20151209091934.000000-000
Event Type: Error
User:

Computer Name: PC-PC
Event Code: 219
Message: The driver \Driver\WUDFRd failed to load for the device USB\Vid_03f0&Pid_371d&MI_03\7&361659e5&1&03.
Record Number: 1273
Source Name: Microsoft-Windows-Kernel-PnP
Time Written: 20151209085641.418420-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: PC-PC
Event Code: 27
Message: Intel(R) 82579LM Gigabit Network Connection
Network link is disconnected.

Record Number: 1271
Source Name: e1cexpress
Time Written: 20151209085640.763219-000
Event Type: Warning
User:

=====Application event log=====

Computer Name: PC-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3213848150-4246953407-4286547329-1000:
Process 404 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-3213848150-4246953407-4286547329-1000

Record Number: 280
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20151207175941.746366-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: PC-PC
Event Code: 3006
Message: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Record Number: 273
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20151207170206.304296-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: PC-PC
Event Code: 3006
Message: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Record Number: 271
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20151207170206.226296-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: PC-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 192
Source Name: Microsoft-Windows-WMI
Time Written: 20151207165835.000000-000
Event Type: Error
User:

Computer Name: PC-PC
Event Code: 1008
Message: Služba Windows Search sa spúšťa a pokúša sa odstrániť starý index hľadania. {Dôvod: Full Index Reset}.

Record Number: 172
Source Name: Microsoft-Windows-Search
Time Written: 20151207165741.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: 37L4247F27-25
Event Code: 4735
Message: A security-enabled local group was changed.

Subject:
Security ID: S-1-5-18
Account Name: 37L4247F27-25$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin

Changed Attributes:
SAM Account Name: -
SID History: -

Additional Information:
Privileges: -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20151207165230.787644-000
Event Type: Audit Success
User:

Computer Name: 37L4247F27-25
Event Code: 4731
Message: A security-enabled local group was created.

Subject:
Security ID: S-1-5-18
Account Name: 37L4247F27-25$
Account Domain: WORKGROUP
Logon ID: 0x3e7

New Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin

Attributes:
SAM Account Name: Backup Operators
SID History: -

Additional Information:
Privileges: -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20151207165230.787644-000
Event Type: Audit Success
User:

Computer Name: 37L4247F27-25
Event Code: 4902
Message: The Per-user audit policy table was created.

Number of Elements: 0
Policy ID: 0x3213f
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20151207165230.413243-000
Event Type: Audit Success
User:

Computer Name: 37L4247F27-25
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 0

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x4
Process Name:

Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20151207165228.322840-000
Event Type: Audit Success
User:

Computer Name: 37L4247F27-25
Event Code: 4608
Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20151207165228.166839-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=2a07
"windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log
"windows_tracing_flags"=3
"BREAKPAD_DUMP_LOCATION"=C:\Program Files (x86)\Coldold\Reports\Dump

-----------------EOF-----------------

#2 Příspěvek od **Diallix** » 18 úno 2020 08:27

Dobry den.

Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.

radoslav · #3 Příspěvek od **radoslav** » 18 úno 2020 23:54

# -------------------------------
# Malwarebytes AdwCleaner 8.0.2.0
# -------------------------------
# Build: 01-27-2020
# Database: 2020-02-17.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-18-2020
# Duration: 00:00:43
# OS: Windows 7 Professional
# Cleaned: 185
# Failed: 1

