Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

kontrola

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
sani8
Návštěvník
Návštěvník
Příspěvky: 102
Registrován: 29 srp 2009 14:28

kontrola

#1 Příspěvek od sani8 »

Zdravim. Sprava sa trocha pomalsie.Nic vazne, dufam. Dakujem.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01.09.2018 03
Ran by Sani (administrator) on SANI-PC (02-09-2018 13:47:54)
Running from C:\Users\Sani\Desktop
Loaded Profiles: Sani (Available Profiles: Sani)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Skype Technologies) C:\Program Files\Skype\Browser\SkypeBrowserHost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

"Path" (C:\Program Files\Skype\Phone\ -> %SystemRoot%\System32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Skype\Phone\) <==== Repaired successfully
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3810304 2008-11-17] (Dell Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-25] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmdS.exe [297592 2017-11-03] (ESET)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-1677253683-3081182462-1745060028-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1677253683-3081182462-1745060028-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [13594584 2018-07-06] (Piriform Ltd)
HKU\S-1-5-21-1677253683-3081182462-1745060028-1000\...\RunOnce: [Adobe Speed Launcher] => 1535875403
HKU\S-1-5-21-1677253683-3081182462-1745060028-1000\...\MountPoints2: {7099f7f6-3160-11e5-9c53-8ae4067d2990} - E:\StartCD.exe
HKU\S-1-5-21-1677253683-3081182462-1745060028-1000\...\MountPoints2: {8dec5a86-3c60-11e5-bdfa-344b50b7ef19} - E:\AutoRun.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4FB33BEC-16B4-4517-AA56-5B46C64A28F7}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9E5A4341-8AEC-441D-8683-36C82F20DA25}: [DhcpNameServer] 192.168.0.1 192.168.0.1
ManualProxies:

Internet Explorer:
==================
HKU\S-1-5-21-1677253683-3081182462-1745060028-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
HKU\S-1-5-21-1677253683-3081182462-1745060028-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-03] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-03] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Sani\AppData\Roaming\Mozilla\Firefox\Profiles\17pz7xze.default-1484472230595 [2018-09-02]
FF Homepage: Mozilla\Firefox\Profiles\17pz7xze.default-1484472230595 -> hxxps://www.google.co.uk/
FF NetworkProxy: Mozilla\Firefox\Profiles\17pz7xze.default-1484472230595 -> backup.ftp", "94.136.138.142"
FF Extension: (Flash Video Downloader) - C:\Users\Sani\AppData\Roaming\Mozilla\Firefox\Profiles\17pz7xze.default-1484472230595\Extensions\artur.dubovoy@gmail.com.xpi [2018-08-27]
FF Extension: (download-helper) - C:\Users\Sani\AppData\Roaming\Mozilla\Firefox\Profiles\17pz7xze.default-1484472230595\Extensions\jid1-i6dUGvCrz2WZu8@jetpack.xpi [2018-05-26]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_30_0_0_113.dll [2018-06-19] ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-26] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-26] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default [2018-09-02]
CHR Extension: (Slides) - C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-20]
CHR Extension: (Docs) - C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-20]
CHR Extension: (Google Drive) - C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-27]
CHR Extension: (Skype Calling) - C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2018-07-01]
CHR Extension: (YouTube) - C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-27]
CHR Extension: (Google Search) - C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-27]
CHR Extension: (Sheets) - C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-20]
CHR Extension: (Google Docs Offline) - C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-27]
CHR Extension: (Gmail) - C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-27]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2018-06-19] (Adobe Systems Incorporated) [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1034584 2015-06-18] (Disc Soft Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2089176 2017-11-03] (ESET)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2015-02-04] ()
S4 SkypeUpdate; C:\Program Files\Skype\Updater\Updater.exe [317400 2017-02-27] (Skype Technologies) [File not signed]
S4 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2008-11-17] (Dell Inc.) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-11-17] (Broadcom Corporation)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [25016 2015-07-23] (Disc Soft Ltd)
R3 dtultrascsibus; C:\Windows\System32\DRIVERS\dtultrascsibus.sys [25104 2015-02-04] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [113544 2017-11-03] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [90656 2017-05-04] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [141480 2017-11-03] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [43920 2017-05-04] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [69304 2017-05-04] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [52680 2017-04-25] (ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [87528 2017-11-03] (ESET)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 OA008Ufd; C:\Windows\System32\DRIVERS\OA008Ufd.sys [133632 2009-03-06] (Creative Technology Ltd.)
R3 OA008Vid; C:\Windows\System32\DRIVERS\OA008Vid.sys [274048 2009-05-06] (Creative Technology Ltd.)
S3 anvsnddrv; system32\drivers\anvsnddrv.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-02 13:47 - 2018-09-02 13:48 - 000010492 _____ C:\Users\Sani\Desktop\FRST.txt
2018-09-02 13:47 - 2018-09-02 13:47 - 000000000 ____D C:\FRST
2018-09-02 13:44 - 2018-09-02 13:44 - 001773568 _____ (Farbar) C:\Users\Sani\Desktop\FRST.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-02 13:47 - 2016-11-27 20:57 - 000000000 ____D C:\Users\Sani\AppData\LocalLow\Mozilla
2018-09-02 13:46 - 2015-03-29 13:40 - 000000000 ____D C:\Users\Sani\AppData\Roaming\Skype
2018-09-02 13:03 - 2006-11-02 13:47 - 000003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2018-09-02 13:03 - 2006-11-02 13:47 - 000003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2018-09-02 09:07 - 2006-11-02 12:18 - 000000000 ____D C:\Windows\inf
2018-09-02 09:07 - 2006-11-02 11:33 - 000759082 _____ C:\Windows\system32\PerfStringBackup.INI
2018-09-02 09:03 - 2006-11-02 14:01 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-09-02 02:05 - 2006-11-02 14:01 - 000032550 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-08-31 22:32 - 2015-02-03 21:36 - 000000000 ____D C:\Users\Sani\AppData\Roaming\vlc
2018-08-31 22:10 - 2015-04-03 10:35 - 000032768 _____ C:\Users\Sani\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-08-27 18:23 - 2015-10-25 14:31 - 000000000 ____D C:\Users\Sani\Desktop\wolf3d

