Právě je 18 říj 2019 03:35

Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Všechny časy jsou v UTC + 1 hodina


Pravidla fóra


Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz



Odeslat nové téma Odpovědět na téma  [ Příspěvků: 16 ]  Přejít na stránku 1, 2  Další
Autor Zpráva
PříspěvekNapsal: 21 dub 2019 12:53 
Offline
Návštěvník
Návštěvník

Registrován: 21 dub 2019 12:38
Příspěvky: 8
Zdravím,
několik týdnů pozoruji významné zpomalování až několikaminutové zamrznutí notebooku, zejména po startu, ale ne při každém. Problémy se projevují výhradně, pokud je notebook připojen k internetu. Během popisovaného zpomalení nelze spustit Správce úloh (jinak funguje normálně), spuštění jiných programů je významně delší, nebo se také vůbec nezdaří. Notebook standardně reaguje na pohyb myší a stisk kláves. Při pokusu o vypnutí nebo restart notebooku se objeví okno pro vynucené vypnutí programů běžících na pozadí. Po odkliknutí trvá vypínání několik desítek minut bez úspěchu. Pomůže jen vypnutí tlačítkem. Naposledy po několika minutách neúspěšného vypínání došlo k chybě BlueScreen. Před několika měsíci byl notebook zapůjčen známému, potřebuji vědět, jestli nemám v notebooku nějaký šmírovací program. Pomůžete mi prosím? Předem děkuji.


Nahoru
 Profil  
Odpovědět s citací  
PříspěvekNapsal: 21 dub 2019 13:45 
Offline
Site Admin
Site Admin
Uživatelský avatar

Registrován: 30 říj 2003 13:42
Příspěvky: 109644
Bydliště: Plzeň
Zdravím!
Dejte logy FRST+Addition: https://forum.viry.cz/viewtopic.php?f=13&t=154679 .

_________________
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.


Nahoru
 Profil  
Odpovědět s citací  
PříspěvekNapsal: 21 dub 2019 13:57 
Offline
Návštěvník
Návštěvník

Registrován: 21 dub 2019 12:38
Příspěvky: 8
Děkuji za pomoc.


Přílohy:
FRST+Addition.zip [18.08 KiB]
14 krát
Nahoru
 Profil  
Odpovědět s citací  
PříspěvekNapsal: 21 dub 2019 14:14 
Offline
Site Admin
Site Admin
Uživatelský avatar

Registrován: 30 říj 2003 13:42
Příspěvky: 109644
Bydliště: Plzeň
Teď spusťte tuto utilitu:

Citace:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

_________________
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.


Nahoru
 Profil  
Odpovědět s citací  
PříspěvekNapsal: 21 dub 2019 14:39 
Offline
Návštěvník
Návštěvník

Registrován: 21 dub 2019 12:38
Příspěvky: 8
# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-04-18.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-21-2019
# Duration: 00:00:03
# OS: Windows 7 Professional
# Cleaned: 6
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\ProgramData\Booking.com

***** [ Files ] *****

Deleted C:\Users\OracleOraDB12Home1MTSRecoveryService\Favorites\Booking.com.url
Deleted C:\Users\OracleOraDB12Home1TNSListener\Favorites\Booking.com.url
Deleted C:\Users\OracleServiceORCL\Favorites\Booking.com.url
Deleted C:\Users\OracleVssWriterORCL\Favorites\Booking.com.url
Deleted C:\Users\TEMP\Favorites\Booking.com.url

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1711 octets] - [21/04/2019 15:19:25]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########


Nahoru
 Profil  
Odpovědět s citací  
PříspěvekNapsal: 21 dub 2019 18:50 
Offline
Site Admin
Site Admin
Uživatelský avatar

Registrován: 30 říj 2003 13:42
Příspěvky: 109644
Bydliště: Plzeň
Dejte nové logy FRST+Addition.

_________________
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.


Nahoru
 Profil  
Odpovědět s citací  
PříspěvekNapsal: 21 dub 2019 19:11 
Offline
Návštěvník
Návštěvník

