Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Reštart prieskumníka vo Win 7

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
Uživatelský avatar
kekesko
Návštěvník
Návštěvník
Příspěvky: 141
Registrován: 16 led 2008 07:49

Reštart prieskumníka vo Win 7

#1 Příspěvek od kekesko »

Po otvorení určitého foldru sa vypne a reštartuje prieskumník. Neviem sa tam dostať. Hneď ho vypne.
Prosím o pomoc. Posielam log zo RSIT.

Logfile of random's system information tool 1.10 (written by random/random)
Run by PC at 2018-12-22 00:01:51
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 28 GB (23%) free of 125 GB
Total RAM: 2943 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:01:53, on 22. 12. 2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18057)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\PC\Desktop\Qone8-omiga\RSIT.exe
C:\Program Files\trend micro\PC.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: DownloadHelper Class - {FF2573AE-E1ED-40e1-83BA-F544CB2EE135} - C:\Program Files\Common Files\Download Helper\DownloadHelper.dll
O8 - Extra context menu item: Download video on this page - res://C:\Program Files\Tomabo\Facebook Video Downloader\FBVD_IE.dll/300
O8 - Extra context menu item: Download video this links to - res://C:\Program Files\Tomabo\Facebook Video Downloader\FBVD_IE.dll/301
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Download Video - {7B3787CA-BCE0-4526-8780-45616A826124} - res://C:\Program Files\Tomabo\Facebook Video Downloader\FBVD_IE.dll/300 (file missing)
O9 - Extra 'Tools' menuitem: Download video on this page - {7B3787CA-BCE0-4526-8780-45616A826124} - res://C:\Program Files\Tomabo\Facebook Video Downloader\FBVD_IE.dll/300 (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{4314C67F-3A0C-49F2-9EC8-DB792877D11C}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{432053F4-FB16-49E1-92F5-C963FD84BDE8}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{452CD797-98BB-4272-ACFC-71137A0CDDF2}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE376C9D-6862-42DB-B84A-72A4E0852C71}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{4314C67F-3A0C-49F2-9EC8-DB792877D11C}: NameServer = 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{4314C67F-3A0C-49F2-9EC8-DB792877D11C}: NameServer = 8.8.8.8
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: WSWSVCUchrome - (no CLSID) - (no file)
O23 - Service: Digital Wave Update Service (DigitalWave.Update.Service) - Digital Wave Ltd. - C:\Program Files\Common Files\DVDVideoSoft\lib\app_updater.exe
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files\Google\Chrome\Application\71.0.3578.98\elevation_service.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Spy Emergency Health Check (SpyEmrgHealth) - Unknown owner - C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyHealth.exe (file missing)
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe (file missing)
O23 - Service: Wondershare Driver Install Service (WsDrvInst) - Unknown owner - C:\Program Files\Wondershare\Wondershare Video Converter Ultimate(CPC)\Transfer\DriverInstall.exe (file missing)

--
End of file - 4935 bytes

=========Mozilla firefox=========

ProfilePath - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\nwzl8lxz.default-1530958399952

prefs.js - "browser.startup.homepage" - "https://www.facebook.com/"

"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"=C:\Program Files\McAfee\SiteAdvisor\e10ssaffplg.xpi


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 32.0.0.101 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_101.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.5.0]
"Description"=
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=3.0.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=3.0.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

C:\Program Files\Mozilla Firefox\extensions\
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\nwzl8lxz.default-1530958399952\extensions\
staged

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDM integration (IDMIEHlprObj Class) - C:\Program Files\Internet Download Manager\IDMIECC.dll [2015-12-08 434712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2018-09-22 453104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2018-09-22 157680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF2573AE-E1ED-40e1-83BA-F544CB2EE135}]
DownloadHelper Class - C:\Program Files\Common Files\Download Helper\DownloadHelper.dll [2011-06-18 628224]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\6GV26KRJGM1JV15]
-- []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvgUi]
C:\Program Files\AVG\Framework\Common\avguirnx.exe [2016-04-22 186640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Chromium]
c:\users\pc\appdata\local\chromium\application\chrome.exe [2017-02-15 829440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate]
C:\Users\PC\AppData\Roaming\Seznam.cz\szninstall.exe -c []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop]
C:\Users\PC\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe -q []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDD Regenerator]
C:\Program Files\HDD Regenerator\Shell.exe /0 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
C:\Program Files\Microsoft Security Client\msseces.exe [2016-11-14 1002984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ptipbmf]
ptipbmf.dll,SetWriteCacheMode []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2007-03-09 4390912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
C:\Program Files\Seznam.cz\distribution\szninstall.exe -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
C:\Windows\Skytel.exe [2007-03-09 1822720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotPostWindows10UpgradeReInstall]
C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [2015-07-28 1011200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vivaldi Update Notifier]
C:\Users\PC\AppData\Local\Vivaldi\Application\update_notifier.exe [2017-12-11 3613768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe]
C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2017-03-23 2133216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK Wireless Configuration Utility.lnk]
C:\PROGRA~1\TP-LINK\TP-LIN~1\TWCU.exe [2014-05-23 847872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\system32\wpdshserviceobj.dll [2010-11-20 105984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=C:\Program Files\DVDIdle Pro\DVDShell.dll [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SynchronousMachineGroupPolicy"=1
"SynchronousUserGroupPolicy"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Tomabo\Facebook Video Downloader\FacebookVideoDownloader.exe"="C:\Program Files\Tomabo\Facebook Video Downloader\FacebookVideoDownloader.exe:*:Enabled:Facebook Video Downloader"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.x264"=x264vfw.dll
"vidc.lags"=lagarith.dll
"msacm.divxa32"=DivXa32.acm
"VIDC.FFDS"=ff_vfw.dll
"vidc.XVID"=xvidvfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2018-12-21 23:59:10 ----D---- C:\rsit
2018-12-21 23:57:18 ----SHD---- C:\$RECYCLE.BIN
2018-12-21 23:48:16 ----A---- C:\Windows\zip.exe
2018-12-21 23:48:16 ----A---- C:\Windows\SWSC.exe
2018-12-21 23:48:16 ----A---- C:\Windows\SWREG.exe
2018-12-21 23:48:16 ----A---- C:\Windows\sed.exe
2018-12-21 23:48:16 ----A---- C:\Windows\PEV.exe
2018-12-21 23:48:16 ----A---- C:\Windows\NIRCMD.exe
2018-12-21 23:48:16 ----A---- C:\Windows\MBR.exe
2018-12-21 23:48:16 ----A---- C:\Windows\grep.exe
2018-12-21 23:48:08 ----SD---- C:\ComboFix
2018-12-21 23:47:45 ----D---- C:\Qoobox
2018-12-21 23:47:04 ----SD---- C:\32788R22FWJFW
2018-12-21 23:00:16 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2018-12-18 03:05:07 ----A---- C:\Windows\system32\drivers\mbae.sys
2018-12-18 03:04:15 ----D---- C:\ProgramData\MB2Migration

======List of files/folders modified in the last 1 month======

2018-12-22 00:01:52 ----D---- C:\Program Files\trend micro
2018-12-21 23:48:16 ----D---- C:\Windows
2018-12-21 23:48:11 ----D---- C:\Windows\temp
2018-12-21 23:47:47 ----D---- C:\Windows\system32\drivers
2018-12-21 23:47:29 ----D---- C:\Windows\Prefetch
2018-12-21 22:55:22 ----SHD---- C:\System Volume Information
2018-12-21 22:30:33 ----D---- C:\Windows\system32\Tasks
2018-12-21 22:02:44 ----RD---- C:\Program Files
2018-12-21 15:27:28 ----D---- C:\Users\PC\AppData\Roaming\vlc
2018-12-21 14:40:21 ----D---- C:\Windows\System32
2018-12-21 14:40:21 ----D---- C:\Windows\inf
2018-12-21 14:40:21 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-12-21 14:24:38 ----D---- C:\Users\PC\AppData\Roaming\uTorrent
2018-12-20 23:44:08 ----D---- C:\Program Files\WonderFox Soft
2018-12-20 05:58:10 ----D---- C:\Users\PC\AppData\Roaming\DMCache
2018-12-19 23:15:46 ----SHD---- C:\Windows\Installer
2018-12-18 03:04:37 ----D---- C:\ProgramData\Malwarebytes
2018-12-18 03:04:15 ----D---- C:\ProgramData
2018-12-16 01:49:00 ----D---- C:\Windows\system32\Macromed
2018-12-15 21:39:51 ----D---- C:\Program Files\Mozilla Thunderbird
2018-12-15 14:43:26 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2018-12-13 13:34:23 ----D---- C:\Program Files\Mozilla Maintenance Service
2018-12-12 01:42:32 ----D---- C:\Program Files\Mozilla Firefox
2018-12-10 23:04:03 ----N---- C:\Windows\system32\MpSigStub.exe
2018-12-04 23:41:19 ----D---- C:\Users\PC\AppData\Roaming\Ulozto File Manager
2018-12-04 19:05:58 ----D---- C:\Program Files\Ulozto File Manager
2018-12-03 04:44:29 ----D---- C:\Users\PC\AppData\Roaming\VideoProc
2018-12-03 04:37:08 ----D---- C:\Users\PC\AppData\Roaming\avidemux
2018-12-03 04:13:56 ----D---- C:\Users\PC\AppData\Roaming\Pegasys Inc
2018-12-03 04:11:45 ----D---- C:\Program Files\Pegasys Inc
2018-12-02 16:01:03 ----D---- C:\Users\PC\AppData\Roaming\MPC-HC
2018-12-02 13:53:57 ----D---- C:\Windows\system32\NDF
2018-12-02 13:49:41 ----D---- C:\Program Files\Wondershare
2018-12-02 13:43:08 ----AD---- C:\ProgramData\TEMP
2018-12-02 13:27:22 ----RSD---- C:\Windows\Fonts
2018-12-02 12:04:57 ----D---- C:\ProgramData\DVD Shrink
2018-11-24 15:58:23 ----D---- C:\Users\PC\AppData\Roaming\dvdcss

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 fasttx2k;fasttx2k; C:\Windows\system32\DRIVERS\fasttx2k.sys [2003-08-06 159744]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2016-08-25 252808]
R0 PxHelp20;PxHelp20; C:\Windows\System32\drivers\PxHelp20.sys [2005-04-25 20640]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 Si3132r5;SiI-3132 SoftRaid 5 Controller; C:\Windows\system32\DRIVERS\Si3132r5.sys [2008-10-09 217128]
R0 SiFilter;SATALink driver accelerator; C:\Windows\system32\DRIVERS\SiWinAcc.sys [2008-10-09 17064]
R0 SiRemFil;SATALink External Device Filter; C:\Windows\system32\DRIVERS\SiRemFil.sys [2008-10-09 12200]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2015-11-21 170752]
R1 cdrbsdrv;cdrbsdrv; C:\Windows\system32\drivers\cdrbsdrv.sys [2015-12-21 33408]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 IDMWFP;IDMWFP; C:\Windows\system32\DRIVERS\idmwfp.sys [2016-01-28 134248]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-12 1747936]
R3 MBAMSwissArmy;MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [2018-12-21 230120]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2016-08-25 105696]
R3 NVNET;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmf6232.sys [2010-08-12 298216]
S2 npf;NetGroup Packet Filter Driver; \??\C:\Windows\system32\drivers\npf.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 athur;Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athur.sys [2014-05-23 1445888]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 cpuz134;cpuz134; \??\C:\Users\PC\AppData\Local\Temp\cpuz134\cpuz134_x32.sys []
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2014-01-22 88576]
S3 mfesapsn;McAfee Process Start Notification Service; \??\C:\Program Files\McAfee\SiteAdvisor\mfesapsn.sys []
S3 mvdM23;mvdM23; \??\C:\Users\PC\AppData\Local\Temp\mvdM23.sys []
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-13 347264]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 14848]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 184192]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2013-10-02 49152]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 15872]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 wdm_usb;wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [2016-03-10 119952]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 DigitalWave.Update.Service;Digital Wave Update Service; C:\Program Files\Common Files\DVDVideoSoft\lib\app_updater.exe [2017-06-06 440808]
R2 MBAMService;Malwarebytes Service; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2018-09-19 5073376]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2016-11-14 103696]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2016-11-14 280864]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-06-19 104120]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2016-05-03 154440]
S2 SpyEmrgHealth;Spy Emergency Health Check; C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyHealth.exe []
S3 GoogleChromeElevationService;Google Chrome Elevation Service; C:\Program Files\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [2018-12-12 375776]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2016-05-03 154440]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WsDrvInst;Wondershare Driver Install Service; C:\Program Files\Wondershare\Wondershare Video Converter Ultimate(CPC)\Transfer\DriverInstall.exe []
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-09-14 82128]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-12-15 335872]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2015-06-19 45232]
S4 avgsvc;AVG Service; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [2016-04-22 889104]
S4 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-09-16 102912]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2018-04-04 462200]
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2018-12-12 206800]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2015-06-19 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2015-06-19 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2015-06-19 135848]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S4 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2017-01-16 317400]

-----------------EOF-----------------

Conder
Moderátor
Moderátor
Příspěvky: 4164
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Reštart prieskumníka vo Win 7

#2 Příspěvek od Conder »

Ahoj :)

:arrow: Co myslis pod tym "urcitym folderom"? Deje sa to len pri otvoreni jednej konkretnej zlozky alebo vsetkych?

:arrow: Ked uz si pouzil ComboFix, posli log, ktory by mal byt ulozeny ako C:\ComboFix.txt

:arrow: Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
  • Uloz na plochu a ukonci vsetky programy
  • Spusti AdwCleaner ako spravca
  • Odsuhlas licencne podmienky
  • Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
  • Nechaj zaskrtnute vsetky nalezy
  • Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
  • Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
  • Otvori sa log, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Uživatelský avatar
kekesko
Návštěvník
Návštěvník
Příspěvky: 141
Registrován: 16 led 2008 07:49

Re: Reštart prieskumníka vo Win 7

#3 Příspěvek od kekesko »

Zdravím, ten folder som celý vymazal a reštart skončil, ale začal mi žrať výkon procesora.

Ten Combo fix sa vtedy nedokončil tak tu je nový.

ComboFix 18-08-08.01 - PC . 12. 2018 0:30.9.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.2943.2092 [GMT 1:00]
Running from: c:\users\PC\Desktop\Qone8-omiga\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: Microsoft Security Essentials *Enabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Tu je ten z Adw cleaner

# -------------------------------
# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build: 12-18-2018
# Database: 2018-12-21.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-24-2018
# Duration: 00:00:01
# OS: Windows 7 Home Premium
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset IE Policies
[+] Reset Winsock

*************************

AdwCleaner_Debug.log - [62355 octets] - [21/09/2018 00:32:07]
AdwCleaner[S00].txt - [1320 octets] - [24/12/2018 01:34:28]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

c:\windows\system32\DEBUG.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((((( Files Created from 2018-11-24 to 2018-12-24 )))))))))))))))))))))))))))))))
.
.
2018-12-23 23:45 . 2018-12-24 00:22 -------- d-----w- c:\users\PC\AppData\Local\temp
2018-12-23 23:45 . 2018-12-23 23:45 -------- d-----w- c:\users\Public\AppData\Local\temp
2018-12-23 23:45 . 2018-12-23 23:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2018-12-23 23:14 . 2018-12-23 23:49 230120 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2018-12-23 01:41 . 2018-12-06 16:34 12051024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{856C9454-71D8-4908-A1E8-CD23D464A8A2}\mpengine.dll
2018-12-21 22:59 . 2018-12-21 22:59 -------- d-----w- C:\rsit
2018-12-21 22:23 . 2018-12-06 16:34 12051024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2018-12-18 02:07 . 2018-12-18 02:07 -------- d-----w- c:\users\PC\AppData\Local\mbam
2018-12-18 02:05 . 2018-12-04 07:09 129248 ----a-w- c:\windows\system32\drivers\mbae.sys
2018-12-18 02:04 . 2018-12-18 02:04 -------- d-----w- c:\programdata\MB2Migration
2018-12-07 23:38 . 2018-12-07 23:38 965992 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{70124163-CC14-4EBA-8A0A-FA31248C804E}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-12-15 13:43 . 2015-10-16 09:04 842240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2018-12-15 13:43 . 2015-10-16 09:04 175104 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2018-12-10 22:04 . 2015-10-22 03:17 499424 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 12:52 23520 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 1 (0x1)
"SynchronousUserGroupPolicy"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVDIdle Pro\DVDShell.dll" [2004-10-09 49152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK Wireless Configuration Utility.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
backup=c:\windows\pss\TP-LINK Wireless Configuration Utility.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\6GV26KRJGM1JV15]
-- [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvgUi]
2016-04-22 08:01 186640 ----a-w- c:\program files\AVG\Framework\Common\avguirnx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Chromium]
2017-02-15 06:30 829440 ----a-w- c:\users\PC\AppData\Local\Chromium\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop]
c:\users\PC\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2016-11-14 19:01 1002984 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ptipbmf]
2003-06-20 13:06 118784 ----a-w- c:\windows\System32\ptipbmf.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-03-09 16:50 4390912 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-03-09 19:54 1822720 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotPostWindows10UpgradeReInstall]
2015-07-28 17:17 1011200 ----a-w- c:\program files\Common Files\AV\Spybot - Search and Destroy\Test.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 09:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vivaldi Update Notifier]
2017-12-11 15:57 3613768 ----a-w- c:\users\PC\AppData\Local\Vivaldi\Application\update_notifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe]
2017-03-23 07:52 2133216 ----a-w- c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" /MONITOR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ProductUpdater"=c:\program files\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
"Codec Settings UAC Manager"="c:\windows\system32\Codecs\CodecUACManager.exe"
.
R2 SpyEmrgHealth;Spy Emergency Health Check;c:\program files\NETGATE\Spy Emergency\SpyEmergencyHealth.exe [x]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [2014-05-23 1445888]
R3 cpuz134;cpuz134;c:\users\PC\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2014-01-22 88576]
R3 GoogleChromeElevationService;Google Chrome Elevation Service;c:\program files\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [2018-12-12 375776]
R3 mfesapsn;McAfee Process Start Notification Service;c:\program files\McAfee\SiteAdvisor\mfesapsn.sys [x]
R3 mvdM23;mvdM23;c:\users\PC\AppData\Local\Temp\mvdM23.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 184192]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 wdm_usb;wdm_usb;c:\windows\system32\DRIVERS\usb2ser.sys [2016-03-10 119952]
R3 WsDrvInst;Wondershare Driver Install Service;c:\program files\Wondershare\Wondershare Video Converter Ultimate(CPC)\Transfer\DriverInstall.exe [x]
R4 avgsvc;AVG Service;c:\program files\AVG\Framework\Common\avgsvcx.exe [2016-04-22 889104]
R4 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-09-16 102912]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2018-04-04 462200]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2017-01-16 317400]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 DigitalWave.Update.Service;Digital Wave Update Service;c:\program files\Common Files\DVDVideoSoft\lib\app_updater.exe [2017-06-06 440808]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2016-01-28 134248]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [2018-09-19 5073376]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\Drivers\mbamswissarmy.sys [2018-12-23 230120]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2016-08-25 105696]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2016-11-14 280864]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
utcsvc REG_MULTI_SZ DiagTrack
CleberchponushConfiguration REG_MULTI_SZ CleberchponushConfiguration
AppsSvc REG_MULTI_SZ Apps_Cfg
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2018-12-19 00:42 2100192 ----a-w- c:\program files\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
mStart Page =
IE: Download video on this page - c:\program files\Tomabo\Facebook Video Downloader\FBVD_IE.dll/300
IE: Download video this links to - c:\program files\Tomabo\Facebook Video Downloader\FBVD_IE.dll/301
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7B3787CA-BCE0-4526-8780-45616A826124} - res://c:\program files\Tomabo\Facebook Video Downloader\FBVD_IE.dll/300
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4314C67F-3A0C-49F2-9EC8-DB792877D11C}: NameServer = 8.8.8.8
TCP: Interfaces\{432053F4-FB16-49E1-92F5-C963FD84BDE8}: NameServer = 8.8.8.8
TCP: Interfaces\{452CD797-98BB-4272-ACFC-71137A0CDDF2}: NameServer = 8.8.8.8
TCP: Interfaces\{CE376C9D-6862-42DB-B84A-72A4E0852C71}: NameServer = 8.8.8.8
TCP: Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 8.8.8.8
FF - ProfilePath - c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\nwzl8lxz.default-1530958399952\
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-OEXPRESS - (no file)
MSConfigStartUp-cz.seznam.software - c:\users\PC\AppData\Roaming\Seznam.cz\szninstall.exe
MSConfigStartUp-HDD Regenerator - c:\program files\HDD Regenerator\Shell.exe
MSConfigStartUp-seznam-listicka-distribuce - c:\program files\Seznam.cz\distribution\szninstall.exe
AddRemove-Wondershare Video Converter Ultimate 9.0.0 - c:\program files\Wondershare\Video Converter Ultimate\Uninstall.exe
.
.
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: WDC_WD50 rev.01.0 -> Harddisk0\DR0 -> \Device\Scsi\Si3132r51Port3Path1Target0Lun0
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 976773166 (+255): user != kernel
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3150810417-4117916871-2068535238-1000_Classes\CLSID\{0d4a0ff9-8a8a-4295-8813-b45570ebe0e5}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000006e
"Therad"=dword:0000001a
.
[HKEY_USERS\S-1-5-21-3150810417-4117916871-2068535238-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):08,09,77,9f,3b,56,c1,4a,9e,68,e3,c4,b5,e5,23,f0,86,be,78,40,04,
e0,1a,a1,5b,f6,40,cd,58,51,3f,08,aa,0b,39,27,c8,c2,d5,20,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_27_0_0_183_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_27_0_0_183_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1808)
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\program files\Malwarebytes\Anti-Malware\mbamtray.exe
c:\windows\system32\conhost.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2018-12-24 01:26:27 - machine was rebooted
ComboFix-quarantined-files.txt 2018-12-24 00:26
.
Pre-Run: 44 483 858 432 bytes free
Post-Run: 44 463 280 128 bytes free
.
- - End Of File - - 218DF509CFA1F8431BB62A055301DC6B
A36C5E4F47E84449FF07ED3517B43A31

Správca úloh

Obrázek

Uživatelský avatar
kekesko
Návštěvník
Návštěvník
Příspěvky: 141
Registrován: 16 led 2008 07:49

Re: Reštart prieskumníka vo Win 7

#4 Příspěvek od kekesko »

Nejako som to zle nakopíroval tak ešte raz.

