soubory s příponou msf, složky končicí názvem .sbd

[leon.l]

Už delší dobu pozoruji v PC s W7 vytváření souborů se shodnou nazvou souborů (dokumenty, obrázky, videa, ...) s příponou msf o velikosti 0 až 1024 KB.
Momentálně jich mám přes 1200.
Jeden příklad..



// <!-- <mdb:mork:z v="1.4"/> -->
< <(a=c)> // (f=iso-8859-1)
(80=ns:msg:db:row:scope:msgs:all)(81=subject)(82=sender)(83=message-id)
(84=references)(85=recipients)(86=date)(87=size)(88=flags)(89=priority)
(8A=label)(8B=statusOfset)(8C=numLines)(8D=ccList)(8E=bccList)
(8F=msgThreadId)(90=threadId)(91=threadFlags)(92=threadNewestMsgDate)
(93=children)(94=unreadChildren)(95=threadSubject)(96=msgCharSet)
(97=ns:msg:db:table:kind:msgs)(98=ns:msg:db:table:kind:thread)
(99=ns:msg:db:table:kind:allthreads)
(9A=ns:msg:db:row:scope:threads:all)(9B=threadParent)(9C=threadRoot)
(9D=msgOffset)(9E=offlineMsgSize)
(9F=ns:msg:db:row:scope:dbfolderinfo:all)
(A0=ns:msg:db:table:kind:dbfolderinfo)(A1=numMsgs)(A2=numNewMsgs)
(A3=folderSize)(A4=expungedBytes)(A5=folderDate)(A6=highWaterKey)
(A7=mailboxName)(A8=UIDValidity)(A9=totPendingMsgs)
(AA=unreadPendingMsgs)(AB=expiredMark)(AC=version)(AD=forceReparse)
(AE=fixedBadRefThreading)(AF=folderName)>
{1:^80 {(k^97:c)(s=9)} }
{FFFFFFFD:^9A {(k^99:c)(s=9)} }

<(80=1)(81=0)>
{1:^9F {(k^A0:c)(s=9u)}
[1(^AC=1)(^AD=0)(^AE=1)]}

@$${1{@
< <(a=c)> // (f=iso-8859-1)
(B0=charSetOverride)(B1=charSet)>
<(82=4)>[1:^9F(^88=4)]
@$$}1}@

@$${2{@
< <(a=c)> // (f=iso-8859-1)
(B8=applyToFlaggedMessages)(B9=useServerRetention)(B2=retainBy)
(B3=daysToKeepHdrs)(B4=numHdrsToKeep)(B5=daysToKeepBodies)
(B6=useServerDefaults)(B7=cleanupBodies)>
[1:^9F(^B9=1)]
@$$}2}@

@$${3{@
@$$}3}@



Podobně se to děje i se složkami, ty ale končí .sbd.

Děkuji za pomoc

[Diallix]

Dobry den.

Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.

[leon.l]

Dobrý den
přikládám zmíněný log:

# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-01-31.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-04-2019
# Duration: 00:00:02
# OS: Windows 7 Ultimate
# Cleaned: 45
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Windows\SysWOW64\Codec
Deleted C:\ProgramData\Ask
Deleted C:\Users\Dr.P\AppData\Roaming\RHEng
Deleted C:\ProgramData\DealPlyLive
Deleted C:\Program Files (x86)\DealPlyLive
Deleted C:\Users\Dr.P\AppData\Local\DealPlyLive
Deleted C:\Users\Dr.P\AppData\Roaming\GoforFiles
Deleted C:\Users\Dr.P\Documents\ocep
Deleted C:\Users\Dr.P\AppData\Roaming\OpenCandy
Deleted C:\Program Files (x86)\Seznam.cz
Deleted C:\Users\Dr.P\AppData\Roaming\Seznam.cz
Deleted C:\ProgramData\apn