***** [ Services ] *****

Deleted FirefoxU
Deleted Winsere
Deleted iThemes5

***** [ Folders ] *****

Deleted C:\Program Files (x86)\Coldold
Deleted C:\Program Files (x86)\Explorer
Deleted C:\Program Files (x86)\Gub
Deleted C:\Program Files (x86)\Gubed
Deleted C:\Program Files (x86)\Gubed_WMI
Deleted C:\Program Files (x86)\InterHop
Deleted C:\Program Files (x86)\QQBrowser
Deleted C:\Program Files (x86)\SFK
Deleted C:\Program Files (x86)\SearchesToYesbnd
Deleted C:\Program Files (x86)\Seznam.cz
Deleted C:\Program Files (x86)\TXQQBrowser
Deleted C:\Program Files (x86)\Uncheckit
Deleted C:\Program Files (x86)\UvConverter
Deleted C:\Program Files (x86)\WINSNARE(4.0.8)
Deleted C:\Program Files (x86)\WINSNARE(4.0.9)
Deleted C:\Program Files (x86)\WinSaber
Deleted C:\Program Files (x86)\WinTaske
Deleted C:\Program Files (x86)\Winsere
Deleted C:\Program Files (x86)\amuleC1
Deleted C:\Program Files (x86)\amuleCe
Deleted C:\Program Files (x86)\iheeawa
Deleted C:\ProgramData\5WINP5
Deleted C:\ProgramData\CWINPC
Deleted C:\ProgramData\ChelfNotify
Deleted C:\ProgramData\GWINPG
Deleted C:\ProgramData\KWINPK
Deleted C:\ProgramData\Lefttoe
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uncheckit
Deleted C:\ProgramData\OWINPO
Deleted C:\ProgramData\QQBrowser
Deleted C:\ProgramData\QWINPQ
Deleted C:\ProgramData\Tencent
Deleted C:\ProgramData\Uncheckit
Deleted C:\ProgramData\WinSAPSvc
Deleted C:\ProgramData\iheeawa
Deleted C:\ProgramData\uckt
Deleted C:\ProgramData\wintools
Deleted C:\Users\Guest\AppData\Local\Coldold
Deleted C:\Users\Guest\AppData\Local\Lefttoe
Deleted C:\Users\Guest\AppData\Roaming\Firefox
Deleted C:\Users\Guest\AppData\Roaming\Seznam.cz
Deleted C:\Users\Guest\AppData\Roaming\Uncheckit
Deleted C:\Users\PC\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
Deleted C:\Users\PC\AppData\Local\Coldold
Deleted C:\Users\PC\AppData\Local\SANARE
Deleted C:\Users\PC\AppData\Local\iheeawa
Deleted C:\Users\PC\AppData\Roaming\Firefox
Deleted C:\Users\PC\AppData\Roaming\Seznam.cz
Deleted C:\Users\PC\AppData\Roaming\TSv
Deleted C:\Users\PC\AppData\Roaming\Uncheckit
Deleted C:\Users\PC\AppData\Roaming\WinSAPSvc
Deleted C:\Users\PC\AppData\Roaming\WinZiper
Deleted C:\Users\PC\AppData\Roaming\aMule
Deleted C:\Users\PC\AppData\Roaming\eCyber
Deleted C:\Users\PC\Documents\aMule Downloads
Deleted C:\Users\Public\Documents\dmp
Deleted C:\Users\Public\Documents\iheeawa
Deleted C:\Windows\SysWOW64\_SSpm
Deleted C:\Windows\SysWOW64\_tWm
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Uncheckit
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\aMule
Deleted C:\extensions

***** [ Files ] *****

Deleted C:\Users\Public\Documents\cc.ini
Deleted C:\Users\Public\Documents\report.dat
Deleted C:\Users\Public\Documents\temp.dat
Deleted C:\Windows\System32\drivers\iSafeKrnlBoot.sys
Deleted C:\Windows\System32\drivers\iSafeNetFilter.sys
Deleted C:\Windows\System32\log\iSafeKrnlCall.log
Not Deleted C:\Program Files (x86)\EXPLORER\IEDVTOOLEX.DLL

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

Deleted C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

***** [ Tasks ] *****

Deleted C:\Windows\System32\Tasks\BROWSER UPDATER TASK(CORE)
Deleted C:\Windows\System32\Tasks\CHELFNOTIFY TASK
Deleted C:\Windows\Tasks\CHELFNOTIFY TASK.JOB

