prosim o preventivku,pc se chova podezrele

[Conder]

OK, k tym programom: po tych prvych dvoch (PCCleaner a DriveTheLife) este docistime zbytky, ktore po nich ostali, kedze tieto programy nie su velmi doveryhodne. Co sa tyka tych zvysnych troch programov, tie by mali byt v poriadku, tam pytal som sa skor preventivne. Len ten COMODO System-Cleaner je uz zrejme zastaraly a nevyvijany program. Ak hladas nejaky program pre cistenie, tak odporucame CCleaner.

A este k tomu DriveTheLife, ten program je zrejme urceny na automaticke vyhladanie a instalaciu ovladacov (driverov). Taketo programy velmi neodporucam (a hlavne Driver Booster a vsetky IObit programy). Ovladace by sa mali stahovat zo stranky vyrobcu daneho hardwaru (zakl. dosky, notebooku...).

Otvor poznamkovy blok (Win+R -> notepad -> enter)

• Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

  Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  
  Zip: C:\Program Files\DTLSoft; C:\FRST\C\Quarantine\Users\ota\AppData\Roaming\TMS-UnInstall.exe.xBAD
  HKLM\...\Run: [DriveTheLife2013] => C:\Program Files\DTLSoft\DriveTheLife\DriveTheLife.exe [2132320 2015-07-23] (Drive The Life Co., Ltd.)
  FirewallRules: [{2E4DC489-AC06-4657-8D8C-B1FF28109489}] => (Allow) C:\Program Files\DTLSoft\DriveTheLife\DriveTheLife.exe (Drive The Life Co., Ltd.)
  FirewallRules: [{E7C69E30-EC7C-4ED7-B05F-BF6343BD8F90}] => (Allow) C:\Program Files\DTLSoft\DriveTheLife\LDrvSvc.dll ()
  FirewallRules: [{4BDF462B-FB0E-4BA8-BE4D-E12F747B4ED2}] => (Allow) C:\Program Files\DTLSoft\DriveTheLife\download\MiniThunderPlatform.exe (深圳市迅雷网络技术有限公司)
  FirewallRules: [{4DC4668F-CA67-4E7C-A474-476E0FF1A6A1}] => (Allow) C:\Program Files\DTLSoft\DriveTheLife\DTLService.exe (深圳市驱动人生科技股份有限公司)
  C:\Program Files\DTLSoft
  
  Hosts:
  EmptyTemp:
  End

• Uloz na plochu s nazvom fixlist.txt
• Spusti znovu FRST a klikni na Fix
• Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
• Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

Na ploche by sa mal opat vytvorit ZIP archiv s aktualnym datumom a casom v nazve, nahraj ho napr. na leteckaposta.cz a posli odkaz na stiahnutie.

[tutamilan]

http://leteckaposta.cz/770763026

[Conder]

OK, poprosim este o Fixlog.

Dalej vytvor a posli obidva nove logy z FRST (moznost Scan).

Ako to vyzera s PC? Su nejake problemy?

[tutamilan]

pc je mnohem lepsi,rychlejsi start i vypinani a i prace,jen pripojeni k internetu je trochu problem,vzdy musim pres nabidku "odstranit potize z pripojenim",spustim tuto nabidku a az po chvili se pc pripoji k netu.ale to uz neni tak zasadni problem.

[tutamilan]

Fix result of Farbar Recovery Scan Tool (x86) Version: 20-01-2019
Ran by ota (24-01-2019 09:25:09) Run:3
Running from C:\Users\ota\Desktop
Loaded Profiles: ota (Available Profiles: ota)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

Zip: C:\Program Files\DTLSoft; C:\FRST\C\Quarantine\Users\ota\AppData\Roaming\TMS-UnInstall.exe.xBAD
HKLM\...\Run: [DriveTheLife2013] => C:\Program Files\DTLSoft\DriveTheLife\DriveTheLife.exe [2132320 2015-07-23] (Drive The Life Co., Ltd.)
FirewallRules: [{2E4DC489-AC06-4657-8D8C-B1FF28109489}] => (Allow) C:\Program Files\DTLSoft\DriveTheLife\DriveTheLife.exe (Drive The Life Co., Ltd.)
FirewallRules: [{E7C69E30-EC7C-4ED7-B05F-BF6343BD8F90}] => (Allow) C:\Program Files\DTLSoft\DriveTheLife\LDrvSvc.dll ()
FirewallRules: [{4BDF462B-FB0E-4BA8-BE4D-E12F747B4ED2}] => (Allow) C:\Program Files\DTLSoft\DriveTheLife\download\MiniThunderPlatform.exe (?????????????)
FirewallRules: [{4DC4668F-CA67-4E7C-A474-476E0FF1A6A1}] => (Allow) C:\Program Files\DTLSoft\DriveTheLife\DTLService.exe (???????????????)
C:\Program Files\DTLSoft

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.
================== Zip: ===================
C:\Program Files\DTLSoft -> copied successfully to C:\Users\ota\Desktop\24.01.2019_09.25.39.zip
"C:\FRST\C\Quarantine\Users\ota\AppData\Roaming\TMS-UnInstall.exe.xBAD" -> not found
=========== Zip: End ===========
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\DriveTheLife2013" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2E4DC489-AC06-4657-8D8C-B1FF28109489}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E7C69E30-EC7C-4ED7-B05F-BF6343BD8F90}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4BDF462B-FB0E-4BA8-BE4D-E12F747B4ED2}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4DC4668F-CA67-4E7C-A474-476E0FF1A6A1}" => removed successfully.
C:\Program Files\DTLSoft => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5094475 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 218386750 B
Firefox => 45296003 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 3838265 B
LocalService => 0 B
NetworkService => 0 B
ota => 5428839 B