***** [ Files ] *****

Deleted C:\END
Deleted C:\Windows\Reimage.ini

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\System32\Tasks\DllKitPRO

***** [ Registry ] *****

Deleted HKCU\Software\DealPlyLive
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98F6C595-E380-4443-AE5D-A8AF10E1A553}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DllKitPRO
Deleted HKCU\Software\GoforFiles
Deleted HKLM\Software\Wow6432Node\GoforFiles
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{C915F573-4C11-4968-9080-29E611FDBE9F}
Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Acronis Scheduler2 Service
Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\BrowserPlugInHelper
Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\WSHelperSetup.exe
Deleted HKLM\Software\Wow6432Node\PIP
Deleted HKCU\Software\IGearSettings
Deleted HKCU\Software\APN PIP
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{0C1284BA-4F3A-41C6-94B5-77446F5948A9}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Deleted HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Deleted HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Deleted HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Deleted HKLM\Software\Reimage
Deleted HKCU\Software\Seznam.cz
Deleted HKLM\Software\Wow6432Node\Solvusoft

***** [ Chromium (and derivatives) ] *****

Deleted Video Ad Blocker Plus for YouTube™
Deleted McAfee Security Scan+

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [4909 octets] - [04/02/2019 16:48:45]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

[Diallix]

Preskenujte pocitac s FRST - navod tu: https://forum.viry.cz/viewtopic.php?f=24&t=132509, skopirujte FRST.log + Addition log sem.

[leon.l]

Přikládám soubory.

Děkuji

[Diallix]

Logy mi tu posielajte normalne do threadu.

Chodte do nudzoveho rezimu.

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

CloseProcesses:
CreateRestorePoint:

cmd: netsh int ip reset
cmd: ipconfig /flushdns

c:\windows\System32\drivers\synth3dvsc.sys
c:\windows\system32\drivers\tsusbhub.sys
c:\windows\system32\DRIVERS\VBoxNetFlt.sys
c:\windows\System32\drivers\rdvgkmd.sys
c:\windows\system32\DRIVERS\vmnetadapter.sys
C:\Users\Dr.P\AppData\Local\Temp\final.vbs