Registrován: 21 dub 2019 12:38
Příspěvky: 8
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.04.2019 01
Ran by Admin (administrator) on PC (TOSHIBA SATELLITE PRO A50-C) (21-04-2019 20:07:20)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin & OracleOraDB12Home1TNSListener & OracleServiceORCL (Available Profiles: Admin & OracleVssWriterORCL & OracleOraDB12Home1TNSListener & OracleServiceORCL & OracleOraDB12Home1MTSRecoveryService)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA CORPORATION -> ) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Software602 a.s. -> Software602 a.s.) C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA CORPORATION -> TOSHIBA) C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUTaskMonitor.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(TOSHIBA CORPORATION -> TOSHIBA) C:\Program Files\TOSHIBA\FlashCards\Hotkey\TDUNotify\TDUSrv64.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\omtsreco.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(TOSHIBA CORPORATION -> Toshiba Corporation) C:\Program Files (x86)\TOSHIBA\BtPwrMon\BtPwrMon.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\tnslsnr.exe
(Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\oracle.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Toshiba Europe Gmbh -> Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Validity Sensors, Inc.) [File not signed] C:\Windows\System32\valWBFPolicyService.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) Wireless Display -> Intel) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
(TOSHIBA CORPORATION -> Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(DTS, Inc. -> ) C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TOSHIBA CORPORATION -> Společnost TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TosWififind.exe
(Toshiba Europe Gmbh -> Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16408320 2015-12-11] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [1006384 2015-09-10] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [613216 2015-09-30] (TOSHIBA CORPORATION -> )
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [180016 2015-06-08] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [711040 2013-08-20] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\Windows\system32\thpsrv.exe [246112 2013-12-13] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TFPUService] => C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUTaskMonitor.exe [230752 2013-08-26] (TOSHIBA CORPORATION -> TOSHIBA)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => c:\Program Files (x86)\Toshiba\Registration\ToshibaReminder.exe [150928 2017-04-14] (Toshiba Europe GmbH -> Toshiba Europe GmbH)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1067024 2018-01-03] (Heidi Computers Ltd -> The Eraser Project)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [298776 2015-12-19] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
HKLM-x32\...\Run: [BtPwrMon] => C:\Program Files (x86)\Toshiba\BtPwrMon\BtPwrMon.exe [28488 2015-12-15] (TOSHIBA CORPORATION -> Toshiba Corporation)
HKLM-x32\...\Run: [TOSDCR] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] (TOSHIBA CORPORATION -> )
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-12] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2656069209-2856868608-1191867071-1000\...\MountPoints2: {d6d99f06-a989-11e8-b96d-4485004bede8} - F:\.\StartModem.exe
HKU\S-1-5-18\...\Run: [GarminExpress] => "C:\Aplikace\Garmin\Garmin\Express\express.exe" /minimized
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-09] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{EB4BBF9F-17EB-42E3-A500-032864921611}] -> C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUBioCP.dll [2015-09-24] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\Software\...\Authentication\Credential Provider Filters: [{B39792CE-FA9B-475e-9881-151D5C215110}] -> C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUBioCP.dll [2015-09-24] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [182248 2019-01-12] (NVIDIA Corporation-PE-Prod-Sha1 -> NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [159896 2019-01-12] (NVIDIA Corporation-PE-Prod-Sha1 -> NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Monitor.lnk [2017-04-14]
ShortcutTarget: Bluetooth Monitor.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Monitor\BtMon2.exe (TOSHIBA CORPORATION -> TOSHIBA CORPORATION)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1E401A35-7D31-401D-B92A-F021AE2222E5} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {1F6AE57C-CAA5-4E91-B67C-88FD9FCFA6FA} - System32\Tasks\Toshiba\TemproTray => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe Gmbh -> Toshiba Europe GmbH)
Task: {29CB3BD9-3AD7-4027-B4CE-4C0909072FF0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {2AEEAE2A-C848-4808-9ABF-A8302A19F152} - System32\Tasks\{1909D2C3-BCA5-4E56-B708-6F13F780E5E7} => C:\Windows\system32\pcalua.exe -a D:\Nemazat\stravovak\win64_154519.4678.exe -d D:\Nemazat\stravovak
Task: {43F6A483-AD41-4988-B299-6C0E28F471C9} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4689D3AC-F750-46DE-85BE-E165CBC648ED} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {50BDD13D-84E9-4E1F-960E-084C5694B833} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {687F12AB-9349-4B7C-81AF-386E77695AB9} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6DF44560-6C05-448F-A862-53FA32DBA761} - System32\Tasks\{30E31A5E-F041-4527-A2C1-20D6C45ED699} => C:\Windows\system32\pcalua.exe -a C:\Users\Admin\Documents\win64_15.45.23.4860.exe -d C:\Users\Admin\Documents
Task: {757A2262-3BF2-49F4-871B-FDFC0B091A2B} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe (Intel(R) Software -> Intel Corporation)
Task: {8B6C14C0-8569-4C49-9BA7-963E41A45E0E} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {A753F5DD-2910-47BF-933E-7B932C8365D4} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B3D0EA39-F446-43D2-8BE1-DDCCC019AF61} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {C29BD8B7-B881-442B-8750-A7FA7E66987C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C89A2BD9-843C-49F0-918D-7A9D0BDB9361} - System32\Tasks\dts_apo_service_task => C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_task.exe (DTS, Inc. -> )
Task: {C94F5A80-A702-4D2C-AA4A-B2914EE95AD3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {EAAED2CA-E74E-4F7E-9362-BA8A3867292A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {F88B9FFC-9D9B-4808-B9AC-AD3471E46606} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 185.60.104.1 93.157.130.65 93.157.132.1 192.168.1.1
Tcpip\..\Interfaces\{299881EB-0C69-4CFE-BD67-7A1CC9FB1FBF}: [DhcpNameServer] 185.60.104.1 93.157.130.65 93.157.132.1 192.168.1.1
Tcpip\..\Interfaces\{4A011EFA-C068-4E71-B8EE-E4EF61997082}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-2656069209-2856868608-1191867071-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-2656069209-2856868608-1191867071-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TBTE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2656069209-2856868608-1191867071-1000 -> DefaultScope {B074BF55-73E6-4DF4-A387-21087657C2D0} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2656069209-2856868608-1191867071-1000 -> {100E3CD4-F6C1-4923-84FF-4E2A82875214} URL =
SearchScopes: HKU\S-1-5-21-2656069209-2856868608-1191867071-1000 -> {B074BF55-73E6-4DF4-A387-21087657C2D0} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: TOSHIBA Fingerprint Utility Web Site Passwords -> {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} -> C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUPWDBankBHO.dll [2013-08-26] (TOSHIBA CORPORATION -> TOSHIBA)
BHO-x32: TOSHIBA Fingerprint Utility Web Site Passwords -> {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} -> C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\TFPUPWDBankBHO.dll [2013-08-26] (TOSHIBA CORPORATION -> TOSHIBA)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: afx6085h.default
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afx6085h.default [2018-10-02]
FF Extension: (Telemetry coverage) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afx6085h.default\features\{fb24e5ae-52f0-428d-915f-aa35ba74231b}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-09-24] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [{302BCF7B-E09E-4854-9F2F-8B2DA4EF70F9}] - C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\FirefoxAddin
FF Extension: (TOSHIBA Fingerprint Utility Web Site Passwords) - C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\FirefoxAddin [2017-04-14] [Legacy] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @software602.cz/602XML Filler -> C:\Program Files (x86)\Software602\602XML\Filler\npfiller.dll [2012-08-06] (Software602 a.s. -> Software602 a.s.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2019-04-21]
CHR Extension: (Prezentace) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Dokumenty) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Disk Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-14]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-14]
CHR Extension: (Tabulky) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Dokumenty Google offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-15]
CHR Extension: (AdBlock) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-04-13]
CHR Extension: (TOSHIBA Fingerprint Utility Web Site Passwords) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\iniieblifogecdlkejbmonblijmdaiog [2017-04-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-14]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-28]
CHR HKLM-x32\...\Chrome\Extension: [iniieblifogecdlkejbmonblijmdaiog] - C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\ChromeAddin\ChromeAddin.crx [2013-08-26]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 602XML Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s. -> Software602 a.s.)
R3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [20928 2015-11-19] (DTS, Inc. -> )
R2 ibtsiva; C:\Windows\system32\ibtsiva.exe [165616 2015-11-12] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [341512 2017-11-07] (Intel(R) pGFX -> Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Trusted Connect Service -> Intel(R) Corporation)
S3 Intel(R) WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-23] (Intel(R) Software Asset Manager -> Intel Corporation)
R2 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [395744 2015-01-14] (Intel(R) Wireless Display -> Intel)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-12-03] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-08-13] (Intel Corporation-Wireless Connectivity Solutions -> )
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
S4 OracleJobSchedulerORCL; c:\aplikace\oracle\virtual\product\12.2.0\dbhome_1\Bin\extjob.exe [73216 2017-03-07] () [File not signed]
R2 OracleOraDB12Home1MTSRecoveryService; C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\omtsreco.exe [72704 2016-12-16] (Oracle Corporation) [File not signed]
R2 OracleOraDB12Home1TNSListener; C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\BIN\TNSLSNR.exe [763392 2016-12-15] (Oracle Corporation) [File not signed]
R2 OracleServiceORCL; c:\aplikace\oracle\virtual\product\12.2.0\dbhome_1\bin\ORACLE.EXE [291897344 2017-03-08] (Oracle Corporation) [File not signed]
S2 OracleVssWriterORCL; c:\aplikace\oracle\virtual\product\12.2.0\dbhome_1\bin\OraVSSW.exe [205312 2017-03-07] () [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246376 2015-12-01] (Synaptics Incorporated -> Synaptics Incorporated)
R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112232 2015-08-17] (Toshiba Europe Gmbh -> Toshiba Europe GmbH)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [35328 2013-11-19] (Validity Sensors, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831712 2015-08-13] (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 bmfilter; C:\Windows\System32\DRIVERS\qcusbfilter.sys [35840 2017-02-21] (QUALCOMM Incorporated) [File not signed]
S3 bmusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [242688 2017-02-21] (QUALCOMM Incorporated) [File not signed]
S3 bmusbwwan; C:\Windows\System32\DRIVERS\qcusbwwan.sys [478720 2017-02-21] (QUALCOMM Incorporated) [File not signed]
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [534512 2017-04-25] (Intel(R) INTELND1617 -> Intel Corporation)
R3 guardian2; C:\Windows\System32\Drivers\oz776x64.sys [99496 2015-08-12] (BayHub Technology Inc. -> O2Micro)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [31728 2015-11-12] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [308496 2015-11-13] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [180480 2015-10-08] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [4008176 2015-08-23] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
S3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [402136 2015-06-17] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] (Intel(R) Code Signing External -> )
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [212056 2015-01-14] (Intel(R) Wireless Display -> Windows (R) Win 7 DDK provider)
R3 XtuAcpiDriver; C:\Windows\System32\DRIVERS\XtuAcpiDriver.sys [54344 2016-11-22] (Intel Corporation -> Intel Corporation)
S3 RtlWlanu; system32\DRIVERS\rtwlanu.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-21 20:07 - 2019-04-21 20:08 - 000027996 _____ C:\Users\Admin\Desktop\FRST.txt
2019-04-21 15:18 - 2019-04-21 15:21 - 000000000 ____D C:\AdwCleaner
2019-04-21 15:17 - 2019-04-21 15:18 - 007025360 _____ (Malwarebytes) C:\Users\Admin\Desktop\adwcleaner_7.3.exe
2019-04-21 14:55 - 2019-04-21 14:55 - 000018516 _____ C:\Users\Admin\Desktop\FRST+Addition.zip
2019-04-21 14:51 - 2019-04-21 14:51 - 000000000 ____D C:\Users\Admin\Desktop\FRST-OlderVersion
2019-04-21 13:22 - 2019-04-21 13:22 - 001222144 _____ C:\Users\Admin\Desktop\RSITx64.exe
2019-04-21 13:15 - 2019-04-21 20:07 - 000000000 ____D C:\FRST
2019-04-21 13:13 - 2019-04-21 14:51 - 002435072 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2019-04-21 03:06 - 2019-04-21 03:06 - 002115105 _____ C:\Users\Admin\Documents\zaverecna_prace.pdf
2019-04-20 22:58 - 2019-04-20 22:58 - 001865768 _____ C:\Windows\Minidump\042019-22978-01.dmp
2019-04-20 22:58 - 2019-04-20 22:58 - 000000000 ____D C:\Windows\Minidump
2019-03-31 22:34 - 2019-03-31 22:34 - 000684632 _____ C:\Users\Admin\Documents\e201_19.pdf
2019-03-31 01:04 - 2019-03-31 01:04 - 000195960 _____ C:\Users\Admin\Documents\71540587-Transakce.xlsx
2019-03-31 01:04 - 2019-03-31 01:04 - 000094391 _____ C:\Users\Admin\Documents\71540587-NP.xlsx