==================== Files in the root of some directories =======

2015-02-04 16:17 - 2017-01-29 12:06 - 000007030 _____ () C:\Users\Sani\AppData\Roaming\New Text Document.txt
2015-02-04 21:21 - 2015-02-04 21:21 - 000138056 _____ () C:\Users\Sani\AppData\Roaming\PnkBstrK.sys
2015-03-25 23:31 - 2015-05-21 23:19 - 000001253 _____ () C:\Users\Sani\AppData\Roaming\registry key.txt
2017-07-09 20:22 - 2017-07-09 21:33 - 000000308 _____ () C:\Users\Sani\AppData\Roaming\Rim.Desktop.Exception.log
2017-07-09 20:21 - 2017-07-13 20:03 - 000002009 _____ () C:\Users\Sani\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2017-07-09 20:22 - 2017-07-09 21:33 - 000000308 _____ () C:\Users\Sani\AppData\Roaming\Rim.DesktopHelper.Exception.log
2016-11-20 22:17 - 2016-11-20 22:17 - 000026340 _____ () C:\Users\Sani\AppData\Roaming\UserTile.png
2015-03-23 22:12 - 2015-03-23 22:12 - 000000047 _____ () C:\Users\Sani\AppData\Roaming\WB.CFG
2015-03-29 13:19 - 2016-10-01 15:29 - 000001356 _____ () C:\Users\Sani\AppData\Local\d3d9caps.dat
2015-04-03 10:35 - 2018-08-31 22:10 - 000032768 _____ () C:\Users\Sani\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-10-08 10:46 - 2017-01-29 12:07 - 000007029 _____ () C:\Users\Sani\AppData\Local\New Text Document.txt

Files to move or delete:
====================
C:\Windows\Tasks\{E3D207D9-5620-4E0E-91FC-E810311A45D2}.job


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD.

LastRegBack: 2018-09-02 09:08

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01.09.2018 03
Ran by Sani (02-09-2018 13:48:25)
Running from C:\Users\Sani\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2015-02-02 05:05:45)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1677253683-3081182462-1745060028-500 - Administrator - Disabled)
Guest (S-1-5-21-1677253683-3081182462-1745060028-501 - Limited - Disabled)
Sani (S-1-5-21-1677253683-3081182462-1745060028-1000 - Administrator - Enabled) => C:\Users\Sani

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security (Enabled - Out of date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security (Enabled - Out of date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (HKLM\...\{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}) (Version: 1.0.0 - Hewlett-Packard) Hidden
Adobe Flash Player 30 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Any Video Converter 5.7.9 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
ATI Catalyst Install Manager (HKLM\...\{EB68307E-4E70-0C63-2CEE-62FA85C88CA6}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
BufferChm (HKLM\...\{E2662C24-B31E-4349-A084-32EB76E8B760}) (Version: 90.0.146.000 - Hewlett-Packard) Hidden
ccc-core-static (HKLM\...\{77F218D6-EAF4-402C-36B1-C3F0EC62598D}) (Version: 2009.0625.1812.30825 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
CrystalDiskInfo 7.0.4 (HKLM\...\CrystalDiskInfo_is1) (Version: 7.0.4 - Crystal Dew World)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version: 1.02.06 - Creative Technology Ltd)
Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11 Application) (Version: 5.10.38.30 - Dell Inc.)
ESET Smart Security (HKLM\...\{4767A2E8-3EE2-4090-A408-2E775A97E83C}) (Version: 10.1.219.0 - ESET, spol. s r.o.)
Foxit PhantomPDF Standard (HKLM\...\{002C7EBB-F986-4C33-AD1A-9A1570F2FBBE}) (Version: 7.2.0.722 - Foxit Software Inc.)
GOM Player (HKLM\...\GOM Player) (Version: 2.3.9.5265 - Gretech Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Integrated Webcam Driver (1.04.01.0601) (HKLM\...\Creative OA008) (Version: 1.04.01.0601 - Creative Technology Ltd.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 52.9.0 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.9.0 ESR (x86 en-US)) (Version: 52.9.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.9.0.6746 - Mozilla)
Open Freely (HKLM\...\{1BF14E04-85DE-480C-9A04-EB36744C66C3}_is1) (Version: 1.0 - Download Freely, LLC)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.1 - Dell)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
RICOH Media Driver ver.2.07.01.04 (HKLM\...\{2B818257-E6C7-4841-8C29-C5C9A982BCE5}) (Version: 2.07.01.04 - RICOH)
S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0006] (HKLM\...\S.T.A.L.K.E.R. - Shadow of Chernobyl_is1) (Version: 1.0006 - THQ)
Skins (HKLM\...\{3A07247E-0645-8BCF-8419-FD857790108D}) (Version: 2009.0625.1812.30825 - ATI) Hidden
Skype™ 7.33 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Stalker Complete 2009 (HKLM\...\{Stalker Complete 2009 v1.4.4}}_is1) (Version: - )
STALKERSOUP BETA (HKLM\...\STALKERSOUP BETA) (Version: 1.0.9.9.8.1 - JAMMER)
TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
UnloadSupport (HKLM\...\{543E938C-BDC4-4933-A612-01293996845F}) (Version: 9.0.0 - Hewlett-Packard) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinRAR 5.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Wolfenstein 3D (HKLM\...\Wolf3DUninstallKey) (Version: - )
World of Tanks (HKU\S-1-5-21-1677253683-3081182462-1745060028-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version: - Wargaming.net)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-11-03] (ESET)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x86.dll [2015-07-10] (Foxit Software Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-11-03] (ESET)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [2009-06-25] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-11-03] (ESET)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {166F4847-7E2C-469F-9818-6107BC4ED58C} - System32\Tasks\{3409B7F2-C69E-4579-B2DA-4E24C871D55E} => "c:\program files\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/6.16.0.105/en/abandoninstall?page=tsBing
Task: {2A92AE83-3A7A-45D2-908C-7AB686C918C7} - System32\Tasks\hgkjhfvghc => C:\Windows\System32\shutdown.exe [2008-01-21] (Microsoft Corporation)
Task: {2C4E4486-9AD4-4EBD-B249-212EFEA2F3FF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-11-27] (Google Inc.)
Task: {3816C10F-6D03-4B55-A923-D6DA650902CA} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_30_0_0_113_Plugin.exe [2018-06-19] (Adobe Systems Incorporated)
Task: {3B418972-FFD5-41D2-9D84-BAEEE50FDE18} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-07-06] (Piriform Ltd)
Task: {3D0B14B2-514C-42B6-9395-770C83B35843} - System32\Tasks\Launch BCM WLAN Tray => C:\Windows\system32\WLTRAY.EXE [2008-11-17] (Dell Inc.)
Task: {4646269D-DD3C-429A-A113-89A7B7361BE9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-11-27] (Google Inc.)
Task: {55A47CC7-5F5A-4CCB-9561-931EB8896DA2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-07-06] (Piriform Ltd)
Task: {5FE89567-2C62-4C09-89E3-6F0D216A29E7} - System32\Tasks\Advanced File Optimizer_checkupdate_startup => C:\Program Files\Advanced File Optimizer\AdvancedFileOptimizer.exe
Task: {6CD4F3C9-212F-44E6-AFAD-EA6688990D71} - System32\Tasks\hvgx => C:\Program Files\KairosPlanet\KairosPlanet.exe
Task: {7C35CA18-EB2F-49F0-AD2D-A613045B9A3D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-06-19] (Adobe Systems Incorporated)
Task: {97833626-667C-4A79-BEC8-3D36FA2C1635} - System32\Tasks\,jbgj => C:\Windows\System32\shutdown.exe [2008-01-21] (Microsoft Corporation)
Task: {A1EDDDC6-BCBD-47A0-804E-89D44AABB142} - System32\Tasks\ggfy => C:\Windows\System32\shutdown.exe [2008-01-21] (Microsoft Corporation)
Task: {C0D612B9-B412-4697-86E0-443D41ECE93D} - System32\Tasks\shutdown => C:\Windows\System32\shutdown.exe [2008-01-21] (Microsoft Corporation)
Task: {C57DA7AD-7922-4E46-9D2A-5AC7801C5607} - System32\Tasks\plllan => C:\Program Files\KairosPlanet\KairosPlanet.exe
Task: {F86E7BB1-B94D-4E6A-9216-6F29A675C75F} - System32\Tasks\{6189D548-39F8-469B-B139-8C536ADE8FB1} => "c:\program files\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/6.18.0.106/en/abandoninstall?source=lightinstaller&page=tsMain

