Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Nezobrazující se nabidka start, zamrzání počítače

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
Uživatelský avatar
Šmíďák
Návštěvník
Návštěvník
Příspěvky: 144
Registrován: 15 říj 2012 13:42
Bydliště: Brno

Nezobrazující se nabidka start, zamrzání počítače

#1 Příspěvek od Šmíďák »

Ahoj,

mám problém se stolním počítačem, má win 8.1 a při klepnutí na windows (start) dlaždici se nezobrazí nabídka, pouze prázdná obrazovka, s jménem, vyhledáváním atd. Dále pak nelze nic přidat na lištu rychlého spuštění, explorer zamrzne. Prosím o kontrolu logu, děkuji.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-10-2020
Ran by JohnRambo (administrator) on MARAST (Gigabyte Technology Co., Ltd. H97M-D3H) (18-10-2020 20:00:24)
Running from D:\Docs\Plocha
Loaded Profiles: JohnRambo
Platform: Windows 8.1 Pro (Update) (X64) Language: Čeština (Česká republika)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] D:\Docs\AppData\Roaming\Smart Clock\SmartClock.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(AVG Netherlands B.V. -> ) C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(AVG Netherlands B.V. -> ) C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(AVG Netherlands B.V. -> AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.8\ToolbarUpdater.exe
(AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Intel Corporation - pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows Hardware Compatibility Publisher -> Sonix) C:\Windows\vsnp2std.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <6>
(O&O Software GmbH -> O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(O&O Software GmbH -> O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Tweaking LLC -> Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [323312 2015-01-27] (Intel Corporation - Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8484056 2015-06-12] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [4465400 2015-05-21] (O&O Software GmbH -> O&O Software GmbH)
HKLM\...\Run: [CNAP3 Launcher] => C:\Windows\system32\spool\DRIVERS\x64\3\CNAP3LAK.EXE [228520 2012-06-14] (CANON INC. -> CANON INC.)
HKLM\...\Run: [snp2std] => C:\Windows\vsnp2std.exe [675840 2006-09-15] (Microsoft Windows Hardware Compatibility Publisher -> Sonix)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2195968 2019-10-07] (AVG Netherlands B.V. -> )
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-4135652758-2871757375-1920405382-1001\...\Run: [SysHelper] => D:\Docs\AppData\Local\dde36eee-653b-444a-a167-0750fbabc0c9\53618939634.exe [763904 2020-10-18] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-4135652758-2871757375-1920405382-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKLM\...\Print\Monitors\Canon MFNP Port: C:\Windows\system32\CNCENPM6.dll [248832 2012-03-13] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\CNAP3 Monitor: C:\Windows\system32\CNAP3SMD.DLL [1625600 2013-04-19] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\O&O Defrag Tray.lnk [2015-07-20]
ShortcutTarget: O&O Defrag Tray.lnk -> C:\Windows\Installer\{CD105B98-DB7C-4E12-BB33-A12CBE721AAB}\app_icon.ico () [File not signed]
Startup: C:\Users\JohnRambo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe [2019-11-30] (Leader Technologies) [File not signed]
Startup: C:\Users\JohnRambo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartClock.lnk [2020-10-18]
ShortcutTarget: SmartClock.lnk -> D:\Docs\AppData\Roaming\Smart Clock\SmartClock.exe () [File not signed]

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A425979-AF50-4197-9053-5C5C9424B715} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {0A425979-AF50-4197-9053-5C5C9424B715} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [343040 [343040 2015-07-02]] (Microsoft Windows -> Microsoft Corporation)
Task: {236E0028-1E38-4E01-A1E4-573E9A73708C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1341008 2020-09-06] (Adobe Inc. -> Adobe Inc.)
Task: {2DF77F78-45DA-4585-8094-E8742D72C306} - System32\Tasks\1014tbUpdateInfo => C:\ProgramData\Avg_Update_1014tb\1014tb_AVG-Secure-Search-Update_1014tb.exe
Task: {2FA23CDC-6779-4FB6-A920-959AF040DCFB} - System32\Tasks\AVG EUpdate Task => C:\Program Files (x86)\AVG\Setup\avgsetupx.exe [3661072 2019-10-15] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
Task: {344BC6B6-3BB0-43AA-8E1A-9877A3714063} - System32\Tasks\Time Trigger Task => D:\Docs\AppData\Local\dde36eee-653b-444a-a167-0750fbabc0c9\53618939634.exe [763904 2020-10-18] () [File not signed] <==== ATTENTION
Task: {9CB34D71-6A50-4CB2-BC08-FDE393A6D9E7} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [660688 2020-10-18] (Mozilla Corporation -> Mozilla Foundation)
Task: {A35D45D1-6148-4C4D-9F61-3DCCE3E043DD} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [218336 2017-05-02] (Tweaking LLC -> Tweaking.com)
Task: {B2FC1B2F-F12F-4AF7-82C8-D001F5067093} - System32\Tasks\Smart Clock => D:\Docs\AppData\Roaming\Smart Clock\SmartClock.exe [1929728 2020-10-18] () [File not signed]
Task: {C99A98D6-1F74-4B82-B9CF-6AEEE138477F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {C99A98D6-1F74-4B82-B9CF-6AEEE138477F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [343040 [343040 2015-07-02]] (Microsoft Windows -> Microsoft Corporation)
Task: {E7BE8470-7EA0-4EEA-BD88-1DEEA698595B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {E7BE8470-7EA0-4EEA-BD88-1DEEA698595B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {E7BE8470-7EA0-4EEA-BD88-1DEEA698595B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [343040 [343040 2015-07-02]] (Microsoft Windows -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\1014tbUpdateInfo.job => C:\ProgramData\Avg_Update_1014tb\1014tb_AVG-Secure-Search-Update_1014tb.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 188.122.222.222 188.122.222.223 8.8.8.8
Tcpip\..\Interfaces\{05B4D5C6-271A-488E-9AFE-4EB74D917A62}: [DhcpNameServer] 188.122.222.222 188.122.222.223 8.8.8.8

FireFox:
========
FF DefaultProfile: 92bxvzy9.default
FF ProfilePath: D:\Docs\AppData\Roaming\Mozilla\Firefox\Profiles\92bxvzy9.default [2020-10-18]
FF ProfilePath: D:\Docs\AppData\Roaming\Mozilla\Firefox\Profiles\o5et0wos.default-release [2020-10-18]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google Inc -> Google, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-02-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [dkmjljdbbgogihjcapfhgkonfmccbffp]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169544 2020-09-06] (Adobe Inc. -> Adobe Inc.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [984032 2018-04-27] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5279232 2018-04-27] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [712864 2018-04-27] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
S2 Main Service; C:\Program Files (x86)\MachinerData\Rotator.exe [2368000 2020-10-18] (NCT Company Ltd.) [File not signed]
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [1666296 2015-05-21] (O&O Software GmbH -> O&O Software GmbH)
R2 vToolbarUpdater40.3.8; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.8\ToolbarUpdater.exe [1371136 2019-10-07] (AVG Netherlands B.V. -> AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation -> Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation -> Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [811520 2019-10-07] (AVG Netherlands B.V. -> )

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313088 2017-03-23] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [283384 2017-09-04] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [253184 2017-04-11] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [313096 2016-08-04] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R3 SNP2STD; C:\Windows\system32\DRIVERS\snp2sxp.sys [12342656 2007-04-09] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 SNP2STD; C:\Windows\SysWOW64\DRIVERS\snp2sxp.sys [12039552 2007-04-09] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-10-18 19:59 - 2020-10-18 20:00 - 000000000 ____D C:\FRST
2020-10-18 19:48 - 2020-10-18 19:48 - 000000692 _____ C:\ProgramData\Plocha\Total Commander 64 bit.lnk
2020-10-18 19:48 - 2020-10-18 19:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
2020-10-18 19:15 - 2020-10-18 19:15 - 000000000 ____D C:\Windows\LastGood.Tmp
2020-10-18 19:15 - 2020-10-18 19:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trust
2020-10-18 19:15 - 2007-04-09 11:38 - 012039552 _____ () C:\Windows\SysWOW64\Drivers\snp2sxp.sys
2020-10-18 19:15 - 2007-04-09 11:37 - 012342656 _____ () C:\Windows\system32\Drivers\snp2sxp.sys
2020-10-18 19:15 - 2007-03-29 16:04 - 000328704 _____ (Sonix) C:\Windows\system32\vsnp2std.dll
2020-10-18 19:15 - 2007-03-29 16:04 - 000249856 _____ (Sonix) C:\Windows\SysWOW64\vsnp2std.dll
2020-10-18 19:15 - 2007-01-25 18:48 - 000033664 _____ () C:\Windows\system32\Drivers\sncamd.sys
2020-10-18 19:15 - 2007-01-25 18:48 - 000025472 _____ () C:\Windows\SysWOW64\Drivers\sncamd.sys
2020-10-18 19:15 - 2006-11-16 15:57 - 000083968 _____ ( ) C:\Windows\system32\csnp2std.dll
2020-10-18 19:15 - 2006-10-12 17:21 - 000151552 _____ ( ) C:\Windows\SysWOW64\rsnp2std.dll
2020-10-18 19:15 - 2006-09-15 13:21 - 000675840 _____ (Sonix) C:\Windows\vsnp2std.exe
2020-10-18 19:15 - 2006-07-03 10:31 - 000094208 _____ (Microsoft Corporation) C:\Windows\amcap.exe
2020-10-18 19:15 - 2004-12-09 17:23 - 000015497 _____ C:\Windows\snp2std.ini
2020-10-18 19:15 - 2004-12-09 17:23 - 000013022 _____ C:\Windows\snp2std.src
2020-10-18 18:54 - 2020-10-18 18:54 - 000001113 _____ C:\Users\JohnRambo\_readme.txt
2020-10-18 18:54 - 2020-10-18 18:54 - 000001113 _____ C:\Users\Filip\_readme.txt
2020-10-18 18:54 - 2020-10-18 18:54 - 000001113 _____ C:\Users\Erik\_readme.txt
2020-10-18 18:54 - 2020-10-18 18:54 - 000001113 _____ C:\_readme.txt
2020-10-18 18:47 - 2020-10-18 18:47 - 000002966 _____ C:\Windows\system32\Tasks\Smart Clock
2020-10-18 18:47 - 2020-10-18 18:47 - 000000000 ____D C:\ProgramData\Riate
2020-10-18 18:46 - 2020-10-18 18:46 - 000000000 ____D C:\ProgramData\sib
2020-10-18 18:39 - 2020-10-18 18:39 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2020-10-18 18:39 - 2020-10-18 18:39 - 000440120 _____ (Microsoft Corporation) C:\ProgramData\msvcp140.dll
2020-10-18 18:39 - 2020-10-18 18:39 - 000334288 _____ (Mozilla Foundation) C:\ProgramData\freebl3.dll
2020-10-18 18:39 - 2020-10-18 18:39 - 000144848 _____ (Mozilla Foundation) C:\ProgramData\softokn3.dll
2020-10-18 18:39 - 2020-10-18 18:39 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2020-10-18 18:39 - 2020-10-18 18:39 - 000083784 _____ (Microsoft Corporation) C:\ProgramData\vcruntime140.dll
2020-10-18 18:39 - 2020-10-18 18:39 - 000003678 _____ C:\Windows\system32\Tasks\Time Trigger Task
2020-10-18 18:39 - 2020-10-18 18:39 - 000000000 ____D C:\SystemID
2020-10-18 18:39 - 2020-10-18 18:39 - 000000000 ____D C:\ProgramData\17T3GC155UOJA608BU28H6DBJ
2020-10-18 18:38 - 2020-10-18 19:03 - 000000000 ____D C:\Program Files (x86)\MachinerData
2020-10-18 18:38 - 2020-10-18 18:38 - 000000000 ____D C:\ProgramData\Garbage Cleaner
2020-10-18 18:37 - 2020-10-18 19:40 - 000000000 ____D C:\Program Files (x86)\DecMgr
2020-10-18 18:37 - 2010-08-25 16:20 - 000892928 _____ (Free Software Foundation) C:\Windows\SysWOW64\iconv.dll
2020-10-18 18:37 - 2010-08-25 16:20 - 000675840 _____ () C:\Windows\SysWOW64\ac3filter.ax
2020-10-18 18:37 - 2010-08-25 16:20 - 000496640 _____ C:\Windows\SysWOW64\xvid.ax
2020-10-18 18:27 - 2020-10-18 19:44 - 000000000 ____D C:\Program Files (x86)\DriverToolkit
2020-10-18 18:15 - 2020-10-18 18:15 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2020-10-18 18:11 - 2020-10-18 18:59 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-10-18 18:01 - 2020-10-18 18:01 - 401695124 _____ C:\Windows\MEMORY.DMP
2020-10-18 18:01 - 2020-10-18 18:01 - 000289784 _____ C:\Windows\Minidump\101820-35171-01.dmp
2020-10-18 18:01 - 2020-10-18 18:01 - 000000000 ____D C:\Windows\Minidump