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-21 19:29 - 2016-03-25 01:35 - 000000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2019-04-21 17:44 - 2019-02-04 00:18 - 000000000 ____D C:\Users\Admin\AppData\Local\CrashDumps
2019-04-21 15:34 - 2009-07-14 06:45 - 000027344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-04-21 15:34 - 2009-07-14 06:45 - 000027344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-04-21 15:31 - 2011-02-14 12:17 - 000668792 _____ C:\Windows\system32\perfh005.dat
2019-04-21 15:31 - 2011-02-14 12:17 - 000141420 _____ C:\Windows\system32\perfc005.dat
2019-04-21 15:31 - 2009-07-14 07:13 - 001583226 _____ C:\Windows\system32\PerfStringBackup.INI
2019-04-21 15:31 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2019-04-21 15:25 - 2017-04-14 16:36 - 000000000 __SHD C:\Users\Admin\IntelGraphicsProfiles
2019-04-21 15:23 - 2017-04-14 15:33 - 000000000 ____D C:\ProgramData\NVIDIA
2019-04-21 15:23 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-04-09 22:54 - 2009-07-14 07:08 - 000032600 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-04-09 22:15 - 2017-04-14 19:08 - 000002230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-09 22:15 - 2017-04-14 19:08 - 000002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-03-28 19:02 - 2017-04-14 19:08 - 000003384 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-03-28 19:02 - 2017-04-14 19:07 - 000003256 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2019-03-09 22:48 - 2019-03-09 22:48 - 000004096 ____H () C:\Users\Admin\AppData\Local\keyfile3.drm

Some files in TEMP:
====================
2015-10-28 00:07 - 2015-10-28 00:07 - 000120336 _____ (McAfee, Inc.) C:\Users\Admin\AppData\Local\Temp\McCSPInstall.dll
2017-04-14 16:17 - 2015-10-28 00:07 - 000123368 _____ (McAfee Inc.) C:\Users\Admin\AppData\Local\Temp\mccspuninstall.exe
2019-04-20 22:38 - 2019-04-20 22:38 - 000000000 _____ () C:\Users\Admin\AppData\Local\Temp\ndhiremt.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-04-06 14:25
==================== End of FRST.txt ============================




Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.04.2019 01
Ran by Admin (21-04-2019 20:08:37)
Running from C:\Users\Admin\Desktop
Windows 7 Professional Service Pack 1 (X64) (2017-04-14 14:35:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-2656069209-2856868608-1191867071-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2656069209-2856868608-1191867071-500 - Administrator - Disabled)
Guest (S-1-5-21-2656069209-2856868608-1191867071-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{0B7A4B67-2A38-42B1-9857-662FAB361E08}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{FDF9A959-241A-4662-A8DE-7DED9C22D160}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0405-1000-0000000FF1CE}_ENTERPRISE_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.20) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.20 - Adobe Systems Incorporated)
Bluetooth Monitor 4 (HKLM-x32\...\{61539202-097E-487E-9237-B291AB56D54C}) (Version: 4.08.000 - TOSHIBA)
CMEDIA USB2.0 Audio Device (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392016500}) (Version: 1.0.0.3 - C-Media Electronics, Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 417.71 - NVIDIA Corporation) Hidden
DTS Studio Sound (HKLM-x32\...\{E7C66352-1D0C-406F-B5B2-FE2B23973356}) (Version: 1.02.5600 - DTS, Inc.)
Eraser 6.2.0.2982 (HKLM\...\{DFCF78CC-3DAD-4C1E-8BC6-94DC5B73461E}) (Version: 6.2.2982 - The Eraser Project)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.103 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{a2d9fda8-65eb-4c06-81ef-31e0a4daa335}) (Version: 10.1.1.11 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1175 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 20.4 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4360 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.0.1042 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.4.51 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{5DD8D7E4-87F1-4134-AD28-4228FB1A03BA}) (Version: 6.0.44.0 - Intel Corporation)
Intel(R) WiDi Software Asset Manager (HKLM-x32\...\{86905E62-645F-482E-A417-82C812ABD787}) (Version: 1.1.383 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{4DA9DC19-4E1D-4B10-A726-A5F2A1BC7265}) (Version: 18.1.1546.2762 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{4c8b7360-62a2-4339-b745-41323055d0bb}) (Version: 18.20.0 - Intel Corporation)
LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.1.1 - LG Electronics)
Microsoft .NET Framework 4.6.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (Ελληνικά) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1032) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft .NET-keretrendszer 4.6.1 (magyar) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1038) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2656069209-2856868608-1191867071-1000\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Nexus Root Toolkit (HKLM-x32\...\Nexus Root Toolkit) (Version: 2.1.9 - WugFresh)
NVIDIA Ovladače grafiky 417.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 417.71 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation)
O2Micro OZ776 SCR Driver (HKLM\...\{11868102-FAE6-436D-B794-B4B69E2A88DC}) (Version: 2.1.4.241GS - O2Micro) Hidden
O2Micro OZ776 SCR Driver (HKLM-x32\...\InstallShield_{11868102-FAE6-436D-B794-B4B69E2A88DC}) (Version: 2.1.4.241GS - O2Micro)
Ovládací panel NVIDIA 417.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 417.71 - NVIDIA Corporation) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7687 - Realtek Semiconductor Corp.)
Software602 Form Filler (HKLM-x32\...\{04703FE3-1A8B-4467-88E6-3D6A1A0FA65A}) (Version: 4.70 - Software602 a.s.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.24.9 - Synaptics Incorporated)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.13 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{72EFCFA8-3923-451D-AF52-7CE9D87BC2A1}) (Version: 3.0.4.6401 - Toshiba Corporation)
TOSHIBA Fingerprint Utility (HKLM\...\{62BBF381-D208-4EF0-B502-6CB6E5B9A161}) (Version: 2.3.10.64401 - Toshiba Corporation)
TOSHIBA Flash Cards (HKLM\...\{2263D049-8953-42C5-997B-CC19FD6CEF4F}) (Version: 9.0.11.6403 - Toshiba Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.6.03.6401 - Toshiba Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.16 - TOSHIBA Corporation)
TOSHIBA HWSetup (HKLM-x32\...\{0E94D98C-00A7-4C93-9708-8E5A1859E72E}) (Version: 9.1.1.3205 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.20 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\{6C0A2179-56CB-4F1F-9681-E777A4F3C800}) (Version: 9.0.4.3203 - Toshiba Corporation)
TOSHIBA PC Diagnostic Tool (HKLM-x32\...\{F0794FA5-1809-4FC3-AA4E-48061281B5A2}) (Version: 9.0.4.6400 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{B507386D-1F61-4E55-B05B-F56ACB0086B3}) (Version: 5.01.05.6401 - Toshiba Corporation)
TOSHIBA Power Saver (HKLM\...\{4573FA6D-5FC1-4CA0-8D90-BAF9325B28ED}) (Version: 9.0.7.6401 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.3.00.8510 - Toshiba Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 3.0.1.0 - TOSHIBA)
TOSHIBA System Driver (HKLM\...\{46754F5B-B496-4BCA-87E5-84ACF27FCE0F}) (Version: 9.1.0.6404 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{9AF63859-69C8-4B80-A9E3-B64DDB75E551}) (Version: 3.50 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 6.3.3.15 - Toshiba Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Validity WBF DDK 5111 (HKLM\...\{8824790A-7C36-41D3-8127-5BD92623150E}) (Version: 4.5.243.0 - Validity Sensors, Inc.)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-2) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-3) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-4) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-5) (Version: 1.0.33.0 - LunarG, Inc.)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ATFPUOverlayIcon] -> {3239DBC1-B76D-4dc7-8B29-D99CBA3C7336} => C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUOverlayIcon.dll [2013-07-17] (TOSHIBA CORPORATION -> TOSHIBA)
ShellIconOverlayIdentifiers: [TFPUOverlayIcon] -> {8DBDDA23-34E3-4BF1-A107-67B94C080A1F} => C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUFileShellExt.dll [2015-04-23] (TOSHIBA CORPORATION -> TOSHIBA)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2018-01-03] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers1: [TFPUContextMenu] -> {2E34EBB9-C147-4DF4-938F-90C5B0837B1E} => C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUFileShellExt.dll [2015-04-23] (TOSHIBA CORPORATION -> TOSHIBA)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers2: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2018-01-03] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2018-01-03] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers5: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2018-01-03] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-11-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2019-01-11] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2018-01-03] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers6: [TFPUContextMenu] -> {2E34EBB9-C147-4DF4-938F-90C5B0837B1E} => C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUFileShellExt.dll [2015-04-23] (TOSHIBA CORPORATION -> TOSHIBA)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) ==============

