Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o kontrolu logu

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
karelflorian
Návštěvník
Návštěvník
Příspěvky: 10
Registrován: 10 led 2018 14:14

Prosím o kontrolu logu

#1 Příspěvek od karelflorian »

V prohlížeči se mi otevírají zdvojená nebo ztrojená okna, zdá se mi, že myš špatně reaguje na klik, nejde mi spustit Gmail /náhodná chyba/ už týden, ale nevím, jestli to spolu souvisí. Předem děkuji

Logfile of random's system information tool 1.10 (written by random/random)
Run by KAREL at 2022-12-10 11:47:04
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 2 GB (2%) free of 71 GB
Total RAM: 3001 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:47:12, on 10.12.2022
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Users\KAREL\AppData\Roaming\ckgkr\corsve.exe
C:\Program Files\trend micro\KAREL.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quick ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/?clid=22668
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quick ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/?clid=22668
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O17 - HKLM\System\CCS\Services\Tcpip\..\{E28415F2-DD36-4578-8DA7-537087953C9F}: NameServer = 8.8.8.8,8.8.4.4
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: CCleaner Performance Optimizer Service (CCleanerPerformanceOptimizerService) - Piriform Software Ltd - C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GalaxyClientService - GOG.com - C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe
O23 - Service: GalaxyCommunication - GOG.com - C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 4917 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Explorer.EXE
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-e36a71db-9446-4554-92cf-f498d1e26b25 -SystemEventPortName:HostProcess-ed3a6956-62ea-4764-9efd-e1c997c33efa -IoCancelEventPortName:HostProcess-5da6228f-2b83-4359-afc7-eacc8c657cae -NonStateChangingEventPortName:HostProcess-32cfba49-d141-43ce-95b8-76e5cd36f1ba -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:2151ac0a-6ea4-422e-b86d-fc265ef8c2c7
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
taskeng.exe {C2BEE4A9-7C0E-4A21-89AB-5F13323D3D07}
C:\Users\KAREL\AppData\Roaming\ckgkr\corsve.exe "C:\Users\KAREL\AppData\Roaming\ckgkr\corsve.dat"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe"
"C:\Program Files\Mozilla Firefox\firefox.exe"
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2968.0.1514780633\481822948" -parentBuildID 20221128144904 -prefsHandle 1064 -prefMapHandle 1056 -prefsLen 28571 -prefMapSize 234015 -appDir "C:\Program Files\Mozilla Firefox\browser" - {17c73143-1239-4fce-a305-d5e3aa6e13b8} 2968 "\\.\pipe\gecko-crash-server-pipe.2968" 1148 11922958 gpu
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2968.1.1404449285\345913368" -parentBuildID 20221128144904 -prefsHandle 1280 -prefMapHandle 1276 -prefsLen 28616 -prefMapSize 234015 -appDir "C:\Program Files\Mozilla Firefox\browser" - {877eb6b6-6d77-4307-8ed5-5c56014f85a8} 2968 "\\.\pipe\gecko-crash-server-pipe.2968" 1304 1245d258 socket
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2968.2.1041317365\1209599669" -childID 1 -isForBrowser -prefsHandle 1920 -prefMapHandle 1560 -prefsLen 28808 -prefMapSize 234015 -jsInitHandle 872 -jsInitLen 246704 -a11yResourceId 64 -parentBuildID 20221128144904 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eff2761a-adeb-41d4-a015-b7675b662bca} 2968 "\\.\pipe\gecko-crash-server-pipe.2968" 1568 19d34558 tab
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2968.3.1532327201\57405661" -childID 2 -isForBrowser -prefsHandle 2840 -prefMapHandle 2836 -prefsLen 34286 -prefMapSize 234015 -jsInitHandle 872 -jsInitLen 246704 -a11yResourceId 64 -parentBuildID 20221128144904 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c85a9c6f-5989-46a6-9fdc-f3cba4bd423a} 2968 "\\.\pipe\gecko-crash-server-pipe.2968" 2852 1ee07558 tab
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2968.11.1303864253\24904238" -parentBuildID 20221128144904 -prefsHandle 1420 -prefMapHandle 4568 -prefsLen 34286 -prefMapSize 234015 -appDir "C:\Program Files\Mozilla Firefox\browser" - {334568d4-802a-4f9c-b0f0-fad533005a19} 2968 "\\.\pipe\gecko-crash-server-pipe.2968" 3868 206b1e58 rdd
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2968.12.318543571\1127553368" -parentBuildID 20221128144904 -sandboxingKind 1 -prefsHandle 3784 -prefMapHandle 3932 -prefsLen 34286 -prefMapSize 234015 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6278df4-9c11-4d4a-b303-99fc01afd70b} 2968 "\\.\pipe\gecko-crash-server-pipe.2968" 4776 21afde58 utility
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2968.13.1906558241\1088851588" -parentBuildID 20221128144904 -sandboxingKind 0 -prefsHandle 8416 -prefMapHandle 8420 -prefsLen 34286 -prefMapSize 234015 -appDir "C:\Program Files\Mozilla Firefox\browser" - {de9cca4d-ba5e-4613-ad2f-28084671f2c3} 2968 "\\.\pipe\gecko-crash-server-pipe.2968" 8404 1fc21f58 utility
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2968.40.2008587875\609523111" -childID 36 -isForBrowser -prefsHandle 4736 -prefMapHandle 3644 -prefsLen 34286 -prefMapSize 234015 -jsInitHandle 872 -jsInitLen 246704 -a11yResourceId 64 -parentBuildID 20221128144904 -appDir "C:\Program Files\Mozilla Firefox\browser" - {18b5b08b-7ccb-4f9d-9c86-1ecc5eb5f977} 2968 "\\.\pipe\gecko-crash-server-pipe.2968" 8084 17aaec58 tab
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2968.41.904343850\998306174" -childID 37 -isForBrowser -prefsHandle 4364 -prefMapHandle 8512 -prefsLen 34286 -prefMapSize 234015 -jsInitHandle 872 -jsInitLen 246704 -a11yResourceId 64 -parentBuildID 20221128144904 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c49184c3-f335-436f-8e0c-8cff881394f6} 2968 "\\.\pipe\gecko-crash-server-pipe.2968" 4712 23ca2358 tab
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2968.42.660471742\676350570" -childID 38 -isForBrowser -prefsHandle 3760 -prefMapHandle 3936 -prefsLen 34286 -prefMapSize 234015 -jsInitHandle 872 -jsInitLen 246704 -a11yResourceId 64 -parentBuildID 20221128144904 -appDir "C:\Program Files\Mozilla Firefox\browser" - {927e2b24-3551-4dd0-898e-6965ec2cdb4d} 2968 "\\.\pipe\gecko-crash-server-pipe.2968" 7972 23e5c358 tab
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2968.43.1977308442\1865528447" -childID 39 -isForBrowser -prefsHandle 4108 -prefMapHandle 4792 -prefsLen 34286 -prefMapSize 234015 -jsInitHandle 872 -jsInitLen 246704 -a11yResourceId 64 -parentBuildID 20221128144904 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1dce0173-9b9a-405b-945f-9b3cb505b20c} 2968 "\\.\pipe\gecko-crash-server-pipe.2968" 8552 23a31b58 tab
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2968.44.1872515337\741879704" -childID 40 -isForBrowser -prefsHandle 7836 -prefMapHandle 7840 -prefsLen 34286 -prefMapSize 234015 -jsInitHandle 872 -jsInitLen 246704 -a11yResourceId 64 -parentBuildID 20221128144904 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c29eeab5-dfe2-4f9b-8e31-8d892eef0cdb} 2968 "\\.\pipe\gecko-crash-server-pipe.2968" 7856 24612058 tab
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
"C:\Users\KAREL\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\CCleanerCrashReporting.job - C:\Program Files\CCleaner\CCleanerBugReport.exe --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "515fbcf1-c488-4adb-87c8-d426745eb0a5" --version "6.06.10144" --silent

=========Mozilla firefox=========

ProfilePath - C:\Users\KAREL\AppData\Roaming\Mozilla\Firefox\Profiles\jzmbh3ho.default-release

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.6]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.11]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2021-05-29 163384]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2021-05-29 387640]
"Persistence"=C:\Windows\system32\igfxpers.exe [2021-05-29 418360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -automount []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
C:\Program Files\CCleaner\CCleaner64.exe [2022-11-09 38650192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Smart Cleaning]
C:\Program Files\CCleaner\CCleaner64.exe [2022-11-09 38650192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\chrome]
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --headless --disable-gpu --remote-debugging-port=9222 http://mi-ner-nis-de-6.info/cdn-1006.html?t=0.4 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LCore]
C:\Program Files\Logitech Gaming Software\LCore.exe /minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\launchOnStartup]
C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [2020-06-13 13971528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M-Audio Taskbar Icon]
C:\Windows\system32\M-AudioTaskBarIcon.exe [2010-03-31 798728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Path]
C:\Program Files (x86)\ZOOM\Edit_Share\bin\ZOOM Edit&Share startup.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2018-06-17 456160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Host Services x64.lnk]
C:\PROGRA~1\qemu\HOSTSE~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^KAREL^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SmartClock.lnk]
C:\Users\KAREL\AppData\Roaming\SMARTC~1\SMARTC~1.EXE []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2021-05-29 272384]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux2"=wdmaud.drv
"wave5"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux3"=wdmaud.drv
"wave6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"mixer7"=wdmaud.drv
"midi8"=wdmaud.drv
"aux4"=wdmaud.drv
"midi6"=wdmaud.drv
"midi7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave9"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer9"=wdmaud.drv
"midi9"=wdmaud.drv
"aux5"=wdmaud.drv
"aux6"=wdmaud.drv
"aux7"=wdmaud.drv
"aux8"=wdmaud.drv
"aux9"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2022-12-10 11:47:04 ----D---- C:\rsit
2022-12-10 07:18:46 ----D---- C:\ProgramData\Piriform
2022-12-01 19:27:16 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 month======