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-10-18 20:01 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\AppReadiness
2020-10-18 19:56 - 2019-10-06 13:32 - 000000000 ____D C:\Users\JohnRambo\AppData\LocalLow\Mozilla
2020-10-18 19:55 - 2014-03-18 17:33 - 001672896 _____ C:\Windows\system32\PerfStringBackup.INI
2020-10-18 19:55 - 2014-03-18 16:54 - 000700754 _____ C:\Windows\system32\perfh005.dat
2020-10-18 19:55 - 2014-03-18 16:54 - 000137774 _____ C:\Windows\system32\perfc005.dat
2020-10-18 19:55 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\Inf
2020-10-18 19:52 - 2015-07-20 12:26 - 000000000 __SHD C:\Users\JohnRambo\IntelGraphicsProfiles
2020-10-18 19:49 - 2013-08-22 16:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-10-18 19:25 - 2013-08-22 17:36 - 000000000 ___HD C:\Program Files\WindowsApps
2020-10-18 19:15 - 2015-07-20 12:22 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2020-10-18 19:15 - 2013-08-22 15:25 - 000000186 _____ C:\Windows\win.ini
2020-10-18 19:05 - 2015-07-20 11:38 - 000003598 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4135652758-2871757375-1920405382-1001
2020-10-18 18:59 - 2019-10-06 13:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-10-18 18:58 - 2015-07-20 11:26 - 000000000 ____D C:\Users\JohnRambo
2020-10-18 18:55 - 2019-11-30 15:11 - 000000000 __SHD C:\Users\Erik\IntelGraphicsProfiles
2020-10-18 18:54 - 2020-04-27 13:39 - 002086853 _____ C:\Users\Filip\Downloads\První republika.pdf.efji
2020-10-18 18:54 - 2020-04-08 17:18 - 000039460 _____ C:\Users\Filip\Downloads\Vlk.jpg.efji
2020-10-18 18:54 - 2020-03-15 19:27 - 000290512 _____ C:\Users\Erik\Downloads\cute_rottweiler_puppy-wallpaper-1280x1024.jpg.efji
2020-10-18 18:54 - 2019-12-04 21:20 - 000000000 __SHD C:\Users\Filip\IntelGraphicsProfiles
2020-10-18 18:54 - 2019-12-04 21:20 - 000000000 ____D C:\Users\Filip
2020-10-18 18:54 - 2019-11-30 15:09 - 000000000 ____D C:\Users\Erik
2020-10-18 18:54 - 2019-10-24 22:53 - 000000000 ____D C:\RegBackup
2020-10-18 18:54 - 2015-07-27 12:11 - 000000000 ___HD C:\$AVG
2020-10-18 18:21 - 2020-03-15 19:26 - 000003958 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{523087B8-5368-4900-A3C8-3B593B1CBCBB}
2020-10-18 18:20 - 2020-03-15 19:52 - 000003598 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4135652758-2871757375-1920405382-1003
2020-10-18 18:17 - 2019-10-06 13:32 - 000000000 ____D C:\ProgramData\Mozilla
2020-10-18 18:15 - 2019-10-06 13:32 - 000000954 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-10-18 18:05 - 2015-07-20 13:58 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2020-10-16 18:17 - 2015-07-21 06:39 - 000000000 ____D C:\ProgramData\MFAData

==================== Files in the root of some directories ========

2020-10-18 18:39 - 2020-10-18 18:39 - 000334288 _____ (Mozilla Foundation) C:\ProgramData\freebl3.dll
2020-10-18 18:39 - 2020-10-18 18:39 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2020-10-18 18:39 - 2020-10-18 18:39 - 000440120 _____ (Microsoft Corporation) C:\ProgramData\msvcp140.dll
2020-10-18 18:39 - 2020-10-18 18:39 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2020-10-18 18:39 - 2020-10-18 18:39 - 000144848 _____ (Mozilla Foundation) C:\ProgramData\softokn3.dll
2020-10-18 18:39 - 2020-10-18 18:39 - 000083784 _____ (Microsoft Corporation) C:\ProgramData\vcruntime140.dll
2020-10-18 19:59 - 2020-10-18 19:59 - 000000890 _____ () D:\Docs\AppData\Local\bowsakkdestx.txt
2020-10-18 18:39 - 2020-10-18 18:54 - 000000890 _____ () D:\Docs\AppData\Local\bowsakkdestx.txt.efji

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-12-04 22:57
==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-10-2020
Ran by JohnRambo (18-10-2020 20:02:47)
Running from D:\Docs\Plocha
Windows 8.1 Pro (Update) (X64) (2015-07-20 09:26:56)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4135652758-2871757375-1920405382-500 - Administrator - Disabled)
Erik (S-1-5-21-4135652758-2871757375-1920405382-1003 - Limited - Enabled) => C:\Users\Erik
Filip (S-1-5-21-4135652758-2871757375-1920405382-1002 - Limited - Enabled) => C:\Users\Filip
Guest (S-1-5-21-4135652758-2871757375-1920405382-501 - Limited - Disabled)
JohnRambo (S-1-5-21-4135652758-2871757375-1920405382-1001 - Administrator - Enabled) => C:\Users\JohnRambo

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition (Disabled - Out of date) {C50510DE-367A-330C-FD5C-556ACFB11243}
AS: AVG AntiVirus Free Edition (Disabled - Out of date) {7E64F13A-1040-3C82-C7EC-6E18B43658FE}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
AVG (HKLM\...\{BC2DC909-A848-4886-BBC7-A4895875C708}) (Version: 16.161.8048 - AVG Technologies) Hidden
AVG 2016 (HKLM\...\{C19A3151-EC41-4DF4-A2A9-14166CB8649E}) (Version: 16.0.4793 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.71.7596 - AVG Technologies)
AVG Protection (HKLM-x32\...\AVG) (Version: 16.161.8048 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.9.626 - AVG Technologies)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.69.1078 - AB Team, d.o.o.)
Canon LBP7100C 7110C Uninstaller (HKLM\...\Canon LBP7100C 7110C) (Version: 5, 4, 0, 0 - Canon Inc.)
FMW 1 (HKLM\...\{DC2A8E3D-D5E1-4837-A2E0-C308100AC412}) (Version: 1.143.3 - AVG Technologies) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.6.2.1001 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{98f335cd-0a32-4b3f-b74c-ef9480e834f0}) (Version: 10.0.27 - Intel(R) Corporation) Hidden
K-Lite Codec Pack 11.4.0 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.4.0 - )
Microsoft Office Standard 2010 (HKLM\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Mozilla Firefox 81.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 81.0.2 (x64 en-US)) (Version: 81.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 69.0.2 - Mozilla)
O&O Defrag Professional (HKLM\...\{CD105B98-DB7C-4E12-BB33-A12CBE721AAB}) (Version: 18.9.60 - O&O Software GmbH)
OpenTTD 1.9.3 (HKLM-x32\...\OpenTTD) (Version: 1.9.3 - OpenTTD)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.239 - Google, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.73.701.2019 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Re-Volt patch 12.07 (HKLM-x32\...\Re-Volt) (Version: patch 12.07 - )
Rodokmen Pro 2.1.1 (HKLM-x32\...\Rodokmen Pro_is1) (Version: 2.1.1 - Martin Veškrna)
RollerCoaster Tycoon Deluxe (HKLM-x32\...\RollerCoaster Tycoon Deluxe_is1) (Version: - GOG.com)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.51 - Ghisler Software GmbH)
Trust Webcam 15007 (HKLM-x32\...\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}) (Version: 5.7.22.001 - Sonix)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.5.4 - Tweaking.com)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
XnView 2.33 (HKLM-x32\...\XnView_is1) (Version: 2.33 - Gougelet Pierre-e)

Packages:
=========
Hry -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2019-10-19] (Microsoft Corporation) [MS Ad]
Hudba -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.672.0_x64__8wekyb3d8bbwe [2019-10-19] (Microsoft Corporation) [MS Ad]
MSN Cestování -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2019-10-19] (Microsoft Corporation) [MS Ad]
MSN Finance -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.4.344_x64__8wekyb3d8bbwe [2019-10-19] (Microsoft Corporation) [MS Ad]
MSN Gurmánský svět -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2019-10-19] (Microsoft Corporation) [MS Ad]
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.336_x64__8wekyb3d8bbwe [2019-10-19] (Microsoft Corporation) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.4.345_x64__8wekyb3d8bbwe [2019-10-19] (Microsoft Corporation) [MS Ad]
MSN Zdraví a fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2020-02-22] (Microsoft Corporation) [MS Ad]
MSN Zprávy -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.336_x64__8wekyb3d8bbwe [2019-10-19] (Microsoft Corporation) [MS Ad]
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c [2019-10-19] (Skype) [MS Ad]
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.446.0_x64__8wekyb3d8bbwe [2019-10-19] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [AVG Shell Extension] -> {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} => C:\Program Files (x86)\AVG\Av\avgsea.dll [2018-04-27] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} => -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AVG Shell Extension] -> {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} => C:\Program Files (x86)\AVG\Av\avgsea.dll [2018-04-27] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-10-15 18:52 - 2019-10-15 18:52 - 048920064 _____ () [File not signed] C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2015-09-01 17:06 - 2012-03-13 05:35 - 000248832 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNCENPM6.dll
2015-01-27 19:33 - 2015-01-27 19:33 - 000285696 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
2015-01-27 19:33 - 2015-01-27 19:33 - 000541696 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-4135652758-2871757375-1920405382-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={BE5D6E11-A212-48AC-9BB8-907A7FD31A6C}&mid=be0b3d73616147cda1e12de352509fe4-af20d2126e10a20796018a290d12fbbc166c7fcd&lang=cs&ds=AVG&coid=avgtbavg&cmpid=0516tb&pr=fr&d=2015-09-01 16:38:12&v=4.2.9.726&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-4135652758-2871757375-1920405382-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://services.eshield.com/general/newhometab.php?hometab=home&partner=11433&guid={A703F35F-BFD5-4689-9FAB-7CFD4D7D8F56}&i=
SearchScopes: HKU\S-1-5-21-4135652758-2871757375-1920405382-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={BE5D6E11-A212-48AC-9BB8-907A7FD31A6C}&mid=be0b3d73616147cda1e12de352509fe4-af20d2126e10a20796018a290d12fbbc166c7fcd&lang=cs&ds=AVG&coid=avgtbavg&cmpid=0516tb&pr=fr&d=2015-09-01 16:38:12&v=4.2.9.726&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4135652758-2871757375-1920405382-1001 -> {2B74F1D7-3C97-4EBF-A7DF-76CD180C86EC} URL = hxxp://search.eshield.com/serp?guid={A703F35F-BFD5-4689-9FAB-7CFD4D7D8F56}&action=default_search&k={searchTerms}
SearchScopes: HKU\S-1-5-21-4135652758-2871757375-1920405382-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={BE5D6E11-A212-48AC-9BB8-907A7FD31A6C}&mid=be0b3d73616147cda1e12de352509fe4-af20d2126e10a20796018a290d12fbbc166c7fcd&lang=cs&ds=AVG&coid=avgtbavg&cmpid=0516tb&pr=fr&d=2015-09-01 16:38:12&v=4.2.9.726&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4135652758-2871757375-1920405382-1001 -> {CAB39AE3-6367-4036-BB91-58E26C23CAD1} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11433
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.9.626\AVG Web TuneUp.dll [2019-10-07] (AVG Netherlands B.V. -> AVG)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.9.626\AVG Web TuneUp.dll [2019-10-07] (AVG Netherlands B.V. -> AVG)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKU\S-1-5-21-4135652758-2871757375-1920405382-1001 -> No Name - {65D62779-7349-41FF-9EEF-13106C95D71F} - No File
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [2008-05-23] (Microsoft Corporation) [File not signed]

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2019-10-24 23:13 - 000000855 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4135652758-2871757375-1920405382-1001\Control Panel\Desktop\\Wallpaper -> D:\Docs\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 188.122.222.222 - 188.122.222.223
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "CNAP3 Launcher"
HKU\S-1-5-21-4135652758-2871757375-1920405382-1001\...\StartupApproved\Run: => "SysHelper"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AF1654D8-31C7-4AC8-BB17-AFC64BCAA3EE}] => (Allow) D:\Docs\AppData\Local\TNT2\2.0.0.1983\TNT2User.exe => No File
FirewallRules: [{150DAA4A-66F3-4085-988B-74D599F37C27}] => (Allow) C:\Program Files (x86)\AVG2015\avgmfapx.exe => No File
FirewallRules: [{DDC1163B-B3D4-4874-B64C-A612FA86C858}] => (Allow) C:\Program Files (x86)\AVG2015\avgmfapx.exe => No File
FirewallRules: [{88D860FE-F500-4AD2-B3AF-23142A6DBB6A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{CCA0975B-BD28-4BCF-A1DD-A33FD21ADD02}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{C53EA68D-6923-4795-BB6E-9ECDDE87504E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6905615F-9C5A-4020-8192-78DEE35CE8AD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B56F5711-D6D4-4778-8157-38BBA59112E6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{2BDC958D-45C6-49AF-A23F-4FDBBA69A3A0}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{85E9AE47-E879-4410-A946-FAA97680D668}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{4F5F1D17-E6F2-4D66-BDDD-9D0838F1A607}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
FirewallRules: [TCP Query User{E6EBB148-E34D-42DC-8228-DCA6C59F8A33}D:\games\blur\blur.exe] => (Allow) D:\games\blur\blur.exe () [File not signed]
FirewallRules: [UDP Query User{E02E7173-82CC-499E-A5E4-9255F4F9D191}D:\games\blur\blur.exe] => (Allow) D:\games\blur\blur.exe () [File not signed]
FirewallRules: [{EC543A58-BFA7-438A-B8B6-64F11C1AE179}] => (Block) D:\games\blur\blur.exe () [File not signed]
FirewallRules: [{C6672F50-44D8-40FA-9677-02C54E0B5BDE}] => (Block) D:\games\blur\blur.exe () [File not signed]

==================== Restore Points =========================

24-10-2019 22:53:49 Tweaking.com - Windows Repair 2018
30-11-2019 15:56:07 Instalováno Realtek Ethernet Controller Driver
11-03-2020 20:00:01 Removed RollerCoaster Tycoon Deluxe
11-03-2020 20:25:32 Instalační služba modulů systému Windows
18-10-2020 19:14:02 Installed Trust Webcam 15007

==================== Faulty Device Manager Devices ============

Name: Standardní klávesnice PS/2
Description: Standardní klávesnice PS/2
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardní klávesnice)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: ========================