C:\Program Files (x86)\EaseUS

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
HKU\S-1-5-21-3771248149-3553777235-19151450-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19589208 2018-12-10] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3771248149-3553777235-19151450-1000\...\MountPoints2: {10611095-e7a6-11e5-90b4-0024212d1388} - K:\Lenovo_Suite.exe
HKU\S-1-5-21-3771248149-3553777235-19151450-1000\...\MountPoints2: {10611098-e7a6-11e5-90b4-0024212d1388} - L:\Lenovo_Suite.exe
HKU\S-1-5-21-3771248149-3553777235-19151450-1000\...\MountPoints2: {28159486-d113-11e1-9b6e-806e6f6e6963} - V:\BlueBirds.exe
HKU\S-1-5-21-3771248149-3553777235-19151450-1000\...\MountPoints2: {d01ebc5a-3019-11e7-857a-0024212d1387} - J:\Lenovo_Suite.exe
HKU\S-1-5-21-3771248149-3553777235-19151450-1000\...\MountPoints2: {d01ebc5f-3019-11e7-857a-0024212d1387} - J:\Lenovo_Suite.exe
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
FF ProfilePath: C:\Users\Dr.P\AppData\Roaming\Profiles\q1w57t04.default [2016-01-14] <==== ATTENTION
FF ProfilePath: C:\Users\Dr.P\AppData\Roaming\Waterfox\Profiles\akg5ive0.default [2019-02-05]
FF Extension: (wmlbrowser) - C:\Users\Dr.P\AppData\Roaming\Waterfox\Profiles\akg5ive0.default\Extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}.xpi [2016-04-27] [Legacy]
FF Extension: (wmlbrowser) - C:\Users\Dr.P\AppData\Roaming\Mozilla\Firefox\Profiles\6wi7k7hd.default\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}.xpi [2016-04-27] [Legacy]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 Guard Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [23624 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
S3 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [36936 2013-12-02] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
2019-02-04 17:50 - 2012-07-21 17:50 - 000731640 _____ C:\Windows\system32\perfh010.dat
2019-02-04 17:50 - 2012-07-21 17:50 - 000716194 _____ C:\Windows\system32\perfh019.dat
2019-02-04 17:50 - 2012-07-21 17:50 - 000150500 _____ C:\Windows\system32\perfc019.dat
2019-02-04 17:50 - 2012-07-21 17:50 - 000146504 _____ C:\Windows\system32\perfc010.dat
2019-02-04 17:50 - 2012-07-20 17:39 - 000737310 _____ C:\Windows\system32\perfh00C.dat
2019-02-04 17:50 - 2012-07-20 17:39 - 000731952 _____ C:\Windows\system32\perfh015.dat
2019-02-04 17:50 - 2012-07-20 17:39 - 000705474 _____ C:\Windows\system32\prfh0416.dat
2019-02-04 17:50 - 2012-07-20 17:39 - 000675348 _____ C:\Windows\system32\perfh00E.dat
2019-02-04 17:50 - 2012-07-20 17:39 - 000598582 _____ C:\Windows\system32\perfh008.dat
2019-02-04 17:50 - 2012-07-20 17:39 - 000486108 _____ C:\Windows\system32\perfh014.dat
2019-02-04 17:50 - 2012-07-20 17:39 - 000470608 _____ C:\Windows\system32\perfh001.dat
2019-02-04 17:50 - 2012-07-20 17:39 - 000408372 _____ C:\Windows\system32\perfh011.dat
2019-02-04 17:50 - 2012-07-20 17:39 - 000170932 _____ C:\Windows\system32\perfc00E.dat
2019-02-04 17:50 - 2012-07-20 17:39 - 000155530 _____ C:\Windows\system32\perfc015.dat
2019-02-04 17:50 - 2012-07-20 17:39 - 000149238 _____ C:\Windows\system32\perfc00C.dat
2019-02-04 17:50 - 2012-07-20 17:39 - 000147314 _____ C:\Windows\system32\prfc0416.dat
2019-02-04 17:50 - 2012-07-20 17:39 - 000121758 _____ C:\Windows\system32\perfc011.dat
2019-02-04 17:50 - 2012-07-20 17:39 - 000110786 _____ C:\Windows\system32\perfc008.dat
2019-02-04 17:50 - 2012-07-20 17:39 - 000095062 _____ C:\Windows\system32\perfc014.dat
2019-02-04 17:50 - 2012-07-20 17:39 - 000094430 _____ C:\Windows\system32\perfc001.dat
2019-02-04 17:50 - 2012-07-20 15:24 - 000473088 _____ C:\Windows\system32\perfh00B.dat
2019-02-04 17:50 - 2012-07-20 15:24 - 000101178 _____ C:\Windows\system32\perfc00B.dat
2019-02-04 17:50 - 2009-07-14 16:18 - 000668542 _____ C:\Windows\system32\perfh005.dat
2019-02-04 17:50 - 2009-07-14 16:18 - 000013184 _____ C:\Windows\system32\perfc005.dat
ContextMenuHandlers4: [NShredExtension] -> {2B3FB74C-AB7C-4F7D-A43F-1E34D3F3D51F} =>  -> No File
Task: {11FF79AC-55C2-4E6D-B39F-C1DA55E7EC96} - System32\Tasks\{A227DAB3-1484-4B6D-B2B5-7DB686DDE81B} => C:\Windows\system32\pcalua.exe -a C:\Users\Dr.P\Downloads\VirtualBox-5.2.0_RC1-118201-Win.exe -d C:\Users\Dr.P\Downloads