Ten Combo fix sa vtedy nedokončil tak tu je nový.

ComboFix 18-08-08.01 - PC . 12. 2018 0:30.9.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.2943.2092 [GMT 1:00]
Running from: c:\users\PC\Desktop\Qone8-omiga\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: Microsoft Security Essentials *Enabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\DEBUG.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((((( Files Created from 2018-11-24 to 2018-12-24 )))))))))))))))))))))))))))))))
.
.
2018-12-23 23:45 . 2018-12-24 00:22 -------- d-----w- c:\users\PC\AppData\Local\temp
2018-12-23 23:45 . 2018-12-23 23:45 -------- d-----w- c:\users\Public\AppData\Local\temp
2018-12-23 23:45 . 2018-12-23 23:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2018-12-23 23:14 . 2018-12-23 23:49 230120 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2018-12-23 01:41 . 2018-12-06 16:34 12051024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{856C9454-71D8-4908-A1E8-CD23D464A8A2}\mpengine.dll
2018-12-21 22:59 . 2018-12-21 22:59 -------- d-----w- C:\rsit
2018-12-21 22:23 . 2018-12-06 16:34 12051024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2018-12-18 02:07 . 2018-12-18 02:07 -------- d-----w- c:\users\PC\AppData\Local\mbam
2018-12-18 02:05 . 2018-12-04 07:09 129248 ----a-w- c:\windows\system32\drivers\mbae.sys
2018-12-18 02:04 . 2018-12-18 02:04 -------- d-----w- c:\programdata\MB2Migration
2018-12-07 23:38 . 2018-12-07 23:38 965992 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{70124163-CC14-4EBA-8A0A-FA31248C804E}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-12-15 13:43 . 2015-10-16 09:04 842240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2018-12-15 13:43 . 2015-10-16 09:04 175104 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2018-12-10 22:04 . 2015-10-22 03:17 499424 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 12:52 23520 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 1 (0x1)
"SynchronousUserGroupPolicy"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVDIdle Pro\DVDShell.dll" [2004-10-09 49152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK Wireless Configuration Utility.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
backup=c:\windows\pss\TP-LINK Wireless Configuration Utility.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\6GV26KRJGM1JV15]
-- [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvgUi]
2016-04-22 08:01 186640 ----a-w- c:\program files\AVG\Framework\Common\avguirnx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Chromium]
2017-02-15 06:30 829440 ----a-w- c:\users\PC\AppData\Local\Chromium\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop]
c:\users\PC\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2016-11-14 19:01 1002984 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ptipbmf]
2003-06-20 13:06 118784 ----a-w- c:\windows\System32\ptipbmf.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-03-09 16:50 4390912 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-03-09 19:54 1822720 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotPostWindows10UpgradeReInstall]
2015-07-28 17:17 1011200 ----a-w- c:\program files\Common Files\AV\Spybot - Search and Destroy\Test.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 09:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vivaldi Update Notifier]
2017-12-11 15:57 3613768 ----a-w- c:\users\PC\AppData\Local\Vivaldi\Application\update_notifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe]
2017-03-23 07:52 2133216 ----a-w- c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" /MONITOR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ProductUpdater"=c:\program files\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
"Codec Settings UAC Manager"="c:\windows\system32\Codecs\CodecUACManager.exe"
.
R2 SpyEmrgHealth;Spy Emergency Health Check;c:\program files\NETGATE\Spy Emergency\SpyEmergencyHealth.exe [x]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [2014-05-23 1445888]
R3 cpuz134;cpuz134;c:\users\PC\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2014-01-22 88576]
R3 GoogleChromeElevationService;Google Chrome Elevation Service;c:\program files\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [2018-12-12 375776]
R3 mfesapsn;McAfee Process Start Notification Service;c:\program files\McAfee\SiteAdvisor\mfesapsn.sys [x]
R3 mvdM23;mvdM23;c:\users\PC\AppData\Local\Temp\mvdM23.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 184192]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 wdm_usb;wdm_usb;c:\windows\system32\DRIVERS\usb2ser.sys [2016-03-10 119952]
R3 WsDrvInst;Wondershare Driver Install Service;c:\program files\Wondershare\Wondershare Video Converter Ultimate(CPC)\Transfer\DriverInstall.exe [x]
R4 avgsvc;AVG Service;c:\program files\AVG\Framework\Common\avgsvcx.exe [2016-04-22 889104]
R4 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-09-16 102912]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2018-04-04 462200]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2017-01-16 317400]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 DigitalWave.Update.Service;Digital Wave Update Service;c:\program files\Common Files\DVDVideoSoft\lib\app_updater.exe [2017-06-06 440808]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2016-01-28 134248]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [2018-09-19 5073376]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\Drivers\mbamswissarmy.sys [2018-12-23 230120]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2016-08-25 105696]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2016-11-14 280864]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
utcsvc REG_MULTI_SZ DiagTrack
CleberchponushConfiguration REG_MULTI_SZ CleberchponushConfiguration
AppsSvc REG_MULTI_SZ Apps_Cfg
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2018-12-19 00:42 2100192 ----a-w- c:\program files\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
mStart Page =
IE: Download video on this page - c:\program files\Tomabo\Facebook Video Downloader\FBVD_IE.dll/300
IE: Download video this links to - c:\program files\Tomabo\Facebook Video Downloader\FBVD_IE.dll/301
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7B3787CA-BCE0-4526-8780-45616A826124} - res://c:\program files\Tomabo\Facebook Video Downloader\FBVD_IE.dll/300
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4314C67F-3A0C-49F2-9EC8-DB792877D11C}: NameServer = 8.8.8.8
TCP: Interfaces\{432053F4-FB16-49E1-92F5-C963FD84BDE8}: NameServer = 8.8.8.8
TCP: Interfaces\{452CD797-98BB-4272-ACFC-71137A0CDDF2}: NameServer = 8.8.8.8
TCP: Interfaces\{CE376C9D-6862-42DB-B84A-72A4E0852C71}: NameServer = 8.8.8.8
TCP: Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 8.8.8.8
FF - ProfilePath - c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\nwzl8lxz.default-1530958399952\
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-OEXPRESS - (no file)
MSConfigStartUp-cz.seznam.software - c:\users\PC\AppData\Roaming\Seznam.cz\szninstall.exe
MSConfigStartUp-HDD Regenerator - c:\program files\HDD Regenerator\Shell.exe
MSConfigStartUp-seznam-listicka-distribuce - c:\program files\Seznam.cz\distribution\szninstall.exe
AddRemove-Wondershare Video Converter Ultimate 9.0.0 - c:\program files\Wondershare\Video Converter Ultimate\Uninstall.exe
.
.
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: WDC_WD50 rev.01.0 -> Harddisk0\DR0 -> \Device\Scsi\Si3132r51Port3Path1Target0Lun0
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 976773166 (+255): user != kernel
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3150810417-4117916871-2068535238-1000_Classes\CLSID\{0d4a0ff9-8a8a-4295-8813-b45570ebe0e5}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000006e
"Therad"=dword:0000001a
.
[HKEY_USERS\S-1-5-21-3150810417-4117916871-2068535238-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):08,09,77,9f,3b,56,c1,4a,9e,68,e3,c4,b5,e5,23,f0,86,be,78,40,04,
e0,1a,a1,5b,f6,40,cd,58,51,3f,08,aa,0b,39,27,c8,c2,d5,20,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_27_0_0_183_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_27_0_0_183_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1808)
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\program files\Malwarebytes\Anti-Malware\mbamtray.exe
c:\windows\system32\conhost.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2018-12-24 01:26:27 - machine was rebooted
ComboFix-quarantined-files.txt 2018-12-24 00:26
.
Pre-Run: 44 483 858 432 bytes free
Post-Run: 44 463 280 128 bytes free
.
- - End Of File - - 218DF509CFA1F8431BB62A055301DC6B
A36C5E4F47E84449FF07ED3517B43A31

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Tu je Adw Cleaner

# -------------------------------
# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build: 12-18-2018
# Database: 2018-12-21.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-24-2018
# Duration: 00:00:01
# OS: Windows 7 Home Premium
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset IE Policies
[+] Reset Winsock

*************************

AdwCleaner_Debug.log - [62355 octets] - [21/09/2018 00:32:07]
AdwCleaner[S00].txt - [1320 octets] - [24/12/2018 01:34:28]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Správca úloh

Obrázek

Conder
Moderátor
Moderátor
Příspěvky: 4164
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Reštart prieskumníka vo Win 7

#5 Příspěvek od Conder »

:arrow: ComboFix sa nema spustat/pouzivat, pokial to radca explicitne neodporuci, inak je tu riziko poskodenia systemu. Preto som chcel len ten stary log CF a nie ho spustit este dalsi krat.

:arrow: Posli obidva logy z FRST - https://forum.viry.cz/viewtopic.php?f=13&t=154679
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Uživatelský avatar
kekesko
Návštěvník
Návštěvník
Příspěvky: 141
Registrován: 16 led 2008 07:49

Re: Reštart prieskumníka vo Win 7

#6 Příspěvek od kekesko »

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24.12.2018
Ran by PC (administrator) on PC-PC (27-12-2018 18:11:41)
Running from C:\Users\PC\Desktop\Qone8-omiga
Loaded Profiles: PC (Available Profiles: PC & UpdatusUser)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Crawler Group, LLC) C:\Program Files\Spyware Terminator\st_rsser.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Drivers32: [msacm.l3acm] => C:\Windows\system32\l3codeca.acm [64000 2009-07-14] (Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32: [vidc.x264] => C:\Windows\system32\x264vfw.dll [3525120 2014-11-16] (x264vfw project)
HKLM\...\Drivers32: [vidc.lags] => C:\Windows\system32\lagarith.dll [216064 2013-12-17] ( )
HKLM\...\Drivers32: [msacm.divxa32] => C:\Windows\system32\DivXa32.acm [291408 2013-12-17] (Packed With Joy !)
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [108032 2010-07-26] ()
HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\system32\xvidvfw.dll [179200 2009-01-25] ()
ShellExecuteHooks: DVDIdleShell Class - {93994DE8-8239-4655-B1D1-5F4E91300429} - C:\Program Files\DVDIdle Pro\DVDShell.dll [49152 2004-10-09] (Fengtao Software Inc.)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4314C67F-3A0C-49F2-9EC8-DB792877D11C}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{4314C67F-3A0C-49F2-9EC8-DB792877D11C}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{432053F4-FB16-49E1-92F5-C963FD84BDE8}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{452CD797-98BB-4272-ACFC-71137A0CDDF2}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{452CD797-98BB-4272-ACFC-71137A0CDDF2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CE376C9D-6862-42DB-B84A-72A4E0852C71}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: [NameServer] 8.8.8.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3150810417-4117916871-2068535238-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3150810417-4117916871-2068535238-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/
SearchScopes: HKU\S-1-5-21-3150810417-4117916871-2068535238-1000 -> DefaultScope {66090E0D-0EE8-4F98-80D2-E642A073B220} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3150810417-4117916871-2068535238-1000 -> {03FD1743-24B3-48F4-8BC7-A1AE3E7DC849} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3150810417-4117916871-2068535238-1000 -> {11273F80-8252-4067-BD0C-154B121C0BD3} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3150810417-4117916871-2068535238-1000 -> {13A68EF7-5F40-4081-9C47-77B2A35EDCED} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
SearchScopes: HKU\S-1-5-21-3150810417-4117916871-2068535238-1000 -> {27D6BE9C-C20D-46AA-8A8C-927CF3D4182E} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3150810417-4117916871-2068535238-1000 -> {5650A616-1D21-4BC5-935A-69B1FA2AACBD} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_12454
SearchScopes: HKU\S-1-5-21-3150810417-4117916871-2068535238-1000 -> {5DCB6A9A-4A6E-48FB-9F48-86C070911D1F} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_12454
SearchScopes: HKU\S-1-5-21-3150810417-4117916871-2068535238-1000 -> {66090E0D-0EE8-4F98-80D2-E642A073B220} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3150810417-4117916871-2068535238-1000 -> {6D4492C6-1A6C-4FC6-8264-FDA294859670} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3150810417-4117916871-2068535238-1000 -> {C8497349-0A6E-47E6-966D-6FA5259E2E23} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_12454
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2018-09-22] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2018-09-22] (Oracle Corporation)
BHO: DownloadHelper Class -> {FF2573AE-E1ED-40e1-83BA-F544CB2EE135} -> C:\Program Files\Common Files\Download Helper\DownloadHelper.dll [2011-06-18] (IE Download Helper)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2017-01-01] (Skype Technologies)
Handler: WSWSVCUchrome - No CLSID Value -

FireFox:
========
FF DefaultProfile: nwzl8lxz.default-1530958399952
FF ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\nwzl8lxz.default-1530958399952 [2018-12-27]
FF Homepage: Mozilla\Firefox\Profiles\nwzl8lxz.default-1530958399952 -> hxxps://www.facebook.com/
FF NetworkProxy: Mozilla\Firefox\Profiles\nwzl8lxz.default-1530958399952 -> type", 4
FF Extension: (Google Translator for Firefox) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\nwzl8lxz.default-1530958399952\Extensions\translator@zoli.bod.xpi [2018-12-04]
FF Extension: (Video DownloadHelper) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\nwzl8lxz.default-1530958399952\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-08-01]
FF Extension: (Vývojová verzia Adblock Plus) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\nwzl8lxz.default-1530958399952\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-12-04]
FF HKU\S-1-5-21-3150810417-4117916871-2068535238-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2016-01-27] [Legacy]
FF HKU\S-1-5-21-3150810417-4117916871-2068535238-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\PC\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\PC\AppData\Roaming\IDM\idmmzcc5 [2018-12-26] [Legacy] [not signed]
FF HKU\S-1-5-21-3150810417-4117916871-2068535238-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_101.dll [2018-12-09] ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll [2018-09-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.0 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2018-09-22] (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)

Chrome:
=======
CHR DefaultProfile: Profile 2
CHR HomePage: Profile 2 -> hxxp://www.facebook.com/
CHR StartupUrls: Profile 2 -> "hxxp://www.facebook.com/"
CHR DefaultSearchURL: Profile 2 -> hxxps://www.youtube.com/results?search_query={s ... opensearch
CHR DefaultSearchKeyword: Profile 2 -> youtube.com
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default [2018-12-24]
CHR Extension: (Docs) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-07-13]
CHR Extension: (Disk Google) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-07-13]
CHR Extension: (YouTube) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-13]
CHR Extension: (IDM Integration Module) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-07-13]
CHR Extension: (Gmail) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-07-13]
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 2 [2018-12-27]
CHR Extension: (Prezentácie) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-16]
CHR Extension: (Free Download Manager) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2018-08-17]
CHR Extension: (Dokumenty) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-16]
CHR Extension: (Disk Google) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-16]
CHR Extension: (YouTube) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-16]
CHR Extension: (Tampermonkey) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-12-20]
CHR Extension: (Tabuľky) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-16]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-12]
CHR Extension: (AdBlock) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-12-19]
CHR Extension: (Save to Facebook) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2018-02-18]
CHR Extension: (Skype) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-16]
CHR Extension: (IDM Integration Module) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-12-20]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-15]
CHR Extension: (Gmail) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-16]
CHR Extension: (Chrome Media Router) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-20]
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\System Profile [2018-12-24]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [jffdffcnfhdcfbjijbcfghooboafmhel] - <no Path/update_url>
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2016-02-11]
CHR HKU\S-1-5-21-3150810417-4117916871-2068535238-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx

Opera:
=======
OPR StartupUrls: "hxxp://www.facebook.com/"
OPR Extension: (Bing.com) - C:\Users\PC\AppData\Roaming\Opera Software\Opera Stable\Extensions\iacaccplnfbooopaakeckhpjipnkdmeb [2018-07-31]
OPR Extension: (Flash Video Downloader (FVD)) - C:\Users\PC\AppData\Roaming\Opera Software\Opera Stable\Extensions\neacgcjokggofibnbfapeaejhclmpple [2017-12-16]
OPR Extension: (SaveFrom.net helper) - C:\Users\PC\AppData\Roaming\Opera Software\Opera Stable\Extensions\npdpplbicnmpoigidfdjadamgfkilaak [2018-12-21]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [889104 2016-04-22] (AVG Technologies CZ, s.r.o.)
S4 DigitalWave.Update.Service; C:\Program Files\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2017-06-06] (Digital Wave Ltd.)
S4 GoogleChromeElevationService; C:\Program Files\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [375776 2018-12-12] (Google Inc.)
S4 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes)
S4 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [462200 2018-04-04] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation)
R2 ST2012_Svc; C:\Program Files\Spyware Terminator\st_rsser.exe [2133760 2017-03-16] (Crawler Group, LLC)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1445888 2014-05-23] (Atheros Communications, Inc.)
R1 cdrbsdrv; C:\Windows\system32\Drivers\cdrbsdrv.sys [33408 2015-12-21] (B.H.A Corporation) [File not signed]
R0 fasttx2k; C:\Windows\System32\DRIVERS\fasttx2k.sys [159744 2003-08-06] (Promise Technology, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R2 npf; C:\Windows\system32\drivers\npf.sys [36600 2017-10-08] (Riverbed Technology, Inc.)
R0 PxHelp20; C:\Windows\System32\drivers\PxHelp20.sys [20640 2005-04-25] (Sonic Solutions) [File not signed]
R0 Si3132r5; C:\Windows\System32\DRIVERS\Si3132r5.sys [217128 2008-10-09] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [17064 2008-10-09] (Silicon Image, Inc.)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [12200 2008-10-09] (Silicon Image, Inc.)
R1 sp_rsdrv2; C:\Windows\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] () [File not signed]
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [119952 2016-03-10] (MBB)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
U3 aswbdisk; no ImagePath
S3 cpuz134; no ImagePath
S3 mfesapsn; no ImagePath
S3 mvdM23; no ImagePath
U1 netfilter2; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-27 18:11 - 2018-12-27 18:11 - 000000000 ____D C:\FRST
2018-12-27 17:38 - 2018-12-27 17:38 - 000000000 ____D C:\Users\PC\Documents\VideoPad Projects
2018-12-27 17:37 - 2018-12-27 17:37 - 000000000 ____D C:\Users\PC\AppData\Roaming\NCH Software
2018-12-27 17:17 - 2018-12-27 17:36 - 005957800 _____ (NCH Software) C:\Users\PC\Downloads\VideoPadVideoEditor.exe
2018-12-27 17:10 - 2018-12-27 17:10 - 000000000 ____D C:\Users\PC\AppData\Roaming\NVIDIA
2018-12-27 17:08 - 2018-12-27 17:08 - 000001282 _____ C:\Users\Public\Desktop\Apowersoft Video Konvertor.lnk
2018-12-27 17:08 - 2018-12-27 17:08 - 000001282 _____ C:\ProgramData\Desktop\Apowersoft Video Konvertor.lnk
2018-12-27 17:08 - 2018-12-27 17:08 - 000000000 ____D C:\usr
2018-12-27 17:08 - 2018-12-27 17:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
2018-12-27 17:08 - 2018-12-27 17:08 - 000000000 ____D C:\ProgramData\Apowersoft
2018-12-27 17:08 - 2017-10-08 00:42 - 000282360 _____ (Riverbed Technology, Inc.) C:\Windows\system32\wpcap.dll
2018-12-27 17:08 - 2017-10-08 00:42 - 000098040 _____ (Riverbed Technology, Inc.) C:\Windows\system32\Packet.dll
2018-12-27 17:08 - 2017-10-08 00:42 - 000053299 _____ C:\Windows\system32\pthreadVC.dll
2018-12-27 17:08 - 2017-10-08 00:42 - 000036600 _____ (Riverbed Technology, Inc.) C:\Windows\system32\Drivers\npf.sys
2018-12-27 17:05 - 2018-12-27 17:05 - 058522744 _____ (APOWERSOFT LIMITED ) C:\Users\PC\Downloads\video-converter-studio.exe
2018-12-27 15:14 - 2018-12-27 15:14 - 000000000 ____D C:\Program Files\Aleesoft
2018-12-27 14:37 - 2018-12-27 14:37 - 000000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2018-12-27 14:01 - 2018-12-27 14:01 - 068787624 _____ (Free Time Co., Ltd) C:\Users\PC\Downloads\FFSetup4.5.0.0.exe
2018-12-27 00:33 - 2018-12-27 00:33 - 000002458 _____ C:\Users\PC\Desktop\JRT.txt
2018-12-27 00:27 - 2018-12-27 00:27 - 037626408 _____ C:\Users\PC\Downloads\tweaking.com_windows_repair_aio.zip
2018-12-27 00:26 - 2018-12-27 00:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AML Free Registry Cleaner
2018-12-27 00:26 - 2018-12-27 00:26 - 000000000 ____D C:\Program Files\AML Products
2018-12-27 00:26 - 2002-01-05 06:48 - 000974848 _____ (Microsoft Corporation) C:\Windows\system32\mfc70.dll
2018-12-27 00:26 - 2002-01-05 05:40 - 000487424 _____ (Microsoft Corporation) C:\Windows\system32\msvcp70.dll
2018-12-27 00:26 - 2000-05-22 16:58 - 000608448 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.ocx
2018-12-27 00:25 - 2018-12-27 00:25 - 002884096 _____ (AML SOFTWARE ) C:\Users\PC\Downloads\regcleaner.exe
2018-12-26 20:54 - 2018-12-26 20:54 - 000000000 __RSH C:\MSDOS.SYS
2018-12-26 20:54 - 2018-12-26 20:54 - 000000000 __RSH C:\IO.SYS
2018-12-26 20:53 - 2018-12-26 23:48 - 000000000 ____D C:\ProgramData\Spyware Terminator
2018-12-26 20:53 - 2018-12-26 20:53 - 000000000 ____D C:\Users\PC\AppData\Roaming\Spyware Terminator
2018-12-26 20:53 - 2018-12-26 20:53 - 000000000 ____D C:\Users\PC\AppData\LocalLow\Spyware Terminator
2018-12-26 20:53 - 2011-06-21 11:24 - 000032768 _____ C:\Windows\system32\Drivers\sp_rsdrv2.sys
2018-12-26 20:52 - 2018-12-26 21:09 - 000000000 ____D C:\Program Files\Spyware Terminator
2018-12-26 20:52 - 2018-12-26 20:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2015
2018-12-26 20:46 - 2018-12-26 20:46 - 000000000 ____D C:\Spyware Terminator Premium 2015 3.0.1.107 CZ!
2018-12-26 19:10 - 2018-12-26 19:11 - 056875154 _____ C:\DİZİLERDE SUYA DÜŞENLER.mp4
2018-12-26 14:00 - 2018-12-26 14:01 - 000099108 _____ C:\Users\PC\Downloads\Kadin-1.EP-SK.srt
2018-12-26 13:58 - 2018-12-27 16:17 - 000000000 ____D C:\Users\PC\AppData\Roaming\fontconfig
2018-12-26 13:57 - 2018-12-26 13:57 - 000000000 ____D C:\Users\PC\AppData\Roaming\Aegisub
2018-12-26 13:56 - 2018-12-26 13:56 - 015100325 _____ C:\Users\PC\Downloads\Aegisub-3.2.2-portable-32.exe
2018-12-24 16:17 - 2018-12-24 16:17 - 000000969 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-12-24 16:17 - 2018-12-24 16:17 - 000000969 _____ C:\ProgramData\Desktop\CCleaner.lnk
2018-12-24 15:56 - 2018-12-24 15:56 - 000000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2018-12-24 15:56 - 2018-12-24 15:56 - 000000000 ____D C:\Users\UpdatusUser
2018-12-24 15:56 - 2017-12-04 14:03 - 000002018 _____ C:\Users\UpdatusUser\Desktop\Gооglе Сhrоmе.lnk
2018-12-24 15:56 - 2016-07-07 00:56 - 000000000 ____D C:\Users\UpdatusUser\AppData\Local\Google
2018-12-24 15:56 - 2015-10-17 02:18 - 000000000 ____D C:\Users\UpdatusUser\AppData\Local\Microsoft Help
2018-12-24 15:55 - 2018-12-24 15:56 - 000000000 ____D C:\ProgramData\NVIDIA
2018-12-24 15:55 - 2015-01-31 01:49 - 003982144 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2018-12-24 15:55 - 2015-01-31 01:49 - 002858824 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc.dll
2018-12-24 15:55 - 2015-01-31 01:48 - 002556560 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2018-12-24 15:55 - 2015-01-31 01:48 - 000633672 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2018-12-24 15:55 - 2015-01-31 01:48 - 000107848 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2018-12-24 15:55 - 2015-01-31 01:48 - 000061768 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2018-12-24 15:54 - 2018-12-24 15:54 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-12-24 15:54 - 2015-02-18 10:56 - 000051856 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2018-12-24 03:25 - 2018-12-24 03:25 - 000000000 ____D C:\Users\PC\AppData\Roaming\Wise Care 365
2018-12-24 03:24 - 2018-12-24 03:24 - 000000000 ____D C:\ProgramData\Package Cache
2018-12-24 03:24 - 2018-12-24 03:24 - 000000000 ____D C:\Program Files\Wise
2018-12-23 09:36 - 2018-12-23 09:36 - 009511564 _____ C:\Users\PC\Downloads\2018-mrskin-loop.mp4
2018-12-23 08:40 - 2018-12-23 08:40 - 002367146 _____ C:\Users\PC\Downloads\Německý parlament strana AfD proti vnucování migrantů, okoln.mp4
2018-12-22 03:26 - 2018-12-27 18:11 - 000000000 ____D C:\Users\PC\Desktop\Qone8-omiga
2018-12-22 03:25 - 2018-12-26 19:36 - 000000000 ____D C:\Users\PC\Desktop\Nový priečinok
2018-12-22 03:25 - 2017-11-07 02:14 - 000000000 ____D C:\Users\PC\Desktop\Czech
2018-12-22 03:23 - 2018-05-10 11:17 - 000000000 ____D C:\Users\PC\Desktop\Dominik Dán - Cigaretka na dva ťahy (2017)(SK)
2018-12-22 03:22 - 2018-12-01 21:44 - 000685450 _____ C:\Users\PC\Desktop\fešanda.mp4
2018-12-22 03:22 - 2018-05-22 12:23 - 019624723 _____ C:\Users\PC\Desktop\Eduard Chmelár_ Pán prezident, poviem vám, čo je to bezškrupulózna politika.mp4
2018-12-22 03:22 - 2018-01-04 13:35 - 000349997 _____ C:\Users\PC\Desktop\haf.mp4
2018-12-22 03:21 - 2018-11-27 16:09 - 222947320 _____ C:\Users\PC\Desktop\RTVS.sk.mp4
2018-12-22 03:21 - 2018-11-07 23:58 - 038031016 _____ C:\Users\PC\Desktop\Rachel Mcadams Nude Und Lesbian, Free HD Porn 7a xHamster.mp4
2018-12-22 03:21 - 2018-10-27 21:23 - 053283764 _____ C:\Users\PC\Desktop\Kiska prehral súd o pozemok. Sledovali sme online. Pozrite s.mp4
2018-12-22 03:21 - 2018-10-12 18:40 - 025693037 _____ C:\Users\PC\Desktop\Rovnováha 2017.mp4
2018-12-22 03:21 - 2018-06-07 11:33 - 000802461 _____ C:\Users\PC\Desktop\Pozor pál.mp4
2018-12-22 03:21 - 2017-11-11 01:04 - 055212171 _____ C:\Users\PC\Desktop\Lož, ktorú žijeme _ Čum.sk.mp4
2018-12-22 03:20 - 2018-12-01 21:47 - 007054865 _____ C:\Users\PC\Desktop\video-1543399909.mp4
2018-12-22 03:20 - 2018-11-11 15:25 - 001547686 _____ C:\Users\PC\Desktop\Ruda volavka.mp4
2018-12-22 03:17 - 2018-12-20 21:19 - 000001811 _____ C:\Users\PC\Desktop\Fatyh Harbie.txt
2018-12-22 03:15 - 2018-12-15 14:05 - 346877786 _____ C:\Users\PC\Desktop\Stratená Európa.mp4
2018-12-22 03:14 - 2018-11-16 02:23 - 016992654 _____ C:\Users\PC\Desktop\Děti s kalašnikovem a noční výbuchy Nacionalisté cvičí ukraj.mp4
2018-12-22 03:14 - 2018-10-24 00:33 - 003744270 _____ C:\Users\PC\Desktop\AlternativaProEvropu.pdf
2018-12-22 03:14 - 2018-09-22 12:34 - 000356173 _____ C:\Users\PC\Desktop\Bum.mp4
2018-12-22 03:14 - 2018-09-18 02:04 - 084526125 _____ C:\Users\PC\Desktop\Boney.M - Daddy Cool (original 1976).mp4
2018-12-22 03:11 - 2018-12-01 21:45 - 003730199 _____ C:\Users\PC\Desktop\video-1543400001.mp4
2018-12-22 03:11 - 2018-10-03 21:23 - 000888792 _____ C:\Users\PC\Desktop\Untitled_352x288.avi
2018-12-22 03:10 - 2018-09-30 10:19 - 004464413 _____ C:\Users\PC\Desktop\Stephanie De Monaco Winds Of Chance (HQ) download mp3-1.webm
2018-12-22 03:10 - 2018-09-30 09:47 - 000000792 _____ C:\Users\PC\Desktop\Stephanie De Monaco Winds Of Chance (HQ) download mp3.webm
2018-12-22 03:09 - 2018-11-15 15:23 - 000057874 _____ C:\Users\PC\Desktop\Romantik Komedi Aşk Tadında (2009 - HD).txt
2018-12-22 03:08 - 2018-09-22 12:37 - 002412556 _____ C:\Users\PC\Desktop\Odsťahovaný.mp4
2018-12-22 00:31 - 2018-12-02 13:30 - 001374151 _____ C:\Users\PC\Desktop\wondershare-video-converter-ultimate-cestina8-8-1.zip
2018-12-22 00:31 - 2018-12-02 13:23 - 112997960 _____ C:\Users\PC\Desktop\Wondershare.Video.Converter.Ultimate.10.4.0.186_Startcrack.com.zip
2018-12-22 00:31 - 2018-07-04 08:40 - 000349766 ____R C:\Users\PC\Desktop\vypinac-pc_1.2.zip
2018-12-22 00:27 - 2018-09-16 11:06 - 006667483 _____ C:\Users\PC\Desktop\Your Uninstaller PRO v7.5.2014.03.rar
2018-12-22 00:22 - 2018-12-01 21:48 - 000694629 _____ C:\Users\PC\Desktop\prdelka.mp4
2018-12-22 00:21 - 2018-09-12 10:36 - 001568500 _____ C:\Users\PC\Desktop\Utok na twiins.mp4
2018-12-22 00:19 - 2018-09-29 15:03 - 000000588 _____ C:\Users\PC\Desktop\Historie.cs Zvon zrady — Česká televize(1).mp4
2018-12-21 13:46 - 2018-12-21 14:10 - 000000000 ____D C:\Users\PC\Downloads\Amelie B
2018-12-21 11:58 - 2018-12-21 11:58 - 000746313 _____ C:\Polícia Slovenskej republiky - Neuveriteľná nehoda.mp4
2018-12-20 23:42 - 2018-12-20 23:43 - 080092792 _____ (WonderFox Soft, Inc.) C:\Users\PC\Downloads\hd-video-converter.exe
2018-12-18 03:07 - 2018-12-18 03:07 - 000000000 ____D C:\Users\PC\AppData\Local\mbamtray
2018-12-18 03:07 - 2018-12-18 03:07 - 000000000 ____D C:\Users\PC\AppData\Local\mbam
2018-12-18 03:05 - 2018-12-18 03:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-12-18 03:05 - 2018-12-04 08:09 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2018-12-18 03:04 - 2018-12-18 03:04 - 000000000 ____D C:\ProgramData\MB2Migration
2018-12-18 02:51 - 2018-12-18 02:51 - 032942704 _____ C:\Users\PC\Downloads\mbam-setup-2.1.4.1018.exe
2018-12-15 19:09 - 2018-12-15 19:09 - 001078077 _____ C:\Kde jsou teď feministky_! Holky braňte... - Jordanka Jirásková.mp4
2018-12-11 23:23 - 2018-12-11 23:23 - 006862587 _____ C:\Josef Novák - JAROMÍR SOUKUP -MÁŠA A MEDVĚD.mp4
2018-12-08 01:57 - 2018-12-08 01:57 - 002212451 _____ C:\Milujem Slovensko - _).mp4
2018-12-08 01:22 - 2018-12-08 01:22 - 013584921 _____ C:\Iconito & Zlaté Husle - Slovenské Devy.mp4
2018-12-06 15:48 - 2018-12-06 15:48 - 027457411 _____ C:\Americký dokument o slovenských osobnostiach.mp4
2018-12-05 05:46 - 2018-12-26 02:07 - 000000000 ____D C:\Users\PC\Downloads\Ozge Gurel
2018-12-05 01:46 - 2018-12-05 01:46 - 009831842 _____ C:\Kiraz Mevsimi Yeni Sezon Tanıtımı.mp4
2018-12-05 01:29 - 2018-12-05 01:30 - 015600208 _____ C:\Özge Gürel - Affet.mp4
2018-12-04 22:59 - 2018-12-04 22:59 - 000882024 _____ C:\Hazal Kaya v zákulisí pro #MarieClaire.mp4
2018-12-04 19:53 - 2018-12-04 20:07 - 059118665 _____ C:\[Hegre-Art] - Kiki - Reading 50 Shades of Gray.mp4
2018-12-02 13:24 - 2018-12-02 13:26 - 000000000 ____D C:\Users\PC\Downloads\Wondershare.Video.Converter.Ultimate.10.4.0.186_Startcrack.com
2018-11-29 15:36 - 2018-11-29 15:36 - 014919224 _____ C:\Users\PC\Downloads\Uloz.to_Uploader-setup(1).exe
2018-11-29 02:25 - 2018-11-29 02:25 - 001344226 _____ C:\Stopy starých časů - Karel Kryl po 89. roce_ O rozdělení Československa a rozkrádání republiky.mp4
2018-11-29 01:31 - 2018-11-29 01:31 - 001407039 _____ C:\Otevřené oči - Loď Ruska vs. Ukrajina.mp4
2018-11-27 16:18 - 2018-11-27 16:19 - 310714556 _____ C:\Reportéri - RTVS.sk.TS

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-27 18:10 - 2018-11-03 18:03 - 000000000 ____D C:\Users\PC\AppData\Roaming\Anvsoft
2018-12-27 18:08 - 2015-11-05 00:44 - 000025600 _____ C:\Users\PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-12-27 18:00 - 2015-10-17 03:24 - 000000000 ____D C:\ProgramData\TEMP
2018-12-27 17:59 - 2016-11-16 02:43 - 000000000 ____D C:\Users\PC\AppData\LocalLow\Mozilla
2018-12-27 17:19 - 2015-11-04 23:44 - 000000000 ____D C:\Demux
2018-12-27 17:03 - 2017-02-25 12:33 - 000000000 ____D C:\Users\PC\AppData\Roaming\avidemux
2018-12-27 16:36 - 2015-10-12 12:49 - 000000000 ___RD C:\Users\PC\Desktop\Ikony
2018-12-27 16:20 - 2018-02-03 03:12 - 000000000 ____D C:\Program Files\Avidemux 2.7 - 32 bits
2018-12-27 15:28 - 2017-12-27 03:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2018-12-27 15:22 - 2015-10-17 02:49 - 000121392 _____ C:\Users\PC\AppData\Local\GDIPFONTCACHEV1.DAT
2018-12-27 14:37 - 2017-02-09 09:51 - 000000000 ____D C:\Program Files\FormatFactory
2018-12-27 14:23 - 2009-07-14 05:34 - 000028128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-12-27 14:23 - 2009-07-14 05:34 - 000028128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-12-27 14:14 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-12-27 14:14 - 2009-07-14 05:33 - 000432544 _____ C:\Windows\system32\FNTCACHE.DAT
2018-12-27 03:13 - 2015-11-23 03:06 - 000000000 ____D C:\Users\PC\Documents\ConvertXtoVideo Ultimate
2018-12-27 03:00 - 2015-10-24 09:18 - 000000000 ____D C:\ProgramData\VSO
2018-12-27 02:48 - 2015-10-17 03:38 - 000000000 ____D C:\Users\PC\AppData\Roaming\uTorrent
2018-12-27 02:37 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\system32\NDF
2018-12-27 02:36 - 2015-10-21 02:45 - 000000000 ____D C:\Users\PC\AppData\Local\ElevatedDiagnostics
2018-12-26 18:34 - 2015-10-20 13:07 - 000000000 ____D C:\Users\PC\AppData\Roaming\DMCache
2018-12-26 13:01 - 2015-10-26 02:03 - 000000000 ____D C:\Users\PC\AppData\Roaming\MPC-HC
2018-12-26 01:00 - 2016-10-02 03:08 - 000000000 ____D C:\Program Files\trend micro
2018-12-24 16:30 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
2018-12-24 16:19 - 2015-10-20 13:07 - 000000000 ____D C:\Users\PC\AppData\Roaming\IDM
2018-12-24 16:07 - 2015-10-12 12:54 - 000000000 ____D C:\Users\PC\Downloads\Nový priečinok (3)
2018-12-24 16:07 - 2015-10-02 07:31 - 000000000 ____D C:\Users\PC\Documents\Easy Screen Capture
2018-12-24 15:56 - 2016-06-25 00:44 - 000000000 ____D C:\TEMP
2018-12-24 15:56 - 2015-10-16 15:22 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-12-24 15:55 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\Help
2018-12-24 01:22 - 2009-07-14 03:04 - 000000215 _____ C:\Windows\system.ini
2018-12-24 00:45 - 2015-12-29 22:02 - 000000000 ____D C:\Windows\erdnt
2018-12-24 00:45 - 2009-07-14 03:03 - 047628288 _____ C:\Windows\system32\config\SOFTWARE.bak
2018-12-24 00:45 - 2009-07-14 03:03 - 024903680 _____ C:\Windows\system32\config\SYSTEM.bak
2018-12-24 00:45 - 2009-07-14 03:03 - 000524288 _____ C:\Windows\system32\config\DEFAULT.bak
2018-12-24 00:45 - 2009-07-14 03:03 - 000061440 _____ C:\Windows\system32\config\SAM.bak
2018-12-24 00:45 - 2009-07-14 03:03 - 000028672 _____ C:\Windows\system32\config\SECURITY.bak
2018-12-22 04:49 - 2015-10-16 10:04 - 000000000 ____D C:\Windows\system32\Macromed
2018-12-22 03:06 - 2018-09-19 11:05 - 000000000 ____D C:\Users\PC\Desktop\Nový priečinok (2)
2018-12-21 20:20 - 2018-05-17 18:24 - 000000000 ____D C:\Users\PC\dwhelper
2018-12-21 15:27 - 2017-06-16 13:19 - 000000000 ____D C:\Users\PC\AppData\Roaming\vlc
2018-12-21 14:40 - 2010-11-20 22:01 - 000785302 _____ C:\Windows\system32\PerfStringBackup.INI
2018-12-20 23:45 - 2017-02-06 10:52 - 000000000 ____D C:\Users\PC\Documents\WonderFox Soft
2018-12-20 23:44 - 2018-11-03 15:38 - 000000000 ____D C:\Program Files\WonderFox Soft
2018-12-20 23:44 - 2017-02-06 10:38 - 000000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WonderFox Soft
2018-12-19 01:43 - 2018-07-13 08:52 - 000002182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-18 03:04 - 2017-12-10 00:04 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-12-18 02:55 - 2018-07-07 09:44 - 000000000 ____D C:\Users\PC\Downloads\Hazal Kaya
2018-12-15 21:39 - 2016-11-26 11:07 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2018-12-15 14:43 - 2017-12-18 07:11 - 000000000 ____D C:\Users\PC\AppData\Local\Adobe
2018-12-15 14:43 - 2015-10-16 10:04 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-12-15 14:43 - 2015-10-16 10:04 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-12-13 13:34 - 2015-10-16 15:04 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-12-12 01:42 - 2016-11-29 01:49 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-12-10 23:04 - 2015-10-22 04:17 - 000499424 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-12-09 17:03 - 2015-10-19 15:23 - 000000000 ____D C:\Users\PC\Documents\TMPGEnc Video Mastering Works 5
2018-12-04 23:41 - 2015-10-17 17:35 - 000000000 ____D C:\Users\PC\AppData\Roaming\Ulozto File Manager
2018-12-04 19:05 - 2017-01-29 12:19 - 000001027 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulož.to FileManager.lnk
2018-12-04 19:05 - 2016-07-14 16:25 - 000000000 ____D C:\Program Files\Ulozto File Manager
2018-12-03 04:44 - 2018-08-18 15:25 - 000000000 ____D C:\Users\PC\AppData\Roaming\VideoProc
2018-12-03 04:13 - 2016-11-20 01:03 - 000000000 ____D C:\Users\PC\AppData\Roaming\Pegasys Inc
2018-12-03 04:11 - 2015-10-19 15:22 - 000000000 ____D C:\Program Files\Pegasys Inc
2018-12-02 13:49 - 2017-12-04 13:24 - 000000000 ____D C:\Program Files\Wondershare
2018-12-02 12:04 - 2015-10-16 22:25 - 000000000 ____D C:\ProgramData\DVD Shrink