RecycleBin => 20832649 B
EmptyTemp: => 293 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 09:27:00 ====

[tutamilan]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-01-2019
Ran by ota (administrator) on HP-PC (25-01-2019 20:24:40)
Running from C:\Users\ota\Desktop
Loaded Profiles: ota (Available Profiles: ota)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(HP Inc.) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1183744 2008-04-23] (Analog Devices, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2358584 2012-05-17] (Synaptics Incorporated)
HKLM\...\Run: [persistence module] => C:\Windows\system32\igfxpers.exe [150552 2009-09-23] (Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [222600 2019-01-16] (AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-335174678-1145664534-2665916264-1000\...\Run: [GoogleDriveSync] => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files\Google\Chrome\Application\70.0.3538.77\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 188.92.8.18 192.168.1.1
Tcpip\..\Interfaces\{5BED7537-9AC1-4692-9D2A-E0BBF9941A2D}: [DhcpNameServer] 188.92.8.18 192.168.1.1

Internet Explorer:
==================
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-04-07] (HP Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 8atgv8ah.default
FF ProfilePath: C:\Users\ota\AppData\Roaming\Mozilla\Firefox\Profiles\8atgv8ah.default [2019-01-24]
FF Homepage: Mozilla\Firefox\Profiles\8atgv8ah.default -> hxxps://www.seznam.cz/
FF Session Restore: Mozilla\Firefox\Profiles\8atgv8ah.default -> is enabled.
FF Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\ota\AppData\Roaming\Mozilla\Firefox\Profiles\8atgv8ah.default\Extensions\sp@avast.com.xpi [2019-01-22]
FF Extension: (Avast Online Security) - C:\Users\ota\AppData\Roaming\Mozilla\Firefox\Profiles\8atgv8ah.default\Extensions\wrc@avast.com.xpi [2019-01-18]
FF Extension: (Vývojové sestavení Adblock Plus) - C:\Users\ota\AppData\Roaming\Mozilla\Firefox\Profiles\8atgv8ah.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-01-04]
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN)