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\{E3D207D9-5620-4E0E-91FC-E810311A45D2}.job => c:\program files\mozilla firefox\firefox.exeLhxxp:/ui.skype.com/ui/0/7.2.60.103/cs/go/

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Sani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://loadstart.net/?ssid=1475327715&a=1054667&src=sh&uuid=cf81b04c-f808-472c-9132-eea76bdd6f5f,1475327563776"
ShortcutWithArgument: C:\Users\Sani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://loadstart.net/?ssid=1475327715&a=1054667&src=sh&uuid=cf81b04c-f808-472c-9132-eea76bdd6f5f,1475327563776"
ShortcutWithArgument: C:\Users\Sani\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser (2).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://loadstart.net/?ssid=1475327715&a=1054667&src=sh&uuid=cf81b04c-f808-472c-9132-eea76bdd6f5f,1475327563776"

==================== Loaded Modules (Whitelisted) ==============

2015-02-01 23:48 - 2008-11-17 08:29 - 000026112 _____ () C:\Windows\System32\WLTRYSVC.EXE
2015-02-01 23:48 - 2008-11-17 08:29 - 000054784 _____ () C:\Windows\System32\bcmwlrmt.dll
2015-05-04 17:39 - 2011-02-28 23:37 - 000180624 _____ () C:\Windows\System32\Primomonnt.dll
2017-01-30 13:52 - 2017-01-30 13:52 - 001926632 ____R () C:\Program Files\Skype\Phone\roottools.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000\...\localhost -> localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2018-01-23 20:46 - 000000775 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1677253683-3081182462-1745060028-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\Wallpaper\img22.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: PnkBstrA => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TabletInputService => 2
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk => C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk => C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: DAEMON Tools Ultra Agent => "C:\Program Files\DAEMON Tools Ultra\DTAgent.exe" -autorun
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{79AF29F7-0612-4E02-B344-72B62257826B}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{FB5BE43D-3688-4895-92FA-57EDAD0AC1E6}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [{1DFB5C98-24EA-41C9-9D59-94D79FDE500D}] => (Allow) LPort=80
FirewallRules: [{2C531104-E9C9-4919-B52C-A5F19702B4DC}] => (Allow) LPort=80
FirewallRules: [{9B58FEAB-61E3-4528-B05E-5DE17D6F8C94}] => (Allow) LPort=80
FirewallRules: [{31D701C8-1D3E-47F4-899C-9980432F0494}] => (Allow) C:\Windows\System32\PnkBstrA.exe
FirewallRules: [{9E6EE92E-B373-44D4-9CB1-4E2FBA83F4C9}] => (Allow) C:\Windows\System32\PnkBstrA.exe
FirewallRules: [{04B7C0A7-EDDD-4D16-AC1B-AD7A5D17D741}] => (Allow) C:\Windows\System32\PnkBstrB.exe
FirewallRules: [{47F29245-F8BE-4F4A-A3E3-9C92B74EDD28}] => (Allow) C:\Windows\System32\PnkBstrB.exe
FirewallRules: [{0349332B-9C11-40AB-B0D3-C015F9FF5555}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{E54FE2D1-536D-4245-8978-0D85BD4D4893}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{16AB419F-3081-4286-A85F-FDE287CE4BD0}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{67FAA00D-09C4-4A72-B409-7D0946EC0AC5}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{2D81A371-A32B-49CA-895C-D8BB90210C6A}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{699C52AB-237E-47C8-B12F-BB4BF5D4E229}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{BF621B70-3C7F-488B-990C-548E90CD8090}] => (Allow) C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{1B4D5AFE-F246-44B4-8E5E-DC70BF949B62}] => (Allow) C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{0B3A52D7-4B65-4CE9-8FBB-4C745002DFD4}] => (Allow) C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe
FirewallRules: [{B97BF055-DCE9-4181-A2C1-C2E711902B0D}] => (Allow) C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe
FirewallRules: [{481872FC-0A63-4932-A4E1-956CF541BA2F}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{99A8BC33-CB72-4358-8C7A-BFBBF91FED1A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C27F188B-18B8-4713-8E76-D90DBD2B185C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{90748ECF-1611-405E-AA3F-00F078FB9FB5}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{4E2457DD-56B9-4880-9EC4-54208273B45D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe

==================== Restore Points =========================

29-08-2018 21:23:35 Scheduled Checkpoint
02-09-2018 12:27:52 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/02/2018 09:04:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/01/2018 08:12:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/01/2018 07:16:51 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: The COM+ Event System could not remove the EventSystem.EventSubscription object {5C70CD3A-8913-4D93-94F7-79182EF1B930}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The HRESULT was 80070005.

Error: (09/01/2018 06:53:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/31/2018 11:24:47 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: The COM+ Event System could not remove the EventSystem.EventSubscription object {5C70CD3A-8913-4D93-94F7-79182EF1B930}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The HRESULT was 80070005.

Error: (08/31/2018 06:31:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/30/2018 10:27:43 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: The COM+ Event System could not remove the EventSystem.EventSubscription object {5C70CD3A-8913-4D93-94F7-79182EF1B930}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The HRESULT was 80070005.