==================== Files in the root of some directories =======

2017-12-11 14:58 - 2018-09-18 00:54 - 000000212 _____ () C:\Program Files\metadata
2016-01-20 02:28 - 2018-09-17 00:49 - 000000551 _____ () C:\Users\PC\AppData\Roaming\AutoGK.ini
2016-01-18 03:25 - 2018-10-25 22:29 - 000001024 _____ () C:\Users\PC\AppData\Roaming\DVDSubEdit.ini
2017-03-01 14:57 - 2017-03-01 14:57 - 000000120 _____ () C:\Users\PC\AppData\Roaming\FixVTS.ini
2015-10-24 09:18 - 2018-06-16 17:34 - 000007887 _____ () C:\Users\PC\AppData\Roaming\pcouffin.cat
2015-10-24 09:18 - 2018-06-16 17:34 - 000001144 _____ () C:\Users\PC\AppData\Roaming\pcouffin.inf
2015-10-24 09:18 - 2018-06-16 17:34 - 000000055 _____ () C:\Users\PC\AppData\Roaming\pcouffin.log
2015-10-24 09:18 - 2018-06-16 17:34 - 000047360 _____ (VSO Software) C:\Users\PC\AppData\Roaming\pcouffin.sys
2017-12-25 20:53 - 2017-12-25 20:53 - 000000093 _____ () C:\Users\PC\AppData\Roaming\settings.xml
2015-11-05 00:44 - 2018-12-27 18:08 - 000025600 _____ () C:\Users\PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-02-11 23:13 - 2018-02-11 23:13 - 000140800 _____ () C:\Users\PC\AppData\Local\installer.dat
2017-02-06 09:51 - 2017-02-06 09:51 - 000000030 _____ () C:\Users\PC\AppData\Local\MRDownloader.err
2017-02-06 09:52 - 2017-02-06 09:52 - 000001032 _____ () C:\Users\PC\AppData\Local\MRDownloader.nast
2017-04-27 23:39 - 2017-04-27 23:39 - 000002373 _____ () C:\Users\PC\AppData\Local\recently-used.xbel
2016-10-12 15:17 - 2018-01-18 19:22 - 000007605 _____ () C:\Users\PC\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-12-24 01:18

==================== End of FRST.txt ============================

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24.12.2018
Ran by PC (27-12-2018 18:13:07)
Running from C:\Users\PC\Desktop\Qone8-omiga
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2015-10-15 17:09:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3150810417-4117916871-2068535238-500 - Administrator - Disabled)
Guest (S-1-5-21-3150810417-4117916871-2068535238-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3150810417-4117916871-2068535238-1002 - Limited - Enabled)
PC (S-1-5-21-3150810417-4117916871-2068535238-1000 - Administrator - Enabled) => C:\Users\PC
UpdatusUser (S-1-5-21-3150810417-4117916871-2068535238-1003 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM\...\uTorrent) (Version: 2.2.1 - )
2.0 (HKLM\...\Free Video to GIF Converter_is1) (Version: 2.0 - www.video-gif-converter.com)
4Videosoft 3D Converter 5.1.62 (HKLM\...\{8C9467CB-02EF-4948-B1F3-725EEFA6D571}_is1) (Version: - )
7-Zip 16.02 (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Adobe Flash Player 27 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.101 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 32.0.0.101 - Adobe Systems Incorporated)
Aktualizácia Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-041B-0000-0000000FF1CE}_PROPLUS_{9A8C39B0-D27F-4F81-BE74-2FECF164707E}) (Version: - Microsoft)
Aktualizácia Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-041B-0000-0000000FF1CE}_PROPLUS_{CE23B3DC-18CC-46FC-A309-81D6670F8D3D}) (Version: - Microsoft)
Aktualizácia Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-041B-0000-0000000FF1CE}_PROPLUS_{D6DBF512-87C0-4F6A-8FB9-AC3A389D9DE5}) (Version: - Microsoft)
Aktualizácie NVIDIA 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Allok MP3 to AMR Converter 3.0.2 (HKLM\...\Allok MP3 to AMR Converter_is1) (Version: - Allok Soft .Inc)
Allok Video to MP4 Converter 6.2.0603 (HKLM\...\Allok Video to MP4 Converter_is1) (Version: - Allok Soft Inc)
AML Free Registry Cleaner 4.25 (HKLM\...\{315F5FFC-1A5C-4A2A-B8E7-1C5B1174C198}_is1) (Version: - AML SOFT, Inc.)
Any Audio Converter 6.2.7 (HKLM\...\Any Audio Converter) (Version: 6.2.7 - Anvsoft)
AoA Audio Extractor (HKLM\...\{D1725D54-279A-40C5-A70D-23C1785DB920}_is1) (Version: - AoAMedia.com)
Apowersoft Video Konvertor V4.8.1 (HKLM\...\{195E8D7F-292B-4B04-A6E7-E96CAF04C767}_is1) (Version: 4.8.1 - APOWERSOFT LIMITED)
Auto Gordian Knot 2.55 (HKLM\...\AutoGK) (Version: 2.55 - len0x)
Avidemux 2.7 - 32 bits (32-bit) (HKLM\...\Avidemux 2.7 - 32 bits) (Version: 2.7.1.180604 - )
AviSynth 2.6 (HKLM\...\AviSynth) (Version: 2.6.0.6 - GPL Public release.)
BadCopy Pro (HKLM\...\BadCopy Pro) (Version: - )
Bandicut (HKLM\...\Bandicut) (Version: 3.1.4.480 - Bandicam.com)
CalcTape (HKLM\...\{44B185C4-2566-4F38-A4F1-092FCDBB51A5}) (Version: 5.1.5 - SFR Software GmbH)
CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
CPUID CPU-Z 1.77 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) <==== ATTENTION
CrystalDiskInfo 7.5.1 (HKLM\...\CrystalDiskInfo_is1) (Version: 7.5.1 - Crystal Dew World)
DVD Audio Extractor 7.0.2 (HKLM\...\DVD Audio Extractor_is1) (Version: - Computer Application Studio)
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version: - DVD Shrink)
DVD2one V2.4.1 (HKLM\...\DVD2one V2) (Version: 2.4.1 - Eximius B.V.)
DVDFab 9.3.1.6 (19/09/2016) (HKLM\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)
DVDFab Media Player 3 (HKLM\...\DVDFab Media Player 3_is1) (Version: 3.0.0.1 - Fengtao Software Inc.)
DVDIdle Pro 5.9.8.5 (HKLM\...\DVDIdle Pro_is1) (Version: - Fengtao Software Inc.)
DVD-lab PRO 2.51 (HKLM\...\DVD-lab PRO 2.51_is1) (Version: - Mediachance)
Easy Screen Capture (HKLM\...\Easy Screen Capture) (Version: - )
FastStone Photo Resizer 3.8 (HKLM\...\FastStone Photo Resizer) (Version: 3.8 - FastStone Soft.)
ffdshow v1.1.3516 [2010-07-25] (HKLM\...\ffdshow_is1) (Version: 1.1.3516.0 - )
FMW 1 (HKLM\...\{ABED3E9A-2FE6-4306-B5FC-24FDC373A11D}) (Version: 1.82.3 - AVG Technologies) Hidden
FormatFactory 4.5.0.0 (HKLM\...\FormatFactory) (Version: 4.5.0.0 - Free Time)
Free Avi To Mp4 Converter (HKLM\...\{699911AE-9F89-4512-94B1-20F1D2D1A5CE}) (Version: 2.0.0 - Free Avi To Mp4 Converter)
Free MP3 Cutter Joiner 10.6 (HKLM\...\{02509E6E-B951-45A8-BF42-ACFAF0D6B4DA}}_is1) (Version: 10.6 - DVDVideoMedia, Inc.)
Free MP3 Joiner 8.7.1 (HKLM\...\Free MP3 Joiner_is1) (Version: - FreeMoreSoft, Inc.)
Free MTS Converter 1.0.32 (HKLM\...\{AE1049D2-8255-4ffd-9857-96609689A253}_is1) (Version: 1.0.32 - free-videoconverter)
Free TS Converter 1.0.28 (HKLM\...\{D19D3F81-C2A7-4225-A97E-DB61D80535BA}_is1) (Version: 1.0.28 - free-videoconverter)
Free Video Editor (HKLM\...\Free Video Editor_is1) (Version: 1.4.54.606 - Digital Wave Ltd)
Free Video Joiner (HKLM\...\{14FA6DD9-92ED-493D-A937-81A78870E08A}_is1) (Version: - FreeVideoJoiner.com)
FVD Downloader Module (HKLM\...\{A3F74A3C-6824-4878-AB46-21280389D09F}) (Version: 1.0.8 - Nimbus)
Google Chrome (HKLM\...\Google Chrome) (Version: 71.0.3578.98 - Spoločnosť Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
HD Tune 2.55 (HKLM\...\HD Tune_is1) (Version: - EFD Software)
HD Video Converter Factory 15.0 (HKLM\...\HD Video Converter Factory) (Version: 15.0 - WonderFox Soft, Inc.)
IE Download Helper (HKLM\...\{66EB7F3B-E4DC-4E0F-A052-D1323B2828B5}) (Version: 3.3 - IE Download Helper)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version: - Tonec Inc.)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Java(TM) 6 Update 26 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216026FF}) (Version: 6.0.260 - Oracle)
Java(TM) 7 Update 5 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217005FF}) (Version: 7.0.50 - Oracle)
LAV Filters 0.72 (HKLM\...\lavfilters_is1) (Version: 0.72 - Hendrik Leppkes)
Malwarebytes verzia 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
MediaInfo 18.08 (HKLM\...\MediaInfo) (Version: 18.08 - MediaArea.net)
Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 64.0 (x86 sk) (HKLM\...\Mozilla Firefox 64.0 (x86 sk)) (Version: 64.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0.0.6914 - Mozilla)
Mozilla Thunderbird 52.9.1 (x86 sk) (HKLM\...\Mozilla Thunderbird 52.9.1 (x86 sk)) (Version: 52.9.1 - Mozilla)
MP4Tools v3.6 (HKLM\...\MP4Tools_is1) (Version: - Thüring IT-Consulting)
MPC-HC 1.7.13 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.13 - MPC-HC Team)
Nero 7 Premium (HKLM\...\{91C0B95B-B83A-4828-A775-BBE2DD421051}) (Version: 7.02.9752 - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Grafický ovládač 309.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 309.08 - NVIDIA Corporation)
Opera Stable 57.0.3098.106 (HKU\S-1-5-21-3150810417-4117916871-2068535238-1000\...\Opera 57.0.3098.106) (Version: 57.0.3098.106 - Opera Software)
Ovládací panel NVIDIA 309.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 309.08 - NVIDIA Corporation) Hidden
QuickTime Alternative 3.2.2 (HKLM\...\QuicktimeAlt_is1) (Version: 3.2.2 - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
Skype Click to Call (HKLM\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.32 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Slideshow Creator (HKLM\...\{4E1A63B1-F547-4CFC-91F7-F32F1A6BF430}_is1) (Version: 1.1 - Bolide Software)
Smart View (HKLM\...\{1800D8A5-F7B2-4C20-868E-1CF55CBBDF21}) (Version: 1.0.0.0 - Samsung )
SolveigMM Video Splitter (HKLM\...\SolveigMM Video Splitter) (Version: 2.2.912.18 - Solveig Multimedia)
Spyware Terminator 2015 (HKLM\...\{56736259-613E-4A3B-B428-6235F2E76F44}_is1) (Version: 3.0.1.107 - Crawler Group)
Subtitle Workshop 2.51 (HKLM\...\SubtitleWorkshop) (Version: - )
TapinRadio 1.60.1 (HKLM\...\TapinRadio_is1) (Version: - Raimersoft)
TMPGEnc Video Mastering Works 5 version 5.0.6.38 (HKLM\...\TMPGEnc Video Mastering Works 5_is1) (Version: 5.0.6.38 - Pegasys Inc)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: - )
TP-LINK TL-WN721N_TL-WN722N Driver (HKLM\...\{38A1E3ED-D913-41D2-9953-A93D5ACE3ADF}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
Ulož.to FileManager version 2.26 (HKLM\...\{7DE5EA5D-C933-4549-9A44-5BC671F23BBF}_is1) (Version: 2.26 - Uloz.to cloud a.s.)
Ultra Video Joiner 4.8.0108 (HKLM\...\Ultra Video Joiner_is1) (Version: - Aone Software)
Ultra Video Splitter 6.4.1208 (HKLM\...\Ultra Video Splitter_is1) (Version: - Aone Software)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VdhCoApp 1.2.4 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
VideoProc (HKLM\...\VideoProc) (Version: 3.0 - Digiarty, Inc.)
Vivaldi (HKU\S-1-5-21-3150810417-4117916871-2068535238-1000\...\Vivaldi) (Version: 1.13.1008.36 - Vivaldi)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN)
VobSub v2.23 (Remove Only) (HKLM\...\VobSub) (Version: - )
VSO ConvertXToDVD 7 (HKLM\...\{A021D003-6933-4EA4-B582-F1D0C3E52409}_is1) (Version: 7.0.0.59 - VSO Software)
VSO ConvertXtoVideo Ultimate 2 (HKLM\...\{{3852A371-F5ED-491A-86C3-998CD0688D4A}_is1) (Version: 2.0.0.88 - VSO Software)
Windows 7 Codec Pack 4.1.5 (HKLM\...\Windows 7 - Codec Pack) (Version: 4.1.5 - Windows 7 Codec Pack)
WinRAR 4.20 (32-bitová verzia) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wondershare AllMyTube(Build 5.0.0.3) (HKLM\...\AllMyTube_is1) (Version: 5.0.0.3 - Wondershare)
Wondershare HD Video Converter(Build 4.2.0.56) (HKLM\...\Wondershare HD Video Converter_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.5.3 (HKLM\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.3 - Wondershare)
XviD MPEG4 Video Codec (remove only) (HKLM\...\XviD MPEG4 Video Codec) (Version: - )
Your Uninstaller! 2010 (HKLM\...\YU2010_is1) (Version: 7.0 - URSoft, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3150810417-4117916871-2068535238-1000_Classes\CLSID\{46C300EE-0C22-5C5F-A371-7EF4A05E0EDE}\InprocServer32 -> no filepath
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers1: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [2007-06-28] (Nero AG)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files\FormatFactory\ShellEx_105.dll [2018-11-29] (Free Time)
ContextMenuHandlers1: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} => -> No File
ContextMenuHandlers1: [STShellMenu] -> {F32C83B9-DF1D-42AD-9741-C52909703957} => C:\Program Files\Spyware Terminator\STShell.dll [2016-03-03] (Crawler Group)
ContextMenuHandlers1: [Tomabo.MP4Converter] -> {24146F89-6FA0-4821-96EC-74EED926A80E} => -> No File
ContextMenuHandlers1: [Tomabo.MP4Player] -> {5266035F-65FC-4C51-9024-FB57ED8AEB1E} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers1: [WondershareVideoConverterFileOpreation] -> {55D63393-DB17-4A2B-9052-15D85B4B1344} => -> No File
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers3: [STShellMenu] -> {F32C83B9-DF1D-42AD-9741-C52909703957} => C:\Program Files\Spyware Terminator\STShell.dll [2016-03-03] (Crawler Group)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files\FormatFactory\ShellEx_105.dll [2018-11-29] (Free Time)
ContextMenuHandlers4: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-01-31] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers6: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} => -> No File
ContextMenuHandlers6: [STShellMenu] -> {F32C83B9-DF1D-42AD-9741-C52909703957} => C:\Program Files\Spyware Terminator\STShell.dll [2016-03-03] (Crawler Group)
ContextMenuHandlers6: [Tomabo.MP4Converter] -> {24146F89-6FA0-4821-96EC-74EED926A80E} => -> No File
ContextMenuHandlers6: [Tomabo.MP4Player] -> {5266035F-65FC-4C51-9024-FB57ED8AEB1E} => -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {010DDDF6-7F50-4141-9C4A-9BB5335DC8B4} - System32\Tasks\{37C75696-F94B-4751-9F90-323752005F8E} => C:\Windows\system32\pcalua.exe -a C:\Users\PC\Downloads\irfanview_plugins_444_setup.exe -d C:\Users\PC\Downloads
Task: {01A24F4B-D7C8-4760-AC02-B8CCB64446DF} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {04101F8D-F5C9-48B9-9629-D3B9BC3E3B19} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {04CE94B6-79F1-4809-B195-129475229603} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-12-15] (Adobe Systems Incorporated)
Task: {0EA69CC3-0232-4C4B-8C92-F74FBFF3B891} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {0F08747D-72C5-4587-96F2-CEF4465FA6C3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-05-03] (Google Inc.)
Task: {10F15864-11D2-4B4F-A67E-F95597F3BB48} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-5d => C:\Windows\system32\GWX\GWX.exe
Task: {137BFA05-9285-4A1D-AC7F-1258147C42AE} - System32\Tasks\{20B01840-D060-440D-8E24-0352625EE5CC} => C:\Windows\system32\pcalua.exe -a C:\Users\PC\Desktop\IrFanView.v4.37.Slovencina.exe -d C:\Users\PC\Desktop
Task: {168E49EB-8437-49D4-8D55-C3639C8536C7} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {1CCF129F-AE03-43C7-860D-941C0A06B550} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => C:\Windows\system32\GWX\GWX.exe
Task: {21323461-D2EC-4C8D-9CB5-E20755B01398} - System32\Tasks\{B500CBB9-AD73-4265-BBB9-F6D7E40C7857} => C:\Windows\system32\pcalua.exe -a "F:\TL-WN721N TL-WN722N\Setup.exe" -d "F:\TL-WN721N TL-WN722N"
Task: {2375F586-1009-41FB-B54E-30D8AF2B781D} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe
Task: {23FDEFAE-9600-46A5-84C4-A8F90BC1A958} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe
Task: {264482BE-39EA-4CF3-8685-054B049F9CD0} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {275C2B2C-DACB-4C39-94E2-922409AC009E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {2B1DF31F-B215-4770-877D-8EE8D546D2C5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {2D0FEA53-2143-4702-B7C0-DE943A520FBB} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {315C9A5B-4EA0-435F-B22E-4D3DAA30A789} - System32\Tasks\{160346C9-AF96-41B1-9AA5-DC4A883AE794} => C:\Windows\system32\pcalua.exe -a I:\INSTALL\mp3gain-win-full-1_2_5.exe -d I:\INSTALL
Task: {3315D5EC-722A-49F1-855A-6C11D946D48C} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {38503448-9E76-46FC-BEA7-A806B8BF8889} - System32\Tasks\{785205B0-7D1B-4565-9F12-88D10944649D} => C:\Windows\system32\pcalua.exe -a H:\INSTALL\Ultra-Video-Joiner\Ultra-Video-Joiner_4.8.0108.exe -d H:\INSTALL\Ultra-Video-Joiner
Task: {4044807D-1499-47E2-A1E2-98BC6A351548} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => C:\Windows\system32\GWX\GWX.exe
Task: {498CA04D-0C41-477D-A666-4BE16F8BD35D} - System32\Tasks\{BB2D57A2-C7B1-4102-8B35-AB20232FE7D6} => C:\Windows\system32\pcalua.exe -a C:\Users\PC\Desktop\Nastroje_soft\FreeRapid-0.9u4\frd.exe -d C:\Users\PC\Desktop\Nastroje_soft\FreeRapid-0.9u4
Task: {4CBD06E7-CCB1-4D68-8B57-006743CE6800} - System32\Tasks\{EB6E0523-7682-47F8-8FD8-2423EF3379DB} => C:\Windows\system32\pcalua.exe -a J:\INSTALL\TMPGEnc\TMPGEnc.Authoring.Works.4.0.11.39.Retail.Incl.Keyfilemaker-EMBRACE\TAW4_Retail_4.0.11.39_setup_en.exe -d J:\INSTALL\TMPGEnc\TMPGEnc.Authoring.Works.4.0.11.39.Retail.Incl.Keyfilemaker-EMBRACE
Task: {4CDA9D4B-A543-40CF-969A-D87001225EF1} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {5E2A347C-6997-4D39-A951-DE13F991DAA3} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {64C6AA6D-F520-4698-8F4A-3A11D71C8F26} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {64FF97D3-66F3-4FFC-9264-317AFE948CF5} - System32\Tasks\{7CDE1486-0AE7-411B-A374-D1F322333BA1} => C:\Windows\system32\pcalua.exe -a C:\TMPGEnc-DVD-Author-2.1.5.77\LicenceFolderInstall.exe -d C:\TMPGEnc-DVD-Author-2.1.5.77
Task: {70B5C876-D26F-442E-9017-D746DD84EE34} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {711BBE28-E74B-4537-B485-43B81DCE5899} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {735E3AC5-EFC3-44FA-A629-87691B13F450} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {73FD1F9A-8649-41E1-8264-E86D8C01F625} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {73FD1F9A-8649-41E1-8264-E86D8C01F625} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe
Task: {74D4B1ED-DF3B-423E-A9DC-5734AD651938} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {779E0437-E512-4EFB-9D76-AB338E4252F7} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_101_Plugin.exe [2018-12-09] (Adobe Systems Incorporated)
Task: {7E47CA11-7AC2-4519-B888-33D03754F28F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => C:\Windows\system32\GWX\GWX.exe
Task: {8117E217-1FF5-4EEA-BE59-4060D05CD3B8} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe
Task: {82E84DFF-C81D-4973-B9EB-A1E00047B6D9} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {89791E5C-B8DA-42EB-97B9-FB0000257FDA} - System32\Tasks\{70519412-260A-43BC-B0B3-C92F5D6F66A2} => C:\Program Files\Skype\\Phone\Skype.exe [2017-02-08] (Skype Technologies S.A.)
Task: {8B05E433-3152-4E1C-BBF8-8141BB89B55C} - System32\Tasks\{8C22C8F2-682C-4127-8C0A-4B17EE5C5875} => C:\Program Files\Pegasys Inc\TMPGEnc DVD Author 3 with DivX Authoring\TMPGEncDVDAuthor3.exe
Task: {8B3376F0-94A6-462A-9778-1A1E9EF0BD04} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-05-03] (Google Inc.)
Task: {8C27806A-B731-4166-8B9E-83FABB0B9ADB} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {90FCF1F3-564F-434C-A000-368D7B85ECB1} - System32\Tasks\{A2D8EB76-2C52-4288-9B0A-D18231F271BA} => C:\Windows\system32\pcalua.exe -a "C:\Users\PC\Downloads\TMPGEnc-Authoring-Works-Retail-v4.0.12.42\TMPGEnc Authoring Works Retail v4.0.12.42\TAW4_Retail_4.0.12.42_setup_en.exe" -d "C:\Users\PC\Downloads\TMPGEnc-Authoring-Works-Retail-v4.0.12.42\TMPGEnc Authoring Works Retail v4.0.12.42"
Task: {913CB8D0-7D7C-4738-AE88-AC2FAFC730D1} - System32\Tasks\{F4268504-A61B-4ED4-A6E5-DE2B63BAB4A3} => C:\Program Files\Skype\\Phone\Skype.exe [2017-02-08] (Skype Technologies S.A.)
Task: {91EE1348-30D6-487B-98B7-EE2BC8EAF1EF} - System32\Tasks\{4CE17F3B-B0C7-4282-BB94-64482584B180} => C:\Windows\system32\pcalua.exe -a C:\TMPGEnc.Authoring.Works.4.0.11.39.Retail\TMPGEnc.Authoring.Works.4.0.11.39.Retail.Incl.Keyfilemaker-EMBRACE\TAW4_Retail_4.0.11.39_setup_en.exe -d C:\TMPGEnc.Authoring.Works.4.0.11.39.Retail\TMPGEnc.Authoring.Works.4.0.11.39.Retail.Incl.Keyfilemaker-EMBRACE
Task: {9A435129-FF81-4CE9-B636-EC2F926A94C2} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {9A435129-FF81-4CE9-B636-EC2F926A94C2} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): C:\Windows\system32\GWX\GWXDetector.exe
Task: {9E10FBC0-CC05-450B-B3B5-9238C4FE4EC0} - System32\Tasks\{277FB71C-A997-4E29-8984-EC762B77869E} => C:\Windows\system32\pcalua.exe -a H:\INSTALL\SubtitleWorkshop251.exe -d H:\INSTALL
Task: {9E7E2068-6456-4161-B67B-7AF79C20F351} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_101_pepper.exe [2018-12-15] (Adobe Systems Incorporated)
Task: {A38B3640-E33C-4F37-8899-84199978C5EC} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {B1920E6F-F97B-4284-8CAF-DB652B267319} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {B9434AD4-20C7-45B1-BABD-85317E00752E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => C:\Windows\system32\GWX\GWX.exe
Task: {BEC944F4-4C68-41AE-92D2-B5AEE6588005} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C7B7F53F-6F0C-46AB-A029-0BA7CCC09638} - System32\Tasks\{382F0BB7-4517-4AE9-B336-F4A6FB4C44CF} => C:\Windows\system32\pcalua.exe -a "I:\INSTALL\DVD Shrink+cz\DVDShrink32015_CZ\DVDShrink32015.exe" -d "I:\INSTALL\DVD Shrink+cz\DVDShrink32015_CZ"
Task: {CD4F72D9-7A3C-451D-BD90-545339F5B701} - System32\Tasks\{5D65EE77-7A7E-4004-8FD6-836481B64B01} => C:\Windows\system32\pcalua.exe -a "I:\INSTALL\foxit_reader_1[1].3_sk\Foxit Reader 1.3 SK.exe" -d I:\INSTALL\foxit_reader_1[1].3_sk
Task: {D3517796-1980-453A-B439-63B19B7B7CBF} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {D8ACE661-ECC0-4B4B-A97D-1EB986784B9A} - System32\Tasks\Opera scheduled Autoupdate 1507916423 => C:\Users\PC\AppData\Local\Programs\Opera\launcher.exe [2018-12-19] (Opera Software)
Task: {DC1DF7A2-1E06-4B26-ACF1-4FEF6952ED1F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => C:\Windows\system32\GWX\GWX.exe
Task: {EC8875A5-63BE-436A-BC25-9712F031F3D0} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {ED9BE8AC-6F55-48A9-81D9-042BED2FECBB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {F102A32A-DA37-457C-8947-3D60E78C033C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {F102A32A-DA37-457C-8947-3D60E78C033C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe
Task: {FA67DD81-9837-48FA-9042-CAEE29ED8CF5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-05-19] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\PC\Documents\Ikony\Моzillа Firеfох.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) <==== Cyrillic
Shortcut: C:\Users\PC\Desktop\Ikony\Моzillа Firеfох.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) <==== Cyrillic
Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) <==== Cyrillic
Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Рrеhliаdаč Ореrа.lnk -> C:\Users\PC\AppData\Local\Programs\Opera\launcher.exe (Opera Software) <==== Cyrillic
Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) <==== Cyrillic
Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехрlоrеr.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) <==== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files\HPLion\LionStarter.exe (No File) <==== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files\HPLion\LionStarter.exe (No File) <==== Cyrillic