Chrome:
=======
CHR HomePage: Default -> hxxp://seznam.cz/
CHR StartupUrls: Default -> "hxxp://seznam.cz/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\ota\AppData\Local\Google\Chrome\User Data\Default [2019-01-25]
CHR Extension: (Prezentace) - C:\Users\ota\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-18]
CHR Extension: (Dokumenty) - C:\Users\ota\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-18]
CHR Extension: (Disk Google) - C:\Users\ota\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-12]
CHR Extension: (YouTube) - C:\Users\ota\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-12]
CHR Extension: (Tabulky) - C:\Users\ota\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-18]
CHR Extension: (Dokumenty Google offline) - C:\Users\ota\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-17]
CHR Extension: (Avast Online Security) - C:\Users\ota\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-09-28]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\ota\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2018-07-30]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\ota\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-13]
CHR Extension: (Gmail) - C:\Users\ota\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-12]
CHR Extension: (Chrome Media Router) - C:\Users\ota\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-15]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-335174678-1145664534-2665916264-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6300272 2019-01-16] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [309480 2019-01-16] (AVAST Software)
S3 hpqcaslwmiex; C:\Program Files\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc.)
S4 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10803440 2018-09-28] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [34680 2019-01-16] (AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [169216 2019-01-16] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [187248 2019-01-16] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [158288 2019-01-16] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblog.sys [255416 2019-01-16] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [51320 2019-01-16] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [183160 2019-01-16] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42928 2019-01-16] (AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [40888 2019-01-16] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [138272 2019-01-18] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [101176 2019-01-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [72992 2019-01-16] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [785776 2019-01-16] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [401832 2019-01-16] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [163344 2019-01-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310400 2019-01-16] (AVAST Software)
R2 drhard; C:\Windows\system32\Drivers\drhard.sys [23600 2005-12-01] (Licensed for Gebhard Software) [File not signed]
R3 GTIPCI21; C:\Windows\System32\DRIVERS\gtipci21.sys [97280 2007-05-09] (Texas Instruments)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-25 20:24 - 2019-01-25 20:26 - 000011278 _____ C:\Users\ota\Desktop\FRST.txt
2019-01-25 20:18 - 2019-01-25 20:18 - 000000000 ____D C:\Users\ota\AppData\Local\ElevatedDiagnostics
2019-01-24 09:25 - 2019-01-24 09:27 - 000003111 _____ C:\Users\ota\Desktop\Fixlog.txt
2019-01-24 09:25 - 2019-01-24 09:26 - 021326220 _____ C:\Users\ota\Desktop\24.01.2019_09.25.39.zip
2019-01-23 09:51 - 2019-01-23 09:51 - 000018763 _____ C:\Windows\cscmondump.bin
2019-01-22 17:36 - 2019-01-22 17:38 - 000000000 ____D C:\Users\ota\Documents\Nová složka
2019-01-18 18:22 - 2019-01-20 19:46 - 000000000 ____D C:\Users\ota\Desktop\FRST-OlderVersion
2019-01-16 18:41 - 2019-01-16 17:09 - 000312200 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-01-16 17:44 - 2018-12-15 00:14 - 000348760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-01-16 17:44 - 2018-12-14 07:58 - 020280832 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-01-16 17:44 - 2018-12-14 07:51 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-01-16 17:44 - 2018-12-14 07:51 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-01-16 17:44 - 2018-12-14 07:41 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-01-16 17:44 - 2018-12-14 07:40 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2019-01-16 17:44 - 2018-12-14 07:40 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-01-16 17:44 - 2018-12-14 07:39 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2019-01-16 17:44 - 2018-12-14 07:38 - 002295808 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-01-16 17:44 - 2018-12-14 07:35 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-01-16 17:44 - 2018-12-14 07:35 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-01-16 17:44 - 2018-12-14 07:34 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-01-16 17:44 - 2018-12-14 07:33 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-01-16 17:44 - 2018-12-14 07:33 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-01-16 17:44 - 2018-12-14 07:32 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-01-16 17:44 - 2018-12-14 07:29 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-01-16 17:44 - 2018-12-14 07:26 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2019-01-16 17:44 - 2018-12-14 07:23 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-01-16 17:44 - 2018-12-14 07:22 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-01-16 17:44 - 2018-12-14 07:22 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2019-01-16 17:44 - 2018-12-14 07:20 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2019-01-16 17:44 - 2018-12-14 07:19 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-01-16 17:44 - 2018-12-14 07:19 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-01-16 17:44 - 2018-12-14 07:18 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-01-16 17:44 - 2018-12-14 07:14 - 013681152 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-01-16 17:44 - 2018-12-14 07:13 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-01-16 17:44 - 2018-12-14 07:11 - 002059776 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-01-16 17:44 - 2018-12-14 07:11 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-01-16 17:44 - 2018-12-14 07:11 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-01-16 17:44 - 2018-12-14 07:10 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2019-01-16 17:44 - 2018-12-14 06:58 - 004386816 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-01-16 17:44 - 2018-12-14 06:54 - 001330176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-01-16 17:44 - 2018-12-14 06:52 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-01-16 17:43 - 2018-12-14 07:41 - 000498176 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-01-16 17:43 - 2018-12-14 07:33 - 000663040 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-01-16 17:43 - 2018-12-14 07:18 - 004494848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-01-16 17:22 - 2019-01-16 17:22 - 000187248 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-01-16 17:14 - 2019-01-16 17:08 - 000255416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblog.sys
2019-01-16 17:14 - 2019-01-16 17:08 - 000158288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-01-16 17:14 - 2019-01-16 17:08 - 000051320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-01-16 17:14 - 2019-01-16 17:08 - 000034680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2019-01-16 17:03 - 2019-01-20 19:46 - 001787904 _____ (Farbar) C:\Users\ota\Desktop\FRST.exe
2018-12-31 21:07 - 2019-01-22 20:46 - 000000000 ____D C:\Users\ota\AppData\Local\Viber

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-25 20:24 - 2018-02-25 07:01 - 000000000 ____D C:\FRST
2019-01-25 20:18 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\system32\NDF
2019-01-24 11:23 - 2009-07-14 05:34 - 000014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-01-24 11:23 - 2009-07-14 05:34 - 000014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-01-24 09:34 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-01-23 20:19 - 2017-04-07 11:23 - 000000000 ____D C:\Users\ota\AppData\LocalLow\Mozilla
2019-01-23 18:53 - 2017-11-12 17:30 - 000000000 ____D C:\Users\ota\AppData\Roaming\uTorrent
2019-01-23 16:05 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\rescache
2019-01-23 13:57 - 2017-04-05 06:41 - 001583226 _____ C:\Windows\system32\PerfStringBackup.INI
2019-01-23 13:57 - 2009-07-14 09:44 - 000668792 _____ C:\Windows\system32\perfh005.dat
2019-01-23 13:57 - 2009-07-14 09:44 - 000141420 _____ C:\Windows\system32\perfc005.dat
2019-01-23 13:57 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
2019-01-23 09:55 - 2018-08-13 05:19 - 000000000 ____D C:\Users\ota\AppData\Local\AVAST Software
2019-01-22 20:44 - 2017-08-12 14:03 - 000000000 ____D C:\Users\ota\AppData\Roaming\ViberPC
2019-01-20 19:51 - 2018-01-01 13:27 - 000000000 ____D C:\Windows\pss
2019-01-19 09:42 - 2017-05-19 21:19 - 000000000 _____ C:\Windows\system32\last.dump
2019-01-18 18:30 - 2018-01-01 13:37 - 000138272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-01-16 18:44 - 2018-01-01 13:38 - 000002003 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2019-01-16 18:21 - 2017-07-02 09:37 - 000000000 ____D C:\Windows\system32\MRT
2019-01-16 17:56 - 2017-07-02 09:34 - 129687688 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-01-16 17:09 - 2018-10-22 15:22 - 000040888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-01-16 17:09 - 2018-01-01 13:37 - 000401832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-01-16 17:09 - 2018-01-01 13:37 - 000310400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-01-16 17:09 - 2018-01-01 13:37 - 000183160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2019-01-16 17:09 - 2018-01-01 13:37 - 000169216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-01-16 17:09 - 2018-01-01 13:37 - 000163344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-01-16 17:09 - 2018-01-01 13:37 - 000101176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-01-16 17:09 - 2018-01-01 13:37 - 000072992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-01-16 17:09 - 2018-01-01 13:37 - 000042928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2019-01-16 17:08 - 2018-01-01 13:37 - 000785776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-01-15 21:20 - 2017-04-05 06:36 - 000000000 ____D C:\Users\ota
2019-01-15 21:18 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\registration
2019-01-08 16:05 - 2017-08-13 13:54 - 000000000 ____D C:\Users\ota\Documents\ViberDownloads
2019-01-05 15:14 - 2017-07-02 10:10 - 000000000 ___HD C:\Users\ota\Documents\NC6400- 2013.09.09.09.19.00
2018-12-26 19:26 - 2017-08-12 13:53 - 000002170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-26 19:26 - 2017-08-12 13:53 - 000002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories =======