2022-12-10 11:47:12 ----D---- C:\Windows\Temp
2022-12-10 11:47:11 ----D---- C:\Program Files\trend micro
2022-12-10 11:47:08 ----D---- C:\Windows\Prefetch
2022-12-10 11:37:06 ----D---- C:\Windows\system32\drivers\etc
2022-12-10 11:32:55 ----D---- C:\Program Files\CCleaner
2022-12-10 11:07:16 ----D---- C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-12-10 07:18:46 ----HD---- C:\ProgramData
2022-12-10 06:59:46 ----D---- C:\Windows
2022-12-10 06:58:13 ----D---- C:\Windows\system32\Tasks
2022-12-10 06:58:11 ----D---- C:\Windows\Tasks
2022-12-08 15:46:26 ----D---- C:\Windows\system32\config
2022-12-08 15:42:50 ----SHD---- C:\System Volume Information
2022-12-03 15:15:04 ----D---- C:\Users\KAREL\AppData\Roaming\AIMP
2022-12-03 14:49:10 ----D---- C:\Windows\System32
2022-12-03 14:49:10 ----A---- C:\Windows\system32\PerfStringBackup.INI
2022-12-03 14:49:09 ----D---- C:\Windows\inf
2022-12-03 14:45:20 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2022-12-02 15:52:05 ----D---- C:\Program Files
2022-11-26 10:13:03 ----D---- C:\Windows\SoftwareDistribution
2022-11-20 16:13:21 ----A---- C:\Windows\system32\msvcsv60.dll
2022-11-20 16:13:21 ----A---- C:\Users\KAREL\AppData\Roaming\msregsvv.dll
2022-11-20 10:41:08 ----D---- C:\Users\KAREL\AppData\Roaming\Tracktion
2022-11-19 05:27:17 ----D---- C:\Windows\system32\catroot2
2022-11-12 19:25:01 ----D---- C:\Users\KAREL\AppData\Roaming\vlc

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2020-10-10 393880]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2017-06-07 138296]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 MBAMChameleon;MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [2022-10-16 220752]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-06-10 1146880]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-10-20 2770944]
R3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO; C:\Windows\System32\Drivers\BUSB2902.sys [2009-10-30 460864]
R3 BUSB_AUDIO_WDM;BEHRINGER USB WDM AUDIO; C:\Windows\system32\drivers\busbwdm.sys [2009-10-30 49728]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2019-12-12 33240]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2021-05-29 10629408]
R3 NIWinCDEmu;ISO Mounter driver; C:\Windows\system32\DRIVERS\NIWinCDEmu.sys [2015-08-24 112408]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2010-04-27 26440]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2010-04-27 77512]
S0 Partizan;Partizan; C:\Windows\system32\drivers\Partizan.sys []
S3 aswTap;avast! SecureLine TAP Adapter v3; C:\Windows\system32\DRIVERS\aswTap.sys [2018-09-05 53904]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver; C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys [2015-09-28 172376]
S3 cpuz148;cpuz148; \??\C:\Windows\temp\cpuz148\cpuz148_x64.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtlitescsibus.sys [2016-12-29 30264]
S3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus; C:\Windows\system32\DRIVERS\dtliteusbbus.sys [2016-12-29 47672]
S3 fiddrv64;fiddrv64; C:\Windows\system32\drivers\fiddrv64.sys []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
S3 LGBusEnum;Logitech Gaming Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\LGBusEnum.sys [2018-05-07 36496]
S3 LGJoyXlCore;Logitech Translation Layer Driver (LGS); C:\Windows\system32\drivers\LGJoyXlCore.sys [2018-05-07 67736]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver; C:\Windows\system32\drivers\LGVirHid.sys [2018-05-07 26008]
S3 MADFUOZONE;Service for M-Audio Ozone DFU; C:\Windows\system32\DRIVERS\MAudioOzone_DFU.sys [2010-03-31 46088]
S3 MAUSBOZONE;Service for M-Audio Ozone; C:\Windows\system32\DRIVERS\MAudioOzone.sys [2010-03-31 187912]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 pgusbmme;usb-audio.de MME-Adapter; C:\Windows\system32\drivers\pgusbmm3.sys [2010-08-13 49728]
S3 pgusbwdm;usb-audio.de driver (commercial 2.8.45); C:\Windows\System32\Drivers\pgusbwdm.sys [2010-08-13 466496]
S3 piddrv64;piddrv64; \??\C:\Windows\piddrv64.sys [2019-11-30 37256]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 SWDUMon;SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [2018-08-11 25608]
S3 tapwindscribe0901;Windscribe VPN; C:\Windows\system32\DRIVERS\tapwindscribe0901.sys [2018-02-01 45560]
S3 tapwp01;TAP-Windows Adapter V9 (WiFi Protector); C:\Windows\system32\DRIVERS\tapwp01.sys [2014-12-11 40664]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2010-04-27 43976]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2010-04-27 16200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R3 CCleanerPerformanceOptimizerService;CCleaner Performance Optimizer Service; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [2022-11-09 1003344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-05 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-05 125112]
S2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 GalaxyClientService;GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [2020-06-13 1748552]
S3 GalaxyCommunication;GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [2020-02-24 6821960]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2022-12-01 231328]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2015-11-05 51376]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 RapoRespondNa;RapoRespondNa; C:\Program Files (x86)\RapoRespondNa\RapoRespondNa.exe -system -token 5e227c []

-----------------EOF-----------------

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o kontrolu logu

#2 Příspěvek od Rudy »

Zdravím!
Dejte logy FRST+Addition: https://forum.viry.cz/viewtopic.php?f=13&t=152706 . RSIT není plně kompatibilní s 64b systémy. Děkuji.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

karelflorian
Návštěvník
Návštěvník
Příspěvky: 10
Registrován: 10 led 2018 14:14

Re: Prosím o kontrolu logu

#3 Příspěvek od karelflorian »