2018-05-11 23:41 - 2015-07-14 12:27 - 000036864 _____ (Windows (R) Win 7 DDK provider) [File not signed] C:\Windows\System32\602localmon.dll
2017-04-14 15:53 - 2017-04-14 15:53 - 000245760 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcm90.dll
2018-02-14 17:43 - 2016-12-16 18:15 - 000072704 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\omtsreco.exe
2018-02-14 17:54 - 2017-03-07 22:27 - 000778752 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\OCI.dll
2018-02-14 17:46 - 2017-03-07 22:45 - 006162944 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\OraClient12.Dll
2018-02-14 17:45 - 2016-11-08 11:46 - 002160128 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\oracore12.dll
2018-02-14 17:52 - 2016-12-17 11:49 - 001134080 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\oranls12.dll
2018-02-14 17:52 - 2016-12-17 11:15 - 000112640 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\oraunls12.dll
2018-02-14 17:45 - 2016-11-08 11:46 - 000009728 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\orauts.dll
2018-02-14 17:46 - 2017-03-07 22:44 - 013490688 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\oracommon12.dll
2018-02-14 17:52 - 2016-12-17 11:15 - 000314368 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\orasnls12.dll
2018-02-14 17:46 - 2017-03-07 22:47 - 021665792 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\orageneric12.dll
2018-02-14 17:43 - 2017-03-07 13:45 - 000274432 _____ () [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\orawsec12.dll
2018-02-14 17:46 - 2016-11-04 09:51 - 007989248 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\oraxml12.dll
2018-02-14 17:52 - 2016-11-23 22:52 - 004709888 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\orannzsbb12.dll
2018-02-14 17:52 - 2016-12-15 16:37 - 005074944 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\oran12.dll
2018-02-14 17:52 - 2016-12-15 16:29 - 000630272 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\oranl12.dll
2018-02-14 17:52 - 2016-12-15 16:29 - 000249856 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\orantcp12.dll
2018-02-14 17:52 - 2016-12-15 16:29 - 000302080 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\oranldap12.dll
2018-02-14 17:52 - 2016-11-23 22:51 - 005072896 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\oraldapclnt12.dll
2018-02-14 17:52 - 2016-11-23 22:51 - 005132800 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\orazt12.dll
2018-02-14 17:52 - 2016-11-23 22:53 - 004939264 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\oraztkg12.dll
2018-02-14 17:54 - 2016-12-15 16:29 - 000105984 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\orancrypt12.dll
2018-02-14 17:52 - 2016-12-15 16:29 - 000353792 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\oranro12.dll
2018-02-14 17:52 - 2016-12-15 16:29 - 000024064 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\oranhost12.dll
2018-02-14 17:52 - 2016-12-15 16:28 - 000008704 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\orancds12.dll
2018-02-14 17:52 - 2016-12-15 16:29 - 000047104 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\orantns12.dll
2018-02-14 17:46 - 2017-03-07 22:43 - 006958080 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\orapls12.dll
2018-02-14 17:46 - 2016-11-22 10:14 - 000037888 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\oraslax12.dll
2018-02-14 17:54 - 2017-03-07 14:33 - 000008704 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\oravsn12.dll
2018-02-14 17:46 - 2017-03-07 22:43 - 004579328 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\oraplp12.dll
2018-02-14 17:44 - 2017-03-07 23:23 - 000636928 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\oracell12.dll
2018-02-14 17:46 - 2017-03-04 04:34 - 013469184 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\orahasgen12.dll
2018-02-14 17:46 - 2017-03-04 04:33 - 001236992 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\oraocr12.dll
2018-02-14 17:46 - 2017-03-04 04:33 - 001200640 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\oraocrb12.dll
2018-02-14 17:44 - 2017-03-07 23:20 - 001378816 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\oraasmclnt12.dll
2018-02-14 17:46 - 2017-03-04 04:33 - 000112640 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\oraocrutl12.dll
2018-02-14 17:44 - 2017-03-04 04:34 - 000264704 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\oraclsce12.dll
2018-02-14 17:43 - 2016-07-28 18:42 - 000252416 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\oraons.dll
2018-02-14 17:52 - 2016-12-15 16:29 - 000083456 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\orangsmshd12.dll
2018-02-14 17:46 - 2017-03-07 22:23 - 000295424 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\orasql12.dll
2018-02-14 17:46 - 2017-03-07 22:42 - 000112640 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\OraPlc12.Dll
2018-02-14 17:43 - 2016-12-16 18:14 - 000050176 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\omtsrecomsgus.dll
2017-04-14 15:58 - 2011-07-19 02:50 - 000786432 _____ (TOSHIBA Corporation) [File not signed] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\cs\ToshibaServiceStation.resources.dll
2017-04-14 15:58 - 2011-07-19 02:50 - 000068096 _____ (TOSHIBA Corporation) [File not signed] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\Plugins\Alerts.dll
2017-04-14 15:58 - 2011-07-19 02:50 - 000004608 _____ (TOSHIBA Corporation) [File not signed] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\cs\PluginLib.resources.dll
2017-04-14 15:58 - 2011-07-19 02:50 - 000016896 _____ (TOSHIBA Corporation) [File not signed] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\cs\Alerts.resources.dll
2017-04-14 15:58 - 2015-08-25 19:35 - 000032768 _____ (TOSHIBA Corporation) [File not signed] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\cs\PCHealthInfo.resources.dll
2017-04-14 15:58 - 2011-07-19 02:50 - 000096768 _____ (TOSHIBA Corporation) [File not signed] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\Plugins\SwUpdates.dll
2017-04-14 15:58 - 2011-07-19 02:50 - 000028672 _____ (TOSHIBA Corporation) [File not signed] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\cs\SwUpdates.resources.dll
2018-02-14 17:41 - 2016-12-15 16:35 - 000763392 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\BIN\TNSLSNR.exe
2018-02-14 17:52 - 2016-12-15 16:29 - 000175104 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\BIN\oransgr12.dll
2018-02-14 17:52 - 2016-12-15 16:29 - 000104448 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\oranipc12.dll
2018-02-14 17:52 - 2016-12-15 16:29 - 000265216 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\orantcps12.dll
2018-02-14 17:40 - 2017-03-08 14:41 - 291897344 _____ (Oracle Corporation) [File not signed] c:\aplikace\oracle\virtual\product\12.2.0\dbhome_1\bin\ORACLE.EXE
2018-02-14 17:42 - 2017-03-07 13:58 - 000009728 _____ (Oracle Corporation) [File not signed] c:\aplikace\oracle\virtual\product\12.2.0\dbhome_1\bin\oraodm12.dll
2018-02-14 17:46 - 2017-03-07 21:48 - 000008704 _____ (Oracle Corporation) [File not signed] c:\aplikace\oracle\virtual\product\12.2.0\dbhome_1\bin\oraofs.dll
2018-02-14 17:40 - 2017-03-07 20:49 - 000010240 _____ (Oracle Corporation) [File not signed] c:\aplikace\oracle\virtual\product\12.2.0\dbhome_1\bin\oraskjcx12.dll
2018-02-14 17:41 - 2017-03-04 04:35 - 000337408 _____ (Oracle Corporation) [File not signed] c:\aplikace\oracle\virtual\product\12.2.0\dbhome_1\bin\oraclsra12.dll
2018-02-14 17:44 - 2016-11-22 08:18 - 000199168 _____ (Oracle Corporation) [File not signed] c:\aplikace\oracle\virtual\product\12.2.0\dbhome_1\bin\orawwg.dll
2018-02-14 17:46 - 2017-03-07 22:39 - 000221184 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\BIN\ORAIMR12.Dll
2018-02-14 17:52 - 2016-12-15 16:29 - 000123904 _____ (Oracle Corporation) [File not signed] C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin\oranbeq12.dll
2018-02-14 17:40 - 2017-03-07 22:07 - 003173376 _____ (Oracle Corporation) [File not signed] c:\aplikace\oracle\virtual\product\12.2.0\dbhome_1\bin\orashpksse4212.dll
2013-11-19 10:07 - 2013-11-19 10:07 - 000035328 _____ (Validity Sensors, Inc.) [File not signed] C:\Windows\system32\valWBFPolicyService.exe
2017-04-14 15:37 - 2015-12-19 00:04 - 000075264 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Aplikace\Oracle\virtual\product\12.2.0\dbhome_1\bin;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Users\Admin\AppData\Local\Android\Sdk\tools;C:\Users\Admin\AppData\Local\Android\Sdk\platform-tools
HKU\S-1-5-21-2656069209-2856868608-1191867071-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 185.60.104.1 - 93.157.130.65
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{E9C4F0AB-90D2-478A-8901-C64E7661D010}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> )
FirewallRules: [{FE37B217-8318-4274-97F6-C4A22D3BE919}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe (Intel(R) Wireless Display -> Microsoft)
FirewallRules: [{B43C95F2-9126-4738-93F9-5FA2E947B963}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe No File
FirewallRules: [{3B06D979-00E8-4B93-839C-92E201495745}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe No File
FirewallRules: [{AC4FB376-7B8C-4D43-AB0C-D3233E37F172}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe No File
FirewallRules: [{37E06C89-EFFC-4851-9960-523184895C0F}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe (Intel(R) Wireless Display -> Intel)
FirewallRules: [{1C65C3A3-4EAB-413C-869C-8148BC83DBE1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe No File
FirewallRules: [TCP Query User{2D2E26E2-678B-4A10-A282-1EEC6CF95D83}C:\users\admin\appdata\local\temp\orainstall2018-02-14_04-23-58pm\jdk\jre\bin\javaw.exe] => (Allow) C:\users\admin\appdata\local\temp\orainstall2018-02-14_04-23-58pm\jdk\jre\bin\javaw.exe No File
FirewallRules: [UDP Query User{2971A8AC-97DD-4D6D-AF1D-1A0E42FCE466}C:\users\admin\appdata\local\temp\orainstall2018-02-14_04-23-58pm\jdk\jre\bin\javaw.exe] => (Allow) C:\users\admin\appdata\local\temp\orainstall2018-02-14_04-23-58pm\jdk\jre\bin\javaw.exe No File
FirewallRules: [{741CBDEA-D271-4F93-A4ED-4AE9BF472CCF}] => (Block) C:\users\admin\appdata\local\temp\orainstall2018-02-14_04-23-58pm\jdk\jre\bin\javaw.exe No File
FirewallRules: [{7BE190E7-41B0-4CAD-A1F0-9850343E80A4}] => (Block) C:\users\admin\appdata\local\temp\orainstall2018-02-14_04-23-58pm\jdk\jre\bin\javaw.exe No File
FirewallRules: [TCP Query User{704019A6-A0E2-4ADA-A3D0-E0537A66E104}C:\aplikace\oracle\virtual\product\12.2.0\dbhome_1\jdk\jre\bin\java.exe] => (Allow) C:\aplikace\oracle\virtual\product\12.2.0\dbhome_1\jdk\jre\bin\java.exe
FirewallRules: [UDP Query User{893BEF8B-A68D-49E5-8586-F720900CAD07}C:\aplikace\oracle\virtual\product\12.2.0\dbhome_1\jdk\jre\bin\java.exe] => (Allow) C:\aplikace\oracle\virtual\product\12.2.0\dbhome_1\jdk\jre\bin\java.exe
FirewallRules: [{F9C3AE74-5FAC-413B-ADBC-9E2CEE387703}] => (Block) C:\aplikace\oracle\virtual\product\12.2.0\dbhome_1\jdk\jre\bin\java.exe
FirewallRules: [{00934CC9-9125-443D-B7E7-08945E4CC50C}] => (Block) C:\aplikace\oracle\virtual\product\12.2.0\dbhome_1\jdk\jre\bin\java.exe
FirewallRules: [{0E1E8822-AE3E-4644-872F-0C13D2AD6EE1}] => (Allow) C:\Program Files (x86)\Common Files\soft602\langserv.exe (Software602 a.s. -> ) [File not signed]
FirewallRules: [{FE5A9DD3-1B86-4F21-9F1F-266F434FC956}] => (Allow) C:\Program Files (x86)\Common Files\soft602\langserv.exe (Software602 a.s. -> ) [File not signed]
FirewallRules: [{E8D76809-2063-4EA8-97E1-3AD42BC55CD3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe No File
FirewallRules: [TCP Query User{75C00D5E-77A6-429A-A46C-317F5F594CEE}C:\program files\android\android studio\jre\bin\java.exe] => (Block) C:\program files\android\android studio\jre\bin\java.exe No File
FirewallRules: [UDP Query User{4022E366-78A8-47F7-93B2-53D41D9AD9EA}C:\program files\android\android studio\jre\bin\java.exe] => (Block) C:\program files\android\android studio\jre\bin\java.exe No File
FirewallRules: [{C432CF57-6418-4339-8C4C-570495660B7E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: TOSHIBA Web Camera - FHD
Description: Zobrazovací zařízení USB
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/21/2019 05:44:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: igfxext.exe, verze: 6.15.10.4821, časové razítko: 0x59d28f3c
Název chybujícího modulu: igfxext.exe, verze: 6.15.10.4821, časové razítko: 0x59d28f3c
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000000bd28
ID chybujícího procesu: 0x1b64
Čas spuštění chybující aplikace: 0x01d4f8591bc9e120
Cesta k chybující aplikaci: C:\Windows\system32\igfxext.exe
Cesta k chybujícímu modulu: C:\Windows\system32\igfxext.exe
ID zprávy: 5ba31fa0-644c-11e9-bd47-4485004bede8