***** [ Registry ] *****

Deleted HKCU\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Default_Page_URL
Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Default_Search_URL
Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Search Page
Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted HKCU\Software\Seznam.cz
Deleted HKCU\Software\Uncheckit
Deleted HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper
Deleted HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
Deleted HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
Deleted HKLM\SOFTWARE\Classes\WinZippers.001
Deleted HKLM\SOFTWARE\Classes\WinZippers.7z
Deleted HKLM\SOFTWARE\Classes\WinZippers.arj
Deleted HKLM\SOFTWARE\Classes\WinZippers.bz2
Deleted HKLM\SOFTWARE\Classes\WinZippers.bzip2
Deleted HKLM\SOFTWARE\Classes\WinZippers.cab
Deleted HKLM\SOFTWARE\Classes\WinZippers.cpio
Deleted HKLM\SOFTWARE\Classes\WinZippers.deb
Deleted HKLM\SOFTWARE\Classes\WinZippers.dmg
Deleted HKLM\SOFTWARE\Classes\WinZippers.fat
Deleted HKLM\SOFTWARE\Classes\WinZippers.gz
Deleted HKLM\SOFTWARE\Classes\WinZippers.gzip
Deleted HKLM\SOFTWARE\Classes\WinZippers.hfs
Deleted HKLM\SOFTWARE\Classes\WinZippers.iso
Deleted HKLM\SOFTWARE\Classes\WinZippers.lha
Deleted HKLM\SOFTWARE\Classes\WinZippers.lzh
Deleted HKLM\SOFTWARE\Classes\WinZippers.lzma
Deleted HKLM\SOFTWARE\Classes\WinZippers.ntfs
Deleted HKLM\SOFTWARE\Classes\WinZippers.rar
Deleted HKLM\SOFTWARE\Classes\WinZippers.rpm
Deleted HKLM\SOFTWARE\Classes\WinZippers.squashfs
Deleted HKLM\SOFTWARE\Classes\WinZippers.swm
Deleted HKLM\SOFTWARE\Classes\WinZippers.tar
Deleted HKLM\SOFTWARE\Classes\WinZippers.taz
Deleted HKLM\SOFTWARE\Classes\WinZippers.tbz
Deleted HKLM\SOFTWARE\Classes\WinZippers.tbz2
Deleted HKLM\SOFTWARE\Classes\WinZippers.tgz
Deleted HKLM\SOFTWARE\Classes\WinZippers.tpz
Deleted HKLM\SOFTWARE\Classes\WinZippers.txz
Deleted HKLM\SOFTWARE\Classes\WinZippers.vhd
Deleted HKLM\SOFTWARE\Classes\WinZippers.wim
Deleted HKLM\SOFTWARE\Classes\WinZippers.xar
Deleted HKLM\SOFTWARE\Classes\WinZippers.xz
Deleted HKLM\SOFTWARE\Classes\WinZippers.z
Deleted HKLM\SOFTWARE\Classes\WinZippers.zip
Deleted HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AFC9B9B8-8758-4795-8CAF-CD4CDA2F0160}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D607B6A5-6882-4A00-87EF-571DDE485A24}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFC9B9B8-8758-4795-8CAF-CD4CDA2F0160}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D607B6A5-6882-4A00-87EF-571DDE485A24}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Browser Updater Task(Core)
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ChelfNotify Task
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|CSHMDR
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|SANARE
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|WINSNARE
Deleted HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
Deleted HKLM\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot
Deleted HKLM\Software\Classes\Installer\Features\F39E5917C417B4041A46F88010121C6E
Deleted HKLM\Software\Classes\Installer\Products\F39E5917C417B4041A46F88010121C6E
Deleted HKLM\Software\InterSect Alliance
Deleted HKLM\Software\Microsoft\Internet Explorer\Main|Default_Page_URL
Deleted HKLM\Software\Microsoft\Internet Explorer\Main|Default_Search_URL
Deleted HKLM\Software\Microsoft\Internet Explorer\Main|Search Page
Deleted HKLM\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F39E5917C417B4041A46F88010121C6E
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3213848150-4246953407-4286547329-1000\Components\E4DFFE2B890D5484D965ED57EB3B9531
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3213848150-4246953407-4286547329-1000\Products\E4DFFE2B890D5484D965ED57EB3B9531
Deleted HKLM\Software\Wow6432Node\InterHop
Deleted HKLM\Software\Wow6432Node\Uncheckit
Deleted HKLM\Software\Wow6432Node\UvConverter
Deleted HKLM\Software\Wow6432Node\WinZiper
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main|Default_Page_URL
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main|Default_Search_URL
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main|Search Page
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main|Start Page
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows NT\CurrentVersion\Svchost|ArcherGroupEx
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows NT\CurrentVersion\Svchost|BIT
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows NT\CurrentVersion\Svchost|GubZLGroEx
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows NT\CurrentVersion\Svchost|GubedZLGroupEx
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows NT\CurrentVersion\Svchost|Kitty
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows NT\CurrentVersion\Svchost|WinSAPSvc
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
Deleted HKLM\Software\Wow6432Node\\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
Deleted HKLM\Software\Wow6432Node\amule-custom
Deleted HKLM\Software\Wow6432Node\hdcode
Deleted HKLM\Software\Wow6432Node\yessearchesSoftware
Deleted HKLM\Software\Wow6432Node\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
Deleted HKLM\Software\Wow6432Node\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
Deleted HKLM\Software\Wow6432Node\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
Deleted HKLM\Software\Wow6432Node\{G6276374-DEEE-4AAA-A355-9016A2F98A2D}
Deleted HKLM\Software\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
Deleted HKLM\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\SANARE
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\WdMan
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\iedvutils
Deleted HKU\.DEFAULT\SOFTWARE\2B8C93EEB199209B8E4FE572E4B92936
Deleted HKU\.DEFAULT\SOFTWARE\CFE1E5B47823D9DC94DD9B02E39F7762
Deleted HKU\.DEFAULT\Software\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
Deleted HKU\.DEFAULT\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
Deleted HKU\S-1-5-18\SOFTWARE\2B8C93EEB199209B8E4FE572E4B92936
Deleted HKU\S-1-5-18\SOFTWARE\CFE1E5B47823D9DC94DD9B02E39F7762
Deleted HKU\S-1-5-18\Software\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
Deleted HKU\S-1-5-18\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}