Error: (08/30/2018 06:57:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (09/02/2018 01:47:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (09/02/2018 01:47:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (09/02/2018 01:47:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (09/02/2018 01:47:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (09/02/2018 01:47:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (09/02/2018 01:47:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (09/02/2018 01:47:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (09/02/2018 01:47:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
Percentage of memory in use: 48%
Total physical RAM: 3035.94 MB
Available physical RAM: 1575.89 MB
Total Virtual: 6288.1 MB
Available Virtual: 5225.21 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.88 GB) (Free:57.67 GB) NTFS ==>[system with boot components (obtained from drive)]


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 7506696B)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: kontrola

#2 Příspěvek od Conder »

Ahoj :)

:arrow: Upozornujem, ze tento OS Windows Vista uz nie je podporovany a nie su vydavane bezpecnostne zaplaty, to sa tyka aj prehliadacov Firefox a Chrome.

:arrow: Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
  • Uloz na plochu a ukonci vsetky programy
  • Spusti AdwCleaner ako spravca
  • Odsuhlas licencne podmienky
  • Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
  • Nechaj zaskrtnute vsetky nalezy
  • Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
  • Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
  • Otvori sa log, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

sani8
Návštěvník
Návštěvník
Příspěvky: 102
Registrován: 29 srp 2009 14:28

Re: kontrola

#3 Příspěvek od sani8 »

# -------------------------------
# Malwarebytes AdwCleaner 7.2.3.0
# -------------------------------
# Build: 08-30-2018
# Database: 2018-09-01.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 09-02-2018
# Duration: 00:00:01
# OS: Windows Vista (TM) Home Premium
# Cleaned: 1
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Windows Defender

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1335 octets] - [02/09/2018 22:56:51]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: kontrola

#4 Příspěvek od Conder »

:arrow: Poprosim o obidva nove logy z FRST.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

sani8
Návštěvník
Návštěvník
Příspěvky: 102
Registrován: 29 srp 2009 14:28

Re: kontrola

#5 Příspěvek od sani8 »

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01.09.2018 03
Ran by Sani (administrator) on SANI-PC (03-09-2018 19:18:07)
Running from C:\Users\Sani\Desktop
Loaded Profiles: Sani (Available Profiles: Sani)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3810304 2008-11-17] (Dell Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-25] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmdS.exe [297592 2017-11-03] (ESET)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-1677253683-3081182462-1745060028-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1677253683-3081182462-1745060028-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [13594584 2018-07-06] (Piriform Ltd)
HKU\S-1-5-21-1677253683-3081182462-1745060028-1000\...\RunOnce: [Adobe Speed Launcher] => 1535998263
HKU\S-1-5-21-1677253683-3081182462-1745060028-1000\...\MountPoints2: {7099f7f6-3160-11e5-9c53-8ae4067d2990} - E:\StartCD.exe
HKU\S-1-5-21-1677253683-3081182462-1745060028-1000\...\MountPoints2: {8dec5a86-3c60-11e5-bdfa-344b50b7ef19} - E:\AutoRun.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4FB33BEC-16B4-4517-AA56-5B46C64A28F7}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9E5A4341-8AEC-441D-8683-36C82F20DA25}: [DhcpNameServer] 192.168.0.1 192.168.0.1
ManualProxies:

Internet Explorer:
==================
HKU\S-1-5-21-1677253683-3081182462-1745060028-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
HKU\S-1-5-21-1677253683-3081182462-1745060028-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-03] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-03] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Sani\AppData\Roaming\Mozilla\Firefox\Profiles\17pz7xze.default-1484472230595 [2018-09-03]
FF Homepage: Mozilla\Firefox\Profiles\17pz7xze.default-1484472230595 -> hxxps://www.google.co.uk/
FF NetworkProxy: Mozilla\Firefox\Profiles\17pz7xze.default-1484472230595 -> backup.ftp", "94.136.138.142"
FF Extension: (Flash Video Downloader) - C:\Users\Sani\AppData\Roaming\Mozilla\Firefox\Profiles\17pz7xze.default-1484472230595\Extensions\artur.dubovoy@gmail.com.xpi [2018-08-27]
FF Extension: (download-helper) - C:\Users\Sani\AppData\Roaming\Mozilla\Firefox\Profiles\17pz7xze.default-1484472230595\Extensions\jid1-i6dUGvCrz2WZu8@jetpack.xpi [2018-05-26]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_30_0_0_113.dll [2018-06-19] ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-26] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-26] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default [2018-09-02]
CHR Extension: (Slides) - C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-20]
CHR Extension: (Docs) - C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-20]
CHR Extension: (Google Drive) - C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-27]
CHR Extension: (Skype Calling) - C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2018-07-01]
CHR Extension: (YouTube) - C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-27]
CHR Extension: (Google Search) - C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-27]
CHR Extension: (Sheets) - C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-20]
CHR Extension: (Google Docs Offline) - C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-27]
CHR Extension: (Gmail) - C:\Users\Sani\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-27]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2018-06-19] (Adobe Systems Incorporated) [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1034584 2015-06-18] (Disc Soft Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2089176 2017-11-03] (ESET)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2015-02-04] ()
S4 SkypeUpdate; C:\Program Files\Skype\Updater\Updater.exe [317400 2017-02-27] (Skype Technologies) [File not signed]
S4 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2008-11-17] (Dell Inc.) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-11-17] (Broadcom Corporation)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [25016 2015-07-23] (Disc Soft Ltd)
R3 dtultrascsibus; C:\Windows\System32\DRIVERS\dtultrascsibus.sys [25104 2015-02-04] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [113544 2017-11-03] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [90656 2017-05-04] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [141480 2017-11-03] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [43920 2017-05-04] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [69304 2017-05-04] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [52680 2017-04-25] (ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [87528 2017-11-03] (ESET)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 OA008Ufd; C:\Windows\System32\DRIVERS\OA008Ufd.sys [133632 2009-03-06] (Creative Technology Ltd.)
R3 OA008Vid; C:\Windows\System32\DRIVERS\OA008Vid.sys [274048 2009-05-06] (Creative Technology Ltd.)
S3 anvsnddrv; system32\drivers\anvsnddrv.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-02 22:55 - 2018-09-02 22:55 - 007567568 _____ (Malwarebytes) C:\Users\Sani\Desktop\adwcleaner_7.2.3.exe
2018-09-02 13:48 - 2018-09-02 13:48 - 000031576 _____ C:\Users\Sani\Desktop\Addition.txt
2018-09-02 13:47 - 2018-09-03 19:18 - 000010325 _____ C:\Users\Sani\Desktop\FRST.txt
2018-09-02 13:47 - 2018-09-03 19:18 - 000000000 ____D C:\FRST
2018-09-02 13:44 - 2018-09-02 13:44 - 001773568 _____ (Farbar) C:\Users\Sani\Desktop\FRST.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-03 19:15 - 2006-11-02 12:18 - 000000000 ____D C:\Windows\inf
2018-09-03 19:15 - 2006-11-02 11:33 - 000759082 _____ C:\Windows\system32\PerfStringBackup.INI
2018-09-03 19:11 - 2016-11-27 20:57 - 000000000 ____D C:\Users\Sani\AppData\LocalLow\Mozilla
2018-09-03 19:10 - 2006-11-02 14:01 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-09-03 19:10 - 2006-11-02 13:47 - 000003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2018-09-03 19:10 - 2006-11-02 13:47 - 000003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2018-09-02 23:14 - 2006-11-02 14:01 - 000032550 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-09-02 22:56 - 2015-02-22 13:56 - 000000000 ____D C:\AdwCleaner
2018-09-02 22:13 - 2015-03-29 13:40 - 000000000 ____D C:\Users\Sani\AppData\Roaming\Skype
2018-08-31 22:32 - 2015-02-03 21:36 - 000000000 ____D C:\Users\Sani\AppData\Roaming\vlc
2018-08-31 22:10 - 2015-04-03 10:35 - 000032768 _____ C:\Users\Sani\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-08-27 18:23 - 2015-10-25 14:31 - 000000000 ____D C:\Users\Sani\Desktop\wolf3d