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [326]
AlternateDataStreams: C:\ProgramData\TEMP:8CE646EE [125]
AlternateDataStreams: C:\ProgramData\TEMP:B755D674 [165]
AlternateDataStreams: C:\ProgramData\TEMP:C7D0F96D [129]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2018-12-24 01:22 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3150810417-4117916871-2068535238-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\PC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AppIDSvc => 3
MSCONFIG\Services: avgsvc => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: COMSysApp => 3
MSCONFIG\Services: DEFRAGSVC => 3
MSCONFIG\Services: DigitalWave.Update.Service => 2
MSCONFIG\Services: EFS => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: FDResPub => 3
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hkmsvc => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: IEEtwCollectorService => 3
MSCONFIG\Services: IKEEXT => 3
MSCONFIG\Services: KtmRm => 3
MSCONFIG\Services: lltdsvc => 3
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: McAfee SiteAdvisor Service => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MSDTC => 3
MSCONFIG\Services: NBService => 3
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: PolicyAgent => 3
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: SharedAccess => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TrustedInstaller => 3
MSCONFIG\Services: UI0Detect => 3
MSCONFIG\Services: wbengine => 3
MSCONFIG\Services: WdiSystemHost => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: WsDrvInst => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK Wireless Configuration Utility.lnk => C:\Windows\pss\TP-LINK Wireless Configuration Utility.lnk.CommonStartup
MSCONFIG\startupreg: 6GV26KRJGM1JV15 => --
MSCONFIG\startupreg: AML Registry Cleaner => C:\Program Files\AML Products\Registry Cleaner\regclean.exe /min
MSCONFIG\startupreg: AvgUi => "C:\Program Files\AVG\Framework\Common\avguirnx.exe" /lps=fmw
MSCONFIG\startupreg: Chromium => "c:\users\pc\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
MSCONFIG\startupreg: cz.seznam.software.autoupdate =>
MSCONFIG\startupreg: cz.seznam.software.szndesktop =>
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: Ptipbmf => rundll32.exe ptipbmf.dll,SetWriteCacheMode
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: Skytel => Skytel.exe
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall =>
MSCONFIG\startupreg: SpywareTerminatorShield => C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
MSCONFIG\startupreg: SpywareTerminatorUpdater => C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Vivaldi Update Notifier => "C:\Users\PC\AppData\Local\Vivaldi\Application\update_notifier.exe"
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{334301C7-F217-4295-8A0C-BA11B908E0C0}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
FirewallRules: [{67579CB9-9E96-40A7-AAAB-29470A1E838B}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
FirewallRules: [{5CD42C9B-079A-4A74-9BF2-45C9C50A8916}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
FirewallRules: [TCP Query User{613F7C35-5521-4665-99CA-6837BABD82A6}C:\program files\smart view\smart view.exe] => (Allow) C:\program files\smart view\smart view.exe ()
FirewallRules: [UDP Query User{22673E6F-B010-4D8A-8F1A-4137247528D9}C:\program files\smart view\smart view.exe] => (Allow) C:\program files\smart view\smart view.exe ()
FirewallRules: [{C3AB19AA-1FE5-44A2-BEA6-DC96EDB414E5}] => (Block) C:\program files\smart view\smart view.exe ()
FirewallRules: [{BFE0A513-BE38-4AD9-B863-56C357DBFFD0}] => (Block) C:\program files\smart view\smart view.exe ()
FirewallRules: [TCP Query User{2401E642-30E3-41C7-B08D-37621382DD07}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN)
FirewallRules: [UDP Query User{7D77EB88-B50D-44E4-BB49-D3CB0C94AE83}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN)
FirewallRules: [{93D30CBD-AE55-4100-8621-3F2C66626FEF}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
FirewallRules: [{032DC7B1-40E7-4325-90B3-7DF8AF527696}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (Free Time Co., Ltd.)
FirewallRules: [{94289E58-1358-4773-8F55-D03EC3B3257F}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe (Free Time Co., Ltd.)
FirewallRules: [{EE8EC867-1470-4BA4-8BFD-E494DE061CAD}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (Free Time Co., Ltd.)
FirewallRules: [{9D09371F-0083-48E3-9DD4-FF65A33D3606}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe (Free Time Co., Ltd.)
FirewallRules: [{FA0E5C0E-3BA3-4A2A-A0F9-AB74B6413032}] => (Allow) C:\Program Files\FormatFactory\FFModules\Package\PTInstOnline.exe (Free Time)
FirewallRules: [{54F7FF44-6A47-4EE8-A4B7-EE23C4A7C166}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe (Free Time Co., Ltd.)
FirewallRules: [{744DCD47-88DF-429F-A0DB-F16157233808}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (Free Time Co., Ltd.)
FirewallRules: [{CCB0E785-8746-4956-84DE-71CFE1D869B2}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe (Free Time Co., Ltd.)
FirewallRules: [{FAF998CD-F9F3-49AB-9EFE-FB1EA220005E}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (Free Time Co., Ltd.)
FirewallRules: [{9F106DA4-43E5-4D3D-8487-BFBED7D4710F}] => (Allow) C:\Program Files\FormatFactory\FFModules\Package\PTInstOnline.exe (Free Time)
FirewallRules: [{634DF0D3-1D67-44C8-B49F-878BE702097D}] => (Allow) C:\Users\PC\AppData\Local\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS)
FirewallRules: [{A889B9D0-611F-4A9E-AF06-D8780223E738}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (Free Time Co., Ltd.)
FirewallRules: [{76B3DEB4-1C57-40BE-BC24-65ACA6C184C9}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe (Free Time Co., Ltd.)
FirewallRules: [{A844A3B3-18EE-44AA-88A1-834ECA9FB3CC}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (Free Time Co., Ltd.)
FirewallRules: [{F178ACD8-0FDB-46D4-914F-AFE1AF47F94A}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe (Free Time Co., Ltd.)
FirewallRules: [{34426C25-6482-41EA-84EE-5299272E1AF1}] => (Allow) C:\Program Files\FormatFactory\FFModules\Package\PTInstOnline.exe (Free Time)
FirewallRules: [TCP Query User{D5B3B1B0-A2BD-478B-9ADB-18D3E5DA2640}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [UDP Query User{8AD76C55-A675-472B-B15D-858E4B415A63}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{037C22E3-8929-45D3-AB71-69F569B26504}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (Free Time Co., Ltd.)
FirewallRules: [{09A6E70A-780C-4833-9A7F-A5AD96EABAA4}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe (Free Time Co., Ltd.)
FirewallRules: [{CD0D8DD3-F051-4850-9400-F269158ABCB3}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe (Free Time Co., Ltd.)
FirewallRules: [{66DD5FA1-0E88-498F-B53F-0943764141EB}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (Free Time Co., Ltd.)
FirewallRules: [{828A2D56-1898-4B5B-A943-A54657806976}] => (Allow) C:\Program Files\FormatFactory\FFModules\Package\PTInstOnline.exe (Free Time)
FirewallRules: [TCP Query User{4BF3675B-1B05-4461-B289-FDD9B9E83A79}C:\program files\java\jre6\launch4j-tmp\frd.exe] => (Allow) C:\program files\java\jre6\launch4j-tmp\frd.exe (Sun Microsystems, Inc.)
FirewallRules: [UDP Query User{20D835BF-6261-4C9C-B5BB-E8C14E0A265C}C:\program files\java\jre6\launch4j-tmp\frd.exe] => (Allow) C:\program files\java\jre6\launch4j-tmp\frd.exe (Sun Microsystems, Inc.)
FirewallRules: [TCP Query User{E098E145-57B1-41A0-964D-2F02FD77D8DE}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN)
FirewallRules: [UDP Query User{39484DB1-6834-4201-8B20-78B6C6966B0C}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN)
FirewallRules: [TCP Query User{F92338AA-3454-4D64-8861-23FEF7089D45}C:\program files\java\jre7\launch4j-tmp\frd.exe] => (Allow) C:\program files\java\jre7\launch4j-tmp\frd.exe (Oracle Corporation)
FirewallRules: [UDP Query User{2DA0F5F1-AEA3-43BF-931D-D08BFF7C1405}C:\program files\java\jre7\launch4j-tmp\frd.exe] => (Allow) C:\program files\java\jre7\launch4j-tmp\frd.exe (Oracle Corporation)
FirewallRules: [{0ABF1F9A-2C02-47DE-B37E-A61B1B83A9A2}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
FirewallRules: [{1683D053-22F7-431E-BAB7-5CC276DC099F}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
FirewallRules: [{4D84438A-E0EC-48F2-97ED-9E6F5B7C83F9}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
FirewallRules: [{E45087B6-EFBF-4513-B81B-7616FB76607F}] => (Allow) C:\Program Files\Spyware Terminator\SpywareTerminator.exe (Crawler Group, LLC)
FirewallRules: [{1F8DE2F5-D410-48C1-9F44-6708641D6F5C}] => (Allow) C:\Program Files\Spyware Terminator\SpywareTerminator.exe (Crawler Group, LLC)
FirewallRules: [{4FFE5905-29A4-4CE7-BEC8-C40A7BC533E3}] => (Allow) C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler Group, LLC)
FirewallRules: [{7800512E-C240-4419-A74F-90316473A96A}] => (Allow) C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler Group, LLC)
FirewallRules: [{80797890-949B-4D30-A1A0-1A75F1275F91}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (Free Time Co., Ltd.)
FirewallRules: [{B8E0425A-E6E8-40D1-82B8-2A28064D0877}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe (Free Time Co., Ltd.)
FirewallRules: [{2296E2F1-727A-42B6-BAB2-FA23453CC5E1}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe (Free Time Co., Ltd.)
FirewallRules: [{9FF029C2-65F9-4CCB-A8D9-807A654BFDEA}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (Free Time Co., Ltd.)
FirewallRules: [{078B240C-EDBD-42EE-8277-060C9287E30F}] => (Allow) C:\Program Files\Apowersoft\Video Converter Studio\Video Converter Studio.exe (Apowersoft)
FirewallRules: [{58F45E75-A14C-4DC9-8BCE-12EC91AB1C33}] => (Allow) C:\Program Files\Apowersoft\Video Converter Studio\Video Converter Studio.exe (Apowersoft)

==================== Restore Points =========================

25-12-2018 03:17:25 Windows Update
26-12-2018 03:10:38 Windows Update
27-12-2018 00:29:32 JRT Pre-Junkware Removal
27-12-2018 15:23:30 Before uninstalling Aleesoft Free MKV Converter 2.5.37
27-12-2018 15:25:20 Before uninstalling Wondershare HD Video Converter(Build 4.2.0.56)
27-12-2018 15:26:59 Before uninstalling Wondershare Video Converter Ultimate(Build 10.4.0.186)
27-12-2018 18:00:19 Before uninstalling VideoPad Video Editor

==================== Faulty Device Manager Devices =============

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/27/2018 03:23:27 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Prístup je odmietnutý.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {53e4ab98-0142-40fc-9e5b-6b3a51bea0be}

Error: (12/27/2018 02:17:09 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index. (HRESULT : 0x80040d03) (0x80040d03)

Error: (12/27/2018 02:17:09 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index. (HRESULT : 0x80040d03) (0x80040d03)

Error: (12/27/2018 02:17:09 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index. (HRESULT : 0x80040d03) (0x80040d03)

Error: (12/27/2018 02:17:04 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Služba Windows Search sa zastavuje, pretože sa vyskytol problém s indexovaním, The catalog is corrupt.

Details:
Metaúdaje indexu obsahu sa nedajú prečítať. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/27/2018 02:17:04 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vyhľadávacia služba zistila v indexe {id=431} súbory s poškodenými údajmi. Služba sa pokúsi o automatické opravenie tohto problému opätovným vytvorením indexu.

Details:
Metaúdaje indexu obsahu sa nedajú prečítať. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/27/2018 02:17:03 PM) (Source: Windows Search Service) (EventID: 3038) (User: )
Description: The gatherer is unable to read the registry Path.

Context: Application, SystemIndex Catalog

Details:
The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index. (HRESULT : 0x80040d03) (0x80040d03)

Error: (12/24/2018 11:11:46 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
Metaúdaje indexu obsahu sa nedajú prečítať. (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (12/27/2018 02:17:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 30000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (12/27/2018 02:17:09 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba Windows Search bola ukončená s chybou služby %%-2147218173.

Error: (12/27/2018 02:14:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Spustenie služby Remote Access Connection Manager, od ktorej závisí služba Internet Connection Sharing (ICS), zlyhalo kvôli nasledujúcej chybe:
Závislú službu alebo skupinu sa nepodarilo spustiť.

Error: (12/27/2018 02:14:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Spustenie služby Telefonovanie, od ktorej závisí služba Remote Access Connection Manager, zlyhalo kvôli nasledujúcej chybe:
Služba sa nedá spustiť, pretože je vypnutá, alebo nemá priradené žiadne zapnuté zariadenia.

Error: (12/27/2018 02:14:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby TrustedInstaller zlyhalo kvôli nasledujúcej chybe:
Systém nemôže nájsť zadaný súbor.

Error: (12/27/2018 02:11:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby TrustedInstaller zlyhalo kvôli nasledujúcej chybe:
Systém nemôže nájsť zadaný súbor.

Error: (12/27/2018 01:43:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby TrustedInstaller zlyhalo kvôli nasledujúcej chybe:
Systém nemôže nájsť zadaný súbor.

Error: (12/27/2018 12:51:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby TrustedInstaller zlyhalo kvôli nasledujúcej chybe:
Systém nemôže nájsť zadaný súbor.