Také zdravím a díky za rychlou reakci. Po stažení FRST a vytvoření logu se mi zhroutil počítač, zavalený neustále se otvírající stránkou na stažení FRST a průzkumníkem Windows !?! který se nedal vypnout a nakonec mi zůstala jen úvodní obrazovka bez ikon na ploše. šmejdovi se asi nechce z teplíčka.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-12-2022
Ran by KAREL (administrator) on KITCHEN (Acer Aspire 5730) (10-12-2022 12:25:39)
Running from C:\Users\KAREL\Desktop
Loaded Profiles: KAREL
Platform: Microsoft Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(explorer.exe ->) (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(explorer.exe ->) (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(explorer.exe ->) (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <11>
(services.exe ->) (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
(taskeng.exe ->) (AutoIt Consulting Ltd -> AutoIt Team) C:\Users\KAREL\AppData\Roaming\ckgkr\corsve.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02B8A45D-ACA1-425B-8006-08DA12B43B83} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe /from_scheduler:1 (No File)
Task: {035FC0CD-9A4C-4301-BB4C-88D42C6E35A1} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs (No File)
Task: {07DA11D1-1FC3-4A33-91AD-F4C3FC3E6EA8} - System32\Tasks\{FFFA3BB9-42AB-40FA-B88B-D5657C155F54} => C:\Program Files (x86)\Slime Rancher Galactic Bundle\SlimeRancher.exe (No File)
Task: {145EE993-0760-44DA-B7E4-47ECFB2D6C54} - System32\Tasks\CCleanerSkipUAC - KAREL => C:\Program Files\CCleaner\CCleaner.exe [32325456 2022-11-09] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {1B24893B-3CA5-4E74-A808-6F5E77975FB1} - System32\Tasks\{0A9A365D-A59A-46B8-9C72-FAA1566F00AB} => E:\VOODOO95.EXE (No File)
Task: {259B69B1-38A3-404B-A2D4-99BAD3F87D22} - System32\Tasks\{01C28555-F9A9-462A-BC8C-F4215CFB05FB} => C:\Program Files\IK Multimedia\AmpliTube 4\AmpliTube 4.exe [9582592 2015-11-02] () [File not signed]
Task: {2D8D6347-4001-42C6-BB09-92B14B33D307} - System32\Tasks\{3A58ED83-AFCF-4884-A605-99829F7213E7} => C:\Program Files\IK Multimedia\AmpliTube 4\AmpliTube 4.exe [9582592 2015-11-02] () [File not signed]
Task: {35AF161E-FCDE-4C0F-92BB-1F53024C1ED8} - System32\Tasks\{449317E1-2D25-436C-8F8E-A871A209A9EF} => C:\Users\KAREL\Downloads\setup_0691868207.exe (No File)
Task: {4C1BB226-18D7-4420-BC49-AEDB411C2049} - System32\Tasks\{169902B3-BA28-4545-9A63-4EE1724B002F} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Might and Magic X Legacy\LegacyGDFInstall.exe" -d "C:\Program Files (x86)\Might and Magic X Legacy"
Task: {4E2B118A-9E94-4BA1-A051-B48DB2D943C7} - System32\Tasks\{9D283823-A7FA-4FC5-B56B-4F868743FAA4} => C:\Program Files\IK Multimedia\AmpliTube 4\AmpliTube 4.exe [9582592 2015-11-02] () [File not signed]
Task: {5A66ECF8-7B14-46E8-90F6-717572840165} - System32\Tasks\{5EB6BD77-1954-4BC8-99FA-5FBE4660458D} => E:\VOODOO95.EXE (No File)
Task: {5CC91BA4-75AE-4EE8-98D0-DA3E1F5D360A} - System32\Tasks\{14017357-C67B-46C3-A464-2201CBD55EE9} => C:\Program Files\PreSonus\Studio One 4\Studio One.exe (No File)
Task: {5EF60F6C-80B8-44F2-98AB-FDBCCFC3F60E} - System32\Tasks\{4662BC60-24BA-42C0-A8E1-7B5B77770B19} => C:\Windows\system32\pcalua.exe -a C:\Xpadder.exe\setup.exe -d C:\Xpadder.exe
Task: {5F885CE4-53BD-4399-A0FC-25C63650CF7C} - System32\Tasks\{EB6FE80C-5095-481A-888F-1B95BB14ED01} => C:\Users\KAREL\Downloads\setup_0691868207.exe (No File)
Task: {6086DB67-6885-4428-AC92-2DF1E405E905} - System32\Tasks\{1B171CED-8A1D-446E-B9ED-A06BD1A82CC2} => C:\Windows\system32\pcalua.exe -a C:\Users\KAREL\Downloads\ASIO4ALL_2_13_English.exe -d C:\Users\KAREL\Downloads
Task: {60FCC82F-F022-4EB7-BEFD-2202A397C61B} - System32\Tasks\{FD93F1E4-331B-4280-94C6-993DF520876D} => C:\Pac3D\pac3d.exe [48640 2020-10-09] () [File not signed]
Task: {71C028CB-E12C-4753-80FA-EEDB8BDB842A} - System32\Tasks\{C8F9A9BC-9F53-481D-A538-E455076C48B1} => C:\Program Files (x86)\Slime Rancher Galactic Bundle\SlimeRancher.exe (No File)
Task: {7454B545-8056-42BB-A86B-8BFD2D66EFA0} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-11-09] (Piriform Software Ltd -> Piriform)
Task: {759A2481-BC17-45B5-9DA0-31A055FC490B} - System32\Tasks\{1DB85FA2-0ABC-4859-8443-D1A3DEC0F92C} => C:\Pac3D\pac3d.exe [48640 2020-10-09] () [File not signed]
Task: {7BE8554D-2856-4BAD-9307-9B5F0C5E34BA} - System32\Tasks\{B1380AC8-6875-48B2-A443-8CF5141F0931} => C:\Windows\system32\pcalua.exe -a C:\Users\KAREL\Desktop\ASIO4ALL_2_14_English.exe -d C:\Users\KAREL\Desktop
Task: {85C9DE96-589A-41E4-957C-5FCB7BA2D29F} - System32\Tasks\{B871BD0F-DE5A-452B-ADBC-2EB97E253BC0} => C:\Program Files\IK Multimedia\AmpliTube 4\AmpliTube 4.exe [9582592 2015-11-02] () [File not signed]
Task: {9BC7F26A-8376-49C2-B379-DF04D6D689B8} - System32\Tasks\{11F93713-7C60-4C38-BDA7-D7C05B74B1EF} => C:\Users\KAREL\Downloads\xpadder_gamepad_profiler\Xpadder.exe (No File)
Task: {B4299B76-0E43-431B-A711-476497A4B05A} - System32\Tasks\{7C83B485-1D4B-4BC7-88F0-6AED99D5858F} => C:\Program Files (x86)\Slime Rancher Galactic Bundle\SlimeRancher.exe (No File)
Task: {B8629C57-4DEF-4AA2-A32B-59FF8E188A68} - System32\Tasks\{246D1223-1A1C-4FCE-BC9F-894CF6A28FF7} => C:\Program Files\IK Multimedia\AmpliTube 4\AmpliTube 4.exe [9582592 2015-11-02] () [File not signed]
Task: {BFF43C10-67D2-4531-A20F-7769D46518E4} - System32\Tasks\Diagnostic\Service => C:\Users\KAREL\AppData\Roaming\ckgkr\corsve.exe [893608 2022-10-23] (AutoIt Consulting Ltd -> AutoIt Team) -> "C:\Users\KAREL\AppData\Roaming\ckgkr\corsve.dat"
Task: {C390C4F1-CA5F-4BC3-8401-4997A951F630} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (No File)
Task: {C6728E35-841C-4104-9D9C-B92EC3BCC25A} - System32\Tasks\{A3D90B19-CB8F-4E95-BADF-9369F84753DB} => C:\Windows\system32\pcalua.exe -a C:\Users\KAREL\Downloads\ASIO4ALL_2_14_English.exe -d C:\Users\KAREL\Downloads
Task: {D068792B-1716-4449-8F45-6408A5D2B6D8} - System32\Tasks\{FE82AF94-82B7-46D3-9DA0-8703D06BA97B} => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe (No File)
Task: {D29E8231-4AA2-4989-8FF9-604EB698C592} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4669264 2022-11-09] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "515fbcf1-c488-4adb-87c8-d426745eb0a5" --version "6.06.10144" --silent
Task: {D51B3C56-795A-468D-B759-7A9BD9388779} - System32\Tasks\{970E1A6D-763E-4BCC-BF90-7C2C69129272} => E:\VOODOO95.EXE (No File)
Task: {D8A5FCC7-AF5A-4C84-A64A-56C1B9872966} - System32\Tasks\{E0E3BD52-D561-4794-BDC9-C9430D1BC5D4} => C:\Windows\system32\pcalua.exe -a E:\Setup.exe -d E:\
Task: {E6317CBE-DF18-40F0-A071-F6FEB676C14C} - System32\Tasks\{C03A226D-65F7-4681-9D89-C1B2DF6E45D2} => C:\Windows\system32\pcalua.exe -a "C:\Users\KAREL\Downloads\Sonic Mania Installer.exe" -d C:\Users\KAREL\Downloads
Task: {E79F6DF8-BB51-4FEB-8C92-49145B541227} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {EA2C7982-770C-48D5-91B5-4E6C2031FD53} - System32\Tasks\{C214BC00-0E95-4DCA-8C7B-9530DFF53BA2} => C:\Program Files\IK Multimedia\AmpliTube 4\AmpliTube 4.exe [9582592 2015-11-02] () [File not signed]
Task: {EBDDB1BB-9A49-4880-ACB7-03E98CA2B1C1} - System32\Tasks\{E7904902-D05C-40E5-8FEB-60A6405CD001} => C:\Users\KAREL\Downloads\xpadder_gamepad_profiler\Xpadder.exe (No File)
Task: {F91509FE-1A80-4149-9D91-09C2F1186E75} - \KAREL -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{E28415F2-DD36-4578-8DA7-537087953C9F}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{E28415F2-DD36-4578-8DA7-537087953C9F}: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF DefaultProfile: n6ss50s3.default
FF ProfilePath: C:\Users\KAREL\AppData\Roaming\Mozilla\Firefox\Profiles\n6ss50s3.default [2021-12-04]
FF ProfilePath: C:\Users\KAREL\AppData\Roaming\Mozilla\Firefox\Profiles\jzmbh3ho.default-release [2022-12-10]
FF Notifications: Mozilla\Firefox\Profiles\jzmbh3ho.default-release -> hxxps://drive.google.com
FF Extension: (AdBlocker Ultimate) - C:\Users\KAREL\AppData\Roaming\Mozilla\Firefox\Profiles\jzmbh3ho.default-release\Extensions\adblockultimate@adblockultimate.net.xpi [2022-10-01]
FF Extension: (TWP - Translate Web Pages) - C:\Users\KAREL\AppData\Roaming\Mozilla\Firefox\Profiles\jzmbh3ho.default-release\Extensions\{036a55b4-5e72-4d05-a06c-cba2dfcc134a}.xpi [2022-10-04]
FF Extension: (Open in PDF Reader) - C:\Users\KAREL\AppData\Roaming\Mozilla\Firefox\Profiles\jzmbh3ho.default-release\Extensions\{0d3afca0-aedf-491f-b0f9-9ffc22113ea8}.xpi [2022-08-15]
FF ProfilePath: C:\Users\KAREL\AppData\Roaming\AMozilla\AFirefox\Profiles\mb0mwdp8.default [2018-10-02] <==== ATTENTION
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1003344 2022-11-09] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1748552 2020-06-13] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6821960 2020-02-24] (GOG Sp. z o.o. -> GOG.com)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
S2 HPSLPSVC; C:\Users\KAREL\AppData\Local\Temp\7zS3513\hpslpsvc64.dll [X] <==== ATTENTION
S4 RapoRespondNa; C:\Program Files (x86)\RapoRespondNa\RapoRespondNa.exe -system -token 5e227c [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [53904 2018-09-05] (AVAST Software s.r.o. -> The OpenVPN Project)
R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [2770944 2011-10-20] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R3 BEHRINGER_2902; C:\Windows\System32\Drivers\BUSB2902.sys [460864 2009-10-30] (Ploytec GmbH -> BEHRINGER)
R3 BUSB_AUDIO_WDM; C:\Windows\System32\drivers\busbwdm.sys [49728 2009-10-30] (Ploytec GmbH -> BEHRINGER)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-12-29] (Disc Soft Ltd -> Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-12-29] (Disc Soft Ltd -> Disc Soft Ltd)
S3 fiddrv64; no ImagePath
S3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [67736 2018-05-07] (Logitech Inc -> Logitech Inc.)
S3 MADFUOZONE; C:\Windows\System32\DRIVERS\MAudioOzone_DFU.sys [46088 2010-03-31] (M-Audio -> M-Audio)
S3 MAUSBOZONE; C:\Windows\System32\DRIVERS\MAudioOzone.sys [187912 2010-03-31] (M-Audio -> Avid Technology, Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220752 2022-10-16] (Malwarebytes Inc -> Malwarebytes)
R3 NIWinCDEmu; C:\Windows\System32\DRIVERS\NIWinCDEmu.sys [112408 2015-08-24] (NATIVE INSTRUMENTS GmbH -> )
S3 pgusbmme; C:\Windows\System32\drivers\pgusbmm3.sys [49728 2010-08-13] (Ploytec GmbH -> usb-audio.de)
S3 pgusbwdm; C:\Windows\System32\Drivers\pgusbwdm.sys [466496 2010-08-13] (Ploytec GmbH -> usb-audio.de)
S3 piddrv64; C:\Windows\piddrv64.sys [37256 2019-11-30] (Microsoft Windows Hardware Compatibility Publisher -> )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [393880 2020-10-10] (Disc Soft Ltd -> Duplex Secure Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [25608 2018-08-11] (AVG Technologies CZ, s.r.o. -> SlimWare Utilities, Inc.)
S3 tapwindscribe0901; C:\Windows\System32\DRIVERS\tapwindscribe0901.sys [45560 2018-02-01] (Windscribe Limited -> The OpenVPN Project)
S3 tapwp01; C:\Windows\System32\DRIVERS\tapwp01.sys [40664 2014-12-11] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [398112 2011-07-12] (Marvell Semiconductor -> Marvell)
S3 cpuz148; \??\C:\Windows\temp\cpuz148\cpuz148_x64.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-12-10 12:25 - 2022-12-10 12:30 - 000015480 _____ C:\Users\KAREL\Desktop\FRST.txt
2022-12-10 12:23 - 2022-12-10 12:23 - 002375680 _____ (Farbar) C:\Users\KAREL\Desktop\FRST64(1).exe
2022-12-10 11:47 - 2022-12-10 11:47 - 000000000 ____D C:\rsit
2022-12-10 11:46 - 2022-12-10 11:46 - 001222144 _____ C:\Users\KAREL\Downloads\RSITx64.exe
2022-12-10 11:36 - 2022-12-10 11:36 - 000388608 _____ (Trend Micro Inc.) C:\Users\KAREL\Downloads\hijackthis.exe
2022-12-10 07:18 - 2022-12-10 07:18 - 000000000 ____D C:\ProgramData\Piriform
2022-12-10 06:58 - 2022-12-10 06:58 - 000003350 _____ C:\Windows\system32\Tasks\CCleanerCrashReporting
2022-12-10 06:58 - 2022-12-10 06:58 - 000000760 _____ C:\Windows\Tasks\CCleanerCrashReporting.job
2022-12-08 17:13 - 2022-12-08 17:13 - 000000017 _____ C:\Users\KAREL\Downloads\whitelist(1).txt
2022-12-08 17:12 - 2022-12-08 17:12 - 000000017 _____ C:\Users\KAREL\Downloads\whitelist.txt
2022-12-03 15:09 - 2022-12-03 15:09 - 045374608 _____ C:\Users\KAREL\Downloads\YTMp3_YTMP3WEB_v4.4.1.apk
2022-12-01 20:52 - 2022-12-01 20:52 - 000001779 _____ C:\Users\KAREL\Desktop\projev.txt
2022-12-01 19:27 - 2022-12-03 14:45 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-11-26 17:14 - 2021-05-26 22:04 - 000013993 _____ C:\Users\KAREL\Downloads\Guitar Pro File - Metal Riffs and Licks - Jason Stallworth.gp
2022-11-26 17:13 - 2022-11-26 17:13 - 000283268 _____ C:\Users\KAREL\Downloads\Guitar-Pro-File-Metal-Riffs-and-Licks-Jason-Stallworth.gp_(1).exe
2022-11-26 17:11 - 2022-11-26 17:11 - 000013988 _____ C:\Users\KAREL\Downloads\Guitar-Pro-File-Metal-Riffs-and-Licks-Jason-Stallworth.gp_(1).zip
2022-11-19 09:04 - 2022-11-26 10:13 - 000000000 ____D C:\Users\KAREL\AppData\Local\CrashDumps

