Rising Antivirus Vyřešeno

[Orcus]

Máš to plný kradený SW, pak se nediv, že to máš zasviněný. Všechny ty cracky, keygeny atd. si smaž, jinak nemá cenu dále čistit a akorát s Tebou ztrácíme čas.

Legalizuj si office!!!!
"C:\Program Files\Microsoft Office\KMSnano Final\TriggerKMS.exe"

Smaž tyto soubory a složky:
C:\Users\Admin\AppData\Local\Temp\SQZF289.tmp\keygen.exe
C:\Program Files\Microsoft Office\KMSnano Final\TriggerKMS.exe
C:\Windows\pss\Arcania-Fall-of-Setarrif-FLT-crack.exe
C:\ProgramData\ExtTag\

Nainstaluj si něco z tohoto a trvale vypni Windows Defender:
Avast
Avira
AVG
Comodo

Na https://www.virustotal.com/ otestuj tyto soubory a dodej odkazy na výsledky:
C:\Program Files (x86)\Brownie\brpjp04a.exe

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-572532400-2546031134-3008305638-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Admin\AppData\Local\Google\Chrome\Application\43.0.2357.81\delegate_execute.exe (Google Inc.)
Task: {00C7D946-D04C-4E69-8BDA-183FAEF79AB6} - System32\Tasks\{09DCC461-BB0F-4E94-9E74-22763A260634} => pcalua.exe -a "C:\Users\Admin\Desktop\Hry\Rajsen\Risen - RPG\Risen - cestina\cestina\CZ_100.exe" -d "C:\Users\Admin\Desktop\Hry\Rajsen\Risen - RPG\Risen - cestina\cestina"
Task: {1AE1BBAD-E05E-48D0-B918-A85A65961329} - System32\Tasks\{C6B88EC9-55F8-41F4-8BB7-B63A102BCD01} => pcalua.exe -a C:\Users\Admin\Downloads\ComboFix.exe -d C:\Users\Admin\Downloads -c C:\Users\Admin\Desktop\CFScript.txt
Task: {261973D1-9600-4E1B-BD72-E68B3A924CD3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-24] (Adobe Systems Incorporated)
Task: {3897B494-4051-4BFD-92E5-DBA892F7354A} - System32\Tasks\{C6B59C89-344D-4E3C-9153-4E0CF15EF0E8} => pcalua.exe -a C:\Users\Admin\Downloads\Gothic_1CZ.exe -d C:\Users\Admin\Downloads
Task: {3B80B10B-087F-4706-9D74-6419E6000CDE} - \RegClean Pro -> No File <==== ATTENTION
Task: {578EA27A-9071-4E80-A4BA-05E42A123101} - System32\Tasks\{0FBAF4DF-8142-4912-9154-A92C468E764A} => pcalua.exe -a C:\Users\Admin\Desktop\Hry\thief\Setup.exe -d C:\Users\Admin\Desktop\Hry\thief
Task: {5A0FDD56-4D69-40EB-8055-8349D84758BC} - \RegClean Pro_UPDATES -> No File <==== ATTENTION
Task: {62322C77-FADE-4442-8038-79C332569AAC} - System32\Tasks\{27C639D0-31A1-434B-A9A3-9D2CABBEFC65} => pcalua.exe -a "C:\Users\Admin\Desktop\Hry\IL-2 Sturmovik Cliffs of Dover (2011) [PCDVD][MULTi5][WwW.ZoNaTorrent.CoM]\Fairlight\Installer.exe" -d "C:\Users\Admin\Desktop\Hry\IL-2 Sturmovik Cliffs of Dover (2011) [PCDVD][MULTi5][WwW.ZoNaTorrent.CoM]\Fairlight"
Task: {7B28679D-60B4-49FB-A39F-38EBC3A457DA} - \Advanced System~Protector -> No File <==== ATTENTION
Task: {84EF171F-0762-4824-B70A-143681D64EFC} - System32\Tasks\{49192437-391E-4B3A-9256-E6402568EF3D} => pcalua.exe -a C:\Users\Admin\Downloads\MorphVOX_Install-157.exe -d C:\Users\Admin\Desktop
Task: {8E25C4FD-A423-415E-B609-7A904A769373} - \AmiUpdXp -> No File <==== ATTENTION
Task: {964E0D69-A457-4023-BAF9-48C47E41CF6D} - System32\Tasks\{A84B4894-F2BC-4FA6-B787-FBD25C6123DF} => pcalua.exe -a "C:\Program Files (x86)\Unzip Wizard\UNWISE.EXE" -c C:\Program Files (x86)\Unzip Wizard\INSTALL.LOG
Task: {9E05A5A0-ADC7-4E2F-95AD-83457B5DD26A} - System32\Tasks\{090A7667-9D2C-4E90-9B83-2922596563FD} => pcalua.exe -a C:\Users\Admin\AppData\Local\Temp\SQZF289.tmp\keygen.exe -d C:\Windows\system32
Task: {9F86CA0A-32CD-475D-B78C-97CD1283BB7D} - System32\Tasks\{AC96AB1F-438D-47D1-9BC2-16F547003F67} => pcalua.exe -a C:\Users\Admin\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=ima
Task: {A5385174-5EAA-4B3F-9E3B-58944EF4CCBD} - \Advanced System~Protector_startup -> No File <==== ATTENTION
Task: {A8F8A46E-9664-41E2-A538-30EF5ADE4FD6} - \LaunchPreSignup -> No File <==== ATTENTION
Task: {C02F444F-8654-44BF-B25D-FEA7A2829C70} - System32\Tasks\{AF2A1FB2-24B4-4D40-ADF2-D867A5E147E3} => pcalua.exe -a C:\Users\Admin\AppData\Roaming\Seznam.cz\szninstall.exe -c -X
Task: {C49BD088-C7DA-4519-8B5E-520F7B6E637C} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {D59D9B85-6D43-4079-BAA2-09B3BBD2A182} - \RegClean Pro_DEFAULT -> No File <==== ATTENTION
Task: {DA37DB67-96CA-4836-978F-4E40454B1B6A} - System32\Tasks\Trigger KMS Activation => C:\Program Files\Microsoft Office\KMSnano Final\TriggerKMS.exe [2013-02-10] ()
Task: {DB9FAE8C-3A83-4F7A-B6C0-C8ED1E2B73C6} - System32\Tasks\{B950C4C6-4734-4D6E-BC69-F2ADE9C07C35} => pcalua.exe -a "C:\Users\Admin\Desktop\Hry\Gothic 3\autorun.exe" -d "C:\Users\Admin\Desktop\Hry\Gothic 3"
Task: {DD060631-9601-4512-BBE7-EA69E77D895F} - System32\Tasks\{F29D1072-6705-4251-8B58-BB7B5B2EEA1A} => C:\Program Files (x86)\Gothic III\Gothic3.exe
Task: {E23EB6D8-5F33-44C6-8EA5-207BF3CD5700} - System32\Tasks\IQA => cmd.exe /c start chrome.exe
Task: {E4CFAFF6-C78A-4E65-B9FE-168F3E66B4BE} - System32\Tasks\{3B19F664-59A6-4263-94F2-7AB0900885F9} => pcalua.exe -a "C:\Program Files (x86)\The Vanishing of Ethan Carter\Binaries\Launcher.exe" -d "C:\Program Files (x86)\The Vanishing of Ethan Carter\Binaries"
Task: {EB2CEC04-3A21-4F24-9A24-4B0EA8A111F9} - System32\Tasks\{8689D3D1-0BD5-4502-9FA5-4B2AEFC983DE} => pcalua.exe -a C:\PROGRA~2\MagicISO\UNWISE.EXE -c C:\PROGRA~2\MagicISO\INSTALL.LOG
Task: {F3D89ACD-803E-4AB2-AB10-2B9CD7294E89} - System32\Tasks\{A23A7049-3A3C-477E-B480-8DB6C0A9E7C5} => pcalua.exe -a E:\Fairlight\Installer.exe -d E:\Fairlight
Task: {F3E2E9B2-B228-4CF8-84C6-A820CF6AB9EB} - System32\Tasks\{BF663582-C208-4911-B6B9-9A9951C80BC1} => pcalua.exe -a E:\setup.exe -d E:\
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\InstallShield Update Task.job => Wscript.exe M/nologo /E:jscript /B C:\Program Files (x86)\InstallShield\isupdate.ini