Error: (04/21/2019 03:23:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/21/2019 03:23:37 PM) (Source: VSS) (EventID: 8213) (User: )
Description: Chyba služby Stínová kopie svazku: Proces, který je hostitelem modulu pro zápis s názvem Oracle VSS Writer - ORCL a ID {26d02976-b909-43ad-af7e-62a4f625e372}, není spuštěn pod uživatelským účtem s dostatečnými přístupovými právy.
Zvažte spuštění procesu pod místním účtem (Local System, Administrator, Network Service nebo Local Service).


Operace:
Inicializace modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {26d02976-b909-43ad-af7e-62a4f625e372}
Název modulu pro zápis: Oracle VSS Writer - ORCL
Název instance zapisovače: ORCL

Error: (04/21/2019 03:23:16 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: NT SERVICE)
Description: Systém Windows vás nemůže přihlásit, protože nelze načíst váš profil. Zkontrolujte, zda jste připojeni k síti a zda síť pracuje správně.

PODROBNOSTI – Přístup byl odepřen.

Error: (04/21/2019 12:15:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/21/2019 12:15:43 PM) (Source: VSS) (EventID: 8213) (User: )
Description: Chyba služby Stínová kopie svazku: Proces, který je hostitelem modulu pro zápis s názvem Oracle VSS Writer - ORCL a ID {26d02976-b909-43ad-af7e-62a4f625e372}, není spuštěn pod uživatelským účtem s dostatečnými přístupovými právy.
Zvažte spuštění procesu pod místním účtem (Local System, Administrator, Network Service nebo Local Service).


Operace:
Inicializace modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {26d02976-b909-43ad-af7e-62a4f625e372}
Název modulu pro zápis: Oracle VSS Writer - ORCL
Název instance zapisovače: ORCL

Error: (04/21/2019 12:15:20 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: NT SERVICE)
Description: Systém Windows vás nemůže přihlásit, protože nelze načíst váš profil. Zkontrolujte, zda jste připojeni k síti a zda síť pracuje správně.

PODROBNOSTI – Přístup byl odepřen.

Error: (04/20/2019 11:46:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (04/21/2019 05:44:26 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Čtečka čipových karet O2Micro CCID SC Reader 0 odmítla signál IOCTL GET_STATE: Zařízení bylo odebráno.. Pokud chyba přetrvává, čipová karta nebo čtečka pravděpodobně nefungují správně.

Záhlaví příkazu: XX XX XX XX

Error: (04/21/2019 05:44:23 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Místní adaptér Bluetooth selhal. Důvod selhaní nebylo možno určit a adaptér nebude používán. Ovladač vysílače byl vyjmut z paměti.

Error: (04/21/2019 03:23:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba OracleVssWriterORCL byla ukončena s následující chybou:
Obecná chyba odepření přístupu

Error: (04/21/2019 03:23:16 PM) (Source: Service Control Manager) (EventID: 7005) (User: )
Description: Volání LoadUserProfile skončilo neúspěšné s touto chybou:
Přístup byl odepřen.