Application errors:
==================
Error: (10/18/2020 07:59:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: 53618939634.exe, verze: 1.0.0.1, časové razítko: 0x5d890137
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0f589c1a
ID chybujícího procesu: 0xf98
Čas spuštění chybující aplikace: 0x01d6a57864327397
Cesta k chybující aplikaci: D:\Docs\AppData\Local\dde36eee-653b-444a-a167-0750fbabc0c9\53618939634.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: a5e6bbc0-116b-11eb-82a9-fcaa14b47617
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (10/18/2020 07:59:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: 53618939634.exe, verze: 1.0.0.1, časové razítko: 0x5d890137
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0f589c1a
ID chybujícího procesu: 0xf98
Čas spuštění chybující aplikace: 0x01d6a57864327397
Cesta k chybující aplikaci: D:\Docs\AppData\Local\dde36eee-653b-444a-a167-0750fbabc0c9\53618939634.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: a4c4ab57-116b-11eb-82a9-fcaa14b47617
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (10/18/2020 07:59:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: 53618939634.exe, verze: 1.0.0.1, časové razítko: 0x5d890137
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0f589c1a
ID chybujícího procesu: 0xf98
Čas spuštění chybující aplikace: 0x01d6a57864327397
Cesta k chybující aplikaci: D:\Docs\AppData\Local\dde36eee-653b-444a-a167-0750fbabc0c9\53618939634.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: a4b65d3e-116b-11eb-82a9-fcaa14b47617
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (10/18/2020 07:59:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: 53618939634.exe, verze: 1.0.0.1, časové razítko: 0x5d890137
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0f589c1a
ID chybujícího procesu: 0xf98
Čas spuštění chybující aplikace: 0x01d6a57864327397
Cesta k chybující aplikaci: D:\Docs\AppData\Local\dde36eee-653b-444a-a167-0750fbabc0c9\53618939634.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: a4aa717d-116b-11eb-82a9-fcaa14b47617
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (10/18/2020 07:59:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: 53618939634.exe, verze: 1.0.0.1, časové razítko: 0x5d890137
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0f589c1a
ID chybujícího procesu: 0xf98
Čas spuštění chybující aplikace: 0x01d6a57864327397
Cesta k chybující aplikaci: D:\Docs\AppData\Local\dde36eee-653b-444a-a167-0750fbabc0c9\53618939634.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: a354ed67-116b-11eb-82a9-fcaa14b47617
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (10/18/2020 07:59:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: 53618939634.exe, verze: 1.0.0.1, časové razítko: 0x5d890137
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0f589c1a
ID chybujícího procesu: 0xf98
Čas spuštění chybující aplikace: 0x01d6a57864327397
Cesta k chybující aplikaci: D:\Docs\AppData\Local\dde36eee-653b-444a-a167-0750fbabc0c9\53618939634.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: a2d1cc24-116b-11eb-82a9-fcaa14b47617
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (10/18/2020 07:59:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: 53618939634.exe, verze: 1.0.0.1, časové razítko: 0x5d890137
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0f589c1a
ID chybujícího procesu: 0xf98
Čas spuštění chybující aplikace: 0x01d6a57864327397
Cesta k chybující aplikaci: D:\Docs\AppData\Local\dde36eee-653b-444a-a167-0750fbabc0c9\53618939634.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: a2bb94f3-116b-11eb-82a9-fcaa14b47617
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (10/18/2020 07:59:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: 53618939634.exe, verze: 1.0.0.1, časové razítko: 0x5d890137
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0f589c1a
ID chybujícího procesu: 0xf98
Čas spuštění chybující aplikace: 0x01d6a57864327397
Cesta k chybující aplikaci: D:\Docs\AppData\Local\dde36eee-653b-444a-a167-0750fbabc0c9\53618939634.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: a2a0bf9b-116b-11eb-82a9-fcaa14b47617
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (10/18/2020 08:01:27 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80070005): Microsoft.ZuneMusic.

Error: (10/18/2020 08:01:22 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80070005): Microsoft.Office.OneNote.

Error: (10/18/2020 08:01:22 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80070005): Microsoft.VCLibs.110.00.

Error: (10/18/2020 08:01:19 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80070005): Microsoft.VCLibs.120.00.Preview.

Error: (10/18/2020 08:01:14 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80070005): Microsoft.WinJS.1.0.

Error: (10/18/2020 08:01:14 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80070005): Microsoft.Media.PlayReadyClient.

Error: (10/18/2020 07:51:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Main Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (10/18/2020 07:50:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Windows Defender neuspěla při spuštění v důsledku následující chyby:
V systému Windows nelze ověřit digitální podpis tohoto souboru. Při nedávné změně hardwaru nebo softwaru mohl být nainstalován nesprávně podepsaný nebo poškozený soubor nebo soubor škodlivého softwaru z neznámého zdroje.


CodeIntegrity:
===================================

Date: 2020-10-18 19:50:33.922
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-10-18 19:24:12.266
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-10-18 19:00:03.230
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-10-18 18:02:24.800
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-10-16 18:17:18.255
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-06-15 14:37:16.945
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-03-11 19:14:49.432
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-03-11 18:46:55.276
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. F6 04/21/2015
Motherboard: Gigabyte Technology Co., Ltd. H97M-D3H
Processor: Intel(R) Pentium(R) CPU G3450 @ 3.40GHz
Percentage of memory in use: 54%
Total physical RAM: 3970.64 MB
Available physical RAM: 1819.12 MB
Total Virtual: 8066.64 MB
Available Virtual: 5726.65 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:100.24 GB) (Free:68 GB) NTFS
Drive d: (Data) (Fixed) (Total:830.92 GB) (Free:821.67 GB) NTFS

\\?\Volume{65009edf-2ec0-11e5-824f-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.34 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 3151426C)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=830.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Nezobrazující se nabidka start, zamrzání počítače

#2 Příspěvek od Diallix »

Dobry den.

:arrow: Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Uživatelský avatar
Šmíďák
Návštěvník
Návštěvník
Příspěvky: 144
Registrován: 15 říj 2012 13:42
Bydliště: Brno

Re: Nezobrazující se nabidka start, zamrzání počítače

#3 Příspěvek od Šmíďák »

Nešel stáhnout, ani z jiných stránek, zobrazuje se toto: <description id="intro">&intro2.label;</description>----------------------------^ Nakonec jsem to stáhl pomoci IE, nicméně až napodruhé, protože napprvé se okmžitě přejmenoval na koncovku .efji. Po restartu se AdwCleaner nespustil, tak jsem ho spustil ručně a byly tam dva logy, vkládám log s popisem"odstranit"

# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2020-09-29.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 10-18-2020
# Duration: 00:00:05
# OS: Windows 8.1 Pro
# Cleaned: 82
# Failed: 0


***** [ Services ] *****

Deleted Main Service
Deleted WtuSystemSupport
Deleted vToolbarUpdater40.3.8

***** [ Folders ] *****

Deleted C:\Program Files (x86)\Common Files\AVG Secure Search
Deleted C:\Program Files (x86)\DriverToolkit
Deleted C:\Program Files (x86)\MachinerData
Deleted C:\Program Files (x86)\avg web tuneup
Deleted C:\Program Files\Common Files\AVG Secure Search
Deleted C:\Program Files\avg web tuneup
Deleted C:\ProgramData\AVG Secure Search
Deleted C:\ProgramData\AVG Security Toolbar
Deleted C:\ProgramData\Garbage Cleaner
Deleted C:\ProgramData\avg web tuneup
Deleted C:\Users\Erik\AppData\Local\Packages\windows_ie_ac_001\AC\AVG Web TuneUp
Deleted C:\Users\Erik\AppData\Local\avg web tuneup
Deleted C:\Users\Filip\AppData\Local\Packages\windows_ie_ac_001\AC\AVG Web TuneUp
Deleted C:\Users\Filip\AppData\Local\avg web tuneup
Deleted C:\Users\JohnRambo\AppData\Local\avg web tuneup

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\System32\Tasks\1014tbUpdateInfo
Deleted C:\Windows\System32\Tasks\TIME TRIGGER TASK
Deleted C:\Windows\Tasks\1014tbUpdateInfo.job

***** [ Registry ] *****

Deleted HKCU\Software\Conduit
Deleted HKCU\Software\DriverToolkit
Deleted HKCU\Software\GCleaner
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Default_Page_URL
Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2B74F1D7-3C97-4EBF-A7DF-76CD180C86EC}
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|SysHelper
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|SysHelper
Deleted HKCU\Software\TNT2
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2DF77F78-45DA-4585-8094-E8742D72C306}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{344BC6B6-3BB0-43AA-8E1A-9877A3714063}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2DF77F78-45DA-4585-8094-E8742D72C306}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{344BC6B6-3BB0-43AA-8E1A-9877A3714063}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1014tbUpdateInfo
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Time Trigger Task
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{AF1654D8-31C7-4AC8-BB17-AFC64BCAA3EE}
Deleted HKLM\Software\AVG Secure Search
Deleted HKLM\Software\Classes\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}
Deleted HKLM\Software\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}
Deleted HKLM\Software\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}
Deleted HKLM\Software\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}
Deleted HKLM\Software\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
Deleted HKLM\Software\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}
Deleted HKLM\Software\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}
Deleted HKLM\Software\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
Deleted HKLM\Software\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
Deleted HKLM\Software\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}
Deleted HKLM\Software\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}
Deleted HKLM\Software\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}
Deleted HKLM\Software\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}
Deleted HKLM\Software\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}
Deleted HKLM\Software\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}
Deleted HKLM\Software\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}
Deleted HKLM\Software\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}
Deleted HKLM\Software\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
Deleted HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Deleted HKLM\Software\Classes\Interface\{D83C83BF-3EDD-4410-ADAB-5295116DD8C7}
Deleted HKLM\Software\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}
Deleted HKLM\Software\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}
Deleted HKLM\Software\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}
Deleted HKLM\Software\Classes\Interface\{F1912128-469A-4138-AA26-9699C15BB13E}
Deleted HKLM\Software\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}
Deleted HKLM\Software\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}
Deleted HKLM\Software\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
Deleted HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Deleted HKLM\Software\Classes\WtuServer.WtuServerObj
Deleted HKLM\Software\Classes\WtuServer.WtuServerObj.1
Deleted HKLM\Software\Microsoft\Internet Explorer\AboutUrls|Tabs
Deleted HKLM\Software\Wow6432Node\AVG Tuneup
Deleted HKLM\Software\Wow6432Node\Conduit
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Deleted HKLM\Software\Wow6432Node\\Google\Chrome\NativeMessagingHosts\avgsh
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Low Rights\DragDrop\{70BC1CDB-0744-4172-BDA0-B5A487D00C3A}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [9247 octets] - [18/10/2020 20:27:14]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Nezobrazující se nabidka start, zamrzání počítače

#4 Příspěvek od Diallix »

Dobre.

Poprosim o nove logy FRST + ADDITION.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Uživatelský avatar
Šmíďák
Návštěvník
Návštěvník
Příspěvky: 144
Registrován: 15 říj 2012 13:42
Bydliště: Brno

Re: Nezobrazující se nabidka start, zamrzání počítače

#5 Příspěvek od Šmíďák »

Tu koncvku .efji má spousta souborů, .exe soubory, které ji získají tak pak, i po jejím odmazání, nejdou spustit.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-10-2020
Ran by JohnRambo (administrator) on MARAST (Gigabyte Technology Co., Ltd. H97M-D3H) (18-10-2020 20:46:14)
Running from D:\Docs\Plocha
Loaded Profiles: JohnRambo
Platform: Windows 8.1 Pro (Update) (X64) Language: Čeština (Česká republika)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] D:\Docs\AppData\Roaming\Smart Clock\SmartClock.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Intel Corporation - pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows Hardware Compatibility Publisher -> Sonix) C:\Windows\vsnp2std.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <7>
(O&O Software GmbH -> O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(O&O Software GmbH -> O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Tweaking LLC -> Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [323312 2015-01-27] (Intel Corporation - Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8484056 2015-06-12] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [4465400 2015-05-21] (O&O Software GmbH -> O&O Software GmbH)
HKLM\...\Run: [CNAP3 Launcher] => C:\Windows\system32\spool\DRIVERS\x64\3\CNAP3LAK.EXE [228520 2012-06-14] (CANON INC. -> CANON INC.)
HKLM\...\Run: [snp2std] => C:\Windows\vsnp2std.exe [675840 2006-09-15] (Microsoft Windows Hardware Compatibility Publisher -> Sonix)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-4135652758-2871757375-1920405382-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKLM\...\Print\Monitors\Canon MFNP Port: C:\Windows\system32\CNCENPM6.dll [248832 2012-03-13] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\CNAP3 Monitor: C:\Windows\system32\CNAP3SMD.DLL [1625600 2013-04-19] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\O&O Defrag Tray.lnk [2015-07-20]
ShortcutTarget: O&O Defrag Tray.lnk -> C:\Windows\Installer\{CD105B98-DB7C-4E12-BB33-A12CBE721AAB}\app_icon.ico () [File not signed]
Startup: C:\Users\JohnRambo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe [2019-11-30] (Leader Technologies) [File not signed]
Startup: C:\Users\JohnRambo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartClock.lnk [2020-10-18]
ShortcutTarget: SmartClock.lnk -> D:\Docs\AppData\Roaming\Smart Clock\SmartClock.exe () [File not signed]

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A425979-AF50-4197-9053-5C5C9424B715} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {0A425979-AF50-4197-9053-5C5C9424B715} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [343040 [343040 2015-07-02]] (Microsoft Windows -> Microsoft Corporation)
Task: {236E0028-1E38-4E01-A1E4-573E9A73708C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1341008 2020-09-06] (Adobe Inc. -> Adobe Inc.)
Task: {2FA23CDC-6779-4FB6-A920-959AF040DCFB} - System32\Tasks\AVG EUpdate Task => C:\Program Files (x86)\AVG\Setup\avgsetupx.exe [3661072 2019-10-15] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
Task: {8BFBC824-BC3A-49CD-B7F5-2C4FC09D9CB3} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {8BFBC824-BC3A-49CD-B7F5-2C4FC09D9CB3} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {8BFBC824-BC3A-49CD-B7F5-2C4FC09D9CB3} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [343040 [343040 2015-07-02]] (Microsoft Windows -> Microsoft Corporation)
Task: {9CB34D71-6A50-4CB2-BC08-FDE393A6D9E7} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [660688 2020-10-18] (Mozilla Corporation -> Mozilla Foundation)
Task: {A073D152-ED90-42F5-978B-E4958716B420} - System32\Tasks\AdwCleaner_onReboot => D:\Docs\Plocha\adwcleaner_8.0.8.exe [8447152 2020-10-18] (Malwarebytes Inc -> Malwarebytes)
Task: {A35D45D1-6148-4C4D-9F61-3DCCE3E043DD} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [218336 2017-05-02] (Tweaking LLC -> Tweaking.com)
Task: {B2FC1B2F-F12F-4AF7-82C8-D001F5067093} - System32\Tasks\Smart Clock => D:\Docs\AppData\Roaming\Smart Clock\SmartClock.exe [1929728 2020-10-18] () [File not signed]
Task: {C99A98D6-1F74-4B82-B9CF-6AEEE138477F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {C99A98D6-1F74-4B82-B9CF-6AEEE138477F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [343040 [343040 2015-07-02]] (Microsoft Windows -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 188.122.222.222 188.122.222.223 8.8.8.8
Tcpip\..\Interfaces\{05B4D5C6-271A-488E-9AFE-4EB74D917A62}: [DhcpNameServer] 188.122.222.222 188.122.222.223 8.8.8.8