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
AlternateDataStreams: C:\ProgramData\TEMP:24051EFF
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\ProgramData\TEMP:661DFA1C
AlternateDataStreams: C:\ProgramData\TEMP:A9662AE0
AlternateDataStreams: C:\ProgramData\TEMP:D026A5A4
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Roqmij => ""="service"
IE trusted site: HKU\S-1-5-21-572532400-2546031134-3008305638-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-572532400-2546031134-3008305638-1000\...\webcompanion.com -> hxxp://webcompanion.com
MSCONFIG\startupreg: mncgtkvuSrv => C:\Windows\system32\mncgtkvu.vbe
MSCONFIG\startupreg: mncppcqnSrv => C:\Windows\system32\mncppcqn.vbe
MSCONFIG\startupreg: mncruvtahSrv => C:\Windows\system32\mncruvtah.vbe
MSCONFIG\startupreg: mnctftvaqSrv => C:\Windows\system32\mnctftvaq.vbe
MSCONFIG\startupreg: NtVdmSrv => C:\Windows\inf\ntvdm.vbe
MSCONFIG\startupfolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Arcania-Fall-of-Setarrif-FLT-crack.exe => C:\Windows\pss\Arcania-Fall-of-Setarrif-FLT-crack.exe.Startup
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-572532400-2546031134-3008305638-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-572532400-2546031134-3008305638-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-572532400-2546031134-3008305638-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... JvpjJZk&q={searchTerms}
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search
SearchScopes: HKU\S-1-5-21-572532400-2546031134-3008305638-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... JvpjJZk&q={searchTerms}
SearchScopes: HKU\S-1-5-21-572532400-2546031134-3008305638-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-572532400-2546031134-3008305638-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... JvpjJZk&q={searchTerms}
BHO: No Name -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> No File
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: No Name -> {9FD3D761-2B09-DA1A-0229-0248A05B0334} -> No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
FF Plugin: @java.com/JavaPlugin,version=10.10.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-12-26] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Homepage: C:\ProgramData\ExtTags\ff.HP
FF NewTab: C:\ProgramData\ExtTags\ff.NT
AppInit_DLLs: C:\ProgramData\ExtTag\Indigotip.dll => C:\ProgramData\ExtTag\Indigotip.dll [212992 2015-08-29] ()
() C:\ProgramData\ExtTag\DentoTam.exe
() C:\ProgramData\ExtTag\ExtTag.exe
2015-08-29 09:15 - 2015-08-29 09:15 - 00150528 _____ () C:\ProgramData\ExtTag\DentoTam.exe
2015-08-27 10:20 - 2015-08-27 10:20 - 00033792 _____ () C:\ProgramData\ExtTag\ExtTag.exe
plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
015-08-29 09:15 - 2015-08-29 09:15 - 00000000 ____D C:\ProgramData\ExtTags
2015-08-29 09:14 - 2015-09-01 15:22 - 00000000 ____D C:\ProgramData\ExtTag
R2 ExtTag; C:\ProgramData\ExtTag\ExtTag.exe [33792 2015-08-27] () [File not signed]
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zfecvo39.default\extensions\defsearchp@gmail.com [not found]
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zfecvo39.default\extensions\deskCutv2@gmail.com [not found]
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zfecvo39.default\extensions\f8783004-c434-4bd0-9f81-9a39dd64baaa@08ad07c4-3f21-451d-9045-9e0d5dc8aa9e.com [not found]
OPR Extension: (vux777) - C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\bekmnilenpmnmmiaokgoclkegllkgbok [2014-04-22]
OPR Extension: (sailormax) - C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnbpedcoekjafichoehopgaaldogogch [2014-04-22]
OPR Extension: (No Name) - C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\kfjnfapiocpibeddeekmbikhpegjhdgi [2014-09-27]
U3 aqgcfbtq; C:\Windows\System32\Drivers\aqgcfbtq.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
2015-08-24 16:51 - 2015-08-24 16:51 - 01601812 _____ C:\Users\Admin\Downloads\air.conflicts.pacific.carriers.crack.free.rar
2015-08-24 16:51 - 2015-08-24 16:51 - 01601812 _____ C:\Users\Admin\Downloads\air.conflicts.pacific.carriers.crack.free (1).rar
15-08-25 15:08 - 2015-08-25 15:08 - 00749634 _____ C:\Users\Admin\Downloads\DarkSouls_2_PLUS24_TRN-dEViATED.rar
2015-08-25 15:05 - 2015-08-25 15:05 - 01189934 _____ C:\Users\Admin\Downloads\dark_souls2_v1.01_1.02_trn.rar
2015-08-25 15:00 - 2015-08-25 15:01 - 00000000 ___HD C:\Users\Admin\Downloads\.ptmp596980
2015-08-25 14:55 - 2015-08-25 14:55 - 06283063 _____ C:\Users\Admin\Downloads\codex-dark.souls.ii.upd.1.10.7z
2015-08-25 14:45 - 2015-08-25 14:45 - 04830660 _____ C:\Users\Admin\Downloads\dark-souls-2-steam-v1.7-cz (1).zip
2015-08-25 14:38 - 2015-08-25 14:38 - 08200847 _____ C:\Users\Admin\Downloads\dark-souls-2.rar
2015-08-25 14:29 - 2015-08-25 14:29 - 04935534 _____ C:\Users\Admin\Downloads\dark-souls-2-steam-v1.10-cz (1).zip
2015-08-25 11:13 - 2015-08-25 11:13 - 00121144 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-24 16:45 - 2015-08-24 16:45 - 00020316 _____ C:\Users\Admin\Downloads\Dark_Souls_2_+_DLC_(2014)_PC_RePack_от_R.G._Freedom.torrent
2015-08-22 20:38 - 2015-08-22 20:38 - 01642565 _____ C:\Users\Admin\Downloads\Far-Cry-4--CRACK-FIX.rar
2015-08-22 20:38 - 2015-08-22 20:38 - 00184853 _____ C:\Users\Admin\Downloads\Far-Cry-4---CRACK-FIX.rar
2015-08-22 20:37 - 2015-08-22 20:37 - 00511512 _____ C:\Users\Admin\Downloads\Far-Cry-4-CRACK.rar
2015-09-01 19:25 - 2013-05-19 12:12 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job