2017-07-01 12:06 - 2017-07-01 12:06 - 000000017 _____ () C:\Users\ota\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-01-23 15:57

==================== End of FRST.txt ============================

[tutamilan]

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-01-2019
Ran by ota (25-01-2019 20:27:07)
Running from C:\Users\ota\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2017-04-05 05:35:02)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-335174678-1145664534-2665916264-500 - Administrator - Disabled)
Guest (S-1-5-21-335174678-1145664534-2665916264-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-335174678-1145664534-2665916264-1002 - Limited - Enabled)
ota (S-1-5-21-335174678-1145664534-2665916264-1000 - Administrator - Enabled) => C:\Users\ota

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 19.1.2360 - AVAST Software)
Dr. Hardware 2009 9.9.2e (HKLM\...\Dr. Hardware 2009 Second Edition_is1) (Version: - Peter A. Gebhard)
Google Chrome (HKLM\...\Google Chrome) (Version: 70.0.3538.77 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
HP Support Solutions Framework (HKLM\...\{04442D89-B941-4C8C-B20D-625233B78BB0}) (Version: 12.9.24.3 - HP Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) (HKLM\...\Microsoft .NET Framework 4 Client Profile ITA Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile Language Pack - 日本語 (HKLM\...\Microsoft .NET Framework 4 Client Profile JPN Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile 한국어 언어 팩 (HKLM\...\Microsoft .NET Framework 4 Client Profile KOR Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile 简体中文语言包 (HKLM\...\Microsoft .NET Framework 4 Client Profile CHS Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile 繁體中文語言套件 (HKLM\...\Microsoft .NET Framework 4 Client Profile CHT Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended - Language Pack (ITA) (HKLM\...\Microsoft .NET Framework 4 Extended ITA Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended Language Pack - 日本語 (HKLM\...\Microsoft .NET Framework 4 Extended JPN Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended 한국어 언어 팩 (HKLM\...\Microsoft .NET Framework 4 Extended KOR Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended 简体中文语言包 (HKLM\...\Microsoft .NET Framework 4 Extended CHS Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended 繁體中文語言套件 (HKLM\...\Microsoft .NET Framework 4 Extended CHT Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.7 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Module linguistique Microsoft .NET Framework 4 Client Profile FRA (HKLM\...\Microsoft .NET Framework 4 Client Profile FRA Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Mozilla Firefox 58.0.2 (x86 cs) (HKLM\...\Mozilla Firefox 58.0.2 (x86 cs)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
MPC-HC 1.7.10 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.10 - MPC-HC Team)
OpenOffice 4.1.5 (HKLM\...\{2FEA9841-64DE-4FA5-A36F-1CD23E2790EB}) (Version: 4.15.9789 - Apache Software Foundation)
Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Client Profile PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Extended PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN (HKLM\...\Microsoft .NET Framework 4 Client Profile ESN Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Paquete de idioma de Microsoft .NET Framework 4 Extended ESN (HKLM\...\Microsoft .NET Framework 4 Extended ESN Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.1.5240 - Analog Devices)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.1.6.2 - Synaptics Incorporated)
TeamViewer 12 (HKLM\...\TeamViewer) (Version: 12.0.95388 - TeamViewer)
Viber (HKLM\...\{EAF077BA-8EA4-4CEC-A215-4ACAE713A8BF}) (Version: 6.9.0.1048 - Viber Media Inc.) Hidden
Viber (HKU\S-1-5-21-335174678-1145664534-2665916264-1000\...\{a85cbe05-cc32-4419-ad8f-7ff7bc41bc05}) (Version: 6.9.0.1048 - Viber Media Inc.)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-16] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-16] (AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-16] (AVAST Software)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-23] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-16] (AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0FFA0DD2-D296-4D6F-8136-AF7A626DA0A7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-12-10] (HP Inc.)
Task: {3F68D8D9-B66B-41A0-8866-1775E14B1460} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {4840CB63-9F6E-44AB-9E45-EACC4B96E14C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-08-21] (HP Inc.)
Task: {4E58E9D3-5C64-4533-B52E-AC700907A9FF} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2019-01-16] (AVAST Software)
Task: {69D11FEC-FBA8-4FA9-938E-3178AD450E53} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-08-12] (Google Inc.)
Task: {7DDC3EF1-FDC3-4CAB-8F96-B00B21EFD3FF} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-04-07] (HP Inc.)
Task: {89FFBD98-DFB8-474E-88FA-492AE376EC89} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-11-16] (AVAST Software)
Task: {AB1820F6-8733-45C4-91D7-DEC31BB94C69} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-08-12] (Google Inc.)
Task: {AB38EADA-77D6-4CF9-9AA8-BECA4E59A482} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2019-01-02] (HP Inc.)
Task: {CDCC9D84-D614-4E81-9DA4-7A847E663356} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-12-10] (HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2019-01-16 17:09 - 2019-01-16 17:09 - 000570248 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2019-01-16 17:09 - 2019-01-16 17:09 - 000475016 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2019-01-16 17:09 - 2019-01-16 17:09 - 001030536 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2019-01-16 17:09 - 2019-01-16 17:09 - 001793928 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2019-01-25 20:18 - 2019-01-25 20:18 - 005764752 _____ () C:\Program Files\AVAST Software\Avast\defs\19012504\algo.dll
2018-03-13 05:39 - 2018-03-13 05:39 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-12-26 19:26 - 2018-12-12 05:58 - 002260960 _____ () C:\Program Files\Google\Chrome\Application\71.0.3578.98\swiftshader\libglesv2.dll
2018-12-26 19:26 - 2018-12-12 05:58 - 000128480 _____ () C:\Program Files\Google\Chrome\Application\71.0.3578.98\swiftshader\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2019-01-24 09:26 - 000000035 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-335174678-1145664534-2665916264-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ota\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 188.92.8.18 - 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: Viber => "C:\Users\ota\AppData\Local\Viber\Viber.exe" StartMinimized