FireFox:
========
FF DefaultProfile: 92bxvzy9.default
FF ProfilePath: D:\Docs\AppData\Roaming\Mozilla\Firefox\Profiles\92bxvzy9.default [2020-10-18]
FF ProfilePath: D:\Docs\AppData\Roaming\Mozilla\Firefox\Profiles\o5et0wos.default-release [2020-10-18]
FF Session Restore: Mozilla\Firefox\Profiles\o5et0wos.default-release -> is enabled.
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google Inc -> Google, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-02-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [dkmjljdbbgogihjcapfhgkonfmccbffp]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169544 2020-09-06] (Adobe Inc. -> Adobe Inc.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [984032 2018-04-27] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5279232 2018-04-27] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [712864 2018-04-27] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [1666296 2015-05-21] (O&O Software GmbH -> O&O Software GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation -> Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313088 2017-03-23] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [283384 2017-09-04] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [253184 2017-04-11] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [313096 2016-08-04] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R3 SNP2STD; C:\Windows\system32\DRIVERS\snp2sxp.sys [12342656 2007-04-09] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 SNP2STD; C:\Windows\SysWOW64\DRIVERS\snp2sxp.sys [12039552 2007-04-09] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-10-18 20:28 - 2020-10-18 20:28 - 000003080 _____ C:\Windows\system32\Tasks\AdwCleaner_onReboot
2020-10-18 20:26 - 2020-10-18 20:28 - 000000000 ____D C:\AdwCleaner
2020-10-18 19:59 - 2020-10-18 20:46 - 000000000 ____D C:\FRST
2020-10-18 19:48 - 2020-10-18 19:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
2020-10-18 19:15 - 2020-10-18 19:15 - 000000000 ____D C:\Windows\LastGood.Tmp
2020-10-18 19:15 - 2020-10-18 19:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trust
2020-10-18 19:15 - 2007-04-09 11:38 - 012039552 _____ () C:\Windows\SysWOW64\Drivers\snp2sxp.sys
2020-10-18 19:15 - 2007-04-09 11:37 - 012342656 _____ () C:\Windows\system32\Drivers\snp2sxp.sys
2020-10-18 19:15 - 2007-03-29 16:04 - 000328704 _____ (Sonix) C:\Windows\system32\vsnp2std.dll
2020-10-18 19:15 - 2007-03-29 16:04 - 000249856 _____ (Sonix) C:\Windows\SysWOW64\vsnp2std.dll
2020-10-18 19:15 - 2007-01-25 18:48 - 000033664 _____ () C:\Windows\system32\Drivers\sncamd.sys
2020-10-18 19:15 - 2007-01-25 18:48 - 000025472 _____ () C:\Windows\SysWOW64\Drivers\sncamd.sys
2020-10-18 19:15 - 2006-11-16 15:57 - 000083968 _____ ( ) C:\Windows\system32\csnp2std.dll
2020-10-18 19:15 - 2006-10-12 17:21 - 000151552 _____ ( ) C:\Windows\SysWOW64\rsnp2std.dll
2020-10-18 19:15 - 2006-09-15 13:21 - 000675840 _____ (Sonix) C:\Windows\vsnp2std.exe
2020-10-18 19:15 - 2006-07-03 10:31 - 000094208 _____ (Microsoft Corporation) C:\Windows\amcap.exe
2020-10-18 19:15 - 2004-12-09 17:23 - 000015497 _____ C:\Windows\snp2std.ini
2020-10-18 19:15 - 2004-12-09 17:23 - 000013022 _____ C:\Windows\snp2std.src
2020-10-18 18:54 - 2020-10-18 18:54 - 000001113 _____ C:\Users\JohnRambo\_readme.txt
2020-10-18 18:54 - 2020-10-18 18:54 - 000001113 _____ C:\Users\Filip\_readme.txt
2020-10-18 18:54 - 2020-10-18 18:54 - 000001113 _____ C:\Users\Erik\_readme.txt
2020-10-18 18:54 - 2020-10-18 18:54 - 000001113 _____ C:\_readme.txt
2020-10-18 18:47 - 2020-10-18 18:47 - 000002966 _____ C:\Windows\system32\Tasks\Smart Clock
2020-10-18 18:47 - 2020-10-18 18:47 - 000000000 ____D C:\ProgramData\Riate
2020-10-18 18:46 - 2020-10-18 18:46 - 000000000 ____D C:\ProgramData\sib
2020-10-18 18:39 - 2020-10-18 18:39 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2020-10-18 18:39 - 2020-10-18 18:39 - 000440120 _____ (Microsoft Corporation) C:\ProgramData\msvcp140.dll
2020-10-18 18:39 - 2020-10-18 18:39 - 000334288 _____ (Mozilla Foundation) C:\ProgramData\freebl3.dll
2020-10-18 18:39 - 2020-10-18 18:39 - 000144848 _____ (Mozilla Foundation) C:\ProgramData\softokn3.dll
2020-10-18 18:39 - 2020-10-18 18:39 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2020-10-18 18:39 - 2020-10-18 18:39 - 000083784 _____ (Microsoft Corporation) C:\ProgramData\vcruntime140.dll
2020-10-18 18:39 - 2020-10-18 18:39 - 000000000 ____D C:\SystemID
2020-10-18 18:39 - 2020-10-18 18:39 - 000000000 ____D C:\ProgramData\17T3GC155UOJA608BU28H6DBJ
2020-10-18 18:37 - 2020-10-18 19:40 - 000000000 ____D C:\Program Files (x86)\DecMgr
2020-10-18 18:37 - 2010-08-25 16:20 - 000892928 _____ (Free Software Foundation) C:\Windows\SysWOW64\iconv.dll
2020-10-18 18:37 - 2010-08-25 16:20 - 000675840 _____ () C:\Windows\SysWOW64\ac3filter.ax
2020-10-18 18:37 - 2010-08-25 16:20 - 000496640 _____ C:\Windows\SysWOW64\xvid.ax
2020-10-18 18:15 - 2020-10-18 18:15 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2020-10-18 18:11 - 2020-10-18 18:59 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-10-18 18:01 - 2020-10-18 18:01 - 401695124 _____ C:\Windows\MEMORY.DMP
2020-10-18 18:01 - 2020-10-18 18:01 - 000289784 _____ C:\Windows\Minidump\101820-35171-01.dmp
2020-10-18 18:01 - 2020-10-18 18:01 - 000000000 ____D C:\Windows\Minidump

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-10-18 20:46 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\AppReadiness
2020-10-18 20:38 - 2019-10-06 13:32 - 000000000 ____D C:\Users\JohnRambo\AppData\LocalLow\Mozilla
2020-10-18 20:36 - 2015-07-20 12:26 - 000000000 __SHD C:\Users\JohnRambo\IntelGraphicsProfiles
2020-10-18 20:34 - 2014-03-18 17:33 - 001672896 _____ C:\Windows\system32\PerfStringBackup.INI
2020-10-18 20:34 - 2014-03-18 16:54 - 000700754 _____ C:\Windows\system32\perfh005.dat
2020-10-18 20:34 - 2014-03-18 16:54 - 000137774 _____ C:\Windows\system32\perfc005.dat
2020-10-18 20:34 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\Inf
2020-10-18 20:29 - 2013-08-22 16:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-10-18 19:25 - 2013-08-22 17:36 - 000000000 ___HD C:\Program Files\WindowsApps
2020-10-18 19:15 - 2015-07-20 12:22 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2020-10-18 19:15 - 2013-08-22 15:25 - 000000186 _____ C:\Windows\win.ini
2020-10-18 19:05 - 2015-07-20 11:38 - 000003598 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4135652758-2871757375-1920405382-1001
2020-10-18 18:59 - 2019-10-06 13:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-10-18 18:58 - 2015-07-20 11:26 - 000000000 ____D C:\Users\JohnRambo
2020-10-18 18:55 - 2019-11-30 15:11 - 000000000 __SHD C:\Users\Erik\IntelGraphicsProfiles
2020-10-18 18:54 - 2020-04-27 13:39 - 002086853 _____ C:\Users\Filip\Downloads\První republika.pdf.efji
2020-10-18 18:54 - 2020-04-08 17:18 - 000039460 _____ C:\Users\Filip\Downloads\Vlk.jpg.efji
2020-10-18 18:54 - 2020-03-15 19:27 - 000290512 _____ C:\Users\Erik\Downloads\cute_rottweiler_puppy-wallpaper-1280x1024.jpg.efji
2020-10-18 18:54 - 2019-12-04 21:20 - 000000000 __SHD C:\Users\Filip\IntelGraphicsProfiles
2020-10-18 18:54 - 2019-12-04 21:20 - 000000000 ____D C:\Users\Filip
2020-10-18 18:54 - 2019-11-30 15:09 - 000000000 ____D C:\Users\Erik
2020-10-18 18:54 - 2019-10-24 22:53 - 000000000 ____D C:\RegBackup
2020-10-18 18:54 - 2015-07-27 12:11 - 000000000 ___HD C:\$AVG
2020-10-18 18:21 - 2020-03-15 19:26 - 000003958 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{523087B8-5368-4900-A3C8-3B593B1CBCBB}
2020-10-18 18:20 - 2020-03-15 19:52 - 000003598 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4135652758-2871757375-1920405382-1003
2020-10-18 18:17 - 2019-10-06 13:32 - 000000000 ____D C:\ProgramData\Mozilla
2020-10-18 18:15 - 2019-10-06 13:32 - 000000954 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-10-18 18:05 - 2015-07-20 13:58 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2020-10-16 18:17 - 2015-07-21 06:39 - 000000000 ____D C:\ProgramData\MFAData

==================== Files in the root of some directories ========

2020-10-18 18:39 - 2020-10-18 18:39 - 000334288 _____ (Mozilla Foundation) C:\ProgramData\freebl3.dll
2020-10-18 18:39 - 2020-10-18 18:39 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2020-10-18 18:39 - 2020-10-18 18:39 - 000440120 _____ (Microsoft Corporation) C:\ProgramData\msvcp140.dll
2020-10-18 18:39 - 2020-10-18 18:39 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2020-10-18 18:39 - 2020-10-18 18:39 - 000144848 _____ (Mozilla Foundation) C:\ProgramData\softokn3.dll
2020-10-18 18:39 - 2020-10-18 18:39 - 000083784 _____ (Microsoft Corporation) C:\ProgramData\vcruntime140.dll
2020-10-18 20:24 - 2020-10-18 20:24 - 000000890 _____ () D:\Docs\AppData\Local\bowsakkdestx.txt
2020-10-18 18:39 - 2020-10-18 18:54 - 000000890 _____ () D:\Docs\AppData\Local\bowsakkdestx.txt.efji

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-12-04 22:57
==================== End of FRST.txt ========================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-10-2020
Ran by JohnRambo (18-10-2020 20:47:26)
Running from D:\Docs\Plocha
Windows 8.1 Pro (Update) (X64) (2015-07-20 09:26:56)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4135652758-2871757375-1920405382-500 - Administrator - Disabled)
Erik (S-1-5-21-4135652758-2871757375-1920405382-1003 - Limited - Enabled) => C:\Users\Erik
Filip (S-1-5-21-4135652758-2871757375-1920405382-1002 - Limited - Enabled) => C:\Users\Filip
Guest (S-1-5-21-4135652758-2871757375-1920405382-501 - Limited - Disabled)
JohnRambo (S-1-5-21-4135652758-2871757375-1920405382-1001 - Administrator - Enabled) => C:\Users\JohnRambo

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition (Disabled - Out of date) {C50510DE-367A-330C-FD5C-556ACFB11243}
AS: AVG AntiVirus Free Edition (Disabled - Out of date) {7E64F13A-1040-3C82-C7EC-6E18B43658FE}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
AVG (HKLM\...\{BC2DC909-A848-4886-BBC7-A4895875C708}) (Version: 16.161.8048 - AVG Technologies) Hidden
AVG 2016 (HKLM\...\{C19A3151-EC41-4DF4-A2A9-14166CB8649E}) (Version: 16.0.4793 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.71.7596 - AVG Technologies)
AVG Protection (HKLM-x32\...\AVG) (Version: 16.161.8048 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.9.626 - AVG Technologies)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.69.1078 - AB Team, d.o.o.)
Canon LBP7100C 7110C Uninstaller (HKLM\...\Canon LBP7100C 7110C) (Version: 5, 4, 0, 0 - Canon Inc.)
FMW 1 (HKLM\...\{DC2A8E3D-D5E1-4837-A2E0-C308100AC412}) (Version: 1.143.3 - AVG Technologies) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.6.2.1001 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{98f335cd-0a32-4b3f-b74c-ef9480e834f0}) (Version: 10.0.27 - Intel(R) Corporation) Hidden
K-Lite Codec Pack 11.4.0 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.4.0 - )
Microsoft Office Standard 2010 (HKLM\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Mozilla Firefox 81.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 81.0.2 (x64 en-US)) (Version: 81.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 69.0.2 - Mozilla)
O&O Defrag Professional (HKLM\...\{CD105B98-DB7C-4E12-BB33-A12CBE721AAB}) (Version: 18.9.60 - O&O Software GmbH)
OpenTTD 1.9.3 (HKLM-x32\...\OpenTTD) (Version: 1.9.3 - OpenTTD)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.239 - Google, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.73.701.2019 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Re-Volt patch 12.07 (HKLM-x32\...\Re-Volt) (Version: patch 12.07 - )
Rodokmen Pro 2.1.1 (HKLM-x32\...\Rodokmen Pro_is1) (Version: 2.1.1 - Martin Veškrna)
RollerCoaster Tycoon Deluxe (HKLM-x32\...\RollerCoaster Tycoon Deluxe_is1) (Version: - GOG.com)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Total Commander 64+32-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.51 - Ghisler Software GmbH)
Trust Webcam 15007 (HKLM-x32\...\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}) (Version: 5.7.22.001 - Sonix)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.5.4 - Tweaking.com)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
XnView 2.33 (HKLM-x32\...\XnView_is1) (Version: 2.33 - Gougelet Pierre-e)