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-12-10 12:27 - 2022-10-21 09:27 - 000000000 ____D C:\FRST
2022-12-10 12:08 - 2022-02-09 12:33 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-12-10 12:07 - 2021-12-04 07:08 - 000000000 ____D C:\Users\KAREL\AppData\LocalLow\Mozilla
2022-12-10 11:47 - 2018-01-10 13:58 - 000000000 ____D C:\Program Files\trend micro
2022-12-10 11:32 - 2018-06-24 05:59 - 000000000 ____D C:\Program Files\CCleaner
2022-12-10 06:58 - 2018-06-24 05:59 - 000003870 _____ C:\Windows\system32\Tasks\CCleaner Update
2022-12-10 06:57 - 2009-07-14 05:45 - 000031088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2022-12-10 06:57 - 2009-07-14 05:45 - 000031088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2022-12-10 06:50 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-12-03 15:15 - 2016-12-26 07:31 - 000000000 ____D C:\Users\KAREL\AppData\Roaming\AIMP
2022-12-03 14:49 - 2010-11-21 10:27 - 000668376 _____ C:\Windows\system32\perfh005.dat
2022-12-03 14:49 - 2010-11-21 10:27 - 000141004 _____ C:\Windows\system32\perfc005.dat
2022-12-03 14:49 - 2009-07-14 06:13 - 001582262 _____ C:\Windows\system32\PerfStringBackup.INI
2022-12-03 14:49 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2022-12-03 14:45 - 2021-12-04 07:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-12-02 15:47 - 2009-07-14 06:08 - 000032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2022-11-20 16:13 - 2017-06-25 14:05 - 000000032 _____ C:\Windows\system32\w3data.vss
2022-11-20 16:13 - 2017-06-25 14:05 - 000000032 _____ C:\Windows\system32\msvcsv60.dll
2022-11-20 16:13 - 2017-06-25 14:05 - 000000032 _____ C:\Windows\msocreg32.dat
2022-11-20 16:13 - 2017-02-03 08:34 - 000000032 _____ C:\Users\KAREL\AppData\Roaming\msregsvv.dll
2022-11-20 16:13 - 2017-02-03 08:34 - 000000032 _____ C:\ProgramData\autobk.inc
2022-11-20 11:19 - 2022-10-14 17:43 - 000000000 ____D C:\Users\KAREL\Documents\kytara bicí
2022-11-20 10:41 - 2019-02-24 08:28 - 000000000 ____D C:\Users\KAREL\AppData\Roaming\Tracktion
2022-11-12 19:25 - 2017-01-07 11:03 - 000000000 ____D C:\Users\KAREL\AppData\Roaming\vlc