***** [ Chromium (and derivatives) ] *****

Deleted Seznam doplněk - Email
Deleted Seznam doplněk - Email
Deleted Seznam doplněk - Esko

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [16313 octets] - [18/02/2020 23:48:39]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

#4 Příspěvek od **Diallix** » 19 úno 2020 07:54

Preskenujte pocitac s FRST - navod tu: https://forum.viry.cz/viewtopic.php?f=24&t=132509, skopirujte FRST.log + Addition log sem.

radoslav · #5 Příspěvek od **radoslav** » 22 úno 2020 00:33

Users shortcut scan result (x64) Version: 16-02-2020
Ran by PC (22-02-2020 00:31:17)
Running from C:\Users\PC\Downloads
Boot Mode: Normal

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Firefox\Firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk -> C:\Program Files (x86)\Firefox\Firefox.exe (Mozilla Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1051-7B44-AC0F074E4100}\SC_Reader.ico (Flexera Software LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRS Premium Sound.lnk -> C:\Windows\System32\IDTNC64.cpl (IDT, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip\Uninstall.lnk -> C:\Program Files (x86)\WinZipper\wzUninstall.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manuál konzoly programu RAR.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Pomocník pre program WinRAR.lnk -> C:\Program Files\WinRAR\winrar.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Čo je nové v najnovšej verzii.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files (x86)\VideoLAN\VLC\Documentation.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qksee\qksee.lnk -> C:\Program Files (x86)\qksee\qksee.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qksee\uninstall.lnk -> C:\Program Files (x86)\qksee\uninstall.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Odinštalovať.lnk -> C:\Program Files (x86)\Google\Picasa3\uninstall.exe (Google)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Picasa 3.lnk -> C:\Program Files (x86)\Google\Picasa3\Picasa3.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice Base.lnk -> C:\Program Files (x86)\OpenOffice 4\program\sbase.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice Calc.lnk -> C:\Program Files (x86)\OpenOffice 4\program\scalc.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice Draw.lnk -> C:\Program Files (x86)\OpenOffice 4\program\sdraw.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice Impress.lnk -> C:\Program Files (x86)\OpenOffice 4\program\simpress.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice Math.lnk -> C:\Program Files (x86)\OpenOffice 4\program\smath.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice Writer.lnk -> C:\Program Files (x86)\OpenOffice 4\program\swriter.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice.lnk -> C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel Control Center.lnk -> C:\Program Files (x86)\Intel\Intel Control Center\IntelControlCenter.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel(R) Rapid Storage Technology.lnk -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorUI.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk -> C:\Windows\System32\gameux.dll (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts\Need for Speed™ Carbon\Microsoft DirectX EULA.lnk -> C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\Support\en-us_eula.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts\Need for Speed™ Carbon\Need for Speed™ Carbon.lnk -> C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts\Need for Speed™ Carbon\Read Me.lnk -> C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\Support\en-us\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts\Need for Speed™ Carbon\Technical Support.lnk -> C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts\Need for Speed™ Carbon\Uninstall Need for Speed™ Carbon.lnk -> C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\eauninstall.exe (Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts\Need for Speed™ Carbon\Web.lnk -> C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFS_icon.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DAEMON Tools Lite.lnk -> C:\Program Files\DAEMON Tools Lite\DTLauncher.exe (Disc Soft Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software\Avast Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Bluetooth File Transfer Wizard.lnk -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk -> C:\Windows\System32\NetProj.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Intel\ExtremeGraphics\CUI\Resource\HD grafika Intel®.lnk -> C:\Windows\System32\GfxUI.exe (Intel Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest\Links\Desktop.lnk -> C:\Users\Guest\Desktop ()
Shortcut: C:\Users\Guest\Links\Downloads.lnk -> C:\Users\Guest\Downloads ()
Shortcut: C:\Users\Guest\Links\RecentPlaces.lnk -> [::{22877A6D-37A1-461A-91B0-DBDA5AAEBC99}]
Shortcut: C:\Users\Guest\Desktop\Počítač - odkaz.lnk -> [LFPO :i+00v1SPS0%G`!Pota9Systmov prieinok1SPSjc(=Oe)::{20D04FE0-3AEA-1069-A2D8-08002B30309D}]
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\PC\Links\Desktop.lnk -> C:\Users\PC\Desktop ()
Shortcut: C:\Users\PC\Links\Downloads.lnk -> C:\Users\PC\Downloads ()
Shortcut: C:\Users\PC\Links\RecentPlaces.lnk -> [::{22877A6D-37A1-461A-91B0-DBDA5AAEBC99}]
Shortcut: C:\Users\PC\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\PC\Desktop\Total Commander.lnk -> C:\totalcmd\TOTALCMD.EXE (Ghisler Software GmbH)
Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Explorer\iexplore.exe (No File)
Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manuál konzoly programu RAR.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Pomocník pre program WinRAR.lnk -> C:\Program Files\WinRAR\winrar.chm ()
Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Čo je nové v najnovšej verzii.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander\Total Commander Help.lnk -> C:\totalcmd\TOTALCMD.CHM ()
Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander\Total Commander.lnk -> C:\totalcmd\TOTALCMD.EXE (Ghisler Software GmbH)
Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander\Uninstall or Repair Total Commander.lnk -> C:\totalcmd\TCUNINST.EXE ()
Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Need for Speed Carbon™.lnk -> [LF6"pH,R GFSI`:XN/uiKNeed for Speed: Carbon"!(1SPSXFL8C&m]
Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC\aMuleC.lnk -> C:\Users\PC\AppData\Roaming\Microsoft\Installer\{B2EFFD4E-D098-4845-9D56-DE75BEB35913}\_09A321B9DD1CAEBEA661C7.exe ()
Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Windows\SendTo\Prenos súborov prostredníctvom rozhrania Bluetooth.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\PC\AppData\Local\Microsoft\Windows\GameExplorer\{11CADA60-AF3A-4E58-85C3-2FD07569D24B}\PlayTasks\0\Hrať.lnk -> C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe ()
Shortcut: C:\Users\Public\Desktop\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\Users\Public\Desktop\Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk -> C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
Shortcut: C:\Users\Public\Desktop\Picasa 3.lnk -> C:\Program Files (x86)\Google\Picasa3\Picasa3.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)