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9E2FD2CB-A52B-4F7F-A67E-E2B2225324D5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{5CDAEE7B-9C26-454B-BC48-117983E45870}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{DAE3C5B7-1808-4FC7-B69E-6890734FA068}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
FirewallRules: [TCP Query User{83712B9F-AB7D-4E06-A478-E7DFFB2980EE}C:\users\ota\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\ota\appdata\roaming\utorrent\utorrent.exe (BitTorrent, Inc.)
FirewallRules: [UDP Query User{26B15F90-FFD1-4BDA-A57C-69D324A2AF25}C:\users\ota\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\ota\appdata\roaming\utorrent\utorrent.exe (BitTorrent, Inc.)
FirewallRules: [{036112C1-06E9-470A-958A-3A6A2C9FAAF5}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
FirewallRules: [{BD51F21C-7EF1-418D-A3F7-49C39AED1B98}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
FirewallRules: [{4F0919D0-5ACA-428E-9D6F-7BD15840EBA2}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
FirewallRules: [{AB69034E-5132-4536-B68A-0E7522051A18}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
FirewallRules: [TCP Query User{E0288DA9-FA7F-44C8-9040-9AF1613E32EE}C:\users\ota\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\ota\appdata\roaming\utorrent\utorrent.exe (BitTorrent, Inc.)
FirewallRules: [UDP Query User{4118D667-AA42-4FBD-8DEB-94CD36B90416}C:\users\ota\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\ota\appdata\roaming\utorrent\utorrent.exe (BitTorrent, Inc.)
FirewallRules: [{5F9389D1-782F-4356-910A-69AC3C1DB69E}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
FirewallRules: [{43D8EB43-07EC-4453-8FC8-844A3A959EC9}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
FirewallRules: [{DE9C00A8-B09B-4AE6-ADD7-49A69DDE09A3}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
FirewallRules: [{3E2F7C50-F007-48E8-89AF-3F2E8AC9129B}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
FirewallRules: [{A5B396DB-753F-4AA3-A04B-FF32C0D1B832}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
FirewallRules: [{E3591004-D0FF-4BD3-AA5B-D102F03B988D}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software)
FirewallRules: [{CFBEC540-8839-45E7-B599-5C0243AB1A3F}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software)

==================== Restore Points =========================

24-01-2019 09:25:13 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/24/2019 07:25:49 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Systém Windows nemůže získat přístup k souboru C:\Windows\Prefetch\AgCx_SC1.db z jednoho z těchto důvodů:
došlo k problému s připojením k síti, s diskem, na kterém je soubor uložen, nebo
s ovladači ukládání nainstalovanými v tomto počítači; nebo disk chybí.
Systém Windows kvůli této chybě ukončil program Host Process for Windows Services.

Program: Host Process for Windows Services
Soubor: C:\Windows\Prefetch\AgCx_SC1.db

Hodnota chyby je uvedena v části Další údaje.
Akce uživatele
1. Otevřete soubor znovu.
Může se jednat o dočasný problém, který se při novém spuštění programu nebude opakovat.
2.
Pokud k souboru stále nelze získat přístup a:
- Nachází se v síti,
měl by správce sítě ověřit, zda nedošlo k problému se sítí a zda lze server kontaktovat.
- Je na vyměnitelném disku (například disketě nebo disku CD-ROM), ověřte, zda je disk správně vložen do počítače.
3. Zkontrolujte a opravte systém souborů pomocí nástroje CHKDSK. Ten lze spustit tak, že kliknete na tlačítko Start a příkaz Spustit, zadáte příkaz CMD a kliknete na tlačítko OK. Do příkazového řádku zadejte příkaz CHKDSK /F a stiskněte klávesu ENTER.
4. Pokud potíže potrvají, obnovte soubor ze záložní kopie.
5. Zjistěte, zda lze otevřít jiné soubory na stejném disku. Pokud ne, může být disk poškozen. Jedná-li se o pevný disk, obraťte se na správce nebo na dodavatele počítačového hardwaru
se žádostí o pomoc.

