Fix result of Farbar Recovery Scan Tool (x64) Version: 08-09-2019
Ran by ruda6 (12-09-2019 19:38:03) Run:4
Running from C:\Users\ruda6\Desktop
Loaded Profiles: ruda6 (Available Profiles: ruda6 & DevToolsUser)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
CMD: type "C:\Program Files\Npcap\CheckStatus.bat"
CMD: type "C:\Users\ruda6\AppData\Roaming\CPTW.dat"
CMD: type "C:\Users\ruda6\AppData\Roaming\{B0E80E49-57AF-758F-AE9B-C68B46701F6B}"
CMD: type "C:\Users\ruda6\AppData\Local\temp.bat"
HKU\S-1-5-21-267884743-2030251231-2907502807-1001\...\MountPoints2: {c7d85400-dbe7-11e7-8776-94e97978fbde} - "E:\WD Drive Unlock.exe" autoplay=true
Task: {024EF3F2-0C1F-4B2A-A740-022267F46FA3} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat
Task: {2CD39BA4-A204-40A8-93A8-7FC973C2DD66} - System32\Tasks\CrystalDiskInfo => C:\Users\ruda6\Downloads\DiskInfo64.exe
Task: {976C2481-603A-43FC-B954-F85ED601FD03} - \Microsoft\Windows\PLA\RPTB6BC.tmp -> No File <==== ATTENTION
Task: {ABD5159D-36CD-41F7-AE79-B1DE2B200E1A} - \BraveSoftwareUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {E5B31FCA-5E55-420A-A17A-F3AB40954D5C} - \BraveSoftwareUpdateTaskMachineUA -> No File <==== ATTENTION
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [No File]
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [No File]
CHR StartupUrls: Default -> "hxxps://
www.google.cz/?pli=1","hxxps://www.sezn ... entrum.cz/"
S2 brave; "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc [X]
S3 bravem; "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /medsvc [X]
S2 CCDMonitorService; "C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe" [X]
S2 EpsonCustomerResearchParticipation; "C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe" [X]
S3 QALSvc; "C:\Program Files\Acer\Acer Quick Access\QALSvc.exe" [X]
S3 QASvc; "C:\Program Files\Acer\Acer Quick Access\QASvc.exe" [X]
U4 npcap_wifi; no ImagePath
U4 npf_wifi; no ImagePath
2017-12-10 13:09 - 2017-12-10 13:09 - 000000078 _____ () C:\Users\ruda6\AppData\Roaming\CPTW.dat
2018-08-21 17:05 - 2018-08-21 17:05 - 000000716 ____H () C:\Users\ruda6\AppData\Roaming\{B0E80E49-57AF-758F-AE9B-C68B46701F6B}
2019-02-25 11:51 - 2019-05-24 16:58 - 000000280 _____ () C:\Users\ruda6\AppData\Local\temp.bat
2019-07-06 00:28 - 2019-07-06 00:30 - 000000000 _____ () C:\Users\ruda6\AppData\Local\{8064110B-6B81-4AA7-9604-47065F031302}
CustomCLSID: HKU\S-1-5-21-267884743-2030251231-2907502807-1001_Classes\CLSID\{930e604a-cc01-4d06-8d7a-5a07914f3afb}\localserver32 -> "C:\Program Files\TechSmith\Camtasia 2019\CamtasiaStudio.exe" -ToastActivated => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Hosts:
EmptyTemp:
End
*****************
Processes closed successfully.
Restore point was successfully created.
========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========
Count : 17
Average :
Sum : 1636281
Maximum :
Minimum :
Property : Length
========= End of Powershell: =========
========= type "C:\Program Files\Npcap\CheckStatus.bat" =========
Syst‚m nem…§e nal‚zt uvedenou cestu.