ShortcutWithArgument: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp:\\www.nuesearch.com\?type=sc&ts=1468512183&z=736eae1b4ae3671f5c19eb2g3zaq7b3wdg9o7gcb9e&from=wpm0616&uid=WDCXWD2500BEKT-60PVMT0_WD-WXC1A91S8881S8881

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> -Iskins
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Konfigurovať program Picasa Photo Viewer.lnk -> C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe (Google Inc.) -> /reconfig
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts\Need for Speed™ Carbon\EAsy Info.lnk -> C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\Support\EasyInfo.exe (Electronic Arts) -> "nfsc.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts\Need for Speed™ Carbon\Electronic Registration.lnk -> C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\Support\EReg.exe (Electronic Arts Inc.) -> "nfsc.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts\Need for Speed™ Carbon\Need for Speed™ Carbon Safemode.lnk -> C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -extoff
ShortcutWithArgument: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\PC\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo

InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url -> URL: hxxp://java.com/help
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url -> URL: hxxp://java.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts\Need for Speed™ Carbon\Check For Update.url -> URL: hxxp://patches.ea.com/nfs_carbon/home.html
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url -> URL: hxxp://www.ccleaner.com/ccleaner
InternetURL: C:\Users\Guest\Favorites\Windows Live\Windows Live Mail.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72681
InternetURL: C:\Users\Guest\Favorites\Windows Live\Windows Live Spaces.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72682
InternetURL: C:\Users\Guest\Favorites\Windows Live\Získajte službu Windows Live.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72700
InternetURL: C:\Users\Guest\Favorites\Webové lokality spoločnosti Microsoft\Adresa URL lokality programu IE na lokalite Microsoft.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72186
InternetURL: C:\Users\Guest\Favorites\Webové lokality spoločnosti Microsoft\Microsoft Store.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\Guest\Favorites\Webové lokality spoločnosti Microsoft\Spoločnosť Microsoft a domácnosti.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72406
InternetURL: C:\Users\Guest\Favorites\Webové lokality spoločnosti Microsoft\Spoločnosť Microsoft a pracoviská.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72407
InternetURL: C:\Users\Guest\Favorites\Webové lokality MSN\MSN.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72630
InternetURL: C:\Users\Guest\Favorites\Links\Navrhované lokality.url -> URL: hxxps://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\PC\Favorites\Windows Live\Windows Live Mail.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72681
InternetURL: C:\Users\PC\Favorites\Windows Live\Windows Live Spaces.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72682
InternetURL: C:\Users\PC\Favorites\Windows Live\Získajte službu Windows Live.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72700
InternetURL: C:\Users\PC\Favorites\Webové lokality spoločnosti Microsoft\Adresa URL lokality programu IE na lokalite Microsoft.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72186
InternetURL: C:\Users\PC\Favorites\Webové lokality spoločnosti Microsoft\Microsoft Store.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\PC\Favorites\Webové lokality spoločnosti Microsoft\Spoločnosť Microsoft a domácnosti.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72406
InternetURL: C:\Users\PC\Favorites\Webové lokality spoločnosti Microsoft\Spoločnosť Microsoft a pracoviská.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72407
InternetURL: C:\Users\PC\Favorites\Webové lokality MSN\MSN.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72630