Další údaje
Hodnota chyby: C000009C
Typ disku: 3

Error: (01/24/2019 07:25:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_SysMain, verze: 6.1.7600.16385, časové razítko: 0x4a5bc100
Název chybujícího modulu: sysmain.dll, verze: 6.1.7601.24000, časové razítko: 0x5a49963b
Kód výjimky: 0xc0000006
Posun chyby: 0x00015894
ID chybujícího procesu: 0x398
Čas spuštění chybující aplikace: 0x01d4b3bf89a9b297
Cesta k chybující aplikaci: C:\Windows\System32\svchost.exe
Cesta k chybujícímu modulu: c:\windows\system32\sysmain.dll
ID zprávy: 78ccbb15-2005-11e9-8104-0016d4c089df

Error: (01/24/2019 09:25:12 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {c80c11a4-0d74-4003-ac58-bbc0bcb03f2d}

Error: (01/23/2019 09:25:55 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Systém Windows nemůže získat přístup k souboru C:\Windows\Prefetch\AgCx_SC1.db z jednoho z těchto důvodů:
došlo k problému s připojením k síti, s diskem, na kterém je soubor uložen, nebo
s ovladači ukládání nainstalovanými v tomto počítači; nebo disk chybí.
Systém Windows kvůli této chybě ukončil program Host Process for Windows Services.

Program: Host Process for Windows Services
Soubor: C:\Windows\Prefetch\AgCx_SC1.db

Hodnota chyby je uvedena v části Další údaje.
Akce uživatele
1. Otevřete soubor znovu.
Může se jednat o dočasný problém, který se při novém spuštění programu nebude opakovat.
2.
Pokud k souboru stále nelze získat přístup a:
- Nachází se v síti,
měl by správce sítě ověřit, zda nedošlo k problému se sítí a zda lze server kontaktovat.
- Je na vyměnitelném disku (například disketě nebo disku CD-ROM), ověřte, zda je disk správně vložen do počítače.
3. Zkontrolujte a opravte systém souborů pomocí nástroje CHKDSK. Ten lze spustit tak, že kliknete na tlačítko Start a příkaz Spustit, zadáte příkaz CMD a kliknete na tlačítko OK. Do příkazového řádku zadejte příkaz CHKDSK /F a stiskněte klávesu ENTER.
4. Pokud potíže potrvají, obnovte soubor ze záložní kopie.
5. Zjistěte, zda lze otevřít jiné soubory na stejném disku. Pokud ne, může být disk poškozen. Jedná-li se o pevný disk, obraťte se na správce nebo na dodavatele počítačového hardwaru
se žádostí o pomoc.

Další údaje
Hodnota chyby: C000009C
Typ disku: 3

Error: (01/23/2019 09:25:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_SysMain, verze: 6.1.7600.16385, časové razítko: 0x4a5bc100
Název chybujícího modulu: sysmain.dll, verze: 6.1.7601.24000, časové razítko: 0x5a49963b
Kód výjimky: 0xc0000006
Posun chyby: 0x00015894
ID chybujícího procesu: 0x7dc
Čas spuštění chybující aplikace: 0x01d4b3159d4f4a1c
Cesta k chybující aplikaci: C:\Windows\System32\svchost.exe
Cesta k chybujícímu modulu: c:\windows\system32\sysmain.dll
ID zprávy: 15577854-1f4d-11e9-be78-0016d4c089df

Error: (01/23/2019 01:17:26 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Systém Windows nemůže získat přístup k souboru C:\Windows\Prefetch\AgCx_SC1.db z jednoho z těchto důvodů:
došlo k problému s připojením k síti, s diskem, na kterém je soubor uložen, nebo
s ovladači ukládání nainstalovanými v tomto počítači; nebo disk chybí.
Systém Windows kvůli této chybě ukončil program Host Process for Windows Services.

Program: Host Process for Windows Services
Soubor: C:\Windows\Prefetch\AgCx_SC1.db

Hodnota chyby je uvedena v části Další údaje.
Akce uživatele
1. Otevřete soubor znovu.
Může se jednat o dočasný problém, který se při novém spuštění programu nebude opakovat.
2.
Pokud k souboru stále nelze získat přístup a:
- Nachází se v síti,
měl by správce sítě ověřit, zda nedošlo k problému se sítí a zda lze server kontaktovat.
- Je na vyměnitelném disku (například disketě nebo disku CD-ROM), ověřte, zda je disk správně vložen do počítače.
3. Zkontrolujte a opravte systém souborů pomocí nástroje CHKDSK. Ten lze spustit tak, že kliknete na tlačítko Start a příkaz Spustit, zadáte příkaz CMD a kliknete na tlačítko OK. Do příkazového řádku zadejte příkaz CHKDSK /F a stiskněte klávesu ENTER.
4. Pokud potíže potrvají, obnovte soubor ze záložní kopie.
5. Zjistěte, zda lze otevřít jiné soubory na stejném disku. Pokud ne, může být disk poškozen. Jedná-li se o pevný disk, obraťte se na správce nebo na dodavatele počítačového hardwaru
se žádostí o pomoc.