(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusť FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

[Reklama]

[jaro3]

Člověče tohle luštit , to je za trest. Samá nákaza , cracknuté hry , Ofiice , programy..
Přemejšlej trochu na netu.

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Task: {340E2711-6915-44A7-84C7-099F5ADCEF84} - System32\Tasks\{5DAA6C18-4E11-47AB-84E7-6D7833E6EF52} => pcalua.exe -a "C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe" -c -bootremove -uninst:RelevantKnowledge
Task: {3B80B10B-087F-4706-9D74-6419E6000CDE} - \RegClean Pro -> No File <==== ATTENTION
Task: {5A0FDD56-4D69-40EB-8055-8349D84758BC} - \RegClean Pro_UPDATES -> No File <==== ATTENTION
Task: {7B28679D-60B4-49FB-A39F-38EBC3A457DA} - \Advanced System~Protector -> No File <==== ATTENTION
Task: {8E25C4FD-A423-415E-B609-7A904A769373} - \AmiUpdXp -> No File <==== ATTENTION
Task: {9E05A5A0-ADC7-4E2F-95AD-83457B5DD26A} - System32\Tasks\{090A7667-9D2C-4E90-9B83-2922596563FD} => pcalua.exe -a C:\Users\Admin\AppData\Local\Temp\SQZF289.tmp\keygen.exe -d C:\Windows\system32
Task: {9F86CA0A-32CD-475D-B78C-97CD1283BB7D} - System32\Tasks\{AC96AB1F-438D-47D1-9BC2-16F547003F67} => pcalua.exe -a C:\Users\Admin\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=ima
Task: {A5385174-5EAA-4B3F-9E3B-58944EF4CCBD} - \Advanced System~Protector_startup -> No File <==== ATTENTION
Task: {A8F8A46E-9664-41E2-A538-30EF5ADE4FD6} - \LaunchPreSignup -> No File <==== ATTENTION
Task: {D59D9B85-6D43-4079-BAA2-09B3BBD2A182} - \RegClean Pro_DEFAULT -> No File <==== ATTENTION
Task: {DA37DB67-96CA-4836-978F-4E40454B1B6A} - System32\Tasks\Trigger KMS Activation => C:\Program Files\Microsoft Office\KMSnano Final\TriggerKMS.exe [2013-02-10] ()
C:\Users\Admin\LOCALS~1\Temp\msayuysae.exe
C:\ProgramData\ExtTag
C:\Users\Admin\AppData\Local\Temp\SQZF289.tmp\keygen.exe
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
AlternateDataStreams: C:\ProgramData\TEMP:24051EFF
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\ProgramData\TEMP:661DFA1C
AlternateDataStreams: C:\ProgramData\TEMP:A9662AE0
AlternateDataStreams: C:\ProgramData\TEMP:D026A5A4
IE trusted site: HKU\S-1-5-21-572532400-2546031134-3008305638-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-572532400-2546031134-3008305638-1000\...\webcompanion.com -> hxxp://webcompanion.com
MSCONFIG\startupreg: MagicWand => C:\Users\Admin\AppData\Roaming\MagicWand\upd.exe
MSCONFIG\startupreg: mncgtkvuSrv => C:\Windows\system32\mncgtkvu.vbe
MSCONFIG\startupreg: mncppcqnSrv => C:\Windows\system32\mncppcqn.vbe
MSCONFIG\startupreg: mncruvtahSrv => C:\Windows\system32\mncruvtah.vbe
MSCONFIG\startupreg: mnctftvaqSrv => C:\Windows\system32\mnctftvaq.vbe
MSCONFIG\startupreg: NtVdmSrv => C:\Windows\inf\ntvdm.vbe
AppInit_DLLs: C:\ProgramData\ExtTag\Indigotip.dll => C:\ProgramData\ExtTag\Indigotip.dll [212992 2015-08-29] ()
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-572532400-2546031134-3008305638-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... JvpjJZk&q={searchTerms}
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search
SearchScopes: HKU\S-1-5-21-572532400-2546031134-3008305638-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... JvpjJZk&q={searchTerms}
SearchScopes: HKU\S-1-5-21-572532400-2546031134-3008305638-1000 -> {012E1000-
SearchScopes: HKU\S-1-5-21-572532400-2546031134-3008305638-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... JvpjJZk&q={searchTerms}
BHO: No Name -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> No File
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: No Name -> {9FD3D761-2B09-DA1A-0229-0248A05B0334} -> No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
FF Homepage: C:\ProgramData\ExtTags\ff.HP
FF NewTab: C:\ProgramData\ExtTags\ff.NT
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zfecvo39.default\extensions\defsearchp@gmail.com [not found]
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zfecvo39.default\extensions\deskCutv2@gmail.com [not found]
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zfecvo39.default\extensions\f8783004-c434-4bd0-9f81-9a39dd64baaa@08ad07c4-3f21-451d-9045-9e0d5dc8aa9e.com [not found]
OPR Extension: (No Name) - C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\kfjnfapiocpibeddeekmbikhpegjhdgi [2014-09-27]
R2 ExtTag; C:\ProgramData\ExtTag\ExtTag.exe [33792 2015-08-27] () [File not signed]
U3 aqgcfbtq; C:\Windows\System32\Drivers\aqgcfbtq.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 avchv; system32\DRIVERS\avchv.sys [X]
C:\ProgramData\ExtTags
C:\ProgramData\ExtTag
C:\ProgramData\update
C:\Users\Admin\AppData\Roaming\MagicWand\upd.exe
C:\Windows\system32\mncgtkvu.vbe
C:\Windows\system32\mncppcqn.vbe
C:\Windows\system32\mncruvtah.vbe
C:\Windows\system32\mnctftvaq.vbe
C:\Windows\inf\ntvdm.vbe
C:\Windows\system32\DRIVERS\avchv.sys

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
C:\Program Files\NixSrv\NixSrv.exe
C:\Program Files\NixSrv\packages\ce951302-b47b-4947-a46d-2422effc295c\NixHost.exe
C:\Users\Admin\AppData\Local\Temp\msqzrfwvr.pif
C:\Windows\SysWOW64\dvttrn.dll
C:\Users\Admin\AppData\Roaming\mshvpltu.dat
C:\Users\Admin\AppData\Roaming\mspxgj.dat
C:\Users\Admin\AppData\Local\Temp\mswhyu.exe
C:\Users\Admin\AppData\Local\Temp\NOSEventMessages.dll

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

C:\Users\Admin\Downloads\.ptmp505228
C:\Users\Admin\Downloads\.ptmp268061
C:\Users\Admin\Downloads\.ptmp352026
C:\Users\Admin\Desktop\.ptmp75647
tohle znáš?

[bobsch2]