Packages:
=========
Hry -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2019-10-19] (Microsoft Corporation) [MS Ad]
Hudba -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.672.0_x64__8wekyb3d8bbwe [2019-10-19] (Microsoft Corporation) [MS Ad]
MSN Cestování -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2019-10-19] (Microsoft Corporation) [MS Ad]
MSN Finance -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.4.344_x64__8wekyb3d8bbwe [2019-10-19] (Microsoft Corporation) [MS Ad]
MSN Gurmánský svět -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2019-10-19] (Microsoft Corporation) [MS Ad]
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.336_x64__8wekyb3d8bbwe [2019-10-19] (Microsoft Corporation) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.4.345_x64__8wekyb3d8bbwe [2019-10-19] (Microsoft Corporation) [MS Ad]
MSN Zdraví a fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2020-02-22] (Microsoft Corporation) [MS Ad]
MSN Zprávy -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.336_x64__8wekyb3d8bbwe [2019-10-19] (Microsoft Corporation) [MS Ad]
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c [2019-10-19] (Skype) [MS Ad]
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.446.0_x64__8wekyb3d8bbwe [2019-10-19] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [AVG Shell Extension] -> {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} => C:\Program Files (x86)\AVG\Av\avgsea.dll [2018-04-27] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} => -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AVG Shell Extension] -> {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} => C:\Program Files (x86)\AVG\Av\avgsea.dll [2018-04-27] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-10-15 18:52 - 2019-10-15 18:52 - 048920064 _____ () [File not signed] C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2015-09-01 17:06 - 2012-03-13 05:35 - 000248832 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNCENPM6.dll
2015-01-27 19:33 - 2015-01-27 19:33 - 000285696 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
2015-01-27 19:33 - 2015-01-27 19:33 - 000541696 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKU\S-1-5-21-4135652758-2871757375-1920405382-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL =
SearchScopes: HKU\S-1-5-21-4135652758-2871757375-1920405382-1001 -> {CAB39AE3-6367-4036-BB91-58E26C23CAD1} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11433
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.9.626\AVG Web TuneUp.dll => No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.9.626\AVG Web TuneUp.dll => No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKU\S-1-5-21-4135652758-2871757375-1920405382-1001 -> No Name - {65D62779-7349-41FF-9EEF-13106C95D71F} - No File
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [2008-05-23] (Microsoft Corporation) [File not signed]

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2019-10-24 23:13 - 000000855 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4135652758-2871757375-1920405382-1001\Control Panel\Desktop\\Wallpaper -> D:\Docs\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 188.122.222.222 - 188.122.222.223
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "CNAP3 Launcher"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{150DAA4A-66F3-4085-988B-74D599F37C27}] => (Allow) C:\Program Files (x86)\AVG2015\avgmfapx.exe => No File
FirewallRules: [{DDC1163B-B3D4-4874-B64C-A612FA86C858}] => (Allow) C:\Program Files (x86)\AVG2015\avgmfapx.exe => No File
FirewallRules: [{88D860FE-F500-4AD2-B3AF-23142A6DBB6A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{CCA0975B-BD28-4BCF-A1DD-A33FD21ADD02}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{C53EA68D-6923-4795-BB6E-9ECDDE87504E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6905615F-9C5A-4020-8192-78DEE35CE8AD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B56F5711-D6D4-4778-8157-38BBA59112E6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{2BDC958D-45C6-49AF-A23F-4FDBBA69A3A0}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{85E9AE47-E879-4410-A946-FAA97680D668}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{4F5F1D17-E6F2-4D66-BDDD-9D0838F1A607}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
FirewallRules: [TCP Query User{E6EBB148-E34D-42DC-8228-DCA6C59F8A33}D:\games\blur\blur.exe] => (Allow) D:\games\blur\blur.exe () [File not signed]
FirewallRules: [UDP Query User{E02E7173-82CC-499E-A5E4-9255F4F9D191}D:\games\blur\blur.exe] => (Allow) D:\games\blur\blur.exe () [File not signed]
FirewallRules: [{EC543A58-BFA7-438A-B8B6-64F11C1AE179}] => (Block) D:\games\blur\blur.exe () [File not signed]
FirewallRules: [{C6672F50-44D8-40FA-9677-02C54E0B5BDE}] => (Block) D:\games\blur\blur.exe () [File not signed]

==================== Restore Points =========================

24-10-2019 22:53:49 Tweaking.com - Windows Repair 2018
30-11-2019 15:56:07 Instalováno Realtek Ethernet Controller Driver
11-03-2020 20:00:01 Removed RollerCoaster Tycoon Deluxe
11-03-2020 20:25:32 Instalační služba modulů systému Windows
18-10-2020 19:14:02 Installed Trust Webcam 15007

==================== Faulty Device Manager Devices ============

Name: Standardní klávesnice PS/2
Description: Standardní klávesnice PS/2
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardní klávesnice)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: ========================

Application errors:
==================
Error: (10/18/2020 08:29:52 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhostex (2008) WebCacheLocal: Při otevírání souboru protokolu D:\Docs\AppData\Local\Microsoft\Windows\WebCache\V0100252.log došlo k chybě -1811 (0xfffff8ed).

Error: (10/18/2020 08:29:50 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Nelze načíst informace registru o čítači výkonu pro WSearchIdxPi pro instanci z důvodu následující chyby: Operace byla dokončena úspěšně. 0x0.

Error: (10/18/2020 08:29:49 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Sledování výkonu objektu indexovacího modulu nebylo inicializováno, protože nejsou načteny čítače nebo nebyl otevřen sdílený objekt paměti. Tato skutečnost má vliv pouze na dostupnost čítačů výkonu. Restartujte počítač.

Kontext: aplikace , katalog SystemIndex

Error: (10/18/2020 08:29:49 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Sledování výkonu služby indexovacího modulu nebylo inicializováno, protože nejsou načteny čítače nebo nebyl otevřen sdílený objekt paměti. Tato skutečnost má vliv pouze na dostupnost čítačů výkonu. Restartujte počítač.

Error: (10/18/2020 08:24:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: 53618939634.exe, verze: 1.0.0.1, časové razítko: 0x5d890137
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0f589c1a
ID chybujícího procesu: 0x538
Čas spuštění chybující aplikace: 0x01d6a57be247ab84
Cesta k chybující aplikaci: D:\Docs\AppData\Local\dde36eee-653b-444a-a167-0750fbabc0c9\53618939634.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 277f9a52-116f-11eb-82a9-fcaa14b47617
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (10/18/2020 08:24:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: 53618939634.exe, verze: 1.0.0.1, časové razítko: 0x5d890137
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0f589c1a
ID chybujícího procesu: 0x538
Čas spuštění chybující aplikace: 0x01d6a57be247ab84
Cesta k chybující aplikaci: D:\Docs\AppData\Local\dde36eee-653b-444a-a167-0750fbabc0c9\53618939634.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 2642fbfe-116f-11eb-82a9-fcaa14b47617
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (10/18/2020 08:24:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: 53618939634.exe, verze: 1.0.0.1, časové razítko: 0x5d890137
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0f589c1a
ID chybujícího procesu: 0x538
Čas spuštění chybující aplikace: 0x01d6a57be247ab84
Cesta k chybující aplikaci: D:\Docs\AppData\Local\dde36eee-653b-444a-a167-0750fbabc0c9\53618939634.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 2632f27c-116f-11eb-82a9-fcaa14b47617
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (10/18/2020 08:24:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: 53618939634.exe, verze: 1.0.0.1, časové razítko: 0x5d890137
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0f589c1a
ID chybujícího procesu: 0x538
Čas spuštění chybující aplikace: 0x01d6a57be247ab84
Cesta k chybující aplikaci: D:\Docs\AppData\Local\dde36eee-653b-444a-a167-0750fbabc0c9\53618939634.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 262448e5-116f-11eb-82a9-fcaa14b47617
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (10/18/2020 08:44:41 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: Ve struktuře systému souborů na svazku C: bylo zjištěno poškození.

Přesná povaha poškození není známa. Je potřeba zkontrolovat a opravit struktury systému souborů v online režimu.

Error: (10/18/2020 08:41:09 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80070005): Microsoft.ZuneMusic.

Error: (10/18/2020 08:41:04 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80070005): Microsoft.Office.OneNote.

Error: (10/18/2020 08:41:04 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80070005): Microsoft.VCLibs.110.00.

Error: (10/18/2020 08:41:02 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80070005): Microsoft.VCLibs.120.00.Preview.

Error: (10/18/2020 08:40:57 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80070005): Microsoft.WinJS.1.0.

Error: (10/18/2020 08:40:57 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80070005): Microsoft.Media.PlayReadyClient.

Error: (10/18/2020 08:29:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla ukončena s následující chybou:
Byl proveden pokus o odkaz na neexistující token.


CodeIntegrity:
===================================

Date: 2020-10-18 20:29:48.823
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-10-18 19:50:33.922
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-10-18 19:24:12.266
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-10-18 19:00:03.230
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-10-18 18:02:24.800
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-10-16 18:17:18.255
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-06-15 14:37:16.945
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-03-11 19:14:49.432
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. F6 04/21/2015
Motherboard: Gigabyte Technology Co., Ltd. H97M-D3H
Processor: Intel(R) Pentium(R) CPU G3450 @ 3.40GHz
Percentage of memory in use: 60%
Total physical RAM: 3970.64 MB
Available physical RAM: 1568.73 MB
Total Virtual: 8066.64 MB
Available Virtual: 5093.91 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:100.24 GB) (Free:67.86 GB) NTFS
Drive d: (Data) (Fixed) (Total:830.92 GB) (Free:821.5 GB) NTFS

\\?\Volume{65009edf-2ec0-11e5-824f-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.34 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 3151426C)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=830.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Nezobrazující se nabidka start, zamrzání počítače

#6 Příspěvek od Diallix »

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

CloseProcesses:
CreateRestorePoint:


D:\Docs\AppData\Roaming\Smart Clock\SmartClock.exe
D:\Docs\AppData\Roaming\Smart Clock
HKU\S-1-5-21-4135652758-2871757375-1920405382-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Task: {8BFBC824-BC3A-49CD-B7F5-2C4FC09D9CB3} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {8BFBC824-BC3A-49CD-B7F5-2C4FC09D9CB3} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {8BFBC824-BC3A-49CD-B7F5-2C4FC09D9CB3} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [343040 [343040 2015-07-02]] (Microsoft Windows -> Microsoft Corporation)
Task: {C99A98D6-1F74-4B82-B9CF-6AEEE138477F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {C99A98D6-1F74-4B82-B9CF-6AEEE138477F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [343040 [343040 2015-07-02]] (Microsoft Windows -> Microsoft Corporation)
Task: {B2FC1B2F-F12F-4AF7-82C8-D001F5067093} - System32\Tasks\Smart Clock => D:\Docs\AppData\Roaming\Smart Clock\SmartClock.exe [1929728 2020-10-18] () [File not signed]
Task: {0A425979-AF50-4197-9053-5C5C9424B715} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {0A425979-AF50-4197-9053-5C5C9424B715} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [343040 [343040 2015-07-02]] (Microsoft Windows -> Microsoft Corporation)
Task: {8BFBC824-BC3A-49CD-B7F5-2C4FC09D9CB3} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {8BFBC824-BC3A-49CD-B7F5-2C4FC09D9CB3} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {8BFBC824-BC3A-49CD-B7F5-2C4FC09D9CB3} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [343040 [343040 2015-07-02]] (Microsoft Windows -> Microsoft Corporation)
2020-10-18 18:39 - 2020-10-18 18:39 - 000334288 _____ (Mozilla Foundation) C:\ProgramData\freebl3.dll
2020-10-18 18:39 - 2020-10-18 18:39 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2020-10-18 18:39 - 2020-10-18 18:39 - 000440120 _____ (Microsoft Corporation) C:\ProgramData\msvcp140.dll
2020-10-18 18:39 - 2020-10-18 18:39 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2020-10-18 18:39 - 2020-10-18 18:39 - 000144848 _____ (Mozilla Foundation) C:\ProgramData\softokn3.dll
2020-10-18 18:39 - 2020-10-18 18:39 - 000083784 _____ (Microsoft Corporation) C:\ProgramData\vcruntime140.dll
2020-10-18 20:24 - 2020-10-18 20:24 - 000000890 _____ () D:\Docs\AppData\Local\bowsakkdestx.txt
2020-10-18 18:39 - 2020-10-18 18:54 - 000000890 _____ () D:\Docs\AppData\Local\bowsakkdestx.txt.efji
2020-10-18 18:39 - 2020-10-18 18:39 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2020-10-18 18:39 - 2020-10-18 18:39 - 000440120 _____ (Microsoft Corporation) C:\ProgramData\msvcp140.dll
2020-10-18 18:39 - 2020-10-18 18:39 - 000334288 _____ (Mozilla Foundation) C:\ProgramData\freebl3.dll
2020-10-18 18:39 - 2020-10-18 18:39 - 000144848 _____ (Mozilla Foundation) C:\ProgramData\softokn3.dll
2020-10-18 18:39 - 2020-10-18 18:39 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2020-10-18 18:39 - 2020-10-18 18:39 - 000083784 _____ (Microsoft Corporation) C:\ProgramData\vcruntime140.dll
2020-10-18 18:39 - 2020-10-18 18:39 - 000000000 ____D C:\SystemID
2020-10-18 18:39 - 2020-10-18 18:39 - 000000000 ____D C:\ProgramData\17T3GC155UOJA608BU28H6DBJ
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} => -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
SearchScopes: HKU\S-1-5-21-4135652758-2871757375-1920405382-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL =
SearchScopes: HKU\S-1-5-21-4135652758-2871757375-1920405382-1001 -> {CAB39AE3-6367-4036-BB91-58E26C23CAD1} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11433
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.9.626\AVG Web TuneUp.dll => No File
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.9.626\AVG Web TuneUp.dll => No File
Toolbar: HKU\S-1-5-21-4135652758-2871757375-1920405382-1001 -> No Name - {65D62779-7349-41FF-9EEF-13106C95D71F} - No File
HKLM\...\StartupApproved\Run: => "CNAP3 Launcher"
FirewallRules: [{150DAA4A-66F3-4085-988B-74D599F37C27}] => (Allow) C:\Program Files (x86)\AVG2015\avgmfapx.exe => No File
FirewallRules: [{DDC1163B-B3D4-4874-B64C-A612FA86C858}] => (Allow) C:\Program Files (x86)\AVG2015\avgmfapx.exe => No File