==================== Files in the root of some directories =======

2015-02-04 16:17 - 2017-01-29 12:06 - 000007030 _____ () C:\Users\Sani\AppData\Roaming\New Text Document.txt
2015-02-04 21:21 - 2015-02-04 21:21 - 000138056 _____ () C:\Users\Sani\AppData\Roaming\PnkBstrK.sys
2015-03-25 23:31 - 2015-05-21 23:19 - 000001253 _____ () C:\Users\Sani\AppData\Roaming\registry key.txt
2017-07-09 20:22 - 2017-07-09 21:33 - 000000308 _____ () C:\Users\Sani\AppData\Roaming\Rim.Desktop.Exception.log
2017-07-09 20:21 - 2017-07-13 20:03 - 000002009 _____ () C:\Users\Sani\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2017-07-09 20:22 - 2017-07-09 21:33 - 000000308 _____ () C:\Users\Sani\AppData\Roaming\Rim.DesktopHelper.Exception.log
2016-11-20 22:17 - 2016-11-20 22:17 - 000026340 _____ () C:\Users\Sani\AppData\Roaming\UserTile.png
2015-03-23 22:12 - 2015-03-23 22:12 - 000000047 _____ () C:\Users\Sani\AppData\Roaming\WB.CFG
2015-03-29 13:19 - 2016-10-01 15:29 - 000001356 _____ () C:\Users\Sani\AppData\Local\d3d9caps.dat
2015-04-03 10:35 - 2018-08-31 22:10 - 000032768 _____ () C:\Users\Sani\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-10-08 10:46 - 2017-01-29 12:07 - 000007029 _____ () C:\Users\Sani\AppData\Local\New Text Document.txt

Files to move or delete:
====================
C:\Windows\Tasks\{E3D207D9-5620-4E0E-91FC-E810311A45D2}.job


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-09-03 19:17

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01.09.2018 03
Ran by Sani (03-09-2018 19:18:38)
Running from C:\Users\Sani\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2015-02-02 05:05:45)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1677253683-3081182462-1745060028-500 - Administrator - Disabled)
Guest (S-1-5-21-1677253683-3081182462-1745060028-501 - Limited - Disabled)
Sani (S-1-5-21-1677253683-3081182462-1745060028-1000 - Administrator - Enabled) => C:\Users\Sani