Windows Defender:
===================================
Date: 2017-11-27 02:23:31.653
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070003
Error description:Systém nemôže nájsť zadanú cestu.
Signature version:0.0.0.0
Engine version:0.0.0.0

CodeIntegrity:
===================================

Date: 2015-10-17 19:23:52.844
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-10-17 19:23:52.765
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD Athlon(tm) Dual Core Processor 4050e
Percentage of memory in use: 32%
Total physical RAM: 2943.36 MB
Available physical RAM: 1984.97 MB
Total Virtual: 5885.03 MB
Available Virtual: 4978.7 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:122.07 GB) (Free:36.98 GB) NTFS
Drive d: (Lokálny disk) (Fixed) (Total:343.59 GB) (Free:29.49 GB) NTFS
Drive e: (WD 1TB) (Fixed) (Total:931.51 GB) (Free:14.77 GB) NTFS
Drive g: (Nový zväzok) (Fixed) (Total:931.51 GB) (Free:14.56 GB) NTFS
Drive h: (VERBATIM HD) (Fixed) (Total:1397.26 GB) (Free:769.61 GB) NTFS
Drive m: (Maxtor) (Fixed) (Total:931.51 GB) (Free:38.44 GB) NTFS

\\?\Volume{59993103-735e-11e5-89b9-806e6f6e6963}\ (Vyhradené systémom) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 0F360F35)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=122.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=343.6 GB) - (Type=0F Extended)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: EA1B2E9E)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 44C3D51F)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 931.5 GB) (Disk ID: 64FDC99F)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (Size: 1397.3 GB) (Disk ID: BE8EACB6)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Conder
Moderátor
Moderátor
Příspěvky: 4164
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Reštart prieskumníka vo Win 7

#7 Příspěvek od Conder »

:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
    CloseProcesses:
    CreateRestorePoint:
    
    PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
    File: C:\Windows\system32\l3codeca.acm
    File: C:\Windows\system32\x264vfw.dll
    File: C:\Windows\system32\lagarith.dll
    File: C:\Windows\system32\DivXa32.acm
    File: C:\Windows\system32\ff_vfw.dll
    File: C:\Windows\system32\xvidvfw.dll
    File: C:\Windows\system32\Drivers\cdrbsdrv.sys
    File: C:\Windows\System32\drivers\PxHelp20.sys
    File: C:\Windows\system32\drivers\sp_rsdrv2.sys
    
    HKLM\...\Policies\Explorer: [NoCDBurning] 0
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-3150810417-4117916871-2068535238-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-3150810417-4117916871-2068535238-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
    Handler: WSWSVCUchrome - No CLSID Value - 
    FF Homepage: Mozilla\Firefox\Profiles\nwzl8lxz.default-1530958399952 -> hxxps://www.facebook.com/
    FF NetworkProxy: Mozilla\Firefox\Profiles\nwzl8lxz.default-1530958399952 -> type", 4
    CHR HomePage: Profile 2 -> hxxp://www.facebook.com/
    CHR StartupUrls: Profile 2 -> "hxxp://www.facebook.com/"
    CHR DefaultSearchURL: Profile 2 -> hxxps://www.youtube.com/results?search_query={searchTerms}&page={startPage?}&utm_source=opensearch
    CHR DefaultSearchKeyword: Profile 2 -> youtube.com
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [jffdffcnfhdcfbjijbcfghooboafmhel] - <no Path/update_url>
    CHR HKU\S-1-5-21-3150810417-4117916871-2068535238-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
    S4 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [462200 2018-04-04] (McAfee, Inc.)
    S2 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]
    U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
    U3 aswbdisk; no ImagePath
    S3 cpuz134; no ImagePath
    S3 mfesapsn; no ImagePath
    S3 mvdM23; no ImagePath
    U1 netfilter2; no ImagePath
    CustomCLSID: HKU\S-1-5-21-3150810417-4117916871-2068535238-1000_Classes\CLSID\{46C300EE-0C22-5C5F-A371-7EF4A05E0EDE}\InprocServer32 -> no filepath
    ContextMenuHandlers1: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} =>  -> No File
    ContextMenuHandlers1: [Tomabo.MP4Converter] -> {24146F89-6FA0-4821-96EC-74EED926A80E} =>  -> No File
    ContextMenuHandlers1: [Tomabo.MP4Player] -> {5266035F-65FC-4C51-9024-FB57ED8AEB1E} =>  -> No File
    ContextMenuHandlers1: [WondershareVideoConverterFileOpreation] -> {55D63393-DB17-4A2B-9052-15D85B4B1344} =>  -> No File
    ContextMenuHandlers4: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} =>  -> No File
    ContextMenuHandlers6: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} =>  -> No File
    ContextMenuHandlers6: [Tomabo.MP4Converter] -> {24146F89-6FA0-4821-96EC-74EED926A80E} =>  -> No File
    ContextMenuHandlers6: [Tomabo.MP4Player] -> {5266035F-65FC-4C51-9024-FB57ED8AEB1E} =>  -> No File
    Task: {010DDDF6-7F50-4141-9C4A-9BB5335DC8B4} - System32\Tasks\{37C75696-F94B-4751-9F90-323752005F8E} => C:\Windows\system32\pcalua.exe -a C:\Users\PC\Downloads\irfanview_plugins_444_setup.exe -d C:\Users\PC\Downloads
    Task: {10F15864-11D2-4B4F-A67E-F95597F3BB48} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-5d => C:\Windows\system32\GWX\GWX.exe
    Task: {137BFA05-9285-4A1D-AC7F-1258147C42AE} - System32\Tasks\{20B01840-D060-440D-8E24-0352625EE5CC} => C:\Windows\system32\pcalua.exe -a C:\Users\PC\Desktop\IrFanView.v4.37.Slovencina.exe -d C:\Users\PC\Desktop
    Task: {1CCF129F-AE03-43C7-860D-941C0A06B550} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => C:\Windows\system32\GWX\GWX.exe
    Task: {21323461-D2EC-4C8D-9CB5-E20755B01398} - System32\Tasks\{B500CBB9-AD73-4265-BBB9-F6D7E40C7857} => C:\Windows\system32\pcalua.exe -a "F:\TL-WN721N TL-WN722N\Setup.exe" -d "F:\TL-WN721N TL-WN722N"
    Task: {23FDEFAE-9600-46A5-84C4-A8F90BC1A958} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe
    Task: {315C9A5B-4EA0-435F-B22E-4D3DAA30A789} - System32\Tasks\{160346C9-AF96-41B1-9AA5-DC4A883AE794} => C:\Windows\system32\pcalua.exe -a I:\INSTALL\mp3gain-win-full-1_2_5.exe -d I:\INSTALL
    Task: {38503448-9E76-46FC-BEA7-A806B8BF8889} - System32\Tasks\{785205B0-7D1B-4565-9F12-88D10944649D} => C:\Windows\system32\pcalua.exe -a H:\INSTALL\Ultra-Video-Joiner\Ultra-Video-Joiner_4.8.0108.exe -d H:\INSTALL\Ultra-Video-Joiner
    Task: {4044807D-1499-47E2-A1E2-98BC6A351548} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => C:\Windows\system32\GWX\GWX.exe
    Task: {498CA04D-0C41-477D-A666-4BE16F8BD35D} - System32\Tasks\{BB2D57A2-C7B1-4102-8B35-AB20232FE7D6} => C:\Windows\system32\pcalua.exe -a C:\Users\PC\Desktop\Nastroje_soft\FreeRapid-0.9u4\frd.exe -d C:\Users\PC\Desktop\Nastroje_soft\FreeRapid-0.9u4
    Task: {4CBD06E7-CCB1-4D68-8B57-006743CE6800} - System32\Tasks\{EB6E0523-7682-47F8-8FD8-2423EF3379DB} => C:\Windows\system32\pcalua.exe -a J:\INSTALL\TMPGEnc\TMPGEnc.Authoring.Works.4.0.11.39.Retail.Incl.Keyfilemaker-EMBRACE\TAW4_Retail_4.0.11.39_setup_en.exe -d J:\INSTALL\TMPGEnc\TMPGEnc.Authoring.Works.4.0.11.39.Retail.Incl.Keyfilemaker-EMBRACE
    Task: {64FF97D3-66F3-4FFC-9264-317AFE948CF5} - System32\Tasks\{7CDE1486-0AE7-411B-A374-D1F322333BA1} => C:\Windows\system32\pcalua.exe -a C:\TMPGEnc-DVD-Author-2.1.5.77\LicenceFolderInstall.exe -d C:\TMPGEnc-DVD-Author-2.1.5.77
    Task: {73FD1F9A-8649-41E1-8264-E86D8C01F625} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
    Task: {73FD1F9A-8649-41E1-8264-E86D8C01F625} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe
    Task: {7E47CA11-7AC2-4519-B888-33D03754F28F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => C:\Windows\system32\GWX\GWX.exe
    Task: {8117E217-1FF5-4EEA-BE59-4060D05CD3B8} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe
    Task: {90FCF1F3-564F-434C-A000-368D7B85ECB1} - System32\Tasks\{A2D8EB76-2C52-4288-9B0A-D18231F271BA} => C:\Windows\system32\pcalua.exe -a "C:\Users\PC\Downloads\TMPGEnc-Authoring-Works-Retail-v4.0.12.42\TMPGEnc Authoring Works Retail v4.0.12.42\TAW4_Retail_4.0.12.42_setup_en.exe" -d "C:\Users\PC\Downloads\TMPGEnc-Authoring-Works-Retail-v4.0.12.42\TMPGEnc Authoring Works Retail v4.0.12.42"
    Task: {91EE1348-30D6-487B-98B7-EE2BC8EAF1EF} - System32\Tasks\{4CE17F3B-B0C7-4282-BB94-64482584B180} => C:\Windows\system32\pcalua.exe -a C:\TMPGEnc.Authoring.Works.4.0.11.39.Retail\TMPGEnc.Authoring.Works.4.0.11.39.Retail.Incl.Keyfilemaker-EMBRACE\TAW4_Retail_4.0.11.39_setup_en.exe -d C:\TMPGEnc.Authoring.Works.4.0.11.39.Retail\TMPGEnc.Authoring.Works.4.0.11.39.Retail.Incl.Keyfilemaker-EMBRACE
    Task: {9A435129-FF81-4CE9-B636-EC2F926A94C2} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
    Task: {9A435129-FF81-4CE9-B636-EC2F926A94C2} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): C:\Windows\system32\GWX\GWXDetector.exe
    Task: {9E10FBC0-CC05-450B-B3B5-9238C4FE4EC0} - System32\Tasks\{277FB71C-A997-4E29-8984-EC762B77869E} => C:\Windows\system32\pcalua.exe -a H:\INSTALL\SubtitleWorkshop251.exe -d H:\INSTALL
    Task: {B9434AD4-20C7-45B1-BABD-85317E00752E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => C:\Windows\system32\GWX\GWX.exe
    Task: {C7B7F53F-6F0C-46AB-A029-0BA7CCC09638} - System32\Tasks\{382F0BB7-4517-4AE9-B336-F4A6FB4C44CF} => C:\Windows\system32\pcalua.exe -a "I:\INSTALL\DVD Shrink+cz\DVDShrink32015_CZ\DVDShrink32015.exe" -d "I:\INSTALL\DVD Shrink+cz\DVDShrink32015_CZ"
    Task: {CD4F72D9-7A3C-451D-BD90-545339F5B701} - System32\Tasks\{5D65EE77-7A7E-4004-8FD6-836481B64B01} => C:\Windows\system32\pcalua.exe -a "I:\INSTALL\foxit_reader_1[1].3_sk\Foxit Reader 1.3 SK.exe" -d I:\INSTALL\foxit_reader_1[1].3_sk
    Task: {DC1DF7A2-1E06-4B26-ACF1-4FEF6952ED1F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => C:\Windows\system32\GWX\GWX.exe
    Task: {F102A32A-DA37-457C-8947-3D60E78C033C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
    Task: {F102A32A-DA37-457C-8947-3D60E78C033C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files\HPLion\LionStarter.exe (No File) <==== Cyrillic
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files\HPLion\LionStarter.exe (No File) <==== Cyrillic
    AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [326]
    AlternateDataStreams: C:\ProgramData\TEMP:8CE646EE [125]
    AlternateDataStreams: C:\ProgramData\TEMP:B755D674 [165]
    AlternateDataStreams: C:\ProgramData\TEMP:C7D0F96D [129]
    MSCONFIG\startupreg: cz.seznam.software.autoupdate => 
    MSCONFIG\startupreg: cz.seznam.software.szndesktop => 
    
    CMD: ren "C:\Users\PC\Documents\Ikony\Моzillа Firеfох.lnk" "Mozilla Firefox.lnk"
    CMD: ren "C:\Users\PC\Desktop\Ikony\Моzillа Firеfох.lnk" "Mozilla Firefox.lnk"
    CMD: ren "C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk" "Internet Explorer.lnk"
    CMD: ren "C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Рrеhliаdаč Ореrа.lnk" "Prehliadač Opera.lnk"
    CMD: ren "C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk" "Internet Explorer (No Add-ons).lnk"
    CMD: ren "C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехрlоrеr.lnk" "Internet Explorer.lnk"
    
    Hosts:
    EmptyTemp:
    End
  • Klikni na Subor a potom na Ulozit
  • Vpravo dole vyber kodovanie Unicode
  • Subor uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Uživatelský avatar
kekesko
Návštěvník
Návštěvník
Příspěvky: 141
Registrován: 16 led 2008 07:49

Re: Reštart prieskumníka vo Win 7

#8 Příspěvek od kekesko »

Urobil som podľa návodu ale ten FRST nič nerobí. Nechal som ho hodinu a nič.

Conder
Moderátor
Moderátor
Příspěvky: 4164
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Reštart prieskumníka vo Win 7

#9 Příspěvek od Conder »

:arrow: Zrejme sa to na niecom zasekne. Aj tak by sa mal ale na ploche vytvorit (neuplny) Fixlog.txt, posli jeho obsah.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Uživatelský avatar
cernohous13
Moderátor
Moderátor
Příspěvky: 8714
Registrován: 09 pro 2006 06:19
Bydliště: Jablonec nad Nisou
Kontaktovat uživatele:

Re: Reštart prieskumníka vo Win 7

#10 Příspěvek od cernohous13 »

Zdravím a omlouvám se za jednorázový vstup :oops:

fixlog.txt musí být uložen ve stejném adresáři jako FRST.exe
Running from C:\Users\PC\Desktop\Qone8-omiga
:hide:
Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím Obrázek

-------------------------------------------------------------------------------------------------
> Podpora fóra <

Uživatelský avatar
kekesko
Návštěvník
Návštěvník
Příspěvky: 141
Registrován: 16 led 2008 07:49

Re: Reštart prieskumníka vo Win 7

#11 Příspěvek od kekesko »

Tak toto sa podarilo. Program bežal hodinu, neukončil sa ani nereštartoval PC.
Toto je log čo so našiel.

Fix result of Farbar Recovery Scan Tool (x86) Version: 28.12.2018 01
Ran by PC (29-12-2018 14:43:36) Run:5
Running from C:\Users\PC\Desktop\Qone8-omiga
Loaded Profiles: PC (Available Profiles: PC & UpdatusUser)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\Windows\system32\l3codeca.acm
File: C:\Windows\system32\x264vfw.dll
File: C:\Windows\system32\lagarith.dll
File: C:\Windows\system32\DivXa32.acm
File: C:\Windows\system32\ff_vfw.dll
File: C:\Windows\system32\xvidvfw.dll
File: C:\Windows\system32\Drivers\cdrbsdrv.sys
File: C:\Windows\System32\drivers\PxHelp20.sys
File: C:\Windows\system32\drivers\sp_rsdrv2.sys

HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3150810417-4117916871-2068535238-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3150810417-4117916871-2068535238-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: WSWSVCUchrome - No CLSID Value -
FF Homepage: Mozilla\Firefox\Profiles\nwzl8lxz.default-1530958399952 -> hxxps://www.facebook.com/
FF NetworkProxy: Mozilla\Firefox\Profiles\nwzl8lxz.default-1530958399952 -> type", 4
CHR HomePage: Profile 2 -> hxxp://www.facebook.com/
CHR StartupUrls: Profile 2 -> "hxxp://www.facebook.com/"
CHR DefaultSearchURL: Profile 2 -> hxxps://www.youtube.com/results?search_query={s ... opensearch
CHR DefaultSearchKeyword: Profile 2 -> youtube.com
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [jffdffcnfhdcfbjijbcfghooboafmhel] - <no Path/update_url>
CHR HKU\S-1-5-21-3150810417-4117916871-2068535238-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
S4 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [462200 2018-04-04] (McAfee, Inc.)
S2 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
U3 aswbdisk; no ImagePath
S3 cpuz134; no ImagePath
S3 mfesapsn; no ImagePath
S3 mvdM23; no ImagePath
U1 netfilter2; no ImagePath
CustomCLSID: HKU\S-1-5-21-3150810417-4117916871-2068535238-1000_Classes\CLSID\{46C300EE-0C22-5C5F-A371-7EF4A05E0EDE}\InprocServer32 -> no filepath
ContextMenuHandlers1: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} => -> No File
ContextMenuHandlers1: [Tomabo.MP4Converter] -> {24146F89-6FA0-4821-96EC-74EED926A80E} => -> No File
ContextMenuHandlers1: [Tomabo.MP4Player] -> {5266035F-65FC-4C51-9024-FB57ED8AEB1E} => -> No File
ContextMenuHandlers1: [WondershareVideoConverterFileOpreation] -> {55D63393-DB17-4A2B-9052-15D85B4B1344} => -> No File
ContextMenuHandlers4: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} => -> No File
ContextMenuHandlers6: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} => -> No File
ContextMenuHandlers6: [Tomabo.MP4Converter] -> {24146F89-6FA0-4821-96EC-74EED926A80E} => -> No File
ContextMenuHandlers6: [Tomabo.MP4Player] -> {5266035F-65FC-4C51-9024-FB57ED8AEB1E} => -> No File
Task: {010DDDF6-7F50-4141-9C4A-9BB5335DC8B4} - System32\Tasks\{37C75696-F94B-4751-9F90-323752005F8E} => C:\Windows\system32\pcalua.exe -a C:\Users\PC\Downloads\irfanview_plugins_444_setup.exe -d C:\Users\PC\Downloads
Task: {10F15864-11D2-4B4F-A67E-F95597F3BB48} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-5d => C:\Windows\system32\GWX\GWX.exe
Task: {137BFA05-9285-4A1D-AC7F-1258147C42AE} - System32\Tasks\{20B01840-D060-440D-8E24-0352625EE5CC} => C:\Windows\system32\pcalua.exe -a C:\Users\PC\Desktop\IrFanView.v4.37.Slovencina.exe -d C:\Users\PC\Desktop
Task: {1CCF129F-AE03-43C7-860D-941C0A06B550} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => C:\Windows\system32\GWX\GWX.exe
Task: {21323461-D2EC-4C8D-9CB5-E20755B01398} - System32\Tasks\{B500CBB9-AD73-4265-BBB9-F6D7E40C7857} => C:\Windows\system32\pcalua.exe -a "F:\TL-WN721N TL-WN722N\Setup.exe" -d "F:\TL-WN721N TL-WN722N"
Task: {23FDEFAE-9600-46A5-84C4-A8F90BC1A958} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe
Task: {315C9A5B-4EA0-435F-B22E-4D3DAA30A789} - System32\Tasks\{160346C9-AF96-41B1-9AA5-DC4A883AE794} => C:\Windows\system32\pcalua.exe -a I:\INSTALL\mp3gain-win-full-1_2_5.exe -d I:\INSTALL
Task: {38503448-9E76-46FC-BEA7-A806B8BF8889} - System32\Tasks\{785205B0-7D1B-4565-9F12-88D10944649D} => C:\Windows\system32\pcalua.exe -a H:\INSTALL\Ultra-Video-Joiner\Ultra-Video-Joiner_4.8.0108.exe -d H:\INSTALL\Ultra-Video-Joiner
Task: {4044807D-1499-47E2-A1E2-98BC6A351548} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => C:\Windows\system32\GWX\GWX.exe
Task: {498CA04D-0C41-477D-A666-4BE16F8BD35D} - System32\Tasks\{BB2D57A2-C7B1-4102-8B35-AB20232FE7D6} => C:\Windows\system32\pcalua.exe -a C:\Users\PC\Desktop\Nastroje_soft\FreeRapid-0.9u4\frd.exe -d C:\Users\PC\Desktop\Nastroje_soft\FreeRapid-0.9u4
Task: {4CBD06E7-CCB1-4D68-8B57-006743CE6800} - System32\Tasks\{EB6E0523-7682-47F8-8FD8-2423EF3379DB} => C:\Windows\system32\pcalua.exe -a J:\INSTALL\TMPGEnc\TMPGEnc.Authoring.Works.4.0.11.39.Retail.Incl.Keyfilemaker-EMBRACE\TAW4_Retail_4.0.11.39_setup_en.exe -d J:\INSTALL\TMPGEnc\TMPGEnc.Authoring.Works.4.0.11.39.Retail.Incl.Keyfilemaker-EMBRACE
Task: {64FF97D3-66F3-4FFC-9264-317AFE948CF5} - System32\Tasks\{7CDE1486-0AE7-411B-A374-D1F322333BA1} => C:\Windows\system32\pcalua.exe -a C:\TMPGEnc-DVD-Author-2.1.5.77\LicenceFolderInstall.exe -d C:\TMPGEnc-DVD-Author-2.1.5.77
Task: {73FD1F9A-8649-41E1-8264-E86D8C01F625} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {73FD1F9A-8649-41E1-8264-E86D8C01F625} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe
Task: {7E47CA11-7AC2-4519-B888-33D03754F28F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => C:\Windows\system32\GWX\GWX.exe
Task: {8117E217-1FF5-4EEA-BE59-4060D05CD3B8} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe
Task: {90FCF1F3-564F-434C-A000-368D7B85ECB1} - System32\Tasks\{A2D8EB76-2C52-4288-9B0A-D18231F271BA} => C:\Windows\system32\pcalua.exe -a "C:\Users\PC\Downloads\TMPGEnc-Authoring-Works-Retail-v4.0.12.42\TMPGEnc Authoring Works Retail v4.0.12.42\TAW4_Retail_4.0.12.42_setup_en.exe" -d "C:\Users\PC\Downloads\TMPGEnc-Authoring-Works-Retail-v4.0.12.42\TMPGEnc Authoring Works Retail v4.0.12.42"
Task: {91EE1348-30D6-487B-98B7-EE2BC8EAF1EF} - System32\Tasks\{4CE17F3B-B0C7-4282-BB94-64482584B180} => C:\Windows\system32\pcalua.exe -a C:\TMPGEnc.Authoring.Works.4.0.11.39.Retail\TMPGEnc.Authoring.Works.4.0.11.39.Retail.Incl.Keyfilemaker-EMBRACE\TAW4_Retail_4.0.11.39_setup_en.exe -d C:\TMPGEnc.Authoring.Works.4.0.11.39.Retail\TMPGEnc.Authoring.Works.4.0.11.39.Retail.Incl.Keyfilemaker-EMBRACE
Task: {9A435129-FF81-4CE9-B636-EC2F926A94C2} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {9A435129-FF81-4CE9-B636-EC2F926A94C2} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): C:\Windows\system32\GWX\GWXDetector.exe
Task: {9E10FBC0-CC05-450B-B3B5-9238C4FE4EC0} - System32\Tasks\{277FB71C-A997-4E29-8984-EC762B77869E} => C:\Windows\system32\pcalua.exe -a H:\INSTALL\SubtitleWorkshop251.exe -d H:\INSTALL
Task: {B9434AD4-20C7-45B1-BABD-85317E00752E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => C:\Windows\system32\GWX\GWX.exe
Task: {C7B7F53F-6F0C-46AB-A029-0BA7CCC09638} - System32\Tasks\{382F0BB7-4517-4AE9-B336-F4A6FB4C44CF} => C:\Windows\system32\pcalua.exe -a "I:\INSTALL\DVD Shrink+cz\DVDShrink32015_CZ\DVDShrink32015.exe" -d "I:\INSTALL\DVD Shrink+cz\DVDShrink32015_CZ"
Task: {CD4F72D9-7A3C-451D-BD90-545339F5B701} - System32\Tasks\{5D65EE77-7A7E-4004-8FD6-836481B64B01} => C:\Windows\system32\pcalua.exe -a "I:\INSTALL\foxit_reader_1[1].3_sk\Foxit Reader 1.3 SK.exe" -d I:\INSTALL\foxit_reader_1[1].3_sk
Task: {DC1DF7A2-1E06-4B26-ACF1-4FEF6952ED1F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => C:\Windows\system32\GWX\GWX.exe
Task: {F102A32A-DA37-457C-8947-3D60E78C033C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {F102A32A-DA37-457C-8947-3D60E78C033C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files\HPLion\LionStarter.exe (No File) <==== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files\HPLion\LionStarter.exe (No File) <==== Cyrillic
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [326]
AlternateDataStreams: C:\ProgramData\TEMP:8CE646EE [125]
AlternateDataStreams: C:\ProgramData\TEMP:B755D674 [165]
AlternateDataStreams: C:\ProgramData\TEMP:C7D0F96D [129]
MSCONFIG\startupreg: cz.seznam.software.autoupdate =>
MSCONFIG\startupreg: cz.seznam.software.szndesktop =>

