VIRY.CZ

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-03-2021
Ran by David (22-03-2021 22:03:32) Run:1
Running from C:\Users\David\Desktop
Loaded Profiles: David
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
ExportKey: HKLM\SYSTEM\CurrentControlSet\Control\Session Manager

HKU\S-1-5-21-3321637588-428875143-3676826485-1000\...\MountPoints2: {a0a810ce-1622-11eb-bb84-485b39405249} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3321637588-428875143-3676826485-1000\...\MountPoints2: {f6176fa3-6eec-11eb-9131-485b39405249} - F:\HiSuiteDownLoader.exe
BootExecute:
Task: {0744203E-A33F-4CB1-A507-D4C585BE9FF5} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.5.132\DADUpdater.exe
Task: {54331C3E-2EE5-4711-9C94-D82EA93D5983} - System32\Tasks\WiseCleaner\WRCSkipUAC => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe
Task: {5F112118-EAEF-4B1C-BE89-FB6A776DA1BF} - System32\Tasks\{969383CA-78D7-48AC-8B00-C36A6A3B82B7} => C:\Users\David\Downloads\eset_nod32_antivirus_live_installer.exe
S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]
2021-03-16 22:44 - 2021-03-16 22:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2021-03-16 22:22 - 2021-03-16 22:55 - 000000000 ____D C:\Windows\system32\Tasks\McAfee
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========