Další údaje
Hodnota chyby: C000009C
Typ disku: 3

Error: (01/23/2019 01:17:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_SysMain, verze: 6.1.7600.16385, časové razítko: 0x4a5bc100
Název chybujícího modulu: sysmain.dll, verze: 6.1.7601.24000, časové razítko: 0x5a49963b
Kód výjimky: 0xc0000006
Posun chyby: 0x00015894
ID chybujícího procesu: 0x394
Čas spuštění chybující aplikace: 0x01d4b2f903970549
Cesta k chybující aplikaci: C:\Windows\System32\svchost.exe
Cesta k chybujícímu modulu: c:\windows\system32\sysmain.dll
ID zprávy: d73a7450-1f08-11e9-be78-0016d4c089df

Error: (01/23/2019 09:17:53 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Systém Windows nemůže získat přístup k souboru C:\Windows\Prefetch\AgCx_SC1.db z jednoho z těchto důvodů:
došlo k problému s připojením k síti, s diskem, na kterém je soubor uložen, nebo
s ovladači ukládání nainstalovanými v tomto počítači; nebo disk chybí.
Systém Windows kvůli této chybě ukončil program Host Process for Windows Services.

Program: Host Process for Windows Services
Soubor: C:\Windows\Prefetch\AgCx_SC1.db

Hodnota chyby je uvedena v části Další údaje.
Akce uživatele
1. Otevřete soubor znovu.
Může se jednat o dočasný problém, který se při novém spuštění programu nebude opakovat.
2.
Pokud k souboru stále nelze získat přístup a:
- Nachází se v síti,
měl by správce sítě ověřit, zda nedošlo k problému se sítí a zda lze server kontaktovat.
- Je na vyměnitelném disku (například disketě nebo disku CD-ROM), ověřte, zda je disk správně vložen do počítače.
3. Zkontrolujte a opravte systém souborů pomocí nástroje CHKDSK. Ten lze spustit tak, že kliknete na tlačítko Start a příkaz Spustit, zadáte příkaz CMD a kliknete na tlačítko OK. Do příkazového řádku zadejte příkaz CHKDSK /F a stiskněte klávesu ENTER.
4. Pokud potíže potrvají, obnovte soubor ze záložní kopie.
5. Zjistěte, zda lze otevřít jiné soubory na stejném disku. Pokud ne, může být disk poškozen. Jedná-li se o pevný disk, obraťte se na správce nebo na dodavatele počítačového hardwaru
se žádostí o pomoc.

Další údaje
Hodnota chyby: C000009C
Typ disku: 3


System errors:
=============
Error: (01/24/2019 07:26:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Platforma WDF (Windows Driver Foundation) – platforma ovladače v uživatelském režimu byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

Error: (01/24/2019 07:26:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Automatická konfigurace sítě WLAN byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

Error: (01/24/2019 07:26:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Správce relací správce oken plochy byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

Error: (01/24/2019 07:26:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Klient služby Sledování distribuovaných odkazů byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

Error: (01/24/2019 07:26:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Superfetch byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.

Error: (01/24/2019 07:26:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Program Compatibility Assistant Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.

Error: (01/24/2019 07:26:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Síťová připojení byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 100 milisekund: Restartovat službu.

Error: (01/24/2019 07:26:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Sledování infračerveného přenosu byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) M CPU 440 @ 1.86GHz
Percentage of memory in use: 61%
Total physical RAM: 3063.43 MB
Available physical RAM: 1174.13 MB
Total Virtual: 6125.22 MB
Available Virtual: 4449.54 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:32.66 GB) NTFS

\\?\Volume{78df1b02-19c0-11e7-9765-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 568F41D1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[Conder]

Otvor poznamkovy blok (Win+R -> notepad -> enter)

• Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

  Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  
  PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
  CMD: wmic qfe list brief
  
  VirusTotal: C:\FRST\Quarantine\C\Users\ota\AppData\Roaming\TMS-UnInstall.exe.xBAD
  File: C:\FRST\Quarantine\C\Users\ota\AppData\Roaming\TMS-UnInstall.exe.xBAD
  File: C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
  File: C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
  Folder: C:\Windows\cscmondump.bin
  
  ExportKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AeLookupSvc
  DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AeLookupSvc
  ExportKey: HKLM\System\CurrentControlSet\Services\AeLookupSvc
  CMD: sc config AeLookupSvc start= demand
  
  2019-01-18 18:22 - 2019-01-20 19:46 - 000000000 ____D C:\Users\ota\Desktop\FRST-OlderVersion
  2019-01-19 09:42 - 2017-05-19 21:19 - 000000000 _____ C:\Windows\system32\last.dump
  
  Hosts:
  EmptyTemp:
  End

• Uloz na plochu s nazvom fixlist.txt
• Spusti znovu FRST a klikni na Fix
• Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
• Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

[tutamilan]

Fix result of Farbar Recovery Scan Tool (x86) Version: 20-01-2019
Ran by ota (26-01-2019 08:58:39) Run:4
Running from C:\Users\ota\Desktop
Loaded Profiles: ota (Available Profiles: ota)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
CMD: wmic qfe list brief