CMD: ren "C:\Users\PC\Documents\Ikony\Моzillа Firеfох.lnk" "Mozilla Firefox.lnk"
CMD: ren "C:\Users\PC\Desktop\Ikony\Моzillа Firеfох.lnk" "Mozilla Firefox.lnk"
CMD: ren "C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk" "Internet Explorer.lnk"
CMD: ren "C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Рrеhliаdаč Ореrа.lnk" "Prehliadač Opera.lnk"
CMD: ren "C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk" "Internet Explorer (No Add-ons).lnk"
CMD: ren "C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехрlоrеr.lnk" "Internet Explorer.lnk"

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========



Count : 2317
Average :
Sum : 3539943449
Maximum :
Minimum :
Property : Length


========= End of Powershell: =========


========================= File: C:\Windows\system32\l3codeca.acm ========================

C:\Windows\system32\l3codeca.acm
File is digitally signed
MD5: 1C7F1C3EA5894995E6C563E9AE9F029F
Creation and modification date: 2009-07-14 01:07 - 2009-07-14 02:14
Size: 000064000
Attributes: ----A
Company Name: Fraunhofer Institut Integrierte Schaltungen IIS
Internal Name: l3codec.acm
Original Name: l3codec.acm
Product: MPEG Layer-3 Audio Codec for MSACM
Description: MPEG Layer-3 Audio Codec for MSACM
File Version: 1, 9, 0, 0401
Product Version: 1, 0, 0, 0
Copyright: Copyright © 1996-1999 Fraunhofer Institut Integrierte Schaltungen IIS
VirusTotal: https://www.virustotal.com/file/992f320 ... 545337259/

====== End of File: ======


========================= File: C:\Windows\system32\x264vfw.dll ========================

C:\Windows\system32\x264vfw.dll
File not signed
MD5: 79CD1ABAFDAEF7CC2DC5B535B9B0A7A5
Creation and modification date: 2014-11-16 13:15 - 2014-11-16 13:15
Size: 003525120
Attributes: ----A
Company Name: x264vfw project
Internal Name: x264vfw
Original Name: x264vfw.dll
Product: x264vfw
Description: x264vfw - H.264/MPEG-4 AVC codec
File Version: 40_2491bm_40895
Product Version: 40_2491bm_40895
Copyright: Copyright (C) 2003-2014 x264vfw project
VirusTotal: https://www.virustotal.com/file/a6d974b ... 532283211/

====== End of File: ======


========================= File: C:\Windows\system32\lagarith.dll ========================

C:\Windows\system32\lagarith.dll
File not signed
MD5: FA425C74CE2EB719B2A77A7A2ADDAE32
Creation and modification date: 2013-12-17 03:19 - 2013-12-17 03:19
Size: 000216064
Attributes: ----A
Company Name:
Internal Name: Lagarith
Original Name: lagarith.dll
Product: Lagarith
Description: Lagarith
File Version: 1.3.27
Product Version: 1.3.27
Copyright: Copyright © 2011
VirusTotal: https://www.virustotal.com/file/bac1ea7 ... 546034073/

====== End of File: ======


========================= File: C:\Windows\system32\DivXa32.acm ========================

C:\Windows\system32\DivXa32.acm
File not signed
MD5: 765EAA222E1F6C7122EB22EE66D88CE1
Creation and modification date: 2013-12-17 02:30 - 2013-12-17 02:30
Size: 000291408
Attributes: ----A
Company Name: Packed With Joy !
Internal Name: DivXa32
Original Name: DivXa32
Product: DivX;-) Audio Codec
Description: DivX;-) Audio Codec
File Version: 4.1.00.3920
Product Version: 4.DivX.3920
Copyright:
VirusTotal: https://www.virustotal.com/file/fac981d ... 542162229/

====== End of File: ======


========================= File: C:\Windows\system32\ff_vfw.dll ========================

C:\Windows\system32\ff_vfw.dll
File not signed
MD5: FFBDA567F15BF149A26E186F5140CC23
Creation and modification date: 2016-08-01 12:51 - 2010-07-26 09:13
Size: 000108032
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======


========================= File: C:\Windows\system32\xvidvfw.dll ========================

C:\Windows\system32\xvidvfw.dll
File not signed
MD5: A955E81F50EC388F385B53DC6FCF4F86
Creation and modification date: 2009-01-25 22:10 - 2009-01-25 22:10
Size: 000179200
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======


========================= File: C:\Windows\system32\Drivers\cdrbsdrv.sys ========================

C:\Windows\system32\Drivers\cdrbsdrv.sys
File not signed
MD5: E0042BD5BEF17A6A3EF1DF576BDE24D1
Creation and modification date: 2015-12-21 09:39 - 2015-12-21 09:38
Size: 000033408
Attributes: ----A
Company Name: B.H.A Corporation
Internal Name: CDRBSDRV.SYS
Original Name: CDRBSDRV.SYS
Product: B's Recorder GOLD
Description: CD-ROM Filter Driver for Windows2000/xp
File Version: 8. 0. 0. 5
Product Version: 8. 0. 0. 5
Copyright: Copyright (C) 2000-2006 B.H.A Corporation
VirusTotal: 0

====== End of File: ======


========================= File: C:\Windows\System32\drivers\PxHelp20.sys ========================

C:\Windows\System32\drivers\PxHelp20.sys
File not signed
MD5: 86724469CD077901706854974CD13C3E
Creation and modification date: 2016-10-31 16:00 - 2005-04-25 10:03
Size: 000020640
Attributes: ----N
Company Name: Sonic Solutions
Internal Name: PxHelp20
Original Name: PxHelp20.sys
Product: PxHelp20
Description: Px Engine Device Driver for Windows 2000/XP
File Version: 2.03.32a
Product Version:
Copyright: Copyright © Sonic Solutions
VirusTotal: 0

====== End of File: ======


========================= File: C:\Windows\system32\drivers\sp_rsdrv2.sys ========================

C:\Windows\system32\drivers\sp_rsdrv2.sys
File not signed
MD5: 7B426B8E809EDF081D771EF429345528
Creation and modification date: 2018-12-26 20:53 - 2011-06-21 11:24
Size: 000032768
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======

"HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoCDBurning" => not found
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
"HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page" => not found
"HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page" => not found
HKU\S-1-5-21-3150810417-4117916871-2068535238-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-3150810417-4117916871-2068535238-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Classes\PROTOCOLS\Handler\sacore => not found
HKLM\Software\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => not found
HKLM\Software\Classes\PROTOCOLS\Handler\WSWSVCUchrome => not found
"FF Homepage: Mozilla\Firefox\Profiles\nwzl8lxz.default-1530958399952 -> hxxps://www.facebook.com/" => not found
"FF NetworkProxy: Mozilla\Firefox\Profiles\nwzl8lxz.default-1530958399952 -> type", 4" => not found
"Chrome HomePage" => not found
"Chrome StartupUrls" => not found
"Chrome DefaultSearchURL" => not found
"Chrome DefaultSearchKeyword" => not found
HKLM\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => not found
HKLM\SOFTWARE\Google\Chrome\Extensions\jffdffcnfhdcfbjijbcfghooboafmhel => not found
HKU\S-1-5-21-3150810417-4117916871-2068535238-1000\SOFTWARE\Google\Chrome\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo => not found
McAfee SiteAdvisor Service => service not found.

Conder
Moderátor
Moderátor
Příspěvky: 4164
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Reštart prieskumníka vo Win 7

#12 Příspěvek od Conder »

:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
    CloseProcesses:
    CreateRestorePoint:
    
    U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
    U3 aswbdisk; no ImagePath
    S3 cpuz134; no ImagePath
    S3 mfesapsn; no ImagePath
    S3 mvdM23; no ImagePath
    U1 netfilter2; no ImagePath
    CustomCLSID: HKU\S-1-5-21-3150810417-4117916871-2068535238-1000_Classes\CLSID\{46C300EE-0C22-5C5F-A371-7EF4A05E0EDE}\InprocServer32 -> no filepath
    ContextMenuHandlers1: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} =>  -> No File
    ContextMenuHandlers1: [Tomabo.MP4Converter] -> {24146F89-6FA0-4821-96EC-74EED926A80E} =>  -> No File
    ContextMenuHandlers1: [Tomabo.MP4Player] -> {5266035F-65FC-4C51-9024-FB57ED8AEB1E} =>  -> No File
    ContextMenuHandlers1: [WondershareVideoConverterFileOpreation] -> {55D63393-DB17-4A2B-9052-15D85B4B1344} =>  -> No File
    ContextMenuHandlers4: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} =>  -> No File
    ContextMenuHandlers6: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} =>  -> No File
    ContextMenuHandlers6: [Tomabo.MP4Converter] -> {24146F89-6FA0-4821-96EC-74EED926A80E} =>  -> No File
    ContextMenuHandlers6: [Tomabo.MP4Player] -> {5266035F-65FC-4C51-9024-FB57ED8AEB1E} =>  -> No File
    Task: {010DDDF6-7F50-4141-9C4A-9BB5335DC8B4} - System32\Tasks\{37C75696-F94B-4751-9F90-323752005F8E} => C:\Windows\system32\pcalua.exe -a C:\Users\PC\Downloads\irfanview_plugins_444_setup.exe -d C:\Users\PC\Downloads
    Task: {10F15864-11D2-4B4F-A67E-F95597F3BB48} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-5d => C:\Windows\system32\GWX\GWX.exe
    Task: {137BFA05-9285-4A1D-AC7F-1258147C42AE} - System32\Tasks\{20B01840-D060-440D-8E24-0352625EE5CC} => C:\Windows\system32\pcalua.exe -a C:\Users\PC\Desktop\IrFanView.v4.37.Slovencina.exe -d C:\Users\PC\Desktop
    Task: {1CCF129F-AE03-43C7-860D-941C0A06B550} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => C:\Windows\system32\GWX\GWX.exe
    Task: {21323461-D2EC-4C8D-9CB5-E20755B01398} - System32\Tasks\{B500CBB9-AD73-4265-BBB9-F6D7E40C7857} => C:\Windows\system32\pcalua.exe -a "F:\TL-WN721N TL-WN722N\Setup.exe" -d "F:\TL-WN721N TL-WN722N"
    Task: {23FDEFAE-9600-46A5-84C4-A8F90BC1A958} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe
    Task: {315C9A5B-4EA0-435F-B22E-4D3DAA30A789} - System32\Tasks\{160346C9-AF96-41B1-9AA5-DC4A883AE794} => C:\Windows\system32\pcalua.exe -a I:\INSTALL\mp3gain-win-full-1_2_5.exe -d I:\INSTALL
    Task: {38503448-9E76-46FC-BEA7-A806B8BF8889} - System32\Tasks\{785205B0-7D1B-4565-9F12-88D10944649D} => C:\Windows\system32\pcalua.exe -a H:\INSTALL\Ultra-Video-Joiner\Ultra-Video-Joiner_4.8.0108.exe -d H:\INSTALL\Ultra-Video-Joiner
    Task: {4044807D-1499-47E2-A1E2-98BC6A351548} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => C:\Windows\system32\GWX\GWX.exe
    Task: {498CA04D-0C41-477D-A666-4BE16F8BD35D} - System32\Tasks\{BB2D57A2-C7B1-4102-8B35-AB20232FE7D6} => C:\Windows\system32\pcalua.exe -a C:\Users\PC\Desktop\Nastroje_soft\FreeRapid-0.9u4\frd.exe -d C:\Users\PC\Desktop\Nastroje_soft\FreeRapid-0.9u4
    Task: {4CBD06E7-CCB1-4D68-8B57-006743CE6800} - System32\Tasks\{EB6E0523-7682-47F8-8FD8-2423EF3379DB} => C:\Windows\system32\pcalua.exe -a J:\INSTALL\TMPGEnc\TMPGEnc.Authoring.Works.4.0.11.39.Retail.Incl.Keyfilemaker-EMBRACE\TAW4_Retail_4.0.11.39_setup_en.exe -d J:\INSTALL\TMPGEnc\TMPGEnc.Authoring.Works.4.0.11.39.Retail.Incl.Keyfilemaker-EMBRACE
    Task: {64FF97D3-66F3-4FFC-9264-317AFE948CF5} - System32\Tasks\{7CDE1486-0AE7-411B-A374-D1F322333BA1} => C:\Windows\system32\pcalua.exe -a C:\TMPGEnc-DVD-Author-2.1.5.77\LicenceFolderInstall.exe -d C:\TMPGEnc-DVD-Author-2.1.5.77
    Task: {73FD1F9A-8649-41E1-8264-E86D8C01F625} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
    Task: {73FD1F9A-8649-41E1-8264-E86D8C01F625} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe
    Task: {7E47CA11-7AC2-4519-B888-33D03754F28F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => C:\Windows\system32\GWX\GWX.exe
    Task: {8117E217-1FF5-4EEA-BE59-4060D05CD3B8} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe
    Task: {90FCF1F3-564F-434C-A000-368D7B85ECB1} - System32\Tasks\{A2D8EB76-2C52-4288-9B0A-D18231F271BA} => C:\Windows\system32\pcalua.exe -a "C:\Users\PC\Downloads\TMPGEnc-Authoring-Works-Retail-v4.0.12.42\TMPGEnc Authoring Works Retail v4.0.12.42\TAW4_Retail_4.0.12.42_setup_en.exe" -d "C:\Users\PC\Downloads\TMPGEnc-Authoring-Works-Retail-v4.0.12.42\TMPGEnc Authoring Works Retail v4.0.12.42"
    Task: {91EE1348-30D6-487B-98B7-EE2BC8EAF1EF} - System32\Tasks\{4CE17F3B-B0C7-4282-BB94-64482584B180} => C:\Windows\system32\pcalua.exe -a C:\TMPGEnc.Authoring.Works.4.0.11.39.Retail\TMPGEnc.Authoring.Works.4.0.11.39.Retail.Incl.Keyfilemaker-EMBRACE\TAW4_Retail_4.0.11.39_setup_en.exe -d C:\TMPGEnc.Authoring.Works.4.0.11.39.Retail\TMPGEnc.Authoring.Works.4.0.11.39.Retail.Incl.Keyfilemaker-EMBRACE
    Task: {9A435129-FF81-4CE9-B636-EC2F926A94C2} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
    Task: {9A435129-FF81-4CE9-B636-EC2F926A94C2} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): C:\Windows\system32\GWX\GWXDetector.exe
    Task: {9E10FBC0-CC05-450B-B3B5-9238C4FE4EC0} - System32\Tasks\{277FB71C-A997-4E29-8984-EC762B77869E} => C:\Windows\system32\pcalua.exe -a H:\INSTALL\SubtitleWorkshop251.exe -d H:\INSTALL
    Task: {B9434AD4-20C7-45B1-BABD-85317E00752E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => C:\Windows\system32\GWX\GWX.exe
    Task: {C7B7F53F-6F0C-46AB-A029-0BA7CCC09638} - System32\Tasks\{382F0BB7-4517-4AE9-B336-F4A6FB4C44CF} => C:\Windows\system32\pcalua.exe -a "I:\INSTALL\DVD Shrink+cz\DVDShrink32015_CZ\DVDShrink32015.exe" -d "I:\INSTALL\DVD Shrink+cz\DVDShrink32015_CZ"
    Task: {CD4F72D9-7A3C-451D-BD90-545339F5B701} - System32\Tasks\{5D65EE77-7A7E-4004-8FD6-836481B64B01} => C:\Windows\system32\pcalua.exe -a "I:\INSTALL\foxit_reader_1[1].3_sk\Foxit Reader 1.3 SK.exe" -d I:\INSTALL\foxit_reader_1[1].3_sk
    Task: {DC1DF7A2-1E06-4B26-ACF1-4FEF6952ED1F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => C:\Windows\system32\GWX\GWX.exe
    Task: {F102A32A-DA37-457C-8947-3D60E78C033C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
    Task: {F102A32A-DA37-457C-8947-3D60E78C033C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files\HPLion\LionStarter.exe (No File) <==== Cyrillic
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files\HPLion\LionStarter.exe (No File) <==== Cyrillic
    AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [326]
    AlternateDataStreams: C:\ProgramData\TEMP:8CE646EE [125]
    AlternateDataStreams: C:\ProgramData\TEMP:B755D674 [165]
    AlternateDataStreams: C:\ProgramData\TEMP:C7D0F96D [129]
    MSCONFIG\startupreg: cz.seznam.software.autoupdate => 
    MSCONFIG\startupreg: cz.seznam.software.szndesktop => 
    
    CMD: ren "C:\Users\PC\Documents\Ikony\Моzillа Firеfох.lnk" "Mozilla Firefox.lnk"
    CMD: ren "C:\Users\PC\Desktop\Ikony\Моzillа Firеfох.lnk" "Mozilla Firefox.lnk"
    CMD: ren "C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk" "Internet Explorer.lnk"
    CMD: ren "C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Рrеhliаdаč Ореrа.lnk" "Prehliadač Opera.lnk"
    CMD: ren "C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk" "Internet Explorer (No Add-ons).lnk"
    CMD: ren "C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехрlоrеr.lnk" "Internet Explorer.lnk"
    
    Hosts:
    EmptyTemp:
    End
  • Klikni na Subor a potom na Ulozit
  • Vpravo dole vyber kodovanie Unicode
  • Subor uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj
Dik cernohous :)
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Uživatelský avatar
kekesko
Návštěvník
Návštěvník
Příspěvky: 141
Registrován: 16 led 2008 07:49

Re: Reštart prieskumníka vo Win 7

#13 Příspěvek od kekesko »

Teraz sa to podarilo.