==================== Files in the root of some directories ========

2017-05-23 15:58 - 2012-04-11 03:27 - 000003584 _____ () C:\Users\KAREL\ezdrummer.dll
2012-11-27 17:00 - 2012-04-11 03:27 - 000003584 _____ () C:\Users\KAREL\Guitar Rig 5.dll
2017-05-20 06:04 - 2012-04-11 03:27 - 000003584 _____ () C:\Users\KAREL\Massive.64.dll
2017-05-23 15:58 - 2012-04-11 03:27 - 000003584 _____ () C:\Users\KAREL\Massive.dll
2017-05-20 06:04 - 2012-04-11 03:27 - 000003584 _____ () C:\Users\KAREL\Metronome.64.dll
2017-05-23 15:58 - 2012-04-11 03:27 - 000003584 _____ () C:\Users\KAREL\Metronome.dll
2017-04-13 08:47 - 2011-02-09 15:51 - 022814720 _____ () C:\Users\KAREL\TH2.dll
2017-05-23 15:58 - 2012-04-11 03:27 - 000003584 _____ () C:\Users\KAREL\TH3.dll
2017-02-23 20:32 - 2015-10-09 14:53 - 004357120 _____ () C:\Users\KAREL\TyrellN6(x64).dll
2020-02-29 07:19 - 2020-02-29 07:19 - 000000000 ____D () C:\Users\KAREL\Xpadder.exe
2017-02-03 08:34 - 2022-11-20 16:13 - 000000032 _____ () C:\Users\KAREL\AppData\Roaming\msregsvv.dll
2021-02-21 20:41 - 2021-02-21 20:41 - 000000014 _____ () C:\Users\KAREL\AppData\Roaming\obs-virtualcam.txt
2018-09-29 11:37 - 2018-08-06 23:55 - 011924306 _____ (InstallShield Software Corporation) C:\Users\KAREL\AppData\Roaming\pinnacle-setup.exe
2021-10-29 10:06 - 2021-10-29 10:06 - 048903224 _____ (WebDiscover Media ) C:\Users\KAREL\AppData\Roaming\WebDiscover_setup.exe
2020-09-19 18:48 - 2020-10-03 06:41 - 000016438 _____ () C:\Users\KAREL\AppData\Local\partner.bmp
2018-01-14 18:15 - 2018-06-23 06:08 - 000007650 _____ () C:\Users\KAREL\AppData\Local\Resmon.ResmonCfg
2017-01-12 19:00 - 2016-11-23 14:37 - 000000570 _____ () C:\Users\KAREL\AppData\Local\TroubleshooterConfig.json

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2022-12-08 15:35
==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-12-2022
Ran by KAREL (10-12-2022 12:30:53)
Running from C:\Users\KAREL\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X64) (2016-12-16 17:02:58)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-577945811-771457962-1855025614-500 - Administrator - Disabled)
Guest (S-1-5-21-577945811-771457962-1855025614-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-577945811-771457962-1855025614-1002 - Limited - Enabled)
KAREL (S-1-5-21-577945811-771457962-1855025614-1000 - Administrator - Enabled) => C:\Users\KAREL

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4Media MP4 to MP3 Converter 6 (HKLM-x32\...\4Media MP4 to MP3 Converter 6) (Version: 6.8.0.1101 - 4Media)
Ableton Live 9 Suite (HKLM\...\{7597F2DC-003A-476E-9281-774AB112B7BE}) (Version: 9.0.0.0 - Ableton)
Abyss version 1.2.2 (HKLM-x32\...\{73586F08-45E2-4BE2-82BF-24A591D742AA}_is1) (Version: 1.2.2 - Dawesome)
Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
AIMP (HKLM-x32\...\AIMP) (Version: v4.70.2227, 01.09.2020 - AIMP DevTeam)
AmpliTube 4 version 4.0.1 (HKLM\...\{21B0C8E0-7EB7-4832-B764-20A7DAE86E02}_is1) (Version: 4.0.1 - IK Multimedia)
AmpliTube 5 version 5.0.3 (HKLM\...\{D831D61F-EBF5-4158-AEE1-F58A7B8C04C8}_is1) (Version: 5.0.3 - IK Multimedia)
ARIA Engine v1.9.1.6 (HKLM\...\ARIA Engine_is1) (Version: v1.9.1.6 - Plogue Art et Technologie, Inc)
ArtRage 6 (HKLM\...\{7AF6962D-016E-4084-ADF8-84891B95D815}) (Version: 6.1.2.0 - Ambient Design) Hidden
ArtRage 6 (HKLM-x32\...\ArtRage 6 6.1.2.0) (Version: 6.1.2.0 - Ambient Design)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.15 - tippach engineering)
BEHRINGER USB AUDIO DRIVER (HKLM\...\USB_AUDIO_DEusb-audio.deBehringer2902) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 6.06 - Piriform)
Creaks (HKLM-x32\...\1623513243_is1) (Version: 1.0.9 - GOG.com)
DAW Essentials Collection version 1.0.0 (HKLM\...\DAW Essentials Collection_is1) (Version: 1.0.0 - )
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
EZdrummer (HKLM-x32\...\{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}) (Version: 1.0.2 - Toontrack)
EZdrummer 2 64-bit (HKLM\...\{B9217824-0EBE-49C7-98A0-A76CC46BBB7D}) (Version: 2.0.0 - Toontrack)
EZXClaustrophobic (HKLM-x32\...\{8094F7AE-CA21-4AF2-A256-BC918CE0E796}) (Version: 1.0 - Toontrack)
EZXCocktail (HKLM-x32\...\{147567F0-8575-4BE0-B5B3-62706C67FA5A}) (Version: 1.0 - Toontrack)
EZXDfh (HKLM-x32\...\{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}) (Version: 1.0 - Toontrack)
EZXMetalHeads (HKLM-x32\...\{F4F365AB-BD66-4775-A36A-E3D8055873FD}) (Version: 1.0.0 - Toontrack)
EZXMetalMachine (HKLM-x32\...\{88A1D1DA-4327-4CAF-BA74-00D85D9353E8}) (Version: 1.0.0 - Toontrack)
EZXNashville (HKLM-x32\...\{82DF9225-13EC-41BD-BE31-AAB121B38166}) (Version: 1.0 - Toontrack)
EZXPercussion (HKLM-x32\...\{2CC4BC82-41CF-43D3-B533-7283AA8BB86F}) (Version: 1.0 - Toontrack)
EZXTwisted (HKLM-x32\...\{D1EBF11E-8CE3-4EF5-8E2D-FD5B8D6BD294}) (Version: 1.0 - Toontrack)
EZXVintage (HKLM-x32\...\{430399DC-98BC-4A7F-8F8E-77981CABAE05}) (Version: 1.0 - Toontrack)
FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version: - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Guitar Pro 7 - Soundbanks (HKLM-x32\...\com.arobas-music.guitarpro7-soundbanks_is1) (Version: 1.0.69 - Arobas Music)
Guitar Pro 7 (HKLM-x32\...\Guitar Pro 7_is1) (Version: 7.5.2.1586 - Arobas Music)
Helix Native (HKLM\...\Helix Native_is1) (Version: 1.9.1 - Line6 & Team V.R)
K-Lite Codec Pack 14.9.4 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.9.4 - KLCP)
Krita (x64) 4.4.8 (HKLM\...\Krita_x64) (Version: 4.4.8.0 - Krita Foundation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.44.1.3 - Marvell)
M-Audio Ozone Driver 6.0.3 (x64) (HKLM\...\{DD06AA57-1DF1-45E6-B234-07110667DD28}) (Version: 6.0.3 - M-Audio)
Microsoft .NET Framework 4.6.1 (CSY) (HKLM\...\{3C38CA01-7933-31E7-A1F6-EAA1DF9BEDF3}) (Version: 4.6.01055 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{BD6F5371-DAC1-30F0-9DDE-CAC6791E28C3}) (Version: 4.6.01055 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 (HKLM-x32\...\{65e650ff-30be-469d-b63a-418d71ea1765}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.30.30708 (HKLM-x32\...\{ee198d9f-cfe1-4f8a-bf5f-7b1be355b63d}) (Version: 14.30.30708.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 (HKLM-x32\...\{0FA68574-690B-4B00-89AA-B28946231449}) (Version: 14.25.28508 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 (HKLM-x32\...\{2BC3BD4D-FABA-4394-93C7-9AC82A263FE2}) (Version: 14.25.28508 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.30.30708 (HKLM\...\{12A2980B-E47B-491B-92F5-0BC703841ED4}) (Version: 14.30.30708 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.30.30708 (HKLM\...\{AE043016-3897-41D4-870B-1DAEE62CF152}) (Version: 14.30.30708 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 107.0.1 (x64 cs)) (Version: 107.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 94.0.2 - Mozilla)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version: - Native Instruments)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: - Native Instruments)
NI Guitar Rig (HKLM\...\{48878FDB-8FEB-4503-A444-11F6BD85114C}) (Version: 5.2.2 - Native Instruments)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Overloud TH-U (HKLM\...\{B7B70E5E-3373-4799-B37F-06E603B0FC2B}_is1) (Version: 1.1.8 - Overloud)
Ozone 9 Standard (HKLM\...\Ozone 9) (Version: 9.1.0 - iZotope, Inc.)
Plogue AlterEgo v1.516 (HKLM\...\__ARIA_1019___is1) (Version: v1.516 - Plogue)
PowerISO (HKLM-x32\...\PowerISO) (Version: 7.2 - Power Software Ltd)
TH3 (HKLM\...\{84958137-F2F7-4DC8-A29E-B69F6553BE4F}_is1) (Version: 3.4.5 - Overloud)
Toneforge - Misha Mansoor Advanced version 1.0.1 (HKLM\...\Toneforge - Misha Mansoor Advanced_is1) (Version: 1.0.1 - )
Torpedo Wall Of Sound VST Win64 4.3.8 (HKU\S-1-5-21-577945811-771457962-1855025614-1000\...\Torpedo Wall Of Sound VST Win64) (Version: 4.3.8 - Two Notes Audio Engineering)
Tracktion Software BioTek (HKLM\...\BioTek_is1) (Version: 1.5.1 - Tracktion Software)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Waveform 11 (HKLM\...\{0EDB70B6-EEA7-413B-BBC4-89E2CD36EFDE}_is1) (Version: 11.1.0 - Tracktion Corporation)
WinRAR 5.91 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-577945811-771457962-1855025614-1000_Classes\CLSID\{8FA6DC22-9574-427B-914B-CD9ACE26E5CB}\InprocServer32 -> C:\Users\KAREL\AppData\Local\easyxplore\Update\1.3.99.0\psuser_64.dll (easyxplore.) [File not signed]
CustomCLSID: HKU\S-1-5-21-577945811-771457962-1855025614-1000_Classes\CLSID\{DD7F56DA-A71C-4C82-924B-F68028BCB2A4}\InprocServer32 -> C:\Users\KAREL\AppData\Local\easyxplore\Update\1.3.99.0\psuser_64.dll (easyxplore.) [File not signed]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [AIMP] -> [CC]{1F77B17B-F531-44DB-ACA4-76ABB5010A28} => -> No File
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2018-06-17] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [AIMP] -> [CC]{1F77B17B-F531-44DB-ACA4-76ABB5010A28} => -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2018-06-17] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2021-05-29] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2018-06-17] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation [63]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation [63]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\ProgramData\PACE:8307D8F8C9EA4484 [217]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 8) (Whitelisted) ==========