Count : 6738
Average :
Sum : 43906062313
Maximum :
Minimum :
Property : Length


========= End of Powershell: =========

================== ExportKey: ===================

[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager]
"CriticalSectionTimeout"="2592000"
"GlobalFlag"="0"
"HeapDeCommitFreeBlockThreshold"="0"
"HeapDeCommitTotalFreeThreshold"="0"
"HeapSegmentCommit"="0"
"HeapSegmentReserve"="0"
"ProcessorControl"="2"
"ResourceTimeoutCount"="648000"
"BootExecute"=""
"ExcludeFromKnownDlls"="*"
"ObjectDirectories"="\Windows*\RPC Control"
"ProtectionMode"="1"
"NumberOfInitialSessions"="2"
"SetupExecute"="*"
"AutoChkTimeout"="5"
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCompatCache]
"AppCompatCache"="ee0fdcba0004000078000000a2180500410300003a4c0000140000000000000076030000c80200006734000000000000d9f50400b3220000760c000076080000c43f000000000000020000000000000000000000100000001a000000af33000000000000 (the data entry has 412520 more characters)."
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Configuration Manager]
"BackupCount"="1"
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices]
"AUX"="\DosDevices\COM1"
"MAILSLOT"="\Device\MailSlot"
"NUL"="\Device\Null"
"PIPE"="\Device\NamedPipe"
"PRN"="\DosDevices\LPT1"
"UNC"="\Device\Mup"
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
"ComSpec"="%SystemRoot%\system32\cmd.exe"
"FP_NO_HOST_CHECK"="NO"
"OS"="Windows_NT"
"Path"="C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsP (the data entry has 15 more characters)."
"PATHEXT"=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC"
"PROCESSOR_ARCHITECTURE"="AMD64"
"TEMP"="%SystemRoot%\TEMP"
"TMP"="%SystemRoot%\TEMP"
"USERNAME"="SYSTEM"
"windir"="%SystemRoot%"
"PSModulePath"="%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\"
"NUMBER_OF_PROCESSORS"="2"
"PROCESSOR_LEVEL"="6"
"PROCESSOR_IDENTIFIER"="Intel64 Family 6 Model 23 Stepping 10, GenuineIntel"
"PROCESSOR_REVISION"="170a"
"ESET_OPTIONS"=" (the data entry has 311 more characters)."
"VBOX_HWVIRTEX_IGNORE_SVM_IN_USE"="1"
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive]
"AdditionalCriticalWorkerThreads"="0"
"AdditionalDelayedWorkerThreads"="0"
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations]
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\I/O System]
"AllowRemoteDASD"="0"
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel]
"ObUnsecureGlobalNames"="netfxcustomperfcounters.1.0*SharedPerfIPCBlock*Cor_Private_IPCBlock*Cor_Public_IPCBlock_"
"obcaseinsensitive"="1"
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs]
"clbcatq"="clbcatq.dll"
"ole32"="ole32.dll"
"advapi32"="advapi32.dll"
"COMDLG32"="COMDLG32.dll"
"DllDirectory"="%SystemRoot%\system32"
"DllDirectory32"="%SystemRoot%\syswow64"
"gdi32"="gdi32.dll"
"IERTUTIL"="IERTUTIL.dll"
"IMAGEHLP"="IMAGEHLP.dll"
"IMM32"="IMM32.dll"
"kernel32"="kernel32.dll"
"LPK"="LPK.dll"
"MSCTF"="MSCTF.dll"
"MSVCRT"="MSVCRT.dll"
"NORMALIZ"="NORMALIZ.dll"
"NSI"="NSI.dll"
"OLEAUT32"="OLEAUT32.dll"
"PSAPI"="PSAPI.DLL"
"rpcrt4"="rpcrt4.dll"
"sechost"="sechost.dll"
"Setupapi"="Setupapi.dll"
"SHELL32"="SHELL32.dll"
"SHLWAPI"="SHLWAPI.dll"
"URLMON"="URLMON.dll"
"user32"="user32.dll"
"USP10"="USP10.dll"
"WININET"="WININET.dll"
"WLDAP32"="WLDAP32.dll"
"WS2_32"="WS2_32.dll"
"DifxApi"="difxapi.dll"
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]
"ClearPageFileAtShutdown"="0"
"NonPagedPoolQuota"="0"
"NonPagedPoolSize"="0"
"PagedPoolQuota"="0"
"PagedPoolSize"="0"
"SecondLevelDataCache"="0"
"SessionPoolSize"="4"
"SessionViewSize"="48"
"SystemPages"="0"
"PagingFiles"="?:\pagefile.sys"
"PhysicalAddressExtension"="1"
"IoPageLockLimit"="134217728"
"DisablePagingExecutive"="1"
"LargeSystemCache"="0"
"ExistingPageFiles"="\??\C:\pagefile.sys"
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters]
"BootId"="416"
"BaseTime"="623182761"
"EnableSuperfetch"="3"
"EnablePrefetcher"="2"
"EnableBootTrace"="0"
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\StoreParameters]
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power]
"AcPolicy"="010000000600000003000000000000000200000003000000000000000200000001000000000000000100000018f5060002000000010000000000000000000000320000000200000004000000020000000100000034003700000000000300000001000000 (the data entry has 264 more characters)."
"DcPolicy"="0100000006000000030000000000000002000000030000000000000002000000010000000000000001000000310038000200000000000000000000002c010000320330000400000004000000020000000100000000009019840300000300000001000000 (the data entry has 264 more characters)."
"AcProcessorPolicy"="01000000000000000000000003000000a0860100a0860100a08601002832000002000000a0860100a0860100a0860100283c000003000000a0860100a0860100a08601002850000001000000"
"DcProcessorPolicy"="01000000030000000000000003000000a0860100a0860100a08601000a14000002000000a0860100a0860100a08601001428000003000000a0860100a0860100a08601001446000001000000"
"PowerSettingProfile"="0"
"SystemPowerPolicy"="010000000200000000000000000000000200000000000000000000000200000000000000000000000100000000000000020000000000000000000000000000005a0000000400000004000000010000000100000000000000000000000100000000000000 (the data entry has 264 more characters)."
"HiberCopyBytes"="0000000000000000"
"HiberElapsedTime"="0"
"HiberIoTime"="0"
"HiberInitTime"="0"
"HiberCopyTime"="0"
"HiberPagesWritten"="0"
"HiberPagesProcessed"="0"
"HiberDumpCount"="0"
"HiberFileRuns"="0"
"HiberReadTime"="0"
"HiberResumeAppTime"="0"
"HiberCompressTime"="0"
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Quota System]
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"Debug"=""
""="mnmsrvc"
"Kmode"="\SystemRoot\System32\win32k.sys"
"Optional"="Posix"
"Posix"="%SystemRoot%\system32\psxss.exe"
"Required"="Debug*Windows"
"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=wins (the data entry has 90 more characters)."
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\WPA]
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\WPA\PnP]
"seed"="1193057078"
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\WPA\SigningHash-PRCRFTFJWDC296]
"SigningHashData"="9f81d29e9cc3c2def99455cbe3e377466e99dae0225d4d05adfdc2dbb37f85717fabaf6f7232fcb696dcf71d04b1c8d37bfbb3930b11cfb2"