InternetURL: C:\Users\PC\Favorites\Links\Navrhované lokality.url -> URL: hxxps://ieonline.microsoft.com/#ieslice

==================== End of Shortcut.txt =============================

#6 Příspěvek od **Diallix** » 22 úno 2020 07:07

To nie je log, ktory by som potreboval. Prosim, urobte logy podla navodu v odkazu, ktory som tu dal.

radoslav · #7 Příspěvek od **radoslav** » 25 úno 2020 23:01

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2020
Ran by PC (25-02-2020 22:52:43)
Running from C:\Users\PC\Downloads
Windows 7 Professional Service Pack 1 (X64) (2015-12-07 16:57:45)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3213848150-4246953407-4286547329-500 - Administrator - Disabled)
Guest (S-1-5-21-3213848150-4246953407-4286547329-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3213848150-4246953407-4286547329-1002 - Limited - Enabled)
PC (S-1-5-21-3213848150-4246953407-4286547329-1000 - Administrator - Enabled) => C:\Users\PC

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Slovak (HKLM-x32\...\{AC76BA86-7AD7-1051-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Alcor Micro Smart Card Reader Driver (HKLM-x32\...\{F24F876B-7D71-4BD6-88E9-614D3BB84238}) (Version: 1.7.38.0 - Alcor Micro Corp.) Hidden
Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.38.0 - Alcor Micro Corp.)
amuleC (HKLM-x32\...\{19539992-061C-4E8B-9053-07B175303AF4}) (Version: 1.0.1 - amuleC) <==== ATTENTION
amuleC (HKLM-x32\...\{418DDAC3-E16C-47C2-B5FE-4FBCAB0E10D0}) (Version: 1.0.0 - amuleC) <==== ATTENTION
amuleC (HKLM-x32\...\{B2EFFD4E-D098-4845-9D56-DE75BEB35913}) (Version: 1.0.1 - amuleC) <==== ATTENTION
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.60 - Piriform)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0152 - Disc Soft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Spoločnosť Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
HP 3D DriveGuard (HKLM\...\{F8C604AC-1939-4B74-B847-CB59417F1FF2}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.5.9.1 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{0BFFE87D-A1BD-4086-BF6F-292711E74F58}) (Version: 4.0.96.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6433.0 - IDT)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 17.3 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2963 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.72.4 - JMicron Technology Corp.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 73.0.1 (x64 sk) (HKLM\...\Mozilla Firefox 73.0.1 (x64 sk)) (Version: 73.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 71.0 - Mozilla)
Need for Speed™ Carbon (HKLM-x32\...\{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{456408C1-3BDE-48CC-9A5A-79B1BB4C4787}) (Version: 4.11.9775 - Apache Software Foundation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.8 - Synaptics Incorporated)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 8.51 - Ghisler Software GmbH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinRAR 5.40 (64-bitová verzia) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinSnare (HKLM-x32\...\{6B9B0FDA-3C20-4497-B62A-45102358B3C2}) (Version: 4.0.9 - WinSnare) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-3213848150-4246953407-4286547329-1000\...\ChromeHTML: -> "C:\Program Files (x86)\Coldold\Application\chrome.exe" "%1" <==== ATTENTION
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-08] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-08] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-08] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-08] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-01-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-08] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk -> C:\Program Files (x86)\Firefox\Firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Firefox\Firefox.exe (Mozilla Corporation)
ShortcutWithArgument: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp:\\www.nuesearch.com\?type=sc&ts=1468512183&z=736eae1b4ae3671f5c19eb2g3zaq7b3wdg9o7gcb9e&from=wpm0616&uid=WDCXWD2500BEKT-60PVMT0_WD-WXC1A91S8881S8881