EmptyTemp:

Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Uživatelský avatar
Šmíďák
Návštěvník
Návštěvník
Příspěvky: 144
Registrován: 15 říj 2012 13:42
Bydliště: Brno

Re: Nezobrazující se nabidka start, zamrzání počítače

#7 Příspěvek od Šmíďák »

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-10-2020
Ran by JohnRambo (18-10-2020 21:08:47) Run:1
Running from D:\Docs\Plocha
Loaded Profiles: JohnRambo
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:


D:\Docs\AppData\Roaming\Smart Clock\SmartClock.exe
D:\Docs\AppData\Roaming\Smart Clock
HKU\S-1-5-21-4135652758-2871757375-1920405382-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Task: {8BFBC824-BC3A-49CD-B7F5-2C4FC09D9CB3} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {8BFBC824-BC3A-49CD-B7F5-2C4FC09D9CB3} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {8BFBC824-BC3A-49CD-B7F5-2C4FC09D9CB3} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [343040 [343040 2015-07-02]] (Microsoft Windows -> Microsoft Corporation)
Task: {C99A98D6-1F74-4B82-B9CF-6AEEE138477F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {C99A98D6-1F74-4B82-B9CF-6AEEE138477F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [343040 [343040 2015-07-02]] (Microsoft Windows -> Microsoft Corporation)
Task: {B2FC1B2F-F12F-4AF7-82C8-D001F5067093} - System32\Tasks\Smart Clock => D:\Docs\AppData\Roaming\Smart Clock\SmartClock.exe [1929728 2020-10-18] () [File not signed]
Task: {0A425979-AF50-4197-9053-5C5C9424B715} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {0A425979-AF50-4197-9053-5C5C9424B715} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [343040 [343040 2015-07-02]] (Microsoft Windows -> Microsoft Corporation)
Task: {8BFBC824-BC3A-49CD-B7F5-2C4FC09D9CB3} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {8BFBC824-BC3A-49CD-B7F5-2C4FC09D9CB3} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {8BFBC824-BC3A-49CD-B7F5-2C4FC09D9CB3} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [343040 [343040 2015-07-02]] (Microsoft Windows -> Microsoft Corporation)
2020-10-18 18:39 - 2020-10-18 18:39 - 000334288 _____ (Mozilla Foundation) C:\ProgramData\freebl3.dll
2020-10-18 18:39 - 2020-10-18 18:39 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2020-10-18 18:39 - 2020-10-18 18:39 - 000440120 _____ (Microsoft Corporation) C:\ProgramData\msvcp140.dll
2020-10-18 18:39 - 2020-10-18 18:39 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2020-10-18 18:39 - 2020-10-18 18:39 - 000144848 _____ (Mozilla Foundation) C:\ProgramData\softokn3.dll
2020-10-18 18:39 - 2020-10-18 18:39 - 000083784 _____ (Microsoft Corporation) C:\ProgramData\vcruntime140.dll
2020-10-18 20:24 - 2020-10-18 20:24 - 000000890 _____ () D:\Docs\AppData\Local\bowsakkdestx.txt
2020-10-18 18:39 - 2020-10-18 18:54 - 000000890 _____ () D:\Docs\AppData\Local\bowsakkdestx.txt.efji
2020-10-18 18:39 - 2020-10-18 18:39 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2020-10-18 18:39 - 2020-10-18 18:39 - 000440120 _____ (Microsoft Corporation) C:\ProgramData\msvcp140.dll
2020-10-18 18:39 - 2020-10-18 18:39 - 000334288 _____ (Mozilla Foundation) C:\ProgramData\freebl3.dll
2020-10-18 18:39 - 2020-10-18 18:39 - 000144848 _____ (Mozilla Foundation) C:\ProgramData\softokn3.dll
2020-10-18 18:39 - 2020-10-18 18:39 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2020-10-18 18:39 - 2020-10-18 18:39 - 000083784 _____ (Microsoft Corporation) C:\ProgramData\vcruntime140.dll
2020-10-18 18:39 - 2020-10-18 18:39 - 000000000 ____D C:\SystemID
2020-10-18 18:39 - 2020-10-18 18:39 - 000000000 ____D C:\ProgramData\17T3GC155UOJA608BU28H6DBJ
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} => -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
SearchScopes: HKU\S-1-5-21-4135652758-2871757375-1920405382-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL =
SearchScopes: HKU\S-1-5-21-4135652758-2871757375-1920405382-1001 -> {CAB39AE3-6367-4036-BB91-58E26C23CAD1} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11433
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.9.626\AVG Web TuneUp.dll => No File
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.9.626\AVG Web TuneUp.dll => No File
Toolbar: HKU\S-1-5-21-4135652758-2871757375-1920405382-1001 -> No Name - {65D62779-7349-41FF-9EEF-13106C95D71F} - No File
HKLM\...\StartupApproved\Run: => "CNAP3 Launcher"
FirewallRules: [{150DAA4A-66F3-4085-988B-74D599F37C27}] => (Allow) C:\Program Files (x86)\AVG2015\avgmfapx.exe => No File
FirewallRules: [{DDC1163B-B3D4-4874-B64C-A612FA86C858}] => (Allow) C:\Program Files (x86)\AVG2015\avgmfapx.exe => No File

EmptyTemp:

*****************

Processes closed successfully.
Restore point was successfully created.
D:\Docs\AppData\Roaming\Smart Clock\SmartClock.exe => moved successfully
D:\Docs\AppData\Roaming\Smart Clock => moved successfully
"HKU\S-1-5-21-4135652758-2871757375-1920405382-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks" => removed successfully
"HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8BFBC824-BC3A-49CD-B7F5-2C4FC09D9CB3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8BFBC824-BC3A-49CD-B7F5-2C4FC09D9CB3}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8BFBC824-BC3A-49CD-B7F5-2C4FC09D9CB3}" => not found
"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8BFBC824-BC3A-49CD-B7F5-2C4FC09D9CB3}" => not found
"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C99A98D6-1F74-4B82-B9CF-6AEEE138477F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C99A98D6-1F74-4B82-B9CF-6AEEE138477F}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C99A98D6-1F74-4B82-B9CF-6AEEE138477F}" => not found
"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B2FC1B2F-F12F-4AF7-82C8-D001F5067093}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2FC1B2F-F12F-4AF7-82C8-D001F5067093}" => removed successfully
C:\Windows\System32\Tasks\Smart Clock => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Smart Clock" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0A425979-AF50-4197-9053-5C5C9424B715}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A425979-AF50-4197-9053-5C5C9424B715}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A425979-AF50-4197-9053-5C5C9424B715}" => not found
"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8BFBC824-BC3A-49CD-B7F5-2C4FC09D9CB3}" => not found
"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8BFBC824-BC3A-49CD-B7F5-2C4FC09D9CB3}" => not found
"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8BFBC824-BC3A-49CD-B7F5-2C4FC09D9CB3}" => not found
"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => not found
C:\ProgramData\freebl3.dll => moved successfully
C:\ProgramData\mozglue.dll => moved successfully
C:\ProgramData\msvcp140.dll => moved successfully
C:\ProgramData\nss3.dll => moved successfully
C:\ProgramData\softokn3.dll => moved successfully
C:\ProgramData\vcruntime140.dll => moved successfully
"2020-10-18 20:24 - 2020-10-18 20:24 - 000000890 _____ () D:\Docs\AppData\Local\bowsakkdestx.txt" => not found
"2020-10-18 18:39 - 2020-10-18 18:54 - 000000890 _____ () D:\Docs\AppData\Local\bowsakkdestx.txt.efji" => not found
"C:\ProgramData\nss3.dll" => not found
"C:\ProgramData\msvcp140.dll" => not found
"C:\ProgramData\freebl3.dll" => not found
"C:\ProgramData\softokn3.dll" => not found
"C:\ProgramData\mozglue.dll" => not found
"C:\ProgramData\vcruntime140.dll" => not found
C:\SystemID => moved successfully
C:\ProgramData\17T3GC155UOJA608BU28H6DBJ => moved successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MSSE => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\BFE => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\BITS => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\dps => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\\"Default"="" => value restored successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\\"AlternateShell"="cmd.exe" => value restored successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\vss => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\WSService => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\BITS => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\camsvc => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\dps => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\lfsvc => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\msiserver => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\SamSs => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\srv => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\srv2 => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\srvnet => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\\"Default"="" => value restored successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\\"AlternateShell"="cmd.exe" => value restored successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\vss => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WSService => removed successfully
"HKU\S-1-5-21-4135652758-2871757375-1920405382-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-4135652758-2871757375-1920405382-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CAB39AE3-6367-4036-BB91-58E26C23CAD1} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => removed successfully
HKLM\Software\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => removed successfully
"HKU\S-1-5-21-4135652758-2871757375-1920405382-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{65D62779-7349-41FF-9EEF-13106C95D71F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\CNAP3 Launcher" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CNAP3 Launcher" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{150DAA4A-66F3-4085-988B-74D599F37C27}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DDC1163B-B3D4-4874-B64C-A612FA86C858}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9122597 B
Java, Flash, Steam htmlcache => 4326 B
Windows/system/drivers => 106392636 B
Edge => 0 B
Chrome => 0 B
Firefox => 361959874 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
JohnRambo => 219435 B
Filip => 276999 B
Erik => 329685 B

RecycleBin => 692 B
EmptyTemp: => 464.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:09:21 ====

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Nezobrazující se nabidka start, zamrzání počítače

#8 Příspěvek od Diallix »

Ako je na tom system?

Hodte mi tu, prosim, este nove logy FRST + ADDITION.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Uživatelský avatar
Šmíďák
Návštěvník
Návštěvník
Příspěvky: 144
Registrován: 15 říj 2012 13:42
Bydliště: Brno

Re: Nezobrazující se nabidka start, zamrzání počítače

#9 Příspěvek od Šmíďák »

Nic se nezměnilo, jen to vypadá, že se netvoří koncovky .efji

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-10-2020
Ran by JohnRambo (administrator) on MARAST (Gigabyte Technology Co., Ltd. H97M-D3H) (18-10-2020 21:19:24)
Running from D:\Docs\Plocha
Loaded Profiles: JohnRambo
Platform: Windows 8.1 Pro (Update) (X64) Language: Čeština (Česká republika)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe
(AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Intel Corporation - pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Microsoft Windows Hardware Compatibility Publisher -> Sonix) C:\Windows\vsnp2std.exe
(O&O Software GmbH -> O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(O&O Software GmbH -> O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [323312 2015-01-27] (Intel Corporation - Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8484056 2015-06-12] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [4465400 2015-05-21] (O&O Software GmbH -> O&O Software GmbH)
HKLM\...\Run: [snp2std] => C:\Windows\vsnp2std.exe [675840 2006-09-15] (Microsoft Windows Hardware Compatibility Publisher -> Sonix)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
HKLM\...\Print\Monitors\Canon MFNP Port: C:\Windows\system32\CNCENPM6.dll [248832 2012-03-13] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\CNAP3 Monitor: C:\Windows\system32\CNAP3SMD.DLL [1625600 2013-04-19] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\O&O Defrag Tray.lnk [2015-07-20]
ShortcutTarget: O&O Defrag Tray.lnk -> C:\Windows\Installer\{CD105B98-DB7C-4E12-BB33-A12CBE721AAB}\app_icon.ico () [File not signed]
Startup: C:\Users\JohnRambo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe [2019-11-30] (Leader Technologies) [File not signed]
Startup: C:\Users\JohnRambo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartClock.lnk [2020-10-18]
ShortcutTarget: SmartClock.lnk -> D:\Docs\AppData\Roaming\Smart Clock\SmartClock.exe (No File)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {236E0028-1E38-4E01-A1E4-573E9A73708C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1341008 2020-09-06] (Adobe Inc. -> Adobe Inc.)
Task: {2FA23CDC-6779-4FB6-A920-959AF040DCFB} - System32\Tasks\AVG EUpdate Task => C:\Program Files (x86)\AVG\Setup\avgsetupx.exe [3661072 2019-10-15] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
Task: {9CB34D71-6A50-4CB2-BC08-FDE393A6D9E7} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [660688 2020-10-18] (Mozilla Corporation -> Mozilla Foundation)
Task: {A073D152-ED90-42F5-978B-E4958716B420} - System32\Tasks\AdwCleaner_onReboot => D:\Docs\Plocha\adwcleaner_8.0.8.exe [8447152 2020-10-18] (Malwarebytes Inc -> Malwarebytes)
Task: {A35D45D1-6148-4C4D-9F61-3DCCE3E043DD} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [218336 2017-05-02] (Tweaking LLC -> Tweaking.com)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 188.122.222.222 188.122.222.223 8.8.8.8
Tcpip\..\Interfaces\{05B4D5C6-271A-488E-9AFE-4EB74D917A62}: [DhcpNameServer] 188.122.222.222 188.122.222.223 8.8.8.8