Error: (04/21/2019 03:22:07 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\Windows\System32\IWMSSvc.dll

Error: (04/21/2019 03:22:07 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\Windows\System32\IWMSSvc.dll

Error: (04/21/2019 03:22:07 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\Windows\System32\IWMSSvc.dll

Error: (04/21/2019 03:21:58 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\Windows\System32\IWMSSvc.dll


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz
Percentage of memory in use: 79%
Total physical RAM: 8123.82 MB
Available physical RAM: 1687.21 MB
Total Virtual: 16245.82 MB
Available Virtual: 9147.12 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:100 GB) (Free:13.9 GB) NTFS
Drive d: (DATA) (Fixed) (Total:352.39 GB) (Free:333.94 GB) NTFS

\\?\Volume{da39ddc7-215d-19e7-9946-8b1ac98b4d93}\ (System) (Fixed) (Total:1.46 GB) (Free:1.17 GB) NTFS
\\?\Volume{084e5744-1760-11e6-8d66-b86b23d2c9ce}\ (HDDRECOVERY) (Fixed) (Total:11.67 GB) (Free:0.99 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================


Nahoru
 Profil  
Odpovědět s citací  
PříspěvekNapsal: 21 dub 2019 19:57 
Offline
Site Admin
Site Admin
Uživatelský avatar

Registrován: 30 říj 2003 13:42
Příspěvky: 109644
Bydliště: Plzeň
Otevřte poznámkový blok a zkopírujte do něj:

Citace:
Start

CloseProcesses:
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-2656069209-2856868608-1191867071-1000\...\MountPoints2: {d6d99f06-a989-11e8-b96d-4485004bede8} - F:\.\StartModem.exe
GroupPolicy: Restriction ? <==== ATTENTION
Task: {C94F5A80-A702-4D2C-AA4A-B2914EE95AD3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {EAAED2CA-E74E-4F7E-9362-BA8A3867292A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2656069209-2856868608-1191867071-1000 -> {100E3CD4-F6C1-4923-84FF-4E2A82875214} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
FirewallRules: [{B43C95F2-9126-4738-93F9-5FA2E947B963}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe No File
FirewallRules: [{3B06D979-00E8-4B93-839C-92E201495745}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe No File
FirewallRules: [{AC4FB376-7B8C-4D43-AB0C-D3233E37F172}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe No File
FirewallRules: [{1C65C3A3-4EAB-413C-869C-8148BC83DBE1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe No File
FirewallRules: [TCP Query User{2D2E26E2-678B-4A10-A282-1EEC6CF95D83}C:\users\admin\appdata\local\temp\orainstall2018-02-14_04-23-58pm\jdk\jre\bin\javaw.exe] => (Allow) C:\users\admin\appdata\local\temp\orainstall2018-02-14_04-23-58pm\jdk\jre\bin\javaw.exe No File
FirewallRules: [UDP Query User{2971A8AC-97DD-4D6D-AF1D-1A0E42FCE466}C:\users\admin\appdata\local\temp\orainstall2018-02-14_04-23-58pm\jdk\jre\bin\javaw.exe] => (Allow) C:\users\admin\appdata\local\temp\orainstall2018-02-14_04-23-58pm\jdk\jre\bin\javaw.exe No File
FirewallRules: [{741CBDEA-D271-4F93-A4ED-4AE9BF472CCF}] => (Block) C:\users\admin\appdata\local\temp\orainstall2018-02-14_04-23-58pm\jdk\jre\bin\javaw.exe No File
FirewallRules: [{7BE190E7-41B0-4CAD-A1F0-9850343E80A4}] => (Block) C:\users\admin\appdata\local\temp\orainstall2018-02-14_04-23-58pm\jdk\jre\bin\javaw.exe No File
FirewallRules: [{E8D76809-2063-4EA8-97E1-3AD42BC55CD3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe No File
FirewallRules: [TCP Query User{75C00D5E-77A6-429A-A46C-317F5F594CEE}C:\program files\android\android studio\jre\bin\java.exe] => (Block) C:\program files\android\android studio\jre\bin\java.exe No File
FirewallRules: [UDP Query User{4022E366-78A8-47F7-93B2-53D41D9AD9EA}C:\program files\android\android studio\jre\bin\java.exe] => (Block) C:\program files\android\android studio\jre\bin\java.exe No File

EmptyTemp:
End


Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

_________________
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.


Nahoru
 Profil  
Odpovědět s citací  
PříspěvekNapsal: 21 dub 2019 20:13 
Offline
Návštěvník
Návštěvník

Registrován: 21 dub 2019 12:38
Příspěvky: 8
Fix result of Farbar Recovery Scan Tool (x64) Version: 21.04.2019 01
Ran by Admin (21-04-2019 21:03:19) Run:1
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin & OracleOraDB12Home1TNSListener & OracleServiceORCL (Available Profiles: Admin & OracleVssWriterORCL & OracleOraDB12Home1TNSListener & OracleServiceORCL & OracleOraDB12Home1MTSRecoveryService)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-2656069209-2856868608-1191867071-1000\...\MountPoints2: {d6d99f06-a989-11e8-b96d-4485004bede8} - F:\.\StartModem.exe
GroupPolicy: Restriction ? <==== ATTENTION
Task: {C94F5A80-A702-4D2C-AA4A-B2914EE95AD3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {EAAED2CA-E74E-4F7E-9362-BA8A3867292A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2656069209-2856868608-1191867071-1000 -> {100E3CD4-F6C1-4923-84FF-4E2A82875214} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
FirewallRules: [{B43C95F2-9126-4738-93F9-5FA2E947B963}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe No File
FirewallRules: [{3B06D979-00E8-4B93-839C-92E201495745}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe No File
FirewallRules: [{AC4FB376-7B8C-4D43-AB0C-D3233E37F172}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe No File
FirewallRules: [{1C65C3A3-4EAB-413C-869C-8148BC83DBE1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe No File
FirewallRules: [TCP Query User{2D2E26E2-678B-4A10-A282-1EEC6CF95D83}C:\users\admin\appdata\local\temp\orainstall2018-02-14_04-23-58pm\jdk\jre\bin\javaw.exe] => (Allow) C:\users\admin\appdata\local\temp\orainstall2018-02-14_04-23-58pm\jdk\jre\bin\javaw.exe No File
FirewallRules: [UDP Query User{2971A8AC-97DD-4D6D-AF1D-1A0E42FCE466}C:\users\admin\appdata\local\temp\orainstall2018-02-14_04-23-58pm\jdk\jre\bin\javaw.exe] => (Allow) C:\users\admin\appdata\local\temp\orainstall2018-02-14_04-23-58pm\jdk\jre\bin\javaw.exe No File
FirewallRules: [{741CBDEA-D271-4F93-A4ED-4AE9BF472CCF}] => (Block) C:\users\admin\appdata\local\temp\orainstall2018-02-14_04-23-58pm\jdk\jre\bin\javaw.exe No File
FirewallRules: [{7BE190E7-41B0-4CAD-A1F0-9850343E80A4}] => (Block) C:\users\admin\appdata\local\temp\orainstall2018-02-14_04-23-58pm\jdk\jre\bin\javaw.exe No File
FirewallRules: [{E8D76809-2063-4EA8-97E1-3AD42BC55CD3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe No File
FirewallRules: [TCP Query User{75C00D5E-77A6-429A-A46C-317F5F594CEE}C:\program files\android\android studio\jre\bin\java.exe] => (Block) C:\program files\android\android studio\jre\bin\java.exe No File
FirewallRules: [UDP Query User{4022E366-78A8-47F7-93B2-53D41D9AD9EA}C:\program files\android\android studio\jre\bin\java.exe] => (Block) C:\program files\android\android studio\jre\bin\java.exe No File