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/?clid=22668
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-577945811-771457962-1855025614-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
HKU\S-1-5-21-577945811-771457962-1855025614-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/?clid=22668
SearchScopes: HKLM-x32 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKLM-x32 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKU\S-1-5-21-577945811-771457962-1855025614-1000 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKU\S-1-5-21-577945811-771457962-1855025614-1000 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-07-22 14:30 - 2022-12-10 11:37 - 000000958 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 www.overloud.com
127.0.0.1 www.r2rdownload.net
127.0.0.1 www.r2rdownload.com
127.0.0.1 www.elephantafiles.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-577945811-771457962-1855025614-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\KAREL\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: AudioSrv => 2
MSCONFIG\Services: AxAutoMntSrv => 2
MSCONFIG\Services: WMPNetworkSvc => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Host Services x64.lnk => C:\Windows\pss\Host Services x64.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^KAREL^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SmartClock.lnk => C:\Windows\pss\SmartClock.lnk.Startup
MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: chrome => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --headless --disable-gpu --remote-debugging-port=9222 http://mi-ner-nis-de-6.info/cdn-1006.html?t=0.4
MSCONFIG\startupreg: Launch LCore => C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
MSCONFIG\startupreg: launchOnStartup => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe /launchViaAutoStart
MSCONFIG\startupreg: M-Audio Taskbar Icon => C:\Windows\system32\M-AudioTaskBarIcon.exe
MSCONFIG\startupreg: Path => "C:\Program Files (x86)\ZOOM\Edit_Share\bin\ZOOM Edit&Share startup.exe"
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files\PowerISO\PWRISOVM.EXE -startup
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{4403B449-6EB8-4B4D-8C58-F2FAAE363D16}C:\programdata\ableton\live 9 suite\program\ableton live 9 suite.exe] => (Block) C:\programdata\ableton\live 9 suite\program\ableton live 9 suite.exe (Ableton AG -> Ableton) [File not signed]
FirewallRules: [UDP Query User{F56D2214-EDC0-4925-85F9-B98AAC259F49}C:\programdata\ableton\live 9 suite\program\ableton live 9 suite.exe] => (Block) C:\programdata\ableton\live 9 suite\program\ableton live 9 suite.exe (Ableton AG -> Ableton) [File not signed]
FirewallRules: [TCP Query User{EB6B0B9E-3D3C-49C3-A901-3E2ECD195630}C:\programdata\ableton\live 9 suite\program\ableton live 9 suite.exe] => (Block) C:\programdata\ableton\live 9 suite\program\ableton live 9 suite.exe (Ableton AG -> Ableton) [File not signed]
FirewallRules: [UDP Query User{EC475A34-53A4-4791-8141-C3CA2D64306E}C:\programdata\ableton\live 9 suite\program\ableton live 9 suite.exe] => (Block) C:\programdata\ableton\live 9 suite\program\ableton live 9 suite.exe (Ableton AG -> Ableton) [File not signed]
FirewallRules: [TCP Query User{B8344DC4-609A-4104-849B-393B61D57F9F}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{FECC9637-9631-4BA7-BF89-4584A565AED2}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{82E4E9BB-7468-42DB-842A-139B82A692FC}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{DFC7F17A-7870-4FA5-AC14-8644B4307B0B}] => (Block) ableton live 10 => No File
FirewallRules: [{320CCE03-3ED8-4863-959A-6F49C164CFF8}] => (Block) ableton live 10 => No File
FirewallRules: [{45FD3A48-C762-4702-A10B-88E3F468F46B}] => (Block) ableton live 10 => No File
FirewallRules: [{4ACC72A8-2DE7-405F-8D34-1BA9A2F59B3A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D34AF7C2-8B39-4C23-B302-C7263A5A8EA1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

==================== Restore Points =========================

27-11-2022 10:04:02 Naplánovaný kontrolní bod
08-12-2022 15:42:30 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (12/10/2022 12:39:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (12/10/2022 12:39:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (12/10/2022 12:34:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (12/10/2022 12:34:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (12/10/2022 12:34:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (12/10/2022 12:31:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (12/10/2022 12:31:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (12/10/2022 12:31:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.


System errors:
=============
Error: (12/10/2022 12:38:36 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} se v daném časovém limitu neregistroval u služby DCOM.

Error: (12/10/2022 11:39:58 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 40.

Error: (12/10/2022 11:39:58 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.


==================== Memory info ===========================

BIOS: Phoenix Technologies LTD V1.07 08/27/2008
Motherboard: Acer CathedralPeak
Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz
Percentage of memory in use: 88%
Total physical RAM: 3000.86 MB
Available physical RAM: 351.38 MB
Total Virtual: 5999.93 MB
Available Virtual: 1578.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:69.65 GB) (Free:1.55 GB) (Model: Hitachi HTS543216L9A300 ATA Device) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:69.64 GB) (Free:1.87 GB) (Model: Hitachi HTS543216L9A300 ATA Device) NTFS

\\?\Volume{d23b0824-c3af-11e6-bfe3-806e6f6e6963}\ (PQSERVICE) (Fixed) (Total:9.76 GB) (Free:2.23 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149.1 GB) (Disk ID: 2933491A)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=69.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=69.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o kontrolu logu