Fix result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by Admin (2015-09-02 19:49:00) Run:1
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin & Arnochtomag)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-572532400-2546031134-3008305638-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Admin\AppData\Local\Google\Chrome\Application\43.0.2357.81\delegate_execute.exe (Google Inc.)
Task: {00C7D946-D04C-4E69-8BDA-183FAEF79AB6} - System32\Tasks\{09DCC461-BB0F-4E94-9E74-22763A260634} => pcalua.exe -a "C:\Users\Admin\Desktop\Hry\Rajsen\Risen - RPG\Risen - cestina\cestina\CZ_100.exe" -d "C:\Users\Admin\Desktop\Hry\Rajsen\Risen - RPG\Risen - cestina\cestina"
Task: {1AE1BBAD-E05E-48D0-B918-A85A65961329} - System32\Tasks\{C6B88EC9-55F8-41F4-8BB7-B63A102BCD01} => pcalua.exe -a C:\Users\Admin\Downloads\ComboFix.exe -d C:\Users\Admin\Downloads -c C:\Users\Admin\Desktop\CFScript.txt
Task: {261973D1-9600-4E1B-BD72-E68B3A924CD3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-24] (Adobe Systems Incorporated)
Task: {3897B494-4051-4BFD-92E5-DBA892F7354A} - System32\Tasks\{C6B59C89-344D-4E3C-9153-4E0CF15EF0E8} => pcalua.exe -a C:\Users\Admin\Downloads\Gothic_1CZ.exe -d C:\Users\Admin\Downloads
Task: {3B80B10B-087F-4706-9D74-6419E6000CDE} - \RegClean Pro -> No File <==== ATTENTION
Task: {578EA27A-9071-4E80-A4BA-05E42A123101} - System32\Tasks\{0FBAF4DF-8142-4912-9154-A92C468E764A} => pcalua.exe -a C:\Users\Admin\Desktop\Hry\thief\Setup.exe -d C:\Users\Admin\Desktop\Hry\thief
Task: {5A0FDD56-4D69-40EB-8055-8349D84758BC} - \RegClean Pro_UPDATES -> No File <==== ATTENTION
Task: {62322C77-FADE-4442-8038-79C332569AAC} - System32\Tasks\{27C639D0-31A1-434B-A9A3-9D2CABBEFC65} => pcalua.exe -a "C:\Users\Admin\Desktop\Hry\IL-2 Sturmovik Cliffs of Dover (2011) [PCDVD][MULTi5][WwW.ZoNaTorrent.CoM]\Fairlight\Installer.exe" -d "C:\Users\Admin\Desktop\Hry\IL-2 Sturmovik Cliffs of Dover (2011) [PCDVD][MULTi5][WwW.ZoNaTorrent.CoM]\Fairlight"
Task: {7B28679D-60B4-49FB-A39F-38EBC3A457DA} - \Advanced System~Protector -> No File <==== ATTENTION
Task: {84EF171F-0762-4824-B70A-143681D64EFC} - System32\Tasks\{49192437-391E-4B3A-9256-E6402568EF3D} => pcalua.exe -a C:\Users\Admin\Downloads\MorphVOX_Install-157.exe -d C:\Users\Admin\Desktop
Task: {8E25C4FD-A423-415E-B609-7A904A769373} - \AmiUpdXp -> No File <==== ATTENTION
Task: {964E0D69-A457-4023-BAF9-48C47E41CF6D} - System32\Tasks\{A84B4894-F2BC-4FA6-B787-FBD25C6123DF} => pcalua.exe -a "C:\Program Files (x86)\Unzip Wizard\UNWISE.EXE" -c C:\Program Files (x86)\Unzip Wizard\INSTALL.LOG
Task: {9E05A5A0-ADC7-4E2F-95AD-83457B5DD26A} - System32\Tasks\{090A7667-9D2C-4E90-9B83-2922596563FD} => pcalua.exe -a C:\Users\Admin\AppData\Local\Temp\SQZF289.tmp\keygen.exe -d C:\Windows\system32
Task: {9F86CA0A-32CD-475D-B78C-97CD1283BB7D} - System32\Tasks\{AC96AB1F-438D-47D1-9BC2-16F547003F67} => pcalua.exe -a C:\Users\Admin\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=ima
Task: {A5385174-5EAA-4B3F-9E3B-58944EF4CCBD} - \Advanced System~Protector_startup -> No File <==== ATTENTION
Task: {A8F8A46E-9664-41E2-A538-30EF5ADE4FD6} - \LaunchPreSignup -> No File <==== ATTENTION
Task: {C02F444F-8654-44BF-B25D-FEA7A2829C70} - System32\Tasks\{AF2A1FB2-24B4-4D40-ADF2-D867A5E147E3} => pcalua.exe -a C:\Users\Admin\AppData\Roaming\Seznam.cz\szninstall.exe -c -X
Task: {C49BD088-C7DA-4519-8B5E-520F7B6E637C} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {D59D9B85-6D43-4079-BAA2-09B3BBD2A182} - \RegClean Pro_DEFAULT -> No File <==== ATTENTION
Task: {DA37DB67-96CA-4836-978F-4E40454B1B6A} - System32\Tasks\Trigger KMS Activation => C:\Program Files\Microsoft Office\KMSnano Final\TriggerKMS.exe [2013-02-10] ()
Task: {DB9FAE8C-3A83-4F7A-B6C0-C8ED1E2B73C6} - System32\Tasks\{B950C4C6-4734-4D6E-BC69-F2ADE9C07C35} => pcalua.exe -a "C:\Users\Admin\Desktop\Hry\Gothic 3\autorun.exe" -d "C:\Users\Admin\Desktop\Hry\Gothic 3"
Task: {DD060631-9601-4512-BBE7-EA69E77D895F} - System32\Tasks\{F29D1072-6705-4251-8B58-BB7B5B2EEA1A} => C:\Program Files (x86)\Gothic III\Gothic3.exe
Task: {E23EB6D8-5F33-44C6-8EA5-207BF3CD5700} - System32\Tasks\IQA => cmd.exe /c start chrome.exe
Task: {E4CFAFF6-C78A-4E65-B9FE-168F3E66B4BE} - System32\Tasks\{3B19F664-59A6-4263-94F2-7AB0900885F9} => pcalua.exe -a "C:\Program Files (x86)\The Vanishing of Ethan Carter\Binaries\Launcher.exe" -d "C:\Program Files (x86)\The Vanishing of Ethan Carter\Binaries"
Task: {EB2CEC04-3A21-4F24-9A24-4B0EA8A111F9} - System32\Tasks\{8689D3D1-0BD5-4502-9FA5-4B2AEFC983DE} => pcalua.exe -a C:\PROGRA~2\MagicISO\UNWISE.EXE -c C:\PROGRA~2\MagicISO\INSTALL.LOG
Task: {F3D89ACD-803E-4AB2-AB10-2B9CD7294E89} - System32\Tasks\{A23A7049-3A3C-477E-B480-8DB6C0A9E7C5} => pcalua.exe -a E:\Fairlight\Installer.exe -d E:\Fairlight
Task: {F3E2E9B2-B228-4CF8-84C6-A820CF6AB9EB} - System32\Tasks\{BF663582-C208-4911-B6B9-9A9951C80BC1} => pcalua.exe -a E:\setup.exe -d E:\
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\InstallShield Update Task.job => Wscript.exe M/nologo /E:jscript /B C:\Program Files (x86)\InstallShield\isupdate.ini
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
AlternateDataStreams: C:\ProgramData\TEMP:24051EFF
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\ProgramData\TEMP:661DFA1C
AlternateDataStreams: C:\ProgramData\TEMP:A9662AE0
AlternateDataStreams: C:\ProgramData\TEMP:D026A5A4
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Roqmij => ""="service"
IE trusted site: HKU\S-1-5-21-572532400-2546031134-3008305638-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-572532400-2546031134-3008305638-1000\...\webcompanion.com -> hxxp://webcompanion.com
MSCONFIG\startupreg: mncgtkvuSrv => C:\Windows\system32\mncgtkvu.vbe
MSCONFIG\startupreg: mncppcqnSrv => C:\Windows\system32\mncppcqn.vbe
MSCONFIG\startupreg: mncruvtahSrv => C:\Windows\system32\mncruvtah.vbe
MSCONFIG\startupreg: mnctftvaqSrv => C:\Windows\system32\mnctftvaq.vbe
MSCONFIG\startupreg: NtVdmSrv => C:\Windows\inf\ntvdm.vbe
MSCONFIG\startupfolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Arcania-Fall-of-Setarrif-FLT-crack.exe => C:\Windows\pss\Arcania-Fall-of-Setarrif-FLT-crack.exe.Startup
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-572532400-2546031134-3008305638-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-572532400-2546031134-3008305638-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-572532400-2546031134-3008305638-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... JvpjJZk&q={searchTerms}
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search
SearchScopes: HKU\S-1-5-21-572532400-2546031134-3008305638-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... JvpjJZk&q={searchTerms}
SearchScopes: HKU\S-1-5-21-572532400-2546031134-3008305638-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-572532400-2546031134-3008305638-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... JvpjJZk&q={searchTerms}
BHO: No Name -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> No File
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: No Name -> {9FD3D761-2B09-DA1A-0229-0248A05B0334} -> No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
FF Plugin: @java.com/JavaPlugin,version=10.10.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-12-26] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Homepage: C:\ProgramData\ExtTags\ff.HP
FF NewTab: C:\ProgramData\ExtTags\ff.NT
AppInit_DLLs: C:\ProgramData\ExtTag\Indigotip.dll => C:\ProgramData\ExtTag\Indigotip.dll [212992 2015-08-29] ()
() C:\ProgramData\ExtTag\DentoTam.exe
() C:\ProgramData\ExtTag\ExtTag.exe
2015-08-29 09:15 - 2015-08-29 09:15 - 00150528 _____ () C:\ProgramData\ExtTag\DentoTam.exe
2015-08-27 10:20 - 2015-08-27 10:20 - 00033792 _____ () C:\ProgramData\ExtTag\ExtTag.exe
plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
015-08-29 09:15 - 2015-08-29 09:15 - 00000000 ____D C:\ProgramData\ExtTags
2015-08-29 09:14 - 2015-09-01 15:22 - 00000000 ____D C:\ProgramData\ExtTag
R2 ExtTag; C:\ProgramData\ExtTag\ExtTag.exe [33792 2015-08-27] () [File not signed]
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zfecvo39.default\extensions\defsearchp@gmail.com [not found]
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zfecvo39.default\extensions\deskCutv2@gmail.com [not found]
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zfecvo39.default\extensions\f8783004-c434-4bd0-9f81-9a39dd64baaa@08ad07c4-3f21-451d-9045-9e0d5dc8aa9e.com [not found]