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
HKU\S-1-5-21-2656069209-2856868608-1191867071-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d6d99f06-a989-11e8-b96d-4485004bede8} => removed successfully
HKLM\Software\Classes\CLSID\{d6d99f06-a989-11e8-b96d-4485004bede8} => not found
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C94F5A80-A702-4D2C-AA4A-B2914EE95AD3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C94F5A80-A702-4D2C-AA4A-B2914EE95AD3}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EAAED2CA-E74E-4F7E-9362-BA8A3867292A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EAAED2CA-E74E-4F7E-9362-BA8A3867292A}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKU\S-1-5-21-2656069209-2856868608-1191867071-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{100E3CD4-F6C1-4923-84FF-4E2A82875214} => removed successfully
HKLM\Software\Classes\CLSID\{100E3CD4-F6C1-4923-84FF-4E2A82875214} => not found
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
"C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore" => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B43C95F2-9126-4738-93F9-5FA2E947B963}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3B06D979-00E8-4B93-839C-92E201495745}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AC4FB376-7B8C-4D43-AB0C-D3233E37F172}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1C65C3A3-4EAB-413C-869C-8148BC83DBE1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2D2E26E2-678B-4A10-A282-1EEC6CF95D83}C:\users\admin\appdata\local\temp\orainstall2018-02-14_04-23-58pm\jdk\jre\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2971A8AC-97DD-4D6D-AF1D-1A0E42FCE466}C:\users\admin\appdata\local\temp\orainstall2018-02-14_04-23-58pm\jdk\jre\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{741CBDEA-D271-4F93-A4ED-4AE9BF472CCF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7BE190E7-41B0-4CAD-A1F0-9850343E80A4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E8D76809-2063-4EA8-97E1-3AD42BC55CD3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{75C00D5E-77A6-429A-A46C-317F5F594CEE}C:\program files\android\android studio\jre\bin\java.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4022E366-78A8-47F7-93B2-53D41D9AD9EA}C:\program files\android\android studio\jre\bin\java.exe" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 123845434 B
Java, Flash, Steam htmlcache => 696 B
Windows/system/drivers => 2427499703 B
Edge => 0 B
Chrome => 293010708 B
Firefox => 640267480 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 66356 B
LocalService => 0 B
NetworkService => 41458442 B
Admin => 343986617 B
OracleVssWriterORCL => 0 B
OracleOraDB12Home1TNSListener => 0 B
OracleServiceORCL => 0 B
TEMP => 0 B
OracleOraDB12Home1MTSRecoveryService => 0 B

RecycleBin => 149502 B
EmptyTemp: => 3.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:06:24 ====


Nahoru
 Profil  
Odpovědět s citací  
PříspěvekNapsal: 21 dub 2019 20:55 
Offline
Site Admin
Site Admin
Uživatelský avatar

Registrován: 30 říj 2003 13:42
Příspěvky: 109644
Bydliště: Plzeň
Smazáno. Nastala nějaká změna?

_________________
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.


Nahoru
 Profil  
Odpovědět s citací  
PříspěvekNapsal: 21 dub 2019 21:09 
Offline
Návštěvník
Návštěvník

Registrován: 21 dub 2019 12:38
Příspěvky: 8
Zkoušel jsem s několika minutovým odstupem dvakrát zapnout a vypnout notebook. Při prvním zapnutí se objevil standardní přihlašovací dialog Windows 7 (nějaké to Prosím čekejte...), poté několik minut černá obrazovka s kurzorem myši, ale šel spustit Správce úloh. Při druhém pokusu start významně rychlejší než před zásahem a vše se zdá být OK. Ale jak jsem uváděl problémy se nevyskytovaly při každém spuštění.

Měl jsem tam nějakou havěť, a pokud ano, dá se poznat, jak škodila? Jde mi hlavně o to, zda nedocházelo ke stahování dat z notebooku bez mého vědomí. Děkuji za pomoc.


Nahoru
 Profil  
Odpovědět s citací  
PříspěvekNapsal: 22 dub 2019 10:18 
Offline
Site Admin
Site Admin
Uživatelský avatar

Registrován: 30 říj 2003 13:42
Příspěvky: 109644
Bydliště: Plzeň
V podstatě jste tam měl dost zbytečností. Vše bylo smazáno. Hlavně 3,6GB dočasných souborů internetu mohlo problém způsobovat. Zda docházelo stahování dat z vašeho už nezjistíme. Kdykoli se vám bude zdát, že se něco takového děje, otevřte Připojení k místní síti - stav. Tam najdete 2 čísla: přijatá/odeslaná data. Pokud je vše v pořádku, musí být přijatá : odeslaná data přibližně v poměru 10:1. Pokud je to výrazně méně, nebo dokonce je více dat odeslaných, než přijatých, je něco špatně a je nutné PC prověřit.

_________________
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.


Nahoru
 Profil  
Odpovědět s citací  
PříspěvekNapsal: 22 dub 2019 10:39 
Offline
Návštěvník
Návštěvník

Registrován: 21 dub 2019 12:38
Příspěvky: 8
Asi v 11 hod. jsem zapnul notebook, nabehnul rychle a po spusteni Google Chrome se nacetla jedna stranka. Pak se notebook kousnul, je slyset aktivita pevneho disku a vetrak jede naplno. Po chvili prestaly fungovat reakce na pohyb mysi a stisky klaves. Cas na hodinach na liste se zastavil v case 11:13. Vypnul jsem wifi router, abych odpojil internet. Dosud beze zmeny. Prosim o radu.


Nahoru
 Profil  
Odpovědět s citací  
PříspěvekNapsal: 22 dub 2019 10:41 
Offline
Site Admin
Site Admin
Uživatelský avatar

Registrován: 30 říj 2003 13:42
Příspěvky: 109644
Bydliště: Plzeň
Zřejmě se seknul systém. Musíte natvrdo restartovat. Kolik máte volného místa na systémovém disku?

_________________
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.


Nahoru
 Profil  
Odpovědět s citací  
PříspěvekNapsal: 22 dub 2019 10:47 
Offline
Návštěvník
Návštěvník

Registrován: 21 dub 2019 12:38
Příspěvky: 8
17,1 GB. Po restartu nabehnul, ted se chladi.


Nahoru
 Profil  
Odpovědět s citací  
Zobrazit příspěvky za předchozí:  Seřadit podle  
Odeslat nové téma Odpovědět na téma  [ Příspěvků: 16 ]  Přejít na stránku 1, 2  Další

Všechny časy jsou v UTC + 1 hodina


Kdo je online

Uživatelé procházející toto fórum: Žádní registrovaní uživatelé


Nemůžete zakládat nová témata v tomto fóru
Nemůžete odpovídat v tomto fóru
Nemůžete upravovat své příspěvky v tomto fóru
Nemůžete mazat své příspěvky v tomto fóru
Nemůžete přikládat soubory v tomto fóru

Hledat:
Přejít na:  
cron
Založeno na phpBB® Forum Software © phpBB Group
Český překlad – phpBB.cz
Přispějete na provoz fóra?