FireFox:
========
FF DefaultProfile: 92bxvzy9.default
FF ProfilePath: D:\Docs\AppData\Roaming\Mozilla\Firefox\Profiles\92bxvzy9.default [2020-10-18]
FF ProfilePath: D:\Docs\AppData\Roaming\Mozilla\Firefox\Profiles\o5et0wos.default-release [2020-10-18]
FF Session Restore: Mozilla\Firefox\Profiles\o5et0wos.default-release -> is enabled.
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google Inc -> Google, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-02-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [dkmjljdbbgogihjcapfhgkonfmccbffp]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169544 2020-09-06] (Adobe Inc. -> Adobe Inc.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [984032 2018-04-27] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5279232 2018-04-27] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [712864 2018-04-27] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [1666296 2015-05-21] (O&O Software GmbH -> O&O Software GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation -> Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313088 2017-03-23] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [283384 2017-09-04] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [253184 2017-04-11] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [313096 2016-08-04] (AVG Technologies CZ, s.r.o. -> AVG Technologies CZ, s.r.o.)
R3 SNP2STD; C:\Windows\system32\DRIVERS\snp2sxp.sys [12342656 2007-04-09] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 SNP2STD; C:\Windows\SysWOW64\DRIVERS\snp2sxp.sys [12039552 2007-04-09] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-10-18 20:28 - 2020-10-18 20:28 - 000003080 _____ C:\Windows\system32\Tasks\AdwCleaner_onReboot
2020-10-18 20:26 - 2020-10-18 20:28 - 000000000 ____D C:\AdwCleaner
2020-10-18 19:59 - 2020-10-18 21:19 - 000000000 ____D C:\FRST
2020-10-18 19:48 - 2020-10-18 19:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
2020-10-18 19:15 - 2020-10-18 19:15 - 000000000 ____D C:\Windows\LastGood.Tmp
2020-10-18 19:15 - 2020-10-18 19:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trust
2020-10-18 19:15 - 2007-04-09 11:38 - 012039552 _____ () C:\Windows\SysWOW64\Drivers\snp2sxp.sys
2020-10-18 19:15 - 2007-04-09 11:37 - 012342656 _____ () C:\Windows\system32\Drivers\snp2sxp.sys
2020-10-18 19:15 - 2007-03-29 16:04 - 000328704 _____ (Sonix) C:\Windows\system32\vsnp2std.dll
2020-10-18 19:15 - 2007-03-29 16:04 - 000249856 _____ (Sonix) C:\Windows\SysWOW64\vsnp2std.dll
2020-10-18 19:15 - 2007-01-25 18:48 - 000033664 _____ () C:\Windows\system32\Drivers\sncamd.sys
2020-10-18 19:15 - 2007-01-25 18:48 - 000025472 _____ () C:\Windows\SysWOW64\Drivers\sncamd.sys
2020-10-18 19:15 - 2006-11-16 15:57 - 000083968 _____ ( ) C:\Windows\system32\csnp2std.dll
2020-10-18 19:15 - 2006-10-12 17:21 - 000151552 _____ ( ) C:\Windows\SysWOW64\rsnp2std.dll
2020-10-18 19:15 - 2006-09-15 13:21 - 000675840 _____ (Sonix) C:\Windows\vsnp2std.exe
2020-10-18 19:15 - 2006-07-03 10:31 - 000094208 _____ (Microsoft Corporation) C:\Windows\amcap.exe
2020-10-18 19:15 - 2004-12-09 17:23 - 000015497 _____ C:\Windows\snp2std.ini
2020-10-18 19:15 - 2004-12-09 17:23 - 000013022 _____ C:\Windows\snp2std.src
2020-10-18 18:54 - 2020-10-18 18:54 - 000001113 _____ C:\Users\JohnRambo\_readme.txt
2020-10-18 18:54 - 2020-10-18 18:54 - 000001113 _____ C:\Users\Filip\_readme.txt
2020-10-18 18:54 - 2020-10-18 18:54 - 000001113 _____ C:\Users\Erik\_readme.txt
2020-10-18 18:54 - 2020-10-18 18:54 - 000001113 _____ C:\_readme.txt
2020-10-18 18:47 - 2020-10-18 18:47 - 000000000 ____D C:\ProgramData\Riate
2020-10-18 18:46 - 2020-10-18 18:46 - 000000000 ____D C:\ProgramData\sib
2020-10-18 18:37 - 2020-10-18 19:40 - 000000000 ____D C:\Program Files (x86)\DecMgr
2020-10-18 18:37 - 2010-08-25 16:20 - 000892928 _____ (Free Software Foundation) C:\Windows\SysWOW64\iconv.dll
2020-10-18 18:37 - 2010-08-25 16:20 - 000675840 _____ () C:\Windows\SysWOW64\ac3filter.ax
2020-10-18 18:37 - 2010-08-25 16:20 - 000496640 _____ C:\Windows\SysWOW64\xvid.ax
2020-10-18 18:15 - 2020-10-18 18:15 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2020-10-18 18:11 - 2020-10-18 18:59 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-10-18 18:01 - 2020-10-18 18:01 - 401695124 _____ C:\Windows\MEMORY.DMP
2020-10-18 18:01 - 2020-10-18 18:01 - 000289784 _____ C:\Windows\Minidump\101820-35171-01.dmp
2020-10-18 18:01 - 2020-10-18 18:01 - 000000000 ____D C:\Windows\Minidump

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-10-18 21:19 - 2019-10-06 13:32 - 000000000 ____D C:\Users\JohnRambo\AppData\LocalLow\Mozilla
2020-10-18 21:17 - 2015-07-20 12:26 - 000000000 __SHD C:\Users\JohnRambo\IntelGraphicsProfiles
2020-10-18 21:17 - 2013-08-22 16:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-10-18 21:15 - 2014-03-18 17:33 - 001672896 _____ C:\Windows\system32\PerfStringBackup.INI
2020-10-18 21:15 - 2014-03-18 16:54 - 000700754 _____ C:\Windows\system32\perfh005.dat
2020-10-18 21:15 - 2014-03-18 16:54 - 000137774 _____ C:\Windows\system32\perfc005.dat
2020-10-18 21:15 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\Inf
2020-10-18 20:46 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\AppReadiness
2020-10-18 19:25 - 2013-08-22 17:36 - 000000000 ___HD C:\Program Files\WindowsApps
2020-10-18 19:15 - 2015-07-20 12:22 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2020-10-18 19:15 - 2013-08-22 15:25 - 000000186 _____ C:\Windows\win.ini
2020-10-18 19:05 - 2015-07-20 11:38 - 000003598 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4135652758-2871757375-1920405382-1001
2020-10-18 18:59 - 2019-10-06 13:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-10-18 18:58 - 2015-07-20 11:26 - 000000000 ____D C:\Users\JohnRambo
2020-10-18 18:55 - 2019-11-30 15:11 - 000000000 __SHD C:\Users\Erik\IntelGraphicsProfiles
2020-10-18 18:54 - 2020-04-27 13:39 - 002086853 _____ C:\Users\Filip\Downloads\První republika.pdf.efji
2020-10-18 18:54 - 2020-04-08 17:18 - 000039460 _____ C:\Users\Filip\Downloads\Vlk.jpg.efji
2020-10-18 18:54 - 2020-03-15 19:27 - 000290512 _____ C:\Users\Erik\Downloads\cute_rottweiler_puppy-wallpaper-1280x1024.jpg.efji
2020-10-18 18:54 - 2019-12-04 21:20 - 000000000 __SHD C:\Users\Filip\IntelGraphicsProfiles
2020-10-18 18:54 - 2019-12-04 21:20 - 000000000 ____D C:\Users\Filip
2020-10-18 18:54 - 2019-11-30 15:09 - 000000000 ____D C:\Users\Erik
2020-10-18 18:54 - 2019-10-24 22:53 - 000000000 ____D C:\RegBackup
2020-10-18 18:54 - 2015-07-27 12:11 - 000000000 ___HD C:\$AVG
2020-10-18 18:21 - 2020-03-15 19:26 - 000003958 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{523087B8-5368-4900-A3C8-3B593B1CBCBB}
2020-10-18 18:20 - 2020-03-15 19:52 - 000003598 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4135652758-2871757375-1920405382-1003
2020-10-18 18:17 - 2019-10-06 13:32 - 000000000 ____D C:\ProgramData\Mozilla
2020-10-18 18:15 - 2019-10-06 13:32 - 000000954 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-10-18 18:05 - 2015-07-20 13:58 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2020-10-16 18:17 - 2015-07-21 06:39 - 000000000 ____D C:\ProgramData\MFAData

==================== Files in the root of some directories ========

2020-10-18 20:24 - 2020-10-18 20:24 - 000000890 _____ () D:\Docs\AppData\Local\bowsakkdestx.txt
2020-10-18 18:39 - 2020-10-18 18:54 - 000000890 _____ () D:\Docs\AppData\Local\bowsakkdestx.txt.efji

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-12-04 22:57
==================== End of FRST.txt ========================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-10-2020
Ran by JohnRambo (18-10-2020 21:20:26)
Running from D:\Docs\Plocha
Windows 8.1 Pro (Update) (X64) (2015-07-20 09:26:56)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4135652758-2871757375-1920405382-500 - Administrator - Disabled)
Erik (S-1-5-21-4135652758-2871757375-1920405382-1003 - Limited - Enabled) => C:\Users\Erik
Filip (S-1-5-21-4135652758-2871757375-1920405382-1002 - Limited - Enabled) => C:\Users\Filip
Guest (S-1-5-21-4135652758-2871757375-1920405382-501 - Limited - Disabled)
JohnRambo (S-1-5-21-4135652758-2871757375-1920405382-1001 - Administrator - Enabled) => C:\Users\JohnRambo

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition (Disabled - Out of date) {C50510DE-367A-330C-FD5C-556ACFB11243}
AS: AVG AntiVirus Free Edition (Disabled - Out of date) {7E64F13A-1040-3C82-C7EC-6E18B43658FE}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
AVG (HKLM\...\{BC2DC909-A848-4886-BBC7-A4895875C708}) (Version: 16.161.8048 - AVG Technologies) Hidden
AVG 2016 (HKLM\...\{C19A3151-EC41-4DF4-A2A9-14166CB8649E}) (Version: 16.0.4793 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.71.7596 - AVG Technologies)
AVG Protection (HKLM-x32\...\AVG) (Version: 16.161.8048 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.9.626 - AVG Technologies)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.69.1078 - AB Team, d.o.o.)
Canon LBP7100C 7110C Uninstaller (HKLM\...\Canon LBP7100C 7110C) (Version: 5, 4, 0, 0 - Canon Inc.)
FMW 1 (HKLM\...\{DC2A8E3D-D5E1-4837-A2E0-C308100AC412}) (Version: 1.143.3 - AVG Technologies) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.6.2.1001 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{98f335cd-0a32-4b3f-b74c-ef9480e834f0}) (Version: 10.0.27 - Intel(R) Corporation) Hidden
K-Lite Codec Pack 11.4.0 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.4.0 - )
Microsoft Office Standard 2010 (HKLM\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Mozilla Firefox 81.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 81.0.2 (x64 en-US)) (Version: 81.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 69.0.2 - Mozilla)
O&O Defrag Professional (HKLM\...\{CD105B98-DB7C-4E12-BB33-A12CBE721AAB}) (Version: 18.9.60 - O&O Software GmbH)
OpenTTD 1.9.3 (HKLM-x32\...\OpenTTD) (Version: 1.9.3 - OpenTTD)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.239 - Google, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.73.701.2019 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Re-Volt patch 12.07 (HKLM-x32\...\Re-Volt) (Version: patch 12.07 - )
Rodokmen Pro 2.1.1 (HKLM-x32\...\Rodokmen Pro_is1) (Version: 2.1.1 - Martin Veškrna)
RollerCoaster Tycoon Deluxe (HKLM-x32\...\RollerCoaster Tycoon Deluxe_is1) (Version: - GOG.com)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Total Commander 64+32-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.51 - Ghisler Software GmbH)
Trust Webcam 15007 (HKLM-x32\...\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}) (Version: 5.7.22.001 - Sonix)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.5.4 - Tweaking.com)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
XnView 2.33 (HKLM-x32\...\XnView_is1) (Version: 2.33 - Gougelet Pierre-e)

Packages:
=========
Hry -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2019-10-19] (Microsoft Corporation) [MS Ad]
Hudba -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.672.0_x64__8wekyb3d8bbwe [2019-10-19] (Microsoft Corporation) [MS Ad]
MSN Cestování -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2019-10-19] (Microsoft Corporation) [MS Ad]
MSN Finance -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.4.344_x64__8wekyb3d8bbwe [2019-10-19] (Microsoft Corporation) [MS Ad]
MSN Gurmánský svět -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2019-10-19] (Microsoft Corporation) [MS Ad]
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.336_x64__8wekyb3d8bbwe [2019-10-19] (Microsoft Corporation) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.4.345_x64__8wekyb3d8bbwe [2019-10-19] (Microsoft Corporation) [MS Ad]
MSN Zdraví a fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2020-02-22] (Microsoft Corporation) [MS Ad]
MSN Zprávy -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.336_x64__8wekyb3d8bbwe [2019-10-19] (Microsoft Corporation) [MS Ad]
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c [2019-10-19] (Skype) [MS Ad]
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.446.0_x64__8wekyb3d8bbwe [2019-10-19] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [AVG Shell Extension] -> {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} => C:\Program Files (x86)\AVG\Av\avgsea.dll [2018-04-27] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AVG Shell Extension] -> {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} => C:\Program Files (x86)\AVG\Av\avgsea.dll [2018-04-27] (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-10-15 18:52 - 2019-10-15 18:52 - 048920064 _____ () [File not signed] C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2015-09-01 17:06 - 2012-03-13 05:35 - 000248832 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNCENPM6.dll
2015-01-27 19:33 - 2015-01-27 19:33 - 000285696 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
2015-01-27 19:33 - 2015-01-27 19:33 - 000541696 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [2008-05-23] (Microsoft Corporation) [File not signed]

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2019-10-24 23:13 - 000000855 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4135652758-2871757375-1920405382-1001\Control Panel\Desktop\\Wallpaper -> D:\Docs\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 188.122.222.222 - 188.122.222.223
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{88D860FE-F500-4AD2-B3AF-23142A6DBB6A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{CCA0975B-BD28-4BCF-A1DD-A33FD21ADD02}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{C53EA68D-6923-4795-BB6E-9ECDDE87504E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6905615F-9C5A-4020-8192-78DEE35CE8AD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B56F5711-D6D4-4778-8157-38BBA59112E6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{2BDC958D-45C6-49AF-A23F-4FDBBA69A3A0}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{85E9AE47-E879-4410-A946-FAA97680D668}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{4F5F1D17-E6F2-4D66-BDDD-9D0838F1A607}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe (AVG Netherlands B.V. -> AVG Technologies CZ, s.r.o.)
FirewallRules: [TCP Query User{E6EBB148-E34D-42DC-8228-DCA6C59F8A33}D:\games\blur\blur.exe] => (Allow) D:\games\blur\blur.exe () [File not signed]
FirewallRules: [UDP Query User{E02E7173-82CC-499E-A5E4-9255F4F9D191}D:\games\blur\blur.exe] => (Allow) D:\games\blur\blur.exe () [File not signed]
FirewallRules: [{EC543A58-BFA7-438A-B8B6-64F11C1AE179}] => (Block) D:\games\blur\blur.exe () [File not signed]
FirewallRules: [{C6672F50-44D8-40FA-9677-02C54E0B5BDE}] => (Block) D:\games\blur\blur.exe () [File not signed]

==================== Restore Points =========================

24-10-2019 22:53:49 Tweaking.com - Windows Repair 2018
30-11-2019 15:56:07 Instalováno Realtek Ethernet Controller Driver
11-03-2020 20:00:01 Removed RollerCoaster Tycoon Deluxe
11-03-2020 20:25:32 Instalační služba modulů systému Windows
18-10-2020 19:14:02 Installed Trust Webcam 15007
18-10-2020 21:08:48 Restore Point Created by FRST

==================== Faulty Device Manager Devices ============

Name: Standardní klávesnice PS/2
Description: Standardní klávesnice PS/2
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardní klávesnice)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: ========================

Application errors:
==================
Error: (10/18/2020 09:17:36 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Nelze načíst informace registru o čítači výkonu pro WSearchIdxPi pro instanci z důvodu následující chyby: Operace byla dokončena úspěšně. 0x0.