==================== Loaded Modules (Whitelisted) =============

2015-12-09 11:26 - 2011-01-12 17:56 - 000058880 _____ () [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-12-09 11:26 - 2015-12-09 11:26 - 000169472 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f3fe53ec4c0c7aa33e716ad6727579a2\IsdiInterop.ni.dll
2015-12-09 11:28 - 2011-08-08 17:12 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\xerces-c_2_7.dll
2015-12-09 11:26 - 2015-12-09 11:26 - 000014336 _____ (Intel Corp.) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\df148d204dde5d959973a72f36c8c3fa\IAStorCommon.ni.dll
2015-12-09 11:28 - 2011-08-08 17:08 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\StatusStrings.dll
2015-12-09 11:26 - 2011-01-12 17:52 - 000275456 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\ISDI.dll
2015-12-09 11:26 - 2015-12-09 11:26 - 000219136 _____ (Intel Corporation) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\fd10de0f8ee626631f63212514410d53\IAStorDataMgr.ni.dll
2015-12-09 11:26 - 2015-12-09 11:26 - 000475648 _____ (Intel Corporation) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c12289a28b784b00589a66803aad590b\IAStorUtil.ni.dll
2015-12-09 11:01 - 2015-12-09 11:01 - 000225280 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2020-02-17 23:52 - 000002028 _____ C:\Windows\system32\drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64
HKU\S-1-5-21-3213848150-4246953407-4286547329-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\PC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 77.48.130.2 - 77.48.220.3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QLBController => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe No File
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe No File
FirewallRules: [{70EA1860-AFF0-49C9-B5B6-A3A73A3B0670}] => (Allow) C:\Program Files (x86)\Coldold\Application\chrome.exe No File
FirewallRules: [{CF28BE6F-E68F-445A-918F-0CF2164566CE}] => (Allow) C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe (Chao Wei -> )
FirewallRules: [{EA586E4C-58B7-4658-9E78-E583020E6A5D}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe (Mengmeng Wang -> Mozilla Corporation)
FirewallRules: [{0649940B-8F5A-4B9A-AD1D-8F5A9EEE1DB3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [{C687A230-F7EA-42EB-A9FE-F9B9778BD780}] => (Allow) C:\Program Files (x86)\MIO\loader\wdcxwd2500bekt-60pvmt0_wd-wxc1a91s8881s8881.dat () [File not signed]
FirewallRules: [{C276A563-8486-4076-AC5B-AF7520CB2756}] => (Allow) C:\Program Files (x86)\MIO\loader\wdcxwd2500bekt-60pvmt0_wd-wxc1a91s8881s8881.dat () [File not signed]
FirewallRules: [TCP Query User{46C8D6B3-0A4F-4DD4-9616-7986CB9D46AA}C:\program files (x86)\amulece\amule.exe] => (Block) C:\program files (x86)\amulece\amule.exe No File
FirewallRules: [UDP Query User{6E9CE55D-A871-4F6E-8ACA-BED02C7002FF}C:\program files (x86)\amulece\amule.exe] => (Block) C:\program files (x86)\amulece\amule.exe No File
FirewallRules: [{4EBC1350-FCF6-4AE1-8B0F-5CC9495C2812}] => (Allow) C:\Program Files (x86)\MIO\loader\wdcxwd2500bekt-60pvmt0_wd-wxc1a91s8881s8881.dat () [File not signed]
FirewallRules: [{DAF3DBB6-18D2-4B9E-85D7-0C8EF3EF37AF}] => (Allow) C:\Program Files (x86)\MIO\loader\wdcxwd2500bekt-60pvmt0_wd-wxc1a91s8881s8881.dat () [File not signed]
FirewallRules: [{B114D68F-567A-4B7D-B6D9-C9B28D6814C3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{58E0EAC0-C193-4E79-BA16-05B0A63696E8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