OPR Extension: (vux777) - C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\bekmnilenpmnmmiaokgoclkegllkgbok [2014-04-22]
OPR Extension: (sailormax) - C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnbpedcoekjafichoehopgaaldogogch [2014-04-22]
OPR Extension: (No Name) - C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\kfjnfapiocpibeddeekmbikhpegjhdgi [2014-09-27]
U3 aqgcfbtq; C:\Windows\System32\Drivers\aqgcfbtq.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
2015-08-24 16:51 - 2015-08-24 16:51 - 01601812 _____ C:\Users\Admin\Downloads\air.conflicts.pacific.carriers.crack.free.rar
2015-08-24 16:51 - 2015-08-24 16:51 - 01601812 _____ C:\Users\Admin\Downloads\air.conflicts.pacific.carriers.crack.free (1).rar
15-08-25 15:08 - 2015-08-25 15:08 - 00749634 _____ C:\Users\Admin\Downloads\DarkSouls_2_PLUS24_TRN-dEViATED.rar
2015-08-25 15:05 - 2015-08-25 15:05 - 01189934 _____ C:\Users\Admin\Downloads\dark_souls2_v1.01_1.02_trn.rar
2015-08-25 15:00 - 2015-08-25 15:01 - 00000000 ___HD C:\Users\Admin\Downloads\.ptmp596980
2015-08-25 14:55 - 2015-08-25 14:55 - 06283063 _____ C:\Users\Admin\Downloads\codex-dark.souls.ii.upd.1.10.7z
2015-08-25 14:45 - 2015-08-25 14:45 - 04830660 _____ C:\Users\Admin\Downloads\dark-souls-2-steam-v1.7-cz (1).zip
2015-08-25 14:38 - 2015-08-25 14:38 - 08200847 _____ C:\Users\Admin\Downloads\dark-souls-2.rar
2015-08-25 14:29 - 2015-08-25 14:29 - 04935534 _____ C:\Users\Admin\Downloads\dark-souls-2-steam-v1.10-cz (1).zip
2015-08-25 11:13 - 2015-08-25 11:13 - 00121144 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-24 16:45 - 2015-08-24 16:45 - 00020316 _____ C:\Users\Admin\Downloads\Dark_Souls_2_+_DLC_(2014)_PC_RePack_??_R.G._Freedom.torrent
2015-08-22 20:38 - 2015-08-22 20:38 - 01642565 _____ C:\Users\Admin\Downloads\Far-Cry-4--CRACK-FIX.rar
2015-08-22 20:38 - 2015-08-22 20:38 - 00184853 _____ C:\Users\Admin\Downloads\Far-Cry-4---CRACK-FIX.rar
2015-08-22 20:37 - 2015-08-22 20:37 - 00511512 _____ C:\Users\Admin\Downloads\Far-Cry-4-CRACK.rar
2015-09-01 19:25 - 2013-05-19 12:12 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}\\SystemComponent => value removed successfully
"HKU\S-1-5-21-572532400-2546031134-3008305638-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{00C7D946-D04C-4E69-8BDA-183FAEF79AB6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00C7D946-D04C-4E69-8BDA-183FAEF79AB6}" => key removed successfully
C:\Windows\System32\Tasks\{09DCC461-BB0F-4E94-9E74-22763A260634} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{09DCC461-BB0F-4E94-9E74-22763A260634}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1AE1BBAD-E05E-48D0-B918-A85A65961329}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1AE1BBAD-E05E-48D0-B918-A85A65961329}" => key removed successfully
C:\Windows\System32\Tasks\{C6B88EC9-55F8-41F4-8BB7-B63A102BCD01} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C6B88EC9-55F8-41F4-8BB7-B63A102BCD01}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{261973D1-9600-4E1B-BD72-E68B3A924CD3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{261973D1-9600-4E1B-BD72-E68B3A924CD3}" => key removed successfully
C:\Windows\System32\Tasks\Adobe Flash Player Updater => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3897B494-4051-4BFD-92E5-DBA892F7354A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3897B494-4051-4BFD-92E5-DBA892F7354A}" => key removed successfully
C:\Windows\System32\Tasks\{C6B59C89-344D-4E3C-9153-4E0CF15EF0E8} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C6B59C89-344D-4E3C-9153-4E0CF15EF0E8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3B80B10B-087F-4706-9D74-6419E6000CDE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B80B10B-087F-4706-9D74-6419E6000CDE}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{578EA27A-9071-4E80-A4BA-05E42A123101}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{578EA27A-9071-4E80-A4BA-05E42A123101}" => key removed successfully
C:\Windows\System32\Tasks\{0FBAF4DF-8142-4912-9154-A92C468E764A} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0FBAF4DF-8142-4912-9154-A92C468E764A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A0FDD56-4D69-40EB-8055-8349D84758BC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A0FDD56-4D69-40EB-8055-8349D84758BC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_UPDATES" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62322C77-FADE-4442-8038-79C332569AAC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62322C77-FADE-4442-8038-79C332569AAC}" => key removed successfully
C:\Windows\System32\Tasks\{27C639D0-31A1-434B-A9A3-9D2CABBEFC65} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{27C639D0-31A1-434B-A9A3-9D2CABBEFC65}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B28679D-60B4-49FB-A39F-38EBC3A457DA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B28679D-60B4-49FB-A39F-38EBC3A457DA}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System~Protector => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{84EF171F-0762-4824-B70A-143681D64EFC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84EF171F-0762-4824-B70A-143681D64EFC}" => key removed successfully
C:\Windows\System32\Tasks\{49192437-391E-4B3A-9256-E6402568EF3D} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{49192437-391E-4B3A-9256-E6402568EF3D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8E25C4FD-A423-415E-B609-7A904A769373}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E25C4FD-A423-415E-B609-7A904A769373}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{964E0D69-A457-4023-BAF9-48C47E41CF6D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{964E0D69-A457-4023-BAF9-48C47E41CF6D}" => key removed successfully
C:\Windows\System32\Tasks\{A84B4894-F2BC-4FA6-B787-FBD25C6123DF} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A84B4894-F2BC-4FA6-B787-FBD25C6123DF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E05A5A0-ADC7-4E2F-95AD-83457B5DD26A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E05A5A0-ADC7-4E2F-95AD-83457B5DD26A}" => key removed successfully
C:\Windows\System32\Tasks\{090A7667-9D2C-4E90-9B83-2922596563FD} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{090A7667-9D2C-4E90-9B83-2922596563FD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F86CA0A-32CD-475D-B78C-97CD1283BB7D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F86CA0A-32CD-475D-B78C-97CD1283BB7D}" => key removed successfully
C:\Windows\System32\Tasks\{AC96AB1F-438D-47D1-9BC2-16F547003F67} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AC96AB1F-438D-47D1-9BC2-16F547003F67}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A5385174-5EAA-4B3F-9E3B-58944EF4CCBD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5385174-5EAA-4B3F-9E3B-58944EF4CCBD}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System~Protector_startup => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8F8A46E-9664-41E2-A538-30EF5ADE4FD6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8F8A46E-9664-41E2-A538-30EF5ADE4FD6}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchPreSignup => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C02F444F-8654-44BF-B25D-FEA7A2829C70}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C02F444F-8654-44BF-B25D-FEA7A2829C70}" => key removed successfully
C:\Windows\System32\Tasks\{AF2A1FB2-24B4-4D40-ADF2-D867A5E147E3} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AF2A1FB2-24B4-4D40-ADF2-D867A5E147E3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C49BD088-C7DA-4519-8B5E-520F7B6E637C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C49BD088-C7DA-4519-8B5E-520F7B6E637C}" => key removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\ProgramDataUpdater" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D59D9B85-6D43-4079-BAA2-09B3BBD2A182}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D59D9B85-6D43-4079-BAA2-09B3BBD2A182}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_DEFAULT => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DA37DB67-96CA-4836-978F-4E40454B1B6A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA37DB67-96CA-4836-978F-4E40454B1B6A}" => key removed successfully
C:\Windows\System32\Tasks\Trigger KMS Activation => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Trigger KMS Activation" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB9FAE8C-3A83-4F7A-B6C0-C8ED1E2B73C6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB9FAE8C-3A83-4F7A-B6C0-C8ED1E2B73C6}" => key removed successfully