Task: {2AF2FB09-5216-4FF8-BA09-0EABDB89272F} - System32\Tasks\{4A8128F0-CC0C-4E74-89DE-CF1EFFA3A7F9} => C:\Windows\system32\pcalua.exe -a D:\YYY\ipscan-win64-3.0-beta6.exe
Task: {3D28E5D1-D7CD-48BB-B3D5-166E77DA4313} - System32\Tasks\GoogleUpdateTaskMachineCore1cf8ae8ebdca85f => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc -> Google Inc.)
Task: {4DC8D219-0907-4A76-AD32-66B21DAA87C9} - System32\Tasks\{60A5FD3E-BC76-4A2B-ADD3-DED28EDCBEA0} => C:\Windows\system32\pcalua.exe -a C:\Users\Dr.P\AppData\Local\Temp\Temp1_JMB36X_WinDrv_R1.17.65_WHQL.zip\R1.17.65.11\setup.exe <==== ATTENTION
Task: {56BB9129-AB81-413B-98FE-EDF1B1254A8E} - System32\Tasks\{8625FC15-C4ED-4534-9128-22F25E2C74C6} => C:\Windows\system32\pcalua.exe -a C:\Users\Dr.P\AppData\Local\Temp\Temp1_HDTune255_CZ.zip\HDTune255_CZ.exe <==== ATTENTION
Task: {5BB91B42-3429-4569-9C37-87A8CFB487BC} - System32\Tasks\GoogleUpdateTaskMachineUA1cf8ae8ebffc143 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc -> Google Inc.)
Task: {5DB59868-5F28-4587-8789-B705F1A3383B} - System32\Tasks\{23DF89C1-FCF0-4B54-9697-77768230A309} => C:\Windows\system32\pcalua.exe -a "I:\BitTorrent\03\EPLAN ElectricP8 2.2\Таблетка\x64\dseo13b.exe" -d "I:\BitTorrent\03\EPLAN ElectricP8 2.2\Таблетка\x64"
Task: {66471902-9175-461F-8578-26E58B4E98EF} - System32\Tasks\{0149A9FD-82F4-4C33-A487-F56BF6496D83} => C:\Windows\system32\pcalua.exe -a C:\Users\Dr.P\Downloads\VirtualBox-5.2.4-119785-Win.exe -d C:\Users\Dr.P\Downloads
Task: {6A0F9BB0-D5CB-435E-93E7-AA3416DEE826} - System32\Tasks\{764068B4-33CD-40BE-AE78-1CAC615C9663} => C:\Windows\system32\pcalua.exe -a C:\Users\Dr.P\Desktop\oodefragpro19522264bitcz.exe -d C:\Users\Dr.P\Desktop
Task: {96A0343F-8113-49A0-BE2B-B27224838148} - System32\Tasks\Opera scheduled Autoupdate 1456672861 => C:\Program Files (x86)\Opera\launcher.exe [2019-01-09] (Opera Software AS -> Opera Software)
Task: {A251BC74-F9A7-48DF-92F1-E8993A292814} - System32\Tasks\{0B5DF3DC-E3C9-4C0B-BF76-202B8317D929} => C:\Windows\system32\pcalua.exe -a "I:\BitTorrent\02\EPLAN\Eplan Electric P8 1.9.5\Crack\Emulator.exe" -d "I:\BitTorrent\02\EPLAN\Eplan Electric P8 1.9.5\Crack"
Task: {A2B460E7-05A9-4AC2-8BD2-30D5665D08BC} - System32\Tasks\GoogleUpdateTaskMachineCore1d03ffb673a9a87 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc -> Google Inc.)
Task: {CCA75C5D-8319-483B-AE82-CFD5A6397EE4} - System32\Tasks\klcp_update => CodecTweakTool.exe
Shortcut: C:\Users\Dr.P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CloneSpy\Website.lnk -> hxxp://www.clonespy.com
AlternateDataStreams: C:\Users\Dr.P\Desktop\Channel_list_T-KTM2DEUC-1153.3.zip:$A [38]
HKU\S-1-5-21-3771248149-3553777235-19151450-1000\Software\Classes\exefile:  <==== ATTENTION
HKU\S-1-5-21-3771248149-3553777235-19151450-1000\Software\Classes\.bat:  =>  <==== ATTENTION
MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe
MSCONFIG\startupreg: EaseUs TB Tray Agent => "C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe"
MSCONFIG\startupreg: EaseUs Tray => "C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe"
MSCONFIG\startupreg: EaseUs Watch => "C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe"
FirewallRules: [{32FDDD18-6616-4BCB-9284-14D08FE6F74B}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{340E23EB-781E-4AE3-973B-A61B7A019A18}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{4A418AE2-C4DF-4F68-84F1-2B04A7EAA763}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{59E401A5-F63B-4EC5-B7EA-3ABDA62D5B9D}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{70D67ED2-4971-458A-9FA9-9AD923925F97}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
MSCONFIG\startupreg: final => wscript.exe //B "C:\Users\Dr.P\AppData\Local\Temp\final.vbs"

EmptyTemp:
Hosts:

Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST, pricom zvolte Kodovanie na UTF-8 (skopirujte do poznamkoveho bloku -> Subor -> Ulozit ako -> Encoding/Kodovaniee: zvolte UTF-8 -> ulozit).
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.