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security (Enabled - Out of date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security (Enabled - Out of date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (HKLM\...\{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}) (Version: 1.0.0 - Hewlett-Packard) Hidden
Adobe Flash Player 30 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Any Video Converter 5.7.9 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
ATI Catalyst Install Manager (HKLM\...\{EB68307E-4E70-0C63-2CEE-62FA85C88CA6}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
BufferChm (HKLM\...\{E2662C24-B31E-4349-A084-32EB76E8B760}) (Version: 90.0.146.000 - Hewlett-Packard) Hidden
ccc-core-static (HKLM\...\{77F218D6-EAF4-402C-36B1-C3F0EC62598D}) (Version: 2009.0625.1812.30825 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
CrystalDiskInfo 7.0.4 (HKLM\...\CrystalDiskInfo_is1) (Version: 7.0.4 - Crystal Dew World)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version: 1.02.06 - Creative Technology Ltd)
Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11 Application) (Version: 5.10.38.30 - Dell Inc.)
ESET Smart Security (HKLM\...\{4767A2E8-3EE2-4090-A408-2E775A97E83C}) (Version: 10.1.219.0 - ESET, spol. s r.o.)
Foxit PhantomPDF Standard (HKLM\...\{002C7EBB-F986-4C33-AD1A-9A1570F2FBBE}) (Version: 7.2.0.722 - Foxit Software Inc.)
GOM Player (HKLM\...\GOM Player) (Version: 2.3.9.5265 - Gretech Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Integrated Webcam Driver (1.04.01.0601) (HKLM\...\Creative OA008) (Version: 1.04.01.0601 - Creative Technology Ltd.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 52.9.0 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.9.0 ESR (x86 en-US)) (Version: 52.9.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.9.0.6746 - Mozilla)
Open Freely (HKLM\...\{1BF14E04-85DE-480C-9A04-EB36744C66C3}_is1) (Version: 1.0 - Download Freely, LLC)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.1 - Dell)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
RICOH Media Driver ver.2.07.01.04 (HKLM\...\{2B818257-E6C7-4841-8C29-C5C9A982BCE5}) (Version: 2.07.01.04 - RICOH)
S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0006] (HKLM\...\S.T.A.L.K.E.R. - Shadow of Chernobyl_is1) (Version: 1.0006 - THQ)
Skins (HKLM\...\{3A07247E-0645-8BCF-8419-FD857790108D}) (Version: 2009.0625.1812.30825 - ATI) Hidden
Skype™ 7.33 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Stalker Complete 2009 (HKLM\...\{Stalker Complete 2009 v1.4.4}}_is1) (Version: - )
STALKERSOUP BETA (HKLM\...\STALKERSOUP BETA) (Version: 1.0.9.9.8.1 - JAMMER)
TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
UnloadSupport (HKLM\...\{543E938C-BDC4-4933-A612-01293996845F}) (Version: 9.0.0 - Hewlett-Packard) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinRAR 5.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Wolfenstein 3D (HKLM\...\Wolf3DUninstallKey) (Version: - )
World of Tanks (HKU\S-1-5-21-1677253683-3081182462-1745060028-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version: - Wargaming.net)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-11-03] (ESET)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x86.dll [2015-07-10] (Foxit Software Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-11-03] (ESET)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [2009-06-25] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-11-03] (ESET)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {166F4847-7E2C-469F-9818-6107BC4ED58C} - System32\Tasks\{3409B7F2-C69E-4579-B2DA-4E24C871D55E} => "c:\program files\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/6.16.0.105/en/abandoninstall?page=tsBing
Task: {2A92AE83-3A7A-45D2-908C-7AB686C918C7} - System32\Tasks\hgkjhfvghc => C:\Windows\System32\shutdown.exe [2008-01-21] (Microsoft Corporation)
Task: {2C4E4486-9AD4-4EBD-B249-212EFEA2F3FF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-11-27] (Google Inc.)
Task: {3816C10F-6D03-4B55-A923-D6DA650902CA} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_30_0_0_113_Plugin.exe [2018-06-19] (Adobe Systems Incorporated)
Task: {3B418972-FFD5-41D2-9D84-BAEEE50FDE18} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-07-06] (Piriform Ltd)
Task: {3D0B14B2-514C-42B6-9395-770C83B35843} - System32\Tasks\Launch BCM WLAN Tray => C:\Windows\system32\WLTRAY.EXE [2008-11-17] (Dell Inc.)
Task: {4646269D-DD3C-429A-A113-89A7B7361BE9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-11-27] (Google Inc.)
Task: {55A47CC7-5F5A-4CCB-9561-931EB8896DA2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-07-06] (Piriform Ltd)
Task: {5FE89567-2C62-4C09-89E3-6F0D216A29E7} - System32\Tasks\Advanced File Optimizer_checkupdate_startup => C:\Program Files\Advanced File Optimizer\AdvancedFileOptimizer.exe
Task: {6CD4F3C9-212F-44E6-AFAD-EA6688990D71} - System32\Tasks\hvgx => C:\Program Files\KairosPlanet\KairosPlanet.exe
Task: {7C35CA18-EB2F-49F0-AD2D-A613045B9A3D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-06-19] (Adobe Systems Incorporated)
Task: {97833626-667C-4A79-BEC8-3D36FA2C1635} - System32\Tasks\,jbgj => C:\Windows\System32\shutdown.exe [2008-01-21] (Microsoft Corporation)
Task: {A1EDDDC6-BCBD-47A0-804E-89D44AABB142} - System32\Tasks\ggfy => C:\Windows\System32\shutdown.exe [2008-01-21] (Microsoft Corporation)
Task: {C0D612B9-B412-4697-86E0-443D41ECE93D} - System32\Tasks\shutdown => C:\Windows\System32\shutdown.exe [2008-01-21] (Microsoft Corporation)
Task: {C57DA7AD-7922-4E46-9D2A-5AC7801C5607} - System32\Tasks\plllan => C:\Program Files\KairosPlanet\KairosPlanet.exe
Task: {F86E7BB1-B94D-4E6A-9216-6F29A675C75F} - System32\Tasks\{6189D548-39F8-469B-B139-8C536ADE8FB1} => "c:\program files\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/6.18.0.106/en/abandoninstall?source=lightinstaller&page=tsMain

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\{E3D207D9-5620-4E0E-91FC-E810311A45D2}.job => c:\program files\mozilla firefox\firefox.exeLhxxp:/ui.skype.com/ui/0/7.2.60.103/cs/go/

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Sani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://loadstart.net/?ssid=1475327715&a=1054667&src=sh&uuid=cf81b04c-f808-472c-9132-eea76bdd6f5f,1475327563776"
ShortcutWithArgument: C:\Users\Sani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://loadstart.net/?ssid=1475327715&a=1054667&src=sh&uuid=cf81b04c-f808-472c-9132-eea76bdd6f5f,1475327563776"
ShortcutWithArgument: C:\Users\Sani\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser (2).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://loadstart.net/?ssid=1475327715&a=1054667&src=sh&uuid=cf81b04c-f808-472c-9132-eea76bdd6f5f,1475327563776"

==================== Loaded Modules (Whitelisted) ==============

2015-02-01 23:48 - 2008-11-17 08:29 - 000026112 _____ () C:\Windows\System32\WLTRYSVC.EXE
2015-02-01 23:48 - 2008-11-17 08:29 - 000054784 _____ () C:\Windows\System32\bcmwlrmt.dll
2015-05-04 17:39 - 2011-02-28 23:37 - 000180624 _____ () C:\Windows\System32\Primomonnt.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000\...\localhost -> localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2018-01-23 20:46 - 000000775 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1677253683-3081182462-1745060028-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\Wallpaper\img22.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: PnkBstrA => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TabletInputService => 2
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk => C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk => C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: DAEMON Tools Ultra Agent => "C:\Program Files\DAEMON Tools Ultra\DTAgent.exe" -autorun
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{79AF29F7-0612-4E02-B344-72B62257826B}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{FB5BE43D-3688-4895-92FA-57EDAD0AC1E6}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [{1DFB5C98-24EA-41C9-9D59-94D79FDE500D}] => (Allow) LPort=80
FirewallRules: [{2C531104-E9C9-4919-B52C-A5F19702B4DC}] => (Allow) LPort=80
FirewallRules: [{9B58FEAB-61E3-4528-B05E-5DE17D6F8C94}] => (Allow) LPort=80
FirewallRules: [{31D701C8-1D3E-47F4-899C-9980432F0494}] => (Allow) C:\Windows\System32\PnkBstrA.exe
FirewallRules: [{9E6EE92E-B373-44D4-9CB1-4E2FBA83F4C9}] => (Allow) C:\Windows\System32\PnkBstrA.exe
FirewallRules: [{04B7C0A7-EDDD-4D16-AC1B-AD7A5D17D741}] => (Allow) C:\Windows\System32\PnkBstrB.exe
FirewallRules: [{47F29245-F8BE-4F4A-A3E3-9C92B74EDD28}] => (Allow) C:\Windows\System32\PnkBstrB.exe
FirewallRules: [{0349332B-9C11-40AB-B0D3-C015F9FF5555}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{E54FE2D1-536D-4245-8978-0D85BD4D4893}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{16AB419F-3081-4286-A85F-FDE287CE4BD0}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{67FAA00D-09C4-4A72-B409-7D0946EC0AC5}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{2D81A371-A32B-49CA-895C-D8BB90210C6A}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{699C52AB-237E-47C8-B12F-BB4BF5D4E229}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{BF621B70-3C7F-488B-990C-548E90CD8090}] => (Allow) C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{1B4D5AFE-F246-44B4-8E5E-DC70BF949B62}] => (Allow) C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{0B3A52D7-4B65-4CE9-8FBB-4C745002DFD4}] => (Allow) C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe
FirewallRules: [{B97BF055-DCE9-4181-A2C1-C2E711902B0D}] => (Allow) C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe
FirewallRules: [{481872FC-0A63-4932-A4E1-956CF541BA2F}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{99A8BC33-CB72-4358-8C7A-BFBBF91FED1A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C27F188B-18B8-4713-8E76-D90DBD2B185C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{90748ECF-1611-405E-AA3F-00F078FB9FB5}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{4E2457DD-56B9-4880-9EC4-54208273B45D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe

==================== Restore Points =========================

02-09-2018 12:27:52 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/03/2018 07:12:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/02/2018 11:00:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/02/2018 09:04:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/01/2018 08:12:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/01/2018 07:16:51 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: The COM+ Event System could not remove the EventSystem.EventSubscription object {5C70CD3A-8913-4D93-94F7-79182EF1B930}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The HRESULT was 80070005.

Error: (09/01/2018 06:53:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/31/2018 11:24:47 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: The COM+ Event System could not remove the EventSystem.EventSubscription object {5C70CD3A-8913-4D93-94F7-79182EF1B930}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The HRESULT was 80070005.

Error: (08/31/2018 06:31:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (09/03/2018 07:18:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (09/03/2018 07:18:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (09/03/2018 07:18:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (09/03/2018 07:18:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (09/03/2018 07:18:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (09/03/2018 07:16:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (09/03/2018 07:16:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (09/03/2018 07:16:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


CodeIntegrity:
===================================

Date: 2018-09-03 19:18:19.913
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2018-09-03 19:18:19.554
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2018-09-03 19:18:19.180
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2018-09-03 19:18:18.805
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2018-09-03 19:18:10.041
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET Security\ecmds.exe because the set of per-page image hashes could not be found on the system.

Date: 2018-09-03 19:18:09.682
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET Security\ecmds.exe because the set of per-page image hashes could not be found on the system.

Date: 2018-09-03 19:18:09.323
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET Security\ecmds.exe because the set of per-page image hashes could not be found on the system.

Date: 2018-09-03 19:18:08.824
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET Security\ecmds.exe because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
Percentage of memory in use: 41%
Total physical RAM: 3035.94 MB
Available physical RAM: 1771.46 MB
Total Virtual: 6290.1 MB
Available Virtual: 5218.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.88 GB) (Free:65.13 GB) NTFS ==>[drive with boot components (obtained from BCD)]


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 7506696B)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: kontrola

#6 Příspěvek od Conder »

:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
    CloseProcesses:
    CreateRestorePoint:
    
    PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
    HKU\S-1-5-21-1677253683-3081182462-1745060028-1000\...\MountPoints2: {7099f7f6-3160-11e5-9c53-8ae4067d2990} - E:\StartCD.exe
    HKU\S-1-5-21-1677253683-3081182462-1745060028-1000\...\MountPoints2: {8dec5a86-3c60-11e5-bdfa-344b50b7ef19} - E:\AutoRun.exe
    HKU\S-1-5-21-1677253683-3081182462-1745060028-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
    HKU\S-1-5-21-1677253683-3081182462-1745060028-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    S3 anvsnddrv; system32\drivers\anvsnddrv.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    C:\Windows\Tasks\{E3D207D9-5620-4E0E-91FC-E810311A45D2}.job
    CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
    Task: {5FE89567-2C62-4C09-89E3-6F0D216A29E7} - System32\Tasks\Advanced File Optimizer_checkupdate_startup => C:\Program Files\Advanced File Optimizer\AdvancedFileOptimizer.exe
    Task: {6CD4F3C9-212F-44E6-AFAD-EA6688990D71} - System32\Tasks\hvgx => C:\Program Files\KairosPlanet\KairosPlanet.exe
    Task: {C57DA7AD-7922-4E46-9D2A-5AC7801C5607} - System32\Tasks\plllan => C:\Program Files\KairosPlanet\KairosPlanet.exe
    Task: C:\Windows\Tasks\{E3D207D9-5620-4E0E-91FC-E810311A45D2}.job => c:\program files\mozilla firefox\firefox.exeLhxxp:/ui.skype.com/ui/0/7.2.60.103/cs/go/
    
    Hosts:
    EmptyTemp:
    End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

sani8
Návštěvník
Návštěvník
Příspěvky: 102
Registrován: 29 srp 2009 14:28

Re: kontrola

#7 Příspěvek od sani8 »

Fix result of Farbar Recovery Scan Tool (x86) Version: 01.09.2018 03
Ran by Sani (03-09-2018 22:25:17) Run:1
Running from C:\Users\Sani\Desktop
Loaded Profiles: Sani (Available Profiles: Sani)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
HKU\S-1-5-21-1677253683-3081182462-1745060028-1000\...\MountPoints2: {7099f7f6-3160-11e5-9c53-8ae4067d2990} - E:\StartCD.exe
HKU\S-1-5-21-1677253683-3081182462-1745060028-1000\...\MountPoints2: {8dec5a86-3c60-11e5-bdfa-344b50b7ef19} - E:\AutoRun.exe
HKU\S-1-5-21-1677253683-3081182462-1745060028-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
HKU\S-1-5-21-1677253683-3081182462-1745060028-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S3 anvsnddrv; system32\drivers\anvsnddrv.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
C:\Windows\Tasks\{E3D207D9-5620-4E0E-91FC-E810311A45D2}.job
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
Task: {5FE89567-2C62-4C09-89E3-6F0D216A29E7} - System32\Tasks\Advanced File Optimizer_checkupdate_startup => C:\Program Files\Advanced File Optimizer\AdvancedFileOptimizer.exe
Task: {6CD4F3C9-212F-44E6-AFAD-EA6688990D71} - System32\Tasks\hvgx => C:\Program Files\KairosPlanet\KairosPlanet.exe
Task: {C57DA7AD-7922-4E46-9D2A-5AC7801C5607} - System32\Tasks\plllan => C:\Program Files\KairosPlanet\KairosPlanet.exe
Task: C:\Windows\Tasks\{E3D207D9-5620-4E0E-91FC-E810311A45D2}.job => c:\program files\mozilla firefox\firefox.exeLhxxp:/ui.skype.com/ui/0/7.2.60.103/cs/go/