#4 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
SDtart

CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {02B8A45D-ACA1-425B-8006-08DA12B43B83} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe /from_scheduler:1 (No File)
Task: {035FC0CD-9A4C-4301-BB4C-88D42C6E35A1} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs (No File)
Task: {07DA11D1-1FC3-4A33-91AD-F4C3FC3E6EA8} - System32\Tasks\{FFFA3BB9-42AB-40FA-B88B-D5657C155F54} => C:\Program Files (x86)\Slime Rancher Galactic Bundle\SlimeRancher.exe (No File)
Task: {1B24893B-3CA5-4E74-A808-6F5E77975FB1} - System32\Tasks\{0A9A365D-A59A-46B8-9C72-FAA1566F00AB} => E:\VOODOO95.EXE (No File)
Task: {35AF161E-FCDE-4C0F-92BB-1F53024C1ED8} - System32\Tasks\{449317E1-2D25-436C-8F8E-A871A209A9EF} => C:\Users\KAREL\Downloads\setup_0691868207.exe (No File)
Task: {5A66ECF8-7B14-46E8-90F6-717572840165} - System32\Tasks\{5EB6BD77-1954-4BC8-99FA-5FBE4660458D} => E:\VOODOO95.EXE (No File)
Task: {5CC91BA4-75AE-4EE8-98D0-DA3E1F5D360A} - System32\Tasks\{14017357-C67B-46C3-A464-2201CBD55EE9} => C:\Program Files\PreSonus\Studio One 4\Studio One.exe (No File)
Task: {5EF60F6C-80B8-44F2-98AB-FDBCCFC3F60E} - System32\Tasks\{4662BC60-24BA-42C0-A8E1-7B5B77770B19} => C:\Windows\system32\pcalua.exe -a C:\Xpadder.exe\setup.exe -d C:\Xpadder.exe
Task: {5F885CE4-53BD-4399-A0FC-25C63650CF7C} - System32\Tasks\{EB6FE80C-5095-481A-888F-1B95BB14ED01} => C:\Users\KAREL\Downloads\setup_0691868207.exe (No File)
Task: {6086DB67-6885-4428-AC92-2DF1E405E905} - System32\Tasks\{1B171CED-8A1D-446E-B9ED-A06BD1A82CC2} => C:\Windows\system32\pcalua.exe -a C:\Users\KAREL\Downloads\ASIO4ALL_2_13_English.exe -d C:\Users\KAREL\Downloads
Task: {71C028CB-E12C-4753-80FA-EEDB8BDB842A} - System32\Tasks\{C8F9A9BC-9F53-481D-A538-E455076C48B1} => C:\Program Files (x86)\Slime Rancher Galactic Bundle\SlimeRancher.exe (No File)
Task: {9BC7F26A-8376-49C2-B379-DF04D6D689B8} - System32\Tasks\{11F93713-7C60-4C38-BDA7-D7C05B74B1EF} => C:\Users\KAREL\Downloads\xpadder_gamepad_profiler\Xpadder.exe (No File)
ask: {C390C4F1-CA5F-4BC3-8401-4997A951F630} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (No File)
Task: {C6728E35-841C-4104-9D9C-B92EC3BCC25A} - System32\Tasks\{A3D90B19-CB8F-4E95-BADF-9369F84753DB} => C:\Windows\system32\pcalua.exe -a C:\Users\KAREL\Downloads\ASIO4ALL_2_14_English.exe -d C:\Users\KAREL\Downloads
Task: {D068792B-1716-4449-8F45-6408A5D2B6D8} - System32\Tasks\{FE82AF94-82B7-46D3-9DA0-8703D06BA97B} => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe (No File)
Task: {D51B3C56-795A-468D-B759-7A9BD9388779} - System32\Tasks\{970E1A6D-763E-4BCC-BF90-7C2C69129272} => E:\VOODOO95.EXE (No File)
Task: {D8A5FCC7-AF5A-4C84-A64A-56C1B9872966} - System32\Tasks\{E0E3BD52-D561-4794-BDC9-C9430D1BC5D4} => C:\Windows\system32\pcalua.exe -a E:\Setup.exe -d E:\
Task: {E6317CBE-DF18-40F0-A071-F6FEB676C14C} - System32\Tasks\{C03A226D-65F7-4681-9D89-C1B2DF6E45D2} => C:\Windows\system32\pcalua.exe -a "C:\Users\KAREL\Downloads\Sonic Mania Installer.exe" -d C:\Users\KAREL\Downloads
Task: {EBDDB1BB-9A49-4880-ACB7-03E98CA2B1C1} - System32\Tasks\{E7904902-D05C-40E5-8FEB-60A6405CD001} => C:\Users\KAREL\Downloads\xpadder_gamepad_profiler\Xpadder.exe (No File)
Task: {F91509FE-1A80-4149-9D91-09C2F1186E75} - \KAREL -> No File <==== ATTENTION
FF ProfilePath: C:\Users\KAREL\AppData\Roaming\AMozilla\AFirefox\Profiles\mb0mwdp8.default [2018-10-02] <==== ATTENTION
S2 HPSLPSVC; C:\Users\KAREL\AppData\Local\Temp\7zS3513\hpslpsvc64.dll [X] <==== ATTENTION
S3 fiddrv64; no ImagePath
U0 Partizan; system32\drivers\Partizan.sys [X]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [AIMP] -> [CC]{1F77B17B-F531-44DB-ACA4-76ABB5010A28} => -> No File
ContextMenuHandlers4: [AIMP] -> [CC]{1F77B17B-F531-44DB-ACA4-76ABB5010A28} => -> No File
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation [63]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation [63]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\ProgramData\PACE:8307D8F8C9EA4484 [217]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
FirewallRules: [{DFC7F17A-7870-4FA5-AC14-8644B4307B0B}] => (Block) ableton live 10 => No File
FirewallRules: [{320CCE03-3ED8-4863-959A-6F49C164CFF8}] => (Block) ableton live 10 => No File
FirewallRules: [{45FD3A48-C762-4702-A10B-88E3F468F46B}] => (Block) ableton live 10 => No File

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

karelflorian
Návštěvník
Návštěvník
Příspěvky: 10
Registrován: 10 led 2018 14:14

Re: Prosím o kontrolu logu

#5 Příspěvek od karelflorian »

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-12-2022
Ran by KAREL (10-12-2022 15:26:18) Run:1
Running from C:\Users\KAREL\Desktop
Loaded Profiles: KAREL
Boot Mode: Normal
==============================================

fixlist content:
*****************
SDtart

CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {02B8A45D-ACA1-425B-8006-08DA12B43B83} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe /from_scheduler:1 (No File)
Task: {035FC0CD-9A4C-4301-BB4C-88D42C6E35A1} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs (No File)
Task: {07DA11D1-1FC3-4A33-91AD-F4C3FC3E6EA8} - System32\Tasks\{FFFA3BB9-42AB-40FA-B88B-D5657C155F54} => C:\Program Files (x86)\Slime Rancher Galactic Bundle\SlimeRancher.exe (No File)
Task: {1B24893B-3CA5-4E74-A808-6F5E77975FB1} - System32\Tasks\{0A9A365D-A59A-46B8-9C72-FAA1566F00AB} => E:\VOODOO95.EXE (No File)
Task: {35AF161E-FCDE-4C0F-92BB-1F53024C1ED8} - System32\Tasks\{449317E1-2D25-436C-8F8E-A871A209A9EF} => C:\Users\KAREL\Downloads\setup_0691868207.exe (No File)
Task: {5A66ECF8-7B14-46E8-90F6-717572840165} - System32\Tasks\{5EB6BD77-1954-4BC8-99FA-5FBE4660458D} => E:\VOODOO95.EXE (No File)
Task: {5CC91BA4-75AE-4EE8-98D0-DA3E1F5D360A} - System32\Tasks\{14017357-C67B-46C3-A464-2201CBD55EE9} => C:\Program Files\PreSonus\Studio One 4\Studio One.exe (No File)
Task: {5EF60F6C-80B8-44F2-98AB-FDBCCFC3F60E} - System32\Tasks\{4662BC60-24BA-42C0-A8E1-7B5B77770B19} => C:\Windows\system32\pcalua.exe -a C:\Xpadder.exe\setup.exe -d C:\Xpadder.exe
Task: {5F885CE4-53BD-4399-A0FC-25C63650CF7C} - System32\Tasks\{EB6FE80C-5095-481A-888F-1B95BB14ED01} => C:\Users\KAREL\Downloads\setup_0691868207.exe (No File)
Task: {6086DB67-6885-4428-AC92-2DF1E405E905} - System32\Tasks\{1B171CED-8A1D-446E-B9ED-A06BD1A82CC2} => C:\Windows\system32\pcalua.exe -a C:\Users\KAREL\Downloads\ASIO4ALL_2_13_English.exe -d C:\Users\KAREL\Downloads
Task: {71C028CB-E12C-4753-80FA-EEDB8BDB842A} - System32\Tasks\{C8F9A9BC-9F53-481D-A538-E455076C48B1} => C:\Program Files (x86)\Slime Rancher Galactic Bundle\SlimeRancher.exe (No File)
Task: {9BC7F26A-8376-49C2-B379-DF04D6D689B8} - System32\Tasks\{11F93713-7C60-4C38-BDA7-D7C05B74B1EF} => C:\Users\KAREL\Downloads\xpadder_gamepad_profiler\Xpadder.exe (No File)
ask: {C390C4F1-CA5F-4BC3-8401-4997A951F630} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (No File)
Task: {C6728E35-841C-4104-9D9C-B92EC3BCC25A} - System32\Tasks\{A3D90B19-CB8F-4E95-BADF-9369F84753DB} => C:\Windows\system32\pcalua.exe -a C:\Users\KAREL\Downloads\ASIO4ALL_2_14_English.exe -d C:\Users\KAREL\Downloads
Task: {D068792B-1716-4449-8F45-6408A5D2B6D8} - System32\Tasks\{FE82AF94-82B7-46D3-9DA0-8703D06BA97B} => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe (No File)
Task: {D51B3C56-795A-468D-B759-7A9BD9388779} - System32\Tasks\{970E1A6D-763E-4BCC-BF90-7C2C69129272} => E:\VOODOO95.EXE (No File)
Task: {D8A5FCC7-AF5A-4C84-A64A-56C1B9872966} - System32\Tasks\{E0E3BD52-D561-4794-BDC9-C9430D1BC5D4} => C:\Windows\system32\pcalua.exe -a E:\Setup.exe -d E:\
Task: {E6317CBE-DF18-40F0-A071-F6FEB676C14C} - System32\Tasks\{C03A226D-65F7-4681-9D89-C1B2DF6E45D2} => C:\Windows\system32\pcalua.exe -a "C:\Users\KAREL\Downloads\Sonic Mania Installer.exe" -d C:\Users\KAREL\Downloads
Task: {EBDDB1BB-9A49-4880-ACB7-03E98CA2B1C1} - System32\Tasks\{E7904902-D05C-40E5-8FEB-60A6405CD001} => C:\Users\KAREL\Downloads\xpadder_gamepad_profiler\Xpadder.exe (No File)
Task: {F91509FE-1A80-4149-9D91-09C2F1186E75} - \KAREL -> No File <==== ATTENTION
FF ProfilePath: C:\Users\KAREL\AppData\Roaming\AMozilla\AFirefox\Profiles\mb0mwdp8.default [2018-10-02] <==== ATTENTION
S2 HPSLPSVC; C:\Users\KAREL\AppData\Local\Temp\7zS3513\hpslpsvc64.dll [X] <==== ATTENTION
S3 fiddrv64; no ImagePath
U0 Partizan; system32\drivers\Partizan.sys [X]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [AIMP] -> [CC]{1F77B17B-F531-44DB-ACA4-76ABB5010A28} => -> No File
ContextMenuHandlers4: [AIMP] -> [CC]{1F77B17B-F531-44DB-ACA4-76ABB5010A28} => -> No File
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation [63]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation [63]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\ProgramData\PACE:8307D8F8C9EA4484 [217]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
FirewallRules: [{DFC7F17A-7870-4FA5-AC14-8644B4307B0B}] => (Block) ableton live 10 => No File
FirewallRules: [{320CCE03-3ED8-4863-959A-6F49C164CFF8}] => (Block) ableton live 10 => No File
FirewallRules: [{45FD3A48-C762-4702-A10B-88E3F468F46B}] => (Block) ableton live 10 => No File