==================== Restore Points =========================

18-08-2019 12:30:18 Removed Java 8 Update 65
18-08-2019 12:31:05 Removed HP Battery Check
18-08-2019 12:32:17 Removed InterHop
03-09-2019 10:20:09 Plánovaný kontrolný bod
10-09-2019 16:15:59 Plánovaný kontrolný bod
18-02-2020 23:49:33 AdwCleaner_BeforeCleaning_18/02/2020_23:49:30

==================== Faulty Device Manager Devices ============

Name: HP un2430 Mobile Broadband Module
Description: HP un2430 Mobile Broadband Module
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: YAC NDIS Driver
Description: YAC NDIS Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: iSafeNetFilter
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: HP un2430 Mobile Broadband Module
Description: HP un2430 Mobile Broadband Module
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: HP un2430 Mobile Broadband Module
Description: HP un2430 Mobile Broadband Module
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: HP un2430 Mobile Broadband Module
Description: HP un2430 Mobile Broadband Module
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: ========================

Application errors:
==================
Error: (02/25/2020 10:43:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/21/2020 11:57:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/21/2020 05:28:15 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (02/21/2020 05:28:15 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (02/21/2020 05:24:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/20/2020 02:50:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybovej aplikácie: regsvr32.exe, verzia: 6.1.7600.16385, časová značka: 0x4a5bcdd6
Názov chybového modulu: ntdll.dll, verzia: 6.1.7601.17514, časová značka: 0x4ce7c8f9
Kód výnimky: 0xc0000005
Odstup chyby: 0x0000000000027665
Identifikácia chybného procesu: 0xffc
Čas spustenia chybnej aplikácie: 0x01d5e7902bc77d42
Cesta chybnej aplikácie: C:\Windows\system32\regsvr32.exe
Cesta chybného modulu: C:\Windows\SYSTEM32\ntdll.dll
Identifikácia hlásenia: 69e1876f-5383-11ea-ad08-101f74fa0446

Error: (02/20/2020 12:02:01 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (02/20/2020 12:02:01 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

System errors:
=============
Error: (02/25/2020 10:45:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby Služba Google Update (gupdate) zlyhalo kvôli nasledujúcej chybe:
Systém nemôže nájsť zadaný súbor.

Error: (02/25/2020 10:43:00 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému zlyhali pri načítaní:
iSafeNetFilter

Error: (02/25/2020 10:42:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby HuaweiHiSuiteService64.exe zlyhalo kvôli nasledujúcej chybe:
Systém nemôže nájsť zadaný súbor.

Error: (02/25/2020 10:42:39 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Služba Themes závisí od nasledujúcej služby: iThemes5. Je možné, že táto služba nie je nainštalovaná.

Error: (02/25/2020 10:40:40 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Služba aswbIDSAgent sa po prijatí ovládacieho príkazu pred vypnutím nevypla správne.

Error: (02/22/2020 08:21:26 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Error: (02/22/2020 12:00:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby Služba Google Update (gupdate) zlyhalo kvôli nasledujúcej chybe:
Systém nemôže nájsť zadaný súbor.

Error: (02/21/2020 11:57:51 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému zlyhali pri načítaní:
iSafeNetFilter

CodeIntegrity:
===================================

Date: 2020-02-25 22:49:17.489
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.

Date: 2020-02-25 22:49:12.373
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.

Date: 2020-02-25 22:43:05.359
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.

Date: 2020-02-22 02:20:45.663
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.

Date: 2020-02-22 02:04:54.424
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.

Date: 2020-02-22 02:04:52.921
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.

Date: 2020-02-22 02:04:50.545
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.

Date: 2020-02-22 02:03:18.119
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

BIOS: Hewlett-Packard 68SSU Ver. F.02 07/26/2011
Motherboard: Hewlett-Packard 162B
Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 86%
Total physical RAM: 4006.36 MB
Available physical RAM: 532.7 MB
Total Virtual: 8010.92 MB
Available Virtual: 3540 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:126.86 GB) (Free:66.76 GB) NTFS
Drive d: () (Fixed) (Total:105.93 GB) (Free:105.7 GB) NTFS

\\?\Volume{d8a733c4-9d02-11e5-ae33-806e6f6e6963}\ (Vyhradené systémom) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: FB33B810)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=126.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=105.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

#8 Příspěvek od **Diallix** » 28 úno 2020 00:27

Dobre poprosim este o log z FRST

VIRY.CZ

prosim o kontrolu logu

prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu

Re: prosim o kontrolu logu