=== End of ExportKey ===
HKU\S-1-5-21-3321637588-428875143-3676826485-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0a810ce-1622-11eb-bb84-485b39405249} => removed successfully
HKU\S-1-5-21-3321637588-428875143-3676826485-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6176fa3-6eec-11eb-9131-485b39405249} => removed successfully
HKLM\System\CurrentControlSet\Control\Session Manager\\"BootExecute"="autocheck autochk *" => value restored successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0744203E-A33F-4CB1-A507-D4C585BE9FF5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0744203E-A33F-4CB1-A507-D4C585BE9FF5}" => removed successfully
C:\Windows\System32\Tasks\McAfee\DAD.Execute.Updates => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\DAD.Execute.Updates" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54331C3E-2EE5-4711-9C94-D82EA93D5983}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54331C3E-2EE5-4711-9C94-D82EA93D5983}" => removed successfully
C:\Windows\System32\Tasks\WiseCleaner\WRCSkipUAC => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WiseCleaner\WRCSkipUAC" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5F112118-EAEF-4B1C-BE89-FB6A776DA1BF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F112118-EAEF-4B1C-BE89-FB6A776DA1BF}" => removed successfully
C:\Windows\System32\Tasks\{969383CA-78D7-48AC-8B00-C36A6A3B82B7} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{969383CA-78D7-48AC-8B00-C36A6A3B82B7}" => removed successfully
HKLM\System\CurrentControlSet\Services\aspnet_state => removed successfully
aspnet_state => service removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee => moved successfully
C:\Windows\system32\Tasks\McAfee => moved successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\PROTOCOLS\Filter\application/x-mfe-ipt => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13205556 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 5169955 B
Edge => 0 B
Firefox => 275161896 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 606457 B
systemprofile32 => 606585 B
LocalService => 606585 B
NetworkService => 624779 B
David => 934069438 B
Classic .NET AppPool => 934069438 B
DefaultAppPool => 934069438 B

RecycleBin => 131045549 B
EmptyTemp: => 3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:08:10 ====

Ako to vyzera s PC? Su nejake problemy?

Plocha ma cca 40 GB, co je prilis vela. Odporucam presunut vsetky subory a zlozky z plochy do dokumentov a na ploche nechat iba odkazy/zastupcov. Prilis velka velkost plochy moze sposobit spomalenie systemu.

Díky, hlavní problém s antivirem je vyřešen. Díky za pomoc a rady

Tak este upraceme po pouzitych nastrojoch:

• Stiahni DelFix: https://toolslib.net/downloads/finish/2-delfix/
• Uloz na plochu a spusti
• Nechaj oznacenu moznost "Remove disinfection tools"
• Klikni na "Run"

A odporucal by som este (viacmenej "preventivne") tento krok:

Spusti kontrolu integrity systemovych suborov:

• Otvor Start, napis "cmd" (bez uvodzoviek), klikni pravym tlacitkom mysi na Prikazovy riadok a klikni na Spustit ako spravca
• Skopiruj a spusti prikaz:

  Kód: Vybrat vše

  DISM.exe /Online /Cleanup-image /Restorehealth

• Po dokonceni skopiruj a spusti druhy prikaz:

  Kód: Vybrat vše

  sfc /scannow

• Po dokonceni obidvoch prikazov skopiruj a spusti tento prikaz:

  Kód: Vybrat vše

  findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >> "%userprofile%\desktop\sfcdetails.txt" && copy %windir%\logs\dism\dism.log %userprofile%\desktop\dism.txt

• Na ploche sa vytvoria subory sfcdetails.txt a dism.txt, tieto subory zabal ho do archivu RAR alebo ZIP a posli ako prilohu k dalsiemu prispevku
• Restartuj PC

# DelFix v1.013 - Logfile created 26/03/2021 at 21:40:30
# Updated 17/04/2016 by Xplode
# Username : David - DAVID-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

########## - EOF - ##########

Spustil jsem cmd jako správce a zadal:
a stalo se i toto :

Tak toto vyzera OK, pozabudol som, ze je to Windows 7, kde je funkcny len ten druhy prikaz (sfc /scannow).

Ak uz teda nie su s PC ziadne problemy, tak to by bolo vsetko

Díky

Nie je zaco, rad som pomohol

Este upraceme po pouzitych nastrojoch:

• Stiahni DelFix: https://toolslib.net/downloads/finish/2-delfix/
• Uloz na plochu a spusti
• Nechaj oznacenu moznost "Remove disinfection tools"
• Klikni na "Run"