C:\Windows\System32\Tasks\{B950C4C6-4734-4D6E-BC69-F2ADE9C07C35} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B950C4C6-4734-4D6E-BC69-F2ADE9C07C35}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD060631-9601-4512-BBE7-EA69E77D895F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD060631-9601-4512-BBE7-EA69E77D895F}" => key removed successfully
C:\Windows\System32\Tasks\{F29D1072-6705-4251-8B58-BB7B5B2EEA1A} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F29D1072-6705-4251-8B58-BB7B5B2EEA1A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E23EB6D8-5F33-44C6-8EA5-207BF3CD5700}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E23EB6D8-5F33-44C6-8EA5-207BF3CD5700}" => key removed successfully
C:\Windows\System32\Tasks\IQA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IQA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E4CFAFF6-C78A-4E65-B9FE-168F3E66B4BE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4CFAFF6-C78A-4E65-B9FE-168F3E66B4BE}" => key removed successfully
C:\Windows\System32\Tasks\{3B19F664-59A6-4263-94F2-7AB0900885F9} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3B19F664-59A6-4263-94F2-7AB0900885F9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EB2CEC04-3A21-4F24-9A24-4B0EA8A111F9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB2CEC04-3A21-4F24-9A24-4B0EA8A111F9}" => key removed successfully
C:\Windows\System32\Tasks\{8689D3D1-0BD5-4502-9FA5-4B2AEFC983DE} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8689D3D1-0BD5-4502-9FA5-4B2AEFC983DE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3D89ACD-803E-4AB2-AB10-2B9CD7294E89}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3D89ACD-803E-4AB2-AB10-2B9CD7294E89}" => key removed successfully
C:\Windows\System32\Tasks\{A23A7049-3A3C-477E-B480-8DB6C0A9E7C5} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A23A7049-3A3C-477E-B480-8DB6C0A9E7C5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3E2E9B2-B228-4CF8-84C6-A820CF6AB9EB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3E2E9B2-B228-4CF8-84C6-A820CF6AB9EB}" => key removed successfully
C:\Windows\System32\Tasks\{BF663582-C208-4911-B6B9-9A9951C80BC1} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BF663582-C208-4911-B6B9-9A9951C80BC1}" => key removed successfully
C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully
C:\Windows\Tasks\InstallShield Update Task.job => moved successfully
C:\ProgramData\TEMP => ":1CE11B51" ADS removed successfully.
C:\ProgramData\TEMP => ":24051EFF" ADS removed successfully.
C:\ProgramData\TEMP => ":56E2E879" ADS removed successfully.
C:\ProgramData\TEMP => ":661DFA1C" ADS removed successfully.
C:\ProgramData\TEMP => ":A9662AE0" ADS removed successfully.
C:\ProgramData\TEMP => ":D026A5A4" ADS removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Roqmij" => key removed successfully
"HKU\S-1-5-21-572532400-2546031134-3008305638-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost" => key removed successfully
"HKU\S-1-5-21-572532400-2546031134-3008305638-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com" => key removed successfully
MSCONFIG\startupreg: mncgtkvuSrv => C:\Windows\system32\mncgtkvu.vbe => Error: No automatic fix found for this entry.
MSCONFIG\startupreg: mncppcqnSrv => C:\Windows\system32\mncppcqn.vbe => Error: No automatic fix found for this entry.
MSCONFIG\startupreg: mncruvtahSrv => C:\Windows\system32\mncruvtah.vbe => Error: No automatic fix found for this entry.
MSCONFIG\startupreg: mnctftvaqSrv => C:\Windows\system32\mnctftvaq.vbe => Error: No automatic fix found for this entry.
MSCONFIG\startupreg: NtVdmSrv => C:\Windows\inf\ntvdm.vbe => Error: No automatic fix found for this entry.
MSCONFIG\startupfolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Arcania-Fall-of-Setarrif-FLT-crack.exe => C:\Windows\pss\Arcania-Fall-of-Setarrif-FLT-crack.exe.Startup => Error: No automatic fix found for this entry.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\.QMDeskTopGCIcon" => key removed successfully
HKCR\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-572532400-2546031134-3008305638-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
HKU\S-1-5-21-572532400-2546031134-3008305638-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-572532400-2546031134-3008305638-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch" => key removed successfully
HKCR\Wow6432Node\CLSID\ielnksrch => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
HKCR\Wow6432Node\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
HKU\S-1-5-21-572532400-2546031134-3008305638-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-572532400-2546031134-3008305638-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => key removed successfully
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found.
"HKU\S-1-5-21-572532400-2546031134-3008305638-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}" => key removed successfully
HKCR\CLSID\{ielnksrch} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => key removed successfully
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => key removed successfully
HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FD3D761-2B09-DA1A-0229-0248A05B0334}" => key removed successfully
HKCR\CLSID\{9FD3D761-2B09-DA1A-0229-0248A05B0334} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found.
"HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2" => key removed successfully
C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll => moved successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
Firefox "homepage" removed successfully
Firefox "newtab" removed successfully
"C:\ProgramData\ExtTag\Indigotip.dll" => Value data removed successfully.
C:\ProgramData\ExtTag\DentoTam.exe => No running process found
C:\ProgramData\ExtTag\ExtTag.exe => No running process found
C:\ProgramData\ExtTag\DentoTam.exe => moved successfully
C:\ProgramData\ExtTag\ExtTag.exe => moved successfully
plugin-x32: @microsoft.com/GENUINE -> disabled [No File] => Error: No automatic fix found for this entry.
015-08-29 09:15 - 2015-08-29 09:15 - 00000000 ____D C:\ProgramData\ExtTags => Error: No automatic fix found for this entry.
C:\ProgramData\ExtTag => moved successfully
ExtTag => service removed successfully
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zfecvo39.default\extensions\defsearchp@gmail.com => path removed successfully
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zfecvo39.default\extensions\deskCutv2@gmail.com => path removed successfully
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zfecvo39.default\extensions\f8783004-c434-4bd0-9f81-9a39dd64baaa@08ad07c4-3f21-451d-9045-9e0d5dc8aa9e.com => path removed successfully
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\bekmnilenpmnmmiaokgoclkegllkgbok => moved successfully
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnbpedcoekjafichoehopgaaldogogch => moved successfully
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\kfjnfapiocpibeddeekmbikhpegjhdgi => moved successfully
aqgcfbtq => service not found.
C:\Users\Admin\Downloads\air.conflicts.pacific.carriers.crack.free.rar => moved successfully
C:\Users\Admin\Downloads\air.conflicts.pacific.carriers.crack.free (1).rar => moved successfully
15-08-25 15:08 - 2015-08-25 15:08 - 00749634 _____ C:\Users\Admin\Downloads\DarkSouls_2_PLUS24_TRN-dEViATED.rar => Error: No automatic fix found for this entry.
C:\Users\Admin\Downloads\dark_souls2_v1.01_1.02_trn.rar => moved successfully
C:\Users\Admin\Downloads\.ptmp596980 => moved successfully
C:\Users\Admin\Downloads\codex-dark.souls.ii.upd.1.10.7z => moved successfully
C:\Users\Admin\Downloads\dark-souls-2-steam-v1.7-cz (1).zip => moved successfully
C:\Users\Admin\Downloads\dark-souls-2.rar => moved successfully
C:\Users\Admin\Downloads\dark-souls-2-steam-v1.10-cz (1).zip => moved successfully
C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT => moved successfully
Could not move "C:\Users\Admin\Downloads\Dark_Souls_2_+_DLC_(2014)_PC_RePack_??_R.G._Freedom.torrent" => Scheduled to move on reboot.
C:\Users\Admin\Downloads\Far-Cry-4--CRACK-FIX.rar => moved successfully
C:\Users\Admin\Downloads\Far-Cry-4---CRACK-FIX.rar => moved successfully
C:\Users\Admin\Downloads\Far-Cry-4-CRACK.rar => moved successfully
"C:\Windows\Tasks\Adobe Flash Player Updater.job" => File/Folder not found.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-09-02 20:01:08)<=