EmptyTemp:
End
*****************

SDtart => Error: No automatic fix found for this entry.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate => removed successfully
C:\ProgramData\NTUSER.pol => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{02B8A45D-ACA1-425B-8006-08DA12B43B83}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02B8A45D-ACA1-425B-8006-08DA12B43B83}" => removed successfully
C:\Windows\System32\Tasks\Avast Software\Overseer => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{035FC0CD-9A4C-4301-BB4C-88D42C6E35A1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{035FC0CD-9A4C-4301-BB4C-88D42C6E35A1}" => removed successfully
C:\Windows\System32\Tasks\AVAST Software\Avast settings backup => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Avast settings backup" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07DA11D1-1FC3-4A33-91AD-F4C3FC3E6EA8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07DA11D1-1FC3-4A33-91AD-F4C3FC3E6EA8}" => removed successfully
C:\Windows\System32\Tasks\{FFFA3BB9-42AB-40FA-B88B-D5657C155F54} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FFFA3BB9-42AB-40FA-B88B-D5657C155F54}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B24893B-3CA5-4E74-A808-6F5E77975FB1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B24893B-3CA5-4E74-A808-6F5E77975FB1}" => removed successfully
C:\Windows\System32\Tasks\{0A9A365D-A59A-46B8-9C72-FAA1566F00AB} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0A9A365D-A59A-46B8-9C72-FAA1566F00AB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{35AF161E-FCDE-4C0F-92BB-1F53024C1ED8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35AF161E-FCDE-4C0F-92BB-1F53024C1ED8}" => removed successfully
C:\Windows\System32\Tasks\{449317E1-2D25-436C-8F8E-A871A209A9EF} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{449317E1-2D25-436C-8F8E-A871A209A9EF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A66ECF8-7B14-46E8-90F6-717572840165}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A66ECF8-7B14-46E8-90F6-717572840165}" => removed successfully
C:\Windows\System32\Tasks\{5EB6BD77-1954-4BC8-99FA-5FBE4660458D} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5EB6BD77-1954-4BC8-99FA-5FBE4660458D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5CC91BA4-75AE-4EE8-98D0-DA3E1F5D360A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5CC91BA4-75AE-4EE8-98D0-DA3E1F5D360A}" => removed successfully
C:\Windows\System32\Tasks\{14017357-C67B-46C3-A464-2201CBD55EE9} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{14017357-C67B-46C3-A464-2201CBD55EE9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5EF60F6C-80B8-44F2-98AB-FDBCCFC3F60E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5EF60F6C-80B8-44F2-98AB-FDBCCFC3F60E}" => removed successfully
C:\Windows\System32\Tasks\{4662BC60-24BA-42C0-A8E1-7B5B77770B19} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4662BC60-24BA-42C0-A8E1-7B5B77770B19}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5F885CE4-53BD-4399-A0FC-25C63650CF7C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F885CE4-53BD-4399-A0FC-25C63650CF7C}" => removed successfully
C:\Windows\System32\Tasks\{EB6FE80C-5095-481A-888F-1B95BB14ED01} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EB6FE80C-5095-481A-888F-1B95BB14ED01}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6086DB67-6885-4428-AC92-2DF1E405E905}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6086DB67-6885-4428-AC92-2DF1E405E905}" => removed successfully
C:\Windows\System32\Tasks\{1B171CED-8A1D-446E-B9ED-A06BD1A82CC2} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1B171CED-8A1D-446E-B9ED-A06BD1A82CC2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71C028CB-E12C-4753-80FA-EEDB8BDB842A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71C028CB-E12C-4753-80FA-EEDB8BDB842A}" => removed successfully
C:\Windows\System32\Tasks\{C8F9A9BC-9F53-481D-A538-E455076C48B1} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C8F9A9BC-9F53-481D-A538-E455076C48B1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9BC7F26A-8376-49C2-B379-DF04D6D689B8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BC7F26A-8376-49C2-B379-DF04D6D689B8}" => removed successfully
C:\Windows\System32\Tasks\{11F93713-7C60-4C38-BDA7-D7C05B74B1EF} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{11F93713-7C60-4C38-BDA7-D7C05B74B1EF}" => removed successfully
ask: {C390C4F1-CA5F-4BC3-8401-4997A951F630} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (No File) => Error: No automatic fix found for this entry.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6728E35-841C-4104-9D9C-B92EC3BCC25A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6728E35-841C-4104-9D9C-B92EC3BCC25A}" => removed successfully
C:\Windows\System32\Tasks\{A3D90B19-CB8F-4E95-BADF-9369F84753DB} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A3D90B19-CB8F-4E95-BADF-9369F84753DB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D068792B-1716-4449-8F45-6408A5D2B6D8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D068792B-1716-4449-8F45-6408A5D2B6D8}" => removed successfully
C:\Windows\System32\Tasks\{FE82AF94-82B7-46D3-9DA0-8703D06BA97B} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FE82AF94-82B7-46D3-9DA0-8703D06BA97B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D51B3C56-795A-468D-B759-7A9BD9388779}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D51B3C56-795A-468D-B759-7A9BD9388779}" => removed successfully
C:\Windows\System32\Tasks\{970E1A6D-763E-4BCC-BF90-7C2C69129272} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{970E1A6D-763E-4BCC-BF90-7C2C69129272}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8A5FCC7-AF5A-4C84-A64A-56C1B9872966}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8A5FCC7-AF5A-4C84-A64A-56C1B9872966}" => removed successfully
C:\Windows\System32\Tasks\{E0E3BD52-D561-4794-BDC9-C9430D1BC5D4} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E0E3BD52-D561-4794-BDC9-C9430D1BC5D4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6317CBE-DF18-40F0-A071-F6FEB676C14C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6317CBE-DF18-40F0-A071-F6FEB676C14C}" => removed successfully
C:\Windows\System32\Tasks\{C03A226D-65F7-4681-9D89-C1B2DF6E45D2} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C03A226D-65F7-4681-9D89-C1B2DF6E45D2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EBDDB1BB-9A49-4880-ACB7-03E98CA2B1C1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBDDB1BB-9A49-4880-ACB7-03E98CA2B1C1}" => removed successfully
C:\Windows\System32\Tasks\{E7904902-D05C-40E5-8FEB-60A6405CD001} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E7904902-D05C-40E5-8FEB-60A6405CD001}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{F91509FE-1A80-4149-9D91-09C2F1186E75}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F91509FE-1A80-4149-9D91-09C2F1186E75}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KAREL" => removed successfully
C:\Users\KAREL\AppData\Roaming\AMozilla\AFirefox\Profiles\mb0mwdp8.default => moved successfully
C:\Users\KAREL\AppData\Roaming\AMozilla\AFirefox\Profiles\mb0mwdp8.default => path removed successfully
HKLM\System\CurrentControlSet\Services\HPSLPSVC => removed successfully
HPSLPSVC => service removed successfully
HKLM\System\CurrentControlSet\Services\fiddrv64 => removed successfully
fiddrv64 => service removed successfully
HKLM\System\CurrentControlSet\Services\Partizan => removed successfully
Partizan => service removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\AIMP => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\AIMP => removed successfully
C:\Windows\SysWOW64\zlib.dll => ":DocumentSummaryInformation" ADS could not remove.
C:\Windows\SysWOW64\zlib.dll => ":SummaryInformation" ADS could not remove.
C:\Windows\SysWOW64\zlib.dll => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\ProgramData\PACE => ":8307D8F8C9EA4484" ADS removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DFC7F17A-7870-4FA5-AC14-8644B4307B0B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{320CCE03-3ED8-4863-959A-6F49C164CFF8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{45FD3A48-C762-4702-A10B-88E3F468F46B}" => removed successfully

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5852716 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 4172 B
Edge => 0 B
Chrome => 0 B
Firefox => 304096177 B
Opera => 157933 B

Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 66228 B
ProgramData => 66228 B
systemprofile => 13843477 B
systemprofile32 => 13961015 B
LocalService => 14093259 B
NetworkService => 14166069 B
KAREL => 2412960052 B

RecycleBin => 0 B
EmptyTemp: => 2.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:27:04 ====

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o kontrolu logu

#6 Příspěvek od Rudy »

Smazno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

karelflorian
Návštěvník
Návštěvník
Příspěvky: 10
Registrován: 10 led 2018 14:14

Re: Prosím o kontrolu logu

#7 Příspěvek od karelflorian »

Vypadá to dobře, dokonce se rozjel i Gmail. Dobrá práce, pane, děkuji moc!!!

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o kontrolu logu

#8 Příspěvek od Rudy »

Rádo se stalo! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Zamčeno