Error: (10/18/2020 09:17:36 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Sledování výkonu objektu indexovacího modulu nebylo inicializováno, protože nejsou načteny čítače nebo nebyl otevřen sdílený objekt paměti. Tato skutečnost má vliv pouze na dostupnost čítačů výkonu. Restartujte počítač.

Kontext: aplikace , katalog SystemIndex

Error: (10/18/2020 09:17:35 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Sledování výkonu služby indexovacího modulu nebylo inicializováno, protože nejsou načteny čítače nebo nebyl otevřen sdílený objekt paměti. Tato skutečnost má vliv pouze na dostupnost čítačů výkonu. Restartujte počítač.

Error: (10/18/2020 09:16:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Explorer.EXE verze 6.3.9600.17667 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: a20

Čas spuštění: 01d6a58259c4fddc

Čas ukončení: 0

Cesta k aplikaci: C:\Windows\Explorer.EXE

ID hlášení: 665e74e5-1176-11eb-82ab-fcaa14b47617

Úplný název chybujícího balíčku:

ID aplikace související s chybujícím balíčkem:

Error: (10/18/2020 09:10:45 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Nelze načíst informace registru o čítači výkonu pro WSearchIdxPi pro instanci z důvodu následující chyby: Operace byla dokončena úspěšně. 0x0.

Error: (10/18/2020 09:10:44 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Sledování výkonu objektu indexovacího modulu nebylo inicializováno, protože nejsou načteny čítače nebo nebyl otevřen sdílený objekt paměti. Tato skutečnost má vliv pouze na dostupnost čítačů výkonu. Restartujte počítač.

Kontext: aplikace , katalog SystemIndex

Error: (10/18/2020 09:10:44 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Sledování výkonu služby indexovacího modulu nebylo inicializováno, protože nejsou načteny čítače nebo nebyl otevřen sdílený objekt paměti. Tato skutečnost má vliv pouze na dostupnost čítačů výkonu. Restartujte počítač.

Error: (10/18/2020 09:09:10 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Nelze načíst informace registru o čítači výkonu pro WSearchIdxPi pro instanci z důvodu následující chyby: Operace byla dokončena úspěšně. 0x0.


System errors:
=============
Error: (10/18/2020 09:17:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Windows Defender neuspěla při spuštění v důsledku následující chyby:
V systému Windows nelze ověřit digitální podpis tohoto souboru. Při nedávné změně hardwaru nebo softwaru mohl být nainstalován nesprávně podepsaný nebo poškozený soubor nebo soubor škodlivého softwaru z neznámého zdroje.

Error: (10/18/2020 09:17:20 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Volání ScRegSetValueExW skončilo neúspěšné pro FailureActions s touto chybou:
Přístup byl odepřen.

Error: (10/18/2020 09:17:16 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Volání ScRegSetValueExW skončilo neúspěšné pro FailureActions s touto chybou:
Přístup byl odepřen.

Error: (10/18/2020 09:16:36 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Volání ScRegSetValueExW skončilo neúspěšné pro FailureActions s touto chybou:
Přístup byl odepřen.

Error: (10/18/2020 09:10:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Windows Defender neuspěla při spuštění v důsledku následující chyby:
V systému Windows nelze ověřit digitální podpis tohoto souboru. Při nedávné změně hardwaru nebo softwaru mohl být nainstalován nesprávně podepsaný nebo poškozený soubor nebo soubor škodlivého softwaru z neznámého zdroje.

Error: (10/18/2020 09:10:27 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Volání ScRegSetValueExW skončilo neúspěšné pro FailureActions s touto chybou:
Přístup byl odepřen.

Error: (10/18/2020 09:10:25 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Volání ScRegSetValueExW skončilo neúspěšné pro FailureActions s touto chybou:
Přístup byl odepřen.

Error: (10/18/2020 09:09:42 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Volání ScRegSetValueExW skončilo neúspěšné pro FailureActions s touto chybou:
Přístup byl odepřen.


CodeIntegrity:
===================================

Date: 2020-10-18 21:17:35.380
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-10-18 21:10:43.629
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-10-18 20:29:48.823
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-10-18 19:50:33.922
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-10-18 19:24:12.266
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-10-18 19:00:03.230
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-10-18 18:02:24.800
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-10-16 18:17:18.255
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. F6 04/21/2015
Motherboard: Gigabyte Technology Co., Ltd. H97M-D3H
Processor: Intel(R) Pentium(R) CPU G3450 @ 3.40GHz
Percentage of memory in use: 44%
Total physical RAM: 3970.64 MB
Available physical RAM: 2186.2 MB
Total Virtual: 8066.64 MB
Available Virtual: 5738.6 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:100.24 GB) (Free:67.86 GB) NTFS
Drive d: (Data) (Fixed) (Total:830.92 GB) (Free:821.8 GB) NTFS

\\?\Volume{65009edf-2ec0-11e5-824f-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.34 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 3151426C)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=830.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Nezobrazující se nabidka start, zamrzání počítače

#10 Příspěvek od Diallix »

Tie subory, ktore mali tu koncuvku, pripadne novo vytvorene subory (napr. txt) sa normalne zobrazuju? Bud ste mal v pocitaci fileinfectora alebo druh RansomWare.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Uživatelský avatar
Šmíďák
Návštěvník
Návštěvník
Příspěvky: 144
Registrován: 15 říj 2012 13:42
Bydliště: Brno

Re: Nezobrazující se nabidka start, zamrzání počítače

#11 Příspěvek od Šmíďák »

Jestli jsou vidět? Ano. Jestli jdou spustit? S koncovkou ne, bez koncovky ano, ale nezobrazují se správně, respektive nesmyslně.

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Nezobrazující se nabidka start, zamrzání počítače

#12 Příspěvek od Diallix »

Mozete urobit screenshot?

Pomimo to urobte scan s tymto nastrojom: https://forum.viry.cz/viewtopic.php?f=24&t=155685
Log dajte sem.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Uživatelský avatar
Šmíďák
Návštěvník
Návštěvník
Příspěvky: 144
Registrován: 15 říj 2012 13:42
Bydliště: Brno

Re: Nezobrazující se nabidka start, zamrzání počítače

#13 Příspěvek od Šmíďák »

.
.
----------- Inline Hook Scanner --------[3.6]---
Written by Diallix (C)
www.diallix.net
------------------------------------------------
.
.
...[Time/Date]: 21:42/18.9 2020
...[Running as Admin.]: Yes
.
.
=== Running Executable objects and their loaded modules ===


C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\vsnp2std.exe
C:\Program Files (x86)\AVG\Av\avghookx.dll
C:\Windows\SYSTEM32\oledlg.dll
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_7c5b6194aa0716f1\COMCTL32.dll

C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
C:\Program Files (x86)\AVG\Av\avghookx.dll
C:\Program Files (x86)\AVG\Framework\Common\avgsysx.fmw.1.dll
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0\COMCTL32.dll
C:\Windows\WinSxS\x86_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_b1a7386eee2cbfb4\MSVCP140.dll
C:\Windows\WinSxS\x86_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_b1a7386eee2cbfb4\VCRUNTIME140.dll
C:\Windows\WinSxS\x86_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_b1a7386eee2cbfb4\api-ms-win-crt-runtime-l1-1-0.dll
C:\Windows\WinSxS\x86_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_b1a7386eee2cbfb4\api-ms-win-crt-string-l1-1-0.dll
C:\Windows\WinSxS\x86_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_b1a7386eee2cbfb4\api-ms-win-crt-stdio-l1-1-0.dll
C:\Windows\WinSxS\x86_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_b1a7386eee2cbfb4\api-ms-win-crt-heap-l1-1-0.dll
C:\Windows\WinSxS\x86_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_b1a7386eee2cbfb4\api-ms-win-crt-math-l1-1-0.dll
C:\Windows\WinSxS\x86_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_b1a7386eee2cbfb4\api-ms-win-crt-locale-l1-1-0.dll
C:\Program Files (x86)\AVG\Framework\Common\avgntopensslx.fmw.1.dll
C:\Windows\WinSxS\x86_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_b1a7386eee2cbfb4\api-ms-win-crt-multibyte-l1-1-0.dll
C:\Windows\WinSxS\x86_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_b1a7386eee2cbfb4\api-ms-win-crt-convert-l1-1-0.dll
C:\Windows\WinSxS\x86_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_b1a7386eee2cbfb4\api-ms-win-crt-time-l1-1-0.dll
C:\Windows\WinSxS\x86_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_b1a7386eee2cbfb4\api-ms-win-crt-filesystem-l1-1-0.dll
C:\Windows\WinSxS\x86_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_b1a7386eee2cbfb4\api-ms-win-crt-environment-l1-1-0.dll
C:\Windows\WinSxS\x86_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_b1a7386eee2cbfb4\api-ms-win-crt-utility-l1-1-0.dll
C:\Windows\WinSxS\x86_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_b1a7386eee2cbfb4\ucrtbase.DLL
C:\Program Files (x86)\AVG\Framework\1\avgcmlx.dll
C:\Program Files (x86)\AVG\Framework\1\avglogx.dll
C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
C:\Program Files (x86)\AVG\Framework\1\avgmsgdispx.dll
C:\Program Files (x86)\AVG\Framework\1\avgcommx.dll
C:\Program Files (x86)\AVG\Framework\1\avguifmwplgx.dll
C:\Program Files (x86)\AVG\Av\avuipluginx.dll
C:\Program Files (x86)\AVG\Av\avgsysx.dll
C:\Windows\SYSTEM32\MSVCP110.dll
C:\Windows\SYSTEM32\MSVCR110.dll
C:\Program Files (x86)\AVG\Av\avgkrnlapix.dll
C:\Program Files (x86)\AVG\Av\avgntopensslx.dll
C:\Program Files (x86)\AVG\Av\avgcfgx.dll
C:\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll

C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
C:\Program Files (x86)\AVG\Av\avghookx.dll
C:\Windows\SYSTEM32\MSVBVM60.DLL

C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\AVG\Av\avghookx.dll
C:\Windows\AppPatch\AcLayers.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\d03a3ddcd6a395878751c5e90fa16915\mscorlib.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\1a6b5095c4416a37f9ca4cf4436d1311\System.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\d91798a9a9fcb450351fe8e49026a69f\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e3a57545efff2de6efdcefb606e35e3e\System.Windows.Forms.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\d9961946cc4b6fb67e19cd2f8ce90a76\System.Configuration.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9a349fb029581f4752d2c6cfcfeab816\System.Xml.ni.dll
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_7c5b6194aa0716f1\comctl32.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\257fa713928375c0ac9b9f24904e988f\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\f9eb8fdbc1b3cd25a5b187ea30e77d6c\System.ServiceModel.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\7d61ab80c44108150bad37e8d916e220\System.Runtime.Serialization.ni.dll
C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9600.17415_none_dad8722c5bcc2d8f\gdiplus.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d626184834dde3f4906aff139d4e5bbf\System.Xaml.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll

C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\AVG\Av\avghookx.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\d03a3ddcd6a395878751c5e90fa16915\mscorlib.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\1a6b5095c4416a37f9ca4cf4436d1311\System.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\2ba069bf39c024c870af10157c854955\System.ServiceProcess.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\d9961946cc4b6fb67e19cd2f8ce90a76\System.Configuration.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9a349fb029581f4752d2c6cfcfeab816\System.Xml.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\fadd99ca6318632b3f3d4f31eb91db7a\System.Management.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\wminet_utils.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\257fa713928375c0ac9b9f24904e988f\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\f9eb8fdbc1b3cd25a5b187ea30e77d6c\System.ServiceModel.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\7d61ab80c44108150bad37e8d916e220\System.Runtime.Serialization.ni.dll
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\MSVCR120.dll
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\e3abc4d3f7fef760d13bf957613960cb\System.Data.ni.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Confe64a9051#\1f531b87aa744a685599fb66679c36aa\System.Configuration.Install.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\d91798a9a9fcb450351fe8e49026a69f\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e3a57545efff2de6efdcefb606e35e3e\System.Windows.Forms.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\e0385d2ccd8766063e53bf96510a9350\System.Transactions.ni.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll

D:\Docs\Plocha\inlinehookscanner.exe
C:\Program Files (x86)\AVG\Av\avghookx.dll
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_7c5b6194aa0716f1\COMCTL32.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\d03a3ddcd6a395878751c5e90fa16915\mscorlib.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
.
.
[Total scanned objects]: 362.
.
.
[EOF]
Přílohy
Plocha.jpg
Plocha.jpg (77.77 KiB) Zobrazeno 1472 x

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Nezobrazující se nabidka start, zamrzání počítače

#14 Příspěvek od Diallix »

No pocitac bol napadnuty pravdepodobne ransomware. Mate vytvorene zalohy, ktore funguju? Z toho co sa zmazalo a vobec problem s explorerom vydim na nadkopnutie systemu. Podla mna by bolo najlepsie zalohy skopirovat na usb a system preinstalovat
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Uživatelský avatar
Šmíďák
Návštěvník
Návštěvník
Příspěvky: 144
Registrován: 15 říj 2012 13:42
Bydliště: Brno

Re: Nezobrazující se nabidka start, zamrzání počítače

#15 Příspěvek od Šmíďák »

Ano, zálohy jsou. No dobrá ale nemám určitě aktivační klíč k windows, je-li tedy třeba. Systém jsem ještě nepřeinstalovával, máte k tomu někde návod?

Zamčeno