"C:\Users\Admin\Downloads\Dark_Souls_2_+_DLC_(2014)_PC_RePack_??_R.G._Freedom.torrent" => Could not move

==== End of Fixlog 20:01:08 ====

[bobsch2]

Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}\\SystemComponent => value removed successfully
"HKU\S-1-5-21-572532400-2546031134-3008305638-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{00C7D946-D04C-4E69-8BDA-183FAEF79AB6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00C7D946-D04C-4E69-8BDA-183FAEF79AB6}" => key removed successfully
C:\Windows\System32\Tasks\{09DCC461-BB0F-4E94-9E74-22763A260634} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{09DCC461-BB0F-4E94-9E74-22763A260634}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1AE1BBAD-E05E-48D0-B918-A85A65961329}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1AE1BBAD-E05E-48D0-B918-A85A65961329}" => key removed successfully
C:\Windows\System32\Tasks\{C6B88EC9-55F8-41F4-8BB7-B63A102BCD01} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C6B88EC9-55F8-41F4-8BB7-B63A102BCD01}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{261973D1-9600-4E1B-BD72-E68B3A924CD3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{261973D1-9600-4E1B-BD72-E68B3A924CD3}" => key removed successfully
C:\Windows\System32\Tasks\Adobe Flash Player Updater => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3897B494-4051-4BFD-92E5-DBA892F7354A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3897B494-4051-4BFD-92E5-DBA892F7354A}" => key removed successfully
C:\Windows\System32\Tasks\{C6B59C89-344D-4E3C-9153-4E0CF15EF0E8} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C6B59C89-344D-4E3C-9153-4E0CF15EF0E8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3B80B10B-087F-4706-9D74-6419E6000CDE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B80B10B-087F-4706-9D74-6419E6000CDE}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{578EA27A-9071-4E80-A4BA-05E42A123101}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{578EA27A-9071-4E80-A4BA-05E42A123101}" => key removed successfully
C:\Windows\System32\Tasks\{0FBAF4DF-8142-4912-9154-A92C468E764A} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0FBAF4DF-8142-4912-9154-A92C468E764A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A0FDD56-4D69-40EB-8055-8349D84758BC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A0FDD56-4D69-40EB-8055-8349D84758BC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_UPDATES" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62322C77-FADE-4442-8038-79C332569AAC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62322C77-FADE-4442-8038-79C332569AAC}" => key removed successfully
C:\Windows\System32\Tasks\{27C639D0-31A1-434B-A9A3-9D2CABBEFC65} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{27C639D0-31A1-434B-A9A3-9D2CABBEFC65}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B28679D-60B4-49FB-A39F-38EBC3A457DA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B28679D-60B4-49FB-A39F-38EBC3A457DA}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System~Protector => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{84EF171F-0762-4824-B70A-143681D64EFC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84EF171F-0762-4824-B70A-143681D64EFC}" => key removed successfully
C:\Windows\System32\Tasks\{49192437-391E-4B3A-9256-E6402568EF3D} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{49192437-391E-4B3A-9256-E6402568EF3D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8E25C4FD-A423-415E-B609-7A904A769373}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E25C4FD-A423-415E-B609-7A904A769373}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{964E0D69-A457-4023-BAF9-48C47E41CF6D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{964E0D69-A457-4023-BAF9-48C47E41CF6D}" => key removed successfully
C:\Windows\System32\Tasks\{A84B4894-F2BC-4FA6-B787-FBD25C6123DF} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A84B4894-F2BC-4FA6-B787-FBD25C6123DF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E05A5A0-ADC7-4E2F-95AD-83457B5DD26A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E05A5A0-ADC7-4E2F-95AD-83457B5DD26A}" => key removed successfully
C:\Windows\System32\Tasks\{090A7667-9D2C-4E90-9B83-2922596563FD} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{090A7667-9D2C-4E90-9B83-2922596563FD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F86CA0A-32CD-475D-B78C-97CD1283BB7D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F86CA0A-32CD-475D-B78C-97CD1283BB7D}" => key removed successfully
C:\Windows\System32\Tasks\{AC96AB1F-438D-47D1-9BC2-16F547003F67} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AC96AB1F-438D-47D1-9BC2-16F547003F67}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A5385174-5EAA-4B3F-9E3B-58944EF4CCBD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5385174-5EAA-4B3F-9E3B-58944EF4CCBD}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System~Protector_startup => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8F8A46E-9664-41E2-A538-30EF5ADE4FD6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8F8A46E-9664-41E2-A538-30EF5ADE4FD6}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchPreSignup => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C02F444F-8654-44BF-B25D-FEA7A2829C70}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C02F444F-8654-44BF-B25D-FEA7A2829C70}" => key removed successfully
C:\Windows\System32\Tasks\{AF2A1FB2-24B4-4D40-ADF2-D867A5E147E3} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AF2A1FB2-24B4-4D40-ADF2-D867A5E147E3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C49BD088-C7DA-4519-8B5E-520F7B6E637C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C49BD088-C7DA-4519-8B5E-520F7B6E637C}" => key removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\ProgramDataUpdater" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D59D9B85-6D43-4079-BAA2-09B3BBD2A182}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D59D9B85-6D43-4079-BAA2-09B3BBD2A182}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_DEFAULT => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DA37DB67-96CA-4836-978F-4E40454B1B6A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA37DB67-96CA-4836-978F-4E40454B1B6A}" => key removed successfully
C:\Windows\System32\Tasks\Trigger KMS Activation => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Trigger KMS Activation" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB9FAE8C-3A83-4F7A-B6C0-C8ED1E2B73C6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB9FAE8C-3A83-4F7A-B6C0-C8ED1E2B73C6}" => key removed successfully
C:\Windows\System32\Tasks\{B950C4C6-4734-4D6E-BC69-F2ADE9C07C35} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B950C4C6-4734-4D6E-BC69-F2ADE9C07C35}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD060631-9601-4512-BBE7-EA69E77D895F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD060631-9601-4512-BBE7-EA69E77D895F}" => key removed successfully
C:\Windows\System32\Tasks\{F29D1072-6705-4251-8B58-BB7B5B2EEA1A} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F29D1072-6705-4251-8B58-BB7B5B2EEA1A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E23EB6D8-5F33-44C6-8EA5-207BF3CD5700}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E23EB6D8-5F33-44C6-8EA5-207BF3CD5700}" => key removed successfully
C:\Windows\System32\Tasks\IQA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IQA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E4CFAFF6-C78A-4E65-B9FE-168F3E66B4BE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4CFAFF6-C78A-4E65-B9FE-168F3E66B4BE}" => key removed successfully
C:\Windows\System32\Tasks\{3B19F664-59A6-4263-94F2-7AB0900885F9} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3B19F664-59A6-4263-94F2-7AB0900885F9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EB2CEC04-3A21-4F24-9A24-4B0EA8A111F9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB2CEC04-3A21-4F24-9A24-4B0EA8A111F9}" => key removed successfully