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========


========= End of Powershell: =========

"HKU\S-1-5-21-1677253683-3081182462-1745060028-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7099f7f6-3160-11e5-9c53-8ae4067d2990}" => removed successfully.
HKLM\Software\Classes\CLSID\{7099f7f6-3160-11e5-9c53-8ae4067d2990} => not found
"HKU\S-1-5-21-1677253683-3081182462-1745060028-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8dec5a86-3c60-11e5-bdfa-344b50b7ef19}" => removed successfully.
HKLM\Software\Classes\CLSID\{8dec5a86-3c60-11e5-bdfa-344b50b7ef19} => not found
"HKU\S-1-5-21-1677253683-3081182462-1745060028-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache" => removed successfully.
HKU\S-1-5-21-1677253683-3081182462-1745060028-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully.
"HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully.
"HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully.
"HKLM\System\CurrentControlSet\Services\anvsnddrv" => removed successfully.
anvsnddrv => service removed successfully.
"HKLM\System\CurrentControlSet\Services\IpInIp" => removed successfully.
IpInIp => service removed successfully.
"HKLM\System\CurrentControlSet\Services\NwlnkFlt" => removed successfully.
NwlnkFlt => service removed successfully.
"HKLM\System\CurrentControlSet\Services\NwlnkFwd" => removed successfully.
NwlnkFwd => service removed successfully.
C:\Windows\Tasks\{E3D207D9-5620-4E0E-91FC-E810311A45D2}.job => moved successfully
"HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}" => removed successfully.
"HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}" => removed successfully.
"HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}" => removed successfully.
"HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}" => removed successfully.
"HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}" => removed successfully.
"HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}" => removed successfully.
"HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}" => removed successfully.
"HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}" => removed successfully.
"HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}" => removed successfully.
"HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}" => removed successfully.
"HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}" => removed successfully.
"HKU\S-1-5-21-1677253683-3081182462-1745060028-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5FE89567-2C62-4C09-89E3-6F0D216A29E7}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FE89567-2C62-4C09-89E3-6F0D216A29E7}" => removed successfully.
C:\Windows\System32\Tasks\Advanced File Optimizer_checkupdate_startup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced File Optimizer_checkupdate_startup" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6CD4F3C9-212F-44E6-AFAD-EA6688990D71}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6CD4F3C9-212F-44E6-AFAD-EA6688990D71}" => removed successfully.
C:\Windows\System32\Tasks\hvgx => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\hvgx" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C57DA7AD-7922-4E46-9D2A-5AC7801C5607}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C57DA7AD-7922-4E46-9D2A-5AC7801C5607}" => removed successfully.
C:\Windows\System32\Tasks\plllan => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\plllan" => removed successfully.
"C:\Windows\Tasks\{E3D207D9-5620-4E0E-91FC-E810311A45D2}.job" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 53208009 B
Java, Flash, Steam htmlcache => 1929 B
Windows/system/drivers => 1119042 B
Edge => 0 B
Chrome => 141183 B
Firefox => 378183697 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33058 B
Public => 0 B
ProgramData => 0 B
systemprofile => 42882796 B
LocalService => 66228 B
NetworkService => 0 B
Sani => 2513547 B

RecycleBin => 8312607 B
EmptyTemp: => 471.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:25:54 ====

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: kontrola

#8 Příspěvek od Conder »

:arrow: Vyzera to OK. Nastala nejaka zmena alebo su este nejake problemy?
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

sani8
Návštěvník
Návštěvník
Příspěvky: 102
Registrován: 29 srp 2009 14:28

Re: kontrola

#9 Příspěvek od sani8 »

Vyzera to OK. Dakujem. Je nutna novsia verzia Windows alebo sa da fungovat dalej na viste? Neviem ci sa tento dedusko rozbehne ak by som mu dal novsiu verziu Windows :) Dakujem.

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: kontrola

#10 Příspěvek od Conder »

:arrow: OS ako taky samozrejme bude fungovat, ale ako som pisal, viacero programov, hlavne co sa tyka prehliadacov Firefox a Chrome, uz nepodporuju Vistu, takze ziadne nove verzie/aktualizacie.

:arrow: Inak este jedna otazka, ten proxy server vo Firefoxe mas nastaveny umyselne?
FF NetworkProxy: Mozilla\Firefox\Profiles\17pz7xze.default-1484472230595 -> backup.ftp", "94.136.138.142"
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

sani8
Návštěvník
Návštěvník
Příspěvky: 102
Registrován: 29 srp 2009 14:28

Re: kontrola

#11 Příspěvek od sani8 »

Chcel som sledovat futbalovy prenos na STV (zo zahranicie), ze sa to da ked sa vymeni proxy,nefungovalo to dobre tak som to vzdal, ak tam nieco zostalo tak to neviem?! Je to zle?

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: kontrola

#12 Příspěvek od Conder »

:arrow: Zalezi na tom, aky proxy server tam je nastaveny, pretoze vsetky data potom idu cez tento proxy server. V tomto pripade to vsak je nastavene iba pre FTP, kazdopadne ak to uz nepouzivas/nepotrebujes, tak spusti este tento fixlist:

:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
    FF NetworkProxy: Mozilla\Firefox\Profiles\17pz7xze.default-1484472230595 -> backup.ftp", "94.136.138.142"
    RemoveProxy:
    End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

sani8
Návštěvník
Návštěvník
Příspěvky: 102
Registrován: 29 srp 2009 14:28

Re: kontrola

#13 Příspěvek od sani8 »

Fix result of Farbar Recovery Scan Tool (x86) Version: 01.09.2018 03
Ran by Sani (06-09-2018 22:32:07) Run:2
Running from C:\Users\Sani\Desktop
Loaded Profiles: Sani (Available Profiles: Sani)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
FF NetworkProxy: Mozilla\Firefox\Profiles\17pz7xze.default-1484472230595 -> backup.ftp", "94.136.138.142"
RemoveProxy:
End
*****************

Firefox Proxy settings were reset.

========= RemoveProxy: =========

"HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\" => removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.
"HKU\S-1-5-21-1677253683-3081182462-1745060028-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\S-1-5-21-1677253683-3081182462-1745060028-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.


========= End of RemoveProxy: =========


==== End of Fixlog 22:32:07 ====

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: kontrola

#14 Příspěvek od Conder »

:arrow: OK. Ak uz teda nie su ziadne problemy, tak este upraceme po pouzitych nastrojoch:
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

sani8
Návštěvník
Návštěvník
Příspěvky: 102
Registrován: 29 srp 2009 14:28

Re: kontrola

#15 Příspěvek od sani8 »

Je upratane. Dakujem velmi pekne za pomoc. :thumbsup:

Zamčeno