VirusTotal: C:\FRST\Quarantine\C\Users\ota\AppData\Roaming\TMS-UnInstall.exe.xBAD
File: C:\FRST\Quarantine\C\Users\ota\AppData\Roaming\TMS-UnInstall.exe.xBAD
File: C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
File: C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
Folder: C:\Windows\cscmondump.bin

ExportKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AeLookupSvc
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AeLookupSvc
ExportKey: HKLM\System\CurrentControlSet\Services\AeLookupSvc
CMD: sc config AeLookupSvc start= demand

2019-01-18 18:22 - 2019-01-20 19:46 - 000000000 ____D C:\Users\ota\Desktop\FRST-OlderVersion
2019-01-19 09:42 - 2017-05-19 21:19 - 000000000 _____ C:\Windows\system32\last.dump

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========



Count : 23
Average :
Sum : 49790012
Maximum :
Minimum :
Property : Length


========= End of Powershell: =========


========= wmic qfe list brief =========

潎䤠獮慴据⡥⥳䄠慶汩扡敬മ਍

========= End of CMD: =========

VirusTotal: C:\FRST\Quarantine\C\Users\ota\AppData\Roaming\TMS-UnInstall.exe.xBAD => (3) Error

========================= File: C:\FRST\Quarantine\C\Users\ota\AppData\Roaming\TMS-UnInstall.exe.xBAD ========================

C:\FRST\Quarantine\C\Users\ota\AppData\Roaming\TMS-UnInstall.exe.xBAD
File not signed
MD5: 01B4C641F95020BA07F483787973C566
Creation and modification date: 2017-12-15 17:24 - 2017-01-12 14:56
Size: 021752832
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version: 1.0.0.0
Product Version: 1.0.0.0
Copyright:
VirusTotal: 0

====== End of File: ======


========================= File: C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 ========================

C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
File not signed
MD5: 955B6676832014ECAD014FA140AACC0B
Creation and modification date: 2009-07-14 05:34 - 2019-01-26 08:55
Size: 000014016
Attributes: ---AH
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======


========================= File: C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 ========================

C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
File not signed
MD5: 955B6676832014ECAD014FA140AACC0B
Creation and modification date: 2009-07-14 05:34 - 2019-01-26 08:55
Size: 000014016
Attributes: ---AH
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======


========================= Folder: C:\Windows\cscmondump.bin ========================

C:\Windows\cscmondump.bin => File

====== End of Folder: ======

================== ExportKey: ===================

[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AeLookupSvc]
"AeLookupSvc"="3"
"YEAR"="2017"
"MONTH"="6"
"DAY"="19"
"HOUR"="18"
"MINUTE"="26"
"SECOND"="36"

=== End of ExportKey ===
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AeLookupSvc => removed successfully.
================== ExportKey: ===================

[HKLM\System\CurrentControlSet\Services\AeLookupSvc]
"DisplayName"="@%SystemRoot%\system32\aelupsvc.dll,-1"
"ImagePath"="%systemroot%\system32\svchost.exe -k netsvcs"
"Description"="@%SystemRoot%\system32\aelupsvc.dll,-2"
"ObjectName"="localSystem"
"ErrorControl"="1"
"Start"="4"
"Type"="32"
"RequiredPrivileges"="SeTcbPrivilege*SeImpersonatePrivilege"
"FailureActions"="80510100000000000000000003000000140000000100000060ea00000100000060ea00000000000000000000"
[HKLM\System\CurrentControlSet\Services\AeLookupSvc\Parameters]
"ServiceDll"="%SystemRoot%\System32\aelupsvc.dll"
"ServiceDllUnloadOnStop"="1"
[HKLM\System\CurrentControlSet\Services\AeLookupSvc\TriggerInfo]
[HKLM\System\CurrentControlSet\Services\AeLookupSvc\TriggerInfo\0]
"Type"="20"
"Action"="1"
"GUID"="fda5f4183bfda5408fc2e5d261c5d02e"

=== End of ExportKey ===

========= sc config AeLookupSvc start= demand =========

[SC] ChangeServiceConfig ŁspŘch

========= End of CMD: =========

C:\Users\ota\Desktop\FRST-OlderVersion => moved successfully
C:\Windows\system32\last.dump => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5115162 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 487004665 B
Firefox => 19692497 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
LocalService => 0 B
NetworkService => 888 B
ota => 4953677 B

RecycleBin => 25946 B
EmptyTemp: => 500.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 09:02:54 ====

[Conder]

Nastala nejaka zmena s tym internetom? Ak to stale ide iba po pouziti toho sprievodcu pre odstranenie problemov, posli screenshot, ake problemy to najde.

[tutamilan]

Ted po restartu zatim vse ok,uvidim zitra po delsim case kdy bude pc vypnuto,pripadne zaslu screen,zatim moc dekuji

[Conder]

OK, pockam. Zatial nie je zaco

[tutamilan]

Tak dnesni zapnuti PC v poradku i co se pripojeni k netu tyce.Jeste jednou moc dekuji za vasi pomoc.

[Conder]

Tak este upraceme po pouzitych nastrojoch:

• Stiahni DelFix: https://toolslib.net/downloads/finish/2-delfix/
• Uloz na plochu a spusti
• Nechaj oznacenu moznost "Remove disinfection tools"
• Klikni na "Run"

[tutamilan]

Splneno,jeste jednou dekuji