Fix result of Farbar Recovery Scan Tool (x86) Version: 28.12.2018 01
Ran by PC (29-12-2018 23:13:13) Run:6
Running from C:\Users\PC\Desktop\Qone8-omiga
Loaded Profiles: PC (Available Profiles: PC & UpdatusUser)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
U3 aswbdisk; no ImagePath
S3 cpuz134; no ImagePath
S3 mfesapsn; no ImagePath
S3 mvdM23; no ImagePath
U1 netfilter2; no ImagePath
CustomCLSID: HKU\S-1-5-21-3150810417-4117916871-2068535238-1000_Classes\CLSID\{46C300EE-0C22-5C5F-A371-7EF4A05E0EDE}\InprocServer32 -> no filepath
ContextMenuHandlers1: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} => -> No File
ContextMenuHandlers1: [Tomabo.MP4Converter] -> {24146F89-6FA0-4821-96EC-74EED926A80E} => -> No File
ContextMenuHandlers1: [Tomabo.MP4Player] -> {5266035F-65FC-4C51-9024-FB57ED8AEB1E} => -> No File
ContextMenuHandlers1: [WondershareVideoConverterFileOpreation] -> {55D63393-DB17-4A2B-9052-15D85B4B1344} => -> No File
ContextMenuHandlers4: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} => -> No File
ContextMenuHandlers6: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} => -> No File
ContextMenuHandlers6: [Tomabo.MP4Converter] -> {24146F89-6FA0-4821-96EC-74EED926A80E} => -> No File
ContextMenuHandlers6: [Tomabo.MP4Player] -> {5266035F-65FC-4C51-9024-FB57ED8AEB1E} => -> No File
Task: {010DDDF6-7F50-4141-9C4A-9BB5335DC8B4} - System32\Tasks\{37C75696-F94B-4751-9F90-323752005F8E} => C:\Windows\system32\pcalua.exe -a C:\Users\PC\Downloads\irfanview_plugins_444_setup.exe -d C:\Users\PC\Downloads
Task: {10F15864-11D2-4B4F-A67E-F95597F3BB48} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-5d => C:\Windows\system32\GWX\GWX.exe
Task: {137BFA05-9285-4A1D-AC7F-1258147C42AE} - System32\Tasks\{20B01840-D060-440D-8E24-0352625EE5CC} => C:\Windows\system32\pcalua.exe -a C:\Users\PC\Desktop\IrFanView.v4.37.Slovencina.exe -d C:\Users\PC\Desktop
Task: {1CCF129F-AE03-43C7-860D-941C0A06B550} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => C:\Windows\system32\GWX\GWX.exe
Task: {21323461-D2EC-4C8D-9CB5-E20755B01398} - System32\Tasks\{B500CBB9-AD73-4265-BBB9-F6D7E40C7857} => C:\Windows\system32\pcalua.exe -a "F:\TL-WN721N TL-WN722N\Setup.exe" -d "F:\TL-WN721N TL-WN722N"
Task: {23FDEFAE-9600-46A5-84C4-A8F90BC1A958} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe
Task: {315C9A5B-4EA0-435F-B22E-4D3DAA30A789} - System32\Tasks\{160346C9-AF96-41B1-9AA5-DC4A883AE794} => C:\Windows\system32\pcalua.exe -a I:\INSTALL\mp3gain-win-full-1_2_5.exe -d I:\INSTALL
Task: {38503448-9E76-46FC-BEA7-A806B8BF8889} - System32\Tasks\{785205B0-7D1B-4565-9F12-88D10944649D} => C:\Windows\system32\pcalua.exe -a H:\INSTALL\Ultra-Video-Joiner\Ultra-Video-Joiner_4.8.0108.exe -d H:\INSTALL\Ultra-Video-Joiner
Task: {4044807D-1499-47E2-A1E2-98BC6A351548} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => C:\Windows\system32\GWX\GWX.exe
Task: {498CA04D-0C41-477D-A666-4BE16F8BD35D} - System32\Tasks\{BB2D57A2-C7B1-4102-8B35-AB20232FE7D6} => C:\Windows\system32\pcalua.exe -a C:\Users\PC\Desktop\Nastroje_soft\FreeRapid-0.9u4\frd.exe -d C:\Users\PC\Desktop\Nastroje_soft\FreeRapid-0.9u4
Task: {4CBD06E7-CCB1-4D68-8B57-006743CE6800} - System32\Tasks\{EB6E0523-7682-47F8-8FD8-2423EF3379DB} => C:\Windows\system32\pcalua.exe -a J:\INSTALL\TMPGEnc\TMPGEnc.Authoring.Works.4.0.11.39.Retail.Incl.Keyfilemaker-EMBRACE\TAW4_Retail_4.0.11.39_setup_en.exe -d J:\INSTALL\TMPGEnc\TMPGEnc.Authoring.Works.4.0.11.39.Retail.Incl.Keyfilemaker-EMBRACE
Task: {64FF97D3-66F3-4FFC-9264-317AFE948CF5} - System32\Tasks\{7CDE1486-0AE7-411B-A374-D1F322333BA1} => C:\Windows\system32\pcalua.exe -a C:\TMPGEnc-DVD-Author-2.1.5.77\LicenceFolderInstall.exe -d C:\TMPGEnc-DVD-Author-2.1.5.77
Task: {73FD1F9A-8649-41E1-8264-E86D8C01F625} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {73FD1F9A-8649-41E1-8264-E86D8C01F625} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe
Task: {7E47CA11-7AC2-4519-B888-33D03754F28F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => C:\Windows\system32\GWX\GWX.exe
Task: {8117E217-1FF5-4EEA-BE59-4060D05CD3B8} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe
Task: {90FCF1F3-564F-434C-A000-368D7B85ECB1} - System32\Tasks\{A2D8EB76-2C52-4288-9B0A-D18231F271BA} => C:\Windows\system32\pcalua.exe -a "C:\Users\PC\Downloads\TMPGEnc-Authoring-Works-Retail-v4.0.12.42\TMPGEnc Authoring Works Retail v4.0.12.42\TAW4_Retail_4.0.12.42_setup_en.exe" -d "C:\Users\PC\Downloads\TMPGEnc-Authoring-Works-Retail-v4.0.12.42\TMPGEnc Authoring Works Retail v4.0.12.42"
Task: {91EE1348-30D6-487B-98B7-EE2BC8EAF1EF} - System32\Tasks\{4CE17F3B-B0C7-4282-BB94-64482584B180} => C:\Windows\system32\pcalua.exe -a C:\TMPGEnc.Authoring.Works.4.0.11.39.Retail\TMPGEnc.Authoring.Works.4.0.11.39.Retail.Incl.Keyfilemaker-EMBRACE\TAW4_Retail_4.0.11.39_setup_en.exe -d C:\TMPGEnc.Authoring.Works.4.0.11.39.Retail\TMPGEnc.Authoring.Works.4.0.11.39.Retail.Incl.Keyfilemaker-EMBRACE
Task: {9A435129-FF81-4CE9-B636-EC2F926A94C2} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {9A435129-FF81-4CE9-B636-EC2F926A94C2} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): C:\Windows\system32\GWX\GWXDetector.exe
Task: {9E10FBC0-CC05-450B-B3B5-9238C4FE4EC0} - System32\Tasks\{277FB71C-A997-4E29-8984-EC762B77869E} => C:\Windows\system32\pcalua.exe -a H:\INSTALL\SubtitleWorkshop251.exe -d H:\INSTALL
Task: {B9434AD4-20C7-45B1-BABD-85317E00752E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => C:\Windows\system32\GWX\GWX.exe
Task: {C7B7F53F-6F0C-46AB-A029-0BA7CCC09638} - System32\Tasks\{382F0BB7-4517-4AE9-B336-F4A6FB4C44CF} => C:\Windows\system32\pcalua.exe -a "I:\INSTALL\DVD Shrink+cz\DVDShrink32015_CZ\DVDShrink32015.exe" -d "I:\INSTALL\DVD Shrink+cz\DVDShrink32015_CZ"
Task: {CD4F72D9-7A3C-451D-BD90-545339F5B701} - System32\Tasks\{5D65EE77-7A7E-4004-8FD6-836481B64B01} => C:\Windows\system32\pcalua.exe -a "I:\INSTALL\foxit_reader_1[1].3_sk\Foxit Reader 1.3 SK.exe" -d I:\INSTALL\foxit_reader_1[1].3_sk
Task: {DC1DF7A2-1E06-4B26-ACF1-4FEF6952ED1F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => C:\Windows\system32\GWX\GWX.exe
Task: {F102A32A-DA37-457C-8947-3D60E78C033C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {F102A32A-DA37-457C-8947-3D60E78C033C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files\HPLion\LionStarter.exe (No File) <==== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files\HPLion\LionStarter.exe (No File) <==== Cyrillic
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [326]
AlternateDataStreams: C:\ProgramData\TEMP:8CE646EE [125]
AlternateDataStreams: C:\ProgramData\TEMP:B755D674 [165]
AlternateDataStreams: C:\ProgramData\TEMP:C7D0F96D [129]
MSCONFIG\startupreg: cz.seznam.software.autoupdate =>
MSCONFIG\startupreg: cz.seznam.software.szndesktop =>

CMD: ren "C:\Users\PC\Documents\Ikony\Моzillа Firеfох.lnk" "Mozilla Firefox.lnk"
CMD: ren "C:\Users\PC\Desktop\Ikony\Моzillа Firеfох.lnk" "Mozilla Firefox.lnk"
CMD: ren "C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk" "Internet Explorer.lnk"
CMD: ren "C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Рrеhliаdаč Ореrа.lnk" "Prehliadač Opera.lnk"
CMD: ren "C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk" "Internet Explorer (No Add-ons).lnk"
CMD: ren "C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехрlоrеr.lnk" "Internet Explorer.lnk"

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\System\CurrentControlSet\Services\AppMgmt => removed successfully.
AppMgmt => service removed successfully.
HKLM\System\CurrentControlSet\Services\aswbdisk => removed successfully.
aswbdisk => service removed successfully.
HKLM\System\CurrentControlSet\Services\cpuz134 => removed successfully.
cpuz134 => service removed successfully.
HKLM\System\CurrentControlSet\Services\mfesapsn => removed successfully.
mfesapsn => service removed successfully.
HKLM\System\CurrentControlSet\Services\mvdM23 => removed successfully.
mvdM23 => service removed successfully.
HKLM\System\CurrentControlSet\Services\netfilter2 => removed successfully.
netfilter2 => service removed successfully.
HKU\S-1-5-21-3150810417-4117916871-2068535238-1000_Classes\CLSID\{46C300EE-0C22-5C5F-A371-7EF4A05E0EDE} => removed successfully.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\SpyEmergency => removed successfully.
HKLM\Software\Classes\CLSID\{2E9FFF5C-4375-494d-951F-098BAA42239E} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Tomabo.MP4Converter => removed successfully.
HKLM\Software\Classes\CLSID\{24146F89-6FA0-4821-96EC-74EED926A80E} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Tomabo.MP4Player => removed successfully.
HKLM\Software\Classes\CLSID\{5266035F-65FC-4C51-9024-FB57ED8AEB1E} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WondershareVideoConverterFileOpreation => removed successfully.
HKLM\Software\Classes\CLSID\{55D63393-DB17-4A2B-9052-15D85B4B1344} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\SpyEmergency => removed successfully.
HKLM\Software\Classes\CLSID\{2E9FFF5C-4375-494d-951F-098BAA42239E} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\SpyEmergency => removed successfully.
HKLM\Software\Classes\CLSID\{2E9FFF5C-4375-494d-951F-098BAA42239E} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Tomabo.MP4Converter => removed successfully.
HKLM\Software\Classes\CLSID\{24146F89-6FA0-4821-96EC-74EED926A80E} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Tomabo.MP4Player => removed successfully.
HKLM\Software\Classes\CLSID\{5266035F-65FC-4C51-9024-FB57ED8AEB1E} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{010DDDF6-7F50-4141-9C4A-9BB5335DC8B4}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{010DDDF6-7F50-4141-9C4A-9BB5335DC8B4}" => removed successfully.
C:\Windows\System32\Tasks\{37C75696-F94B-4751-9F90-323752005F8E} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{37C75696-F94B-4751-9F90-323752005F8E}" => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{10F15864-11D2-4B4F-A67E-F95597F3BB48} => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10F15864-11D2-4B4F-A67E-F95597F3BB48} => removed successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-5d => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{137BFA05-9285-4A1D-AC7F-1258147C42AE} => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{137BFA05-9285-4A1D-AC7F-1258147C42AE} => removed successfully.
C:\Windows\System32\Tasks\{20B01840-D060-440D-8E24-0352625EE5CC} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{20B01840-D060-440D-8E24-0352625EE5CC} => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1CCF129F-AE03-43C7-860D-941C0A06B550} => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CCF129F-AE03-43C7-860D-941C0A06B550} => removed successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{21323461-D2EC-4C8D-9CB5-E20755B01398} => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21323461-D2EC-4C8D-9CB5-E20755B01398} => removed successfully.
C:\Windows\System32\Tasks\{B500CBB9-AD73-4265-BBB9-F6D7E40C7857} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B500CBB9-AD73-4265-BBB9-F6D7E40C7857} => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{23FDEFAE-9600-46A5-84C4-A8F90BC1A958} => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23FDEFAE-9600-46A5-84C4-A8F90BC1A958} => removed successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{315C9A5B-4EA0-435F-B22E-4D3DAA30A789} => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{315C9A5B-4EA0-435F-B22E-4D3DAA30A789} => removed successfully.
C:\Windows\System32\Tasks\{160346C9-AF96-41B1-9AA5-DC4A883AE794} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{160346C9-AF96-41B1-9AA5-DC4A883AE794} => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{38503448-9E76-46FC-BEA7-A806B8BF8889} => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38503448-9E76-46FC-BEA7-A806B8BF8889} => removed successfully.
C:\Windows\System32\Tasks\{785205B0-7D1B-4565-9F12-88D10944649D} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{785205B0-7D1B-4565-9F12-88D10944649D} => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4044807D-1499-47E2-A1E2-98BC6A351548} => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4044807D-1499-47E2-A1E2-98BC6A351548} => removed successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{498CA04D-0C41-477D-A666-4BE16F8BD35D} => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{498CA04D-0C41-477D-A666-4BE16F8BD35D} => removed successfully.
C:\Windows\System32\Tasks\{BB2D57A2-C7B1-4102-8B35-AB20232FE7D6} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BB2D57A2-C7B1-4102-8B35-AB20232FE7D6} => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4CBD06E7-CCB1-4D68-8B57-006743CE6800} => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CBD06E7-CCB1-4D68-8B57-006743CE6800} => removed successfully.
C:\Windows\System32\Tasks\{EB6E0523-7682-47F8-8FD8-2423EF3379DB} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EB6E0523-7682-47F8-8FD8-2423EF3379DB} => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{64FF97D3-66F3-4FFC-9264-317AFE948CF5}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64FF97D3-66F3-4FFC-9264-317AFE948CF5}" => removed successfully.
C:\Windows\System32\Tasks\{7CDE1486-0AE7-411B-A374-D1F322333BA1} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7CDE1486-0AE7-411B-A374-D1F322333BA1}" => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{73FD1F9A-8649-41E1-8264-E86D8C01F625} => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73FD1F9A-8649-41E1-8264-E86D8C01F625} => removed successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73FD1F9A-8649-41E1-8264-E86D8C01F625} => not found
"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E47CA11-7AC2-4519-B888-33D03754F28F} => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E47CA11-7AC2-4519-B888-33D03754F28F} => removed successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8117E217-1FF5-4EEA-BE59-4060D05CD3B8} => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8117E217-1FF5-4EEA-BE59-4060D05CD3B8} => removed successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90FCF1F3-564F-434C-A000-368D7B85ECB1} => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90FCF1F3-564F-434C-A000-368D7B85ECB1} => removed successfully.
C:\Windows\System32\Tasks\{A2D8EB76-2C52-4288-9B0A-D18231F271BA} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A2D8EB76-2C52-4288-9B0A-D18231F271BA} => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{91EE1348-30D6-487B-98B7-EE2BC8EAF1EF} => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91EE1348-30D6-487B-98B7-EE2BC8EAF1EF} => removed successfully.
C:\Windows\System32\Tasks\{4CE17F3B-B0C7-4282-BB94-64482584B180} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4CE17F3B-B0C7-4282-BB94-64482584B180} => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A435129-FF81-4CE9-B636-EC2F926A94C2} => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A435129-FF81-4CE9-B636-EC2F926A94C2} => removed successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A435129-FF81-4CE9-B636-EC2F926A94C2} => not found
"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E10FBC0-CC05-450B-B3B5-9238C4FE4EC0} => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E10FBC0-CC05-450B-B3B5-9238C4FE4EC0} => removed successfully.
C:\Windows\System32\Tasks\{277FB71C-A997-4E29-8984-EC762B77869E} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{277FB71C-A997-4E29-8984-EC762B77869E} => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9434AD4-20C7-45B1-BABD-85317E00752E} => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9434AD4-20C7-45B1-BABD-85317E00752E} => removed successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C7B7F53F-6F0C-46AB-A029-0BA7CCC09638} => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7B7F53F-6F0C-46AB-A029-0BA7CCC09638} => removed successfully.
C:\Windows\System32\Tasks\{382F0BB7-4517-4AE9-B336-F4A6FB4C44CF} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{382F0BB7-4517-4AE9-B336-F4A6FB4C44CF} => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD4F72D9-7A3C-451D-BD90-545339F5B701} => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD4F72D9-7A3C-451D-BD90-545339F5B701} => removed successfully.
C:\Windows\System32\Tasks\{5D65EE77-7A7E-4004-8FD6-836481B64B01} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5D65EE77-7A7E-4004-8FD6-836481B64B01} => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC1DF7A2-1E06-4B26-ACF1-4FEF6952ED1F} => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC1DF7A2-1E06-4B26-ACF1-4FEF6952ED1F} => removed successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F102A32A-DA37-457C-8947-3D60E78C033C} => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F102A32A-DA37-457C-8947-3D60E78C033C} => removed successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F102A32A-DA37-457C-8947-3D60E78C033C} => not found
"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => not found
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk => moved successfully
C:\ProgramData\TEMP => ":1CE11B51" ADS removed successfully.
C:\ProgramData\TEMP => ":8CE646EE" ADS removed successfully.
C:\ProgramData\TEMP => ":B755D674" ADS removed successfully.
C:\ProgramData\TEMP => ":C7D0F96D" ADS removed successfully.
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSCONFIG\startupreg: cz.seznam.software.autoupdate =>" => not found
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSCONFIG\startupreg: cz.seznam.software.szndesktop =>" => not found

========= ren "C:\Users\PC\Documents\Ikony\Моzillа Firеfох.lnk" "Mozilla Firefox.lnk" =========


========= End of CMD: =========


========= ren "C:\Users\PC\Desktop\Ikony\Моzillа Firеfох.lnk" "Mozilla Firefox.lnk" =========


========= End of CMD: =========


========= ren "C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk" "Internet Explorer.lnk" =========


========= End of CMD: =========


========= ren "C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Рrеhliаdаč Ореrа.lnk" "Prehliadač Opera.lnk" =========


========= End of CMD: =========


========= ren "C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk" "Internet Explorer (No Add-ons).lnk" =========


========= End of CMD: =========


========= ren "C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехрlоrеr.lnk" "Internet Explorer.lnk" =========

A duplicate file name exists, or the file
cannot be found.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 12582912 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13752066 B
Java, Flash, Steam htmlcache => 1388 B
Windows/system/drivers => 573094 B
Edge => 0 B
Chrome => 1180107 B
Firefox => 1094290355 B
Opera => 377805073 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 6732 B
Public => 0 B
ProgramData => 0 B
systemprofile => 36962 B
LocalService => 0 B
NetworkService => 931378 B
PC => 5551822 B
UpdatusUser => 6732 B

RecycleBin => 19113 B
EmptyTemp: => 1.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 23:15:49 ====

Conder
Moderátor
Moderátor
Příspěvky: 4164
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Reštart prieskumníka vo Win 7

#14 Příspěvek od Conder »

:arrow: Spusti kontrolu integrity systemovych suborov:
  • Otvor Start, napis "cmd" (bez uvodzoviek), klikni pravym tlacitkom mysi na Prikazovy riadok a klikni na Spustit ako spravca
  • Skopiruj a spusti prikaz:

    Kód: Vybrat vše

    sfc /scannow
  • Po dokonceni skopiruj a spusti tento prikaz:

    Kód: Vybrat vše

    findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >> "%userprofile%\desktop\sfcdetails.txt"
  • Na ploche sa vytvori subor sfcdetails.txt, zabal ho do archivu RAR alebo ZIP a posli ako prilohu k dalsiemu prispevku
  • Restartuj PC a napis ako sa chova PC
:arrow: Potom este poprosim o obidva nove logy z FRST.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Uživatelský avatar
kekesko
Návštěvník
Návštěvník
Příspěvky: 141
Registrován: 16 led 2008 07:49

Re: Reštart prieskumníka vo Win 7

#15 Příspěvek od kekesko »

Toto je možnosť pravého tlačítka myši.

Obrázek

Odpovědět