========= End of CMD: =========
========= type "C:\Users\ruda6\AppData\Roaming\CPTW.dat" =========
La/6R7d6R5o= 6E/LkC3KbjDzrGFmPzzJnqESL/OgdDoe 6E/LkC3KbjDzrGFmPzzJnqESL/OgdDoe
========= End of CMD: =========
========= type "C:\Users\ruda6\AppData\Roaming\{B0E80E49-57AF-758F-AE9B-C68B46701F6B}" =========
01000000d08c9ddf0115d1118c7a00c04fc297eb0100000055b2740eddb9df42b35ca1164b75ce2400000000020000000000106600000001000020000000b92081540f505bfe3f6532dc3f8d3790228d3be74ca179cb32974560734cf40b000000000e8000000002000020000000f69984d5d63afe4bd5589a1a531ad63b1ad24fd2a87ea7cc2a90f02628aca14e900000004d6e286c716f446b94bd7edff7178932bb3638fefc799dbcde1109fb886998155500bcdadc3380510f570d17ee7399224d4f120e23f7f3a41dfa3f748f1e5bc95d459ad2496bfaff7d19a191327e659e2203d9f714b6a5c298cfc57cc0c64aa0be8d4b4377729c3c0b922fc5870697d1c1aa645852daa085bc11ab4d1f3d1d5ed34a7085a173601811c64450e3bd07f840000000cc9a2dc1b86f27ee640dc3d5f326be30149da52db40a95050c435498021846742fd74fae9127510cd73b4fc3159512a3a4be15e6fb7787ce463ab8876629e425
========= End of CMD: =========
========= type "C:\Users\ruda6\AppData\Local\temp.bat" =========
setlocal ENABLEDELAYEDEXPANSION
Set Process=purevpn_setup
:ppp
tasklist | Find /i "%Process%.exe" || (goto Else)
:THEN
goto ppp
:ELSE
%systemdrive%
cd %programfiles%
cd purevpn
if exist purevpn.exe start purevpn.exe
cd C:\Users\ruda6\AppData\Local
del temp.bat
Exit
========= End of CMD: =========
HKU\S-1-5-21-267884743-2030251231-2907502807-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7d85400-dbe7-11e7-8776-94e97978fbde} => removed successfully
HKLM\Software\Classes\CLSID\{c7d85400-dbe7-11e7-8776-94e97978fbde} => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{024EF3F2-0C1F-4B2A-A740-022267F46FA3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{024EF3F2-0C1F-4B2A-A740-022267F46FA3}" => removed successfully
C:\WINDOWS\System32\Tasks\npcapwatchdog => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\npcapwatchdog" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2CD39BA4-A204-40A8-93A8-7FC973C2DD66}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CD39BA4-A204-40A8-93A8-7FC973C2DD66}" => removed successfully
C:\WINDOWS\System32\Tasks\CrystalDiskInfo => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CrystalDiskInfo" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{976C2481-603A-43FC-B954-F85ED601FD03}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{976C2481-603A-43FC-B954-F85ED601FD03}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\PLA\RPTB6BC.tmp" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ABD5159D-36CD-41F7-AE79-B1DE2B200E1A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ABD5159D-36CD-41F7-AE79-B1DE2B200E1A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BraveSoftwareUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5B31FCA-5E55-420A-A17A-F3AB40954D5C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5B31FCA-5E55-420A-A17A-F3AB40954D5C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BraveSoftwareUpdateTaskMachineUA" => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.brave.com/BraveSoftware Update;version=3 => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.brave.com/BraveSoftware Update;version=9 => removed successfully
"Chrome StartupUrls" => removed successfully
HKLM\System\CurrentControlSet\Services\brave => removed successfully
brave => service removed successfully
HKLM\System\CurrentControlSet\Services\bravem => removed successfully
bravem => service removed successfully
HKLM\System\CurrentControlSet\Services\CCDMonitorService => removed successfully
CCDMonitorService => service removed successfully
HKLM\System\CurrentControlSet\Services\EpsonCustomerResearchParticipation => removed successfully
EpsonCustomerResearchParticipation => service removed successfully
HKLM\System\CurrentControlSet\Services\QALSvc => removed successfully
QALSvc => service removed successfully
HKLM\System\CurrentControlSet\Services\QASvc => removed successfully
QASvc => service removed successfully
HKLM\System\CurrentControlSet\Services\npcap_wifi => removed successfully
npcap_wifi => service removed successfully
HKLM\System\CurrentControlSet\Services\npf_wifi => removed successfully
npf_wifi => service removed successfully
C:\Users\ruda6\AppData\Roaming\CPTW.dat => moved successfully
C:\Users\ruda6\AppData\Roaming\{B0E80E49-57AF-758F-AE9B-C68B46701F6B} => moved successfully
C:\Users\ruda6\AppData\Local\temp.bat => moved successfully
C:\Users\ruda6\AppData\Local\{8064110B-6B81-4AA7-9604-47065F031302} => moved successfully
HKU\S-1-5-21-267884743-2030251231-2907502807-1001_Classes\CLSID\{930e604a-cc01-4d06-8d7a-5a07914f3afb} => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 11821056 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 20093868 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 4724195 B
Edge => 11488640 B
Chrome => 352408 B
Firefox => 23278039 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 19754 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
ruda6 => 14240093 B
rudyk => 0 B
DevToolsUser => 0 B
defaultuser100000 => 7168 B
RecycleBin => 3643814 B
EmptyTemp: => 85.5 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 19:39:24 ====
Toto zrovna nevyzera na problem sposobeny malwarom, ale skusime na to pozriet a precistit PC. Nevlozil si sice hlavny log FRST, ale k tomu sa tiez dostaneme.