C:\Windows\System32\Tasks\{8689D3D1-0BD5-4502-9FA5-4B2AEFC983DE} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8689D3D1-0BD5-4502-9FA5-4B2AEFC983DE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3D89ACD-803E-4AB2-AB10-2B9CD7294E89}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3D89ACD-803E-4AB2-AB10-2B9CD7294E89}" => key removed successfully
C:\Windows\System32\Tasks\{A23A7049-3A3C-477E-B480-8DB6C0A9E7C5} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A23A7049-3A3C-477E-B480-8DB6C0A9E7C5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3E2E9B2-B228-4CF8-84C6-A820CF6AB9EB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3E2E9B2-B228-4CF8-84C6-A820CF6AB9EB}" => key removed successfully
C:\Windows\System32\Tasks\{BF663582-C208-4911-B6B9-9A9951C80BC1} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BF663582-C208-4911-B6B9-9A9951C80BC1}" => key removed successfully
C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully
C:\Windows\Tasks\InstallShield Update Task.job => moved successfully
C:\ProgramData\TEMP => ":1CE11B51" ADS removed successfully.
C:\ProgramData\TEMP => ":24051EFF" ADS removed successfully.
C:\ProgramData\TEMP => ":56E2E879" ADS removed successfully.
C:\ProgramData\TEMP => ":661DFA1C" ADS removed successfully.
C:\ProgramData\TEMP => ":A9662AE0" ADS removed successfully.
C:\ProgramData\TEMP => ":D026A5A4" ADS removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Roqmij" => key removed successfully
"HKU\S-1-5-21-572532400-2546031134-3008305638-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost" => key removed successfully
"HKU\S-1-5-21-572532400-2546031134-3008305638-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com" => key removed successfully
MSCONFIG\startupreg: mncgtkvuSrv => C:\Windows\system32\mncgtkvu.vbe => Error: No automatic fix found for this entry.
MSCONFIG\startupreg: mncppcqnSrv => C:\Windows\system32\mncppcqn.vbe => Error: No automatic fix found for this entry.
MSCONFIG\startupreg: mncruvtahSrv => C:\Windows\system32\mncruvtah.vbe => Error: No automatic fix found for this entry.
MSCONFIG\startupreg: mnctftvaqSrv => C:\Windows\system32\mnctftvaq.vbe => Error: No automatic fix found for this entry.
MSCONFIG\startupreg: NtVdmSrv => C:\Windows\inf\ntvdm.vbe => Error: No automatic fix found for this entry.
MSCONFIG\startupfolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Arcania-Fall-of-Setarrif-FLT-crack.exe => C:\Windows\pss\Arcania-Fall-of-Setarrif-FLT-crack.exe.Startup => Error: No automatic fix found for this entry.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\.QMDeskTopGCIcon" => key removed successfully
HKCR\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-572532400-2546031134-3008305638-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
HKU\S-1-5-21-572532400-2546031134-3008305638-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-572532400-2546031134-3008305638-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch" => key removed successfully
HKCR\Wow6432Node\CLSID\ielnksrch => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
HKCR\Wow6432Node\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
HKU\S-1-5-21-572532400-2546031134-3008305638-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-572532400-2546031134-3008305638-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => key removed successfully
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found.
"HKU\S-1-5-21-572532400-2546031134-3008305638-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}" => key removed successfully
HKCR\CLSID\{ielnksrch} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => key removed successfully
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => key removed successfully
HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FD3D761-2B09-DA1A-0229-0248A05B0334}" => key removed successfully
HKCR\CLSID\{9FD3D761-2B09-DA1A-0229-0248A05B0334} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found.
"HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2" => key removed successfully
C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll => moved successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
Firefox "homepage" removed successfully
Firefox "newtab" removed successfully
"C:\ProgramData\ExtTag\Indigotip.dll" => Value data removed successfully.
C:\ProgramData\ExtTag\DentoTam.exe => No running process found
C:\ProgramData\ExtTag\ExtTag.exe => No running process found
C:\ProgramData\ExtTag\DentoTam.exe => moved successfully
C:\ProgramData\ExtTag\ExtTag.exe => moved successfully
plugin-x32: @microsoft.com/GENUINE -> disabled [No File] => Error: No automatic fix found for this entry.
015-08-29 09:15 - 2015-08-29 09:15 - 00000000 ____D C:\ProgramData\ExtTags => Error: No automatic fix found for this entry.
C:\ProgramData\ExtTag => moved successfully
ExtTag => service removed successfully
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zfecvo39.default\extensions\defsearchp@gmail.com => path removed successfully
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zfecvo39.default\extensions\deskCutv2@gmail.com => path removed successfully
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zfecvo39.default\extensions\f8783004-c434-4bd0-9f81-9a39dd64baaa@08ad07c4-3f21-451d-9045-9e0d5dc8aa9e.com => path removed successfully
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\bekmnilenpmnmmiaokgoclkegllkgbok => moved successfully
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnbpedcoekjafichoehopgaaldogogch => moved successfully
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\kfjnfapiocpibeddeekmbikhpegjhdgi => moved successfully
aqgcfbtq => service not found.
C:\Users\Admin\Downloads\air.conflicts.pacific.carriers.crack.free.rar => moved successfully
C:\Users\Admin\Downloads\air.conflicts.pacific.carriers.crack.free (1).rar => moved successfully
15-08-25 15:08 - 2015-08-25 15:08 - 00749634 _____ C:\Users\Admin\Downloads\DarkSouls_2_PLUS24_TRN-dEViATED.rar => Error: No automatic fix found for this entry.
C:\Users\Admin\Downloads\dark_souls2_v1.01_1.02_trn.rar => moved successfully
C:\Users\Admin\Downloads\.ptmp596980 => moved successfully
C:\Users\Admin\Downloads\codex-dark.souls.ii.upd.1.10.7z => moved successfully
C:\Users\Admin\Downloads\dark-souls-2-steam-v1.7-cz (1).zip => moved successfully
C:\Users\Admin\Downloads\dark-souls-2.rar => moved successfully
C:\Users\Admin\Downloads\dark-souls-2-steam-v1.10-cz (1).zip => moved successfully
C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT => moved successfully
Could not move "C:\Users\Admin\Downloads\Dark_Souls_2_+_DLC_(2014)_PC_RePack_??_R.G._Freedom.torrent" => Scheduled to move on reboot.
C:\Users\Admin\Downloads\Far-Cry-4--CRACK-FIX.rar => moved successfully
C:\Users\Admin\Downloads\Far-Cry-4---CRACK-FIX.rar => moved successfully
C:\Users\Admin\Downloads\Far-Cry-4-CRACK.rar => moved successfully
"C:\Windows\Tasks\Adobe Flash Player Updater.job" => File/Folder not found.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-09-02 20:01:08)<=

"C:\Users\Admin\Downloads\Dark_Souls_2_+_DLC_(2014)_PC_RePack_??_R.G._Freedom.torrent" => Could not move

==== End of Fixlog 20:01:08 ====

[bobsch2]

Zillya Trojan.Genome.Win32.238484 20150717


ALYac 20150717
AVG 20150717
AVware 20150717
Ad-Aware 20150717
AegisLab 20150717
Agnitum 20150717
AhnLab-V3 20150717
Alibaba 20150717
Antiy-AVL 20150717
Arcabit 20150717
Avast 20150717
Avira 20150717
Baidu-International 20150717
BitDefender 20150717
Bkav 20150717
ByteHero 20150717
CAT-QuickHeal 20150717
ClamAV 20150716
Comodo 20150717
Cyren 20150717
DrWeb 20150717
ESET-NOD32 20150717
F-Prot 20150717
F-Secure 20150716
Fortinet 20150717
GData 20150717
Ikarus 20150717
Jiangmin 20150716
K7AntiVirus 20150717
K7GW 20150717
Kaspersky 20150717
Kingsoft 20150717
Malwarebytes 20150717
McAfee 20150717
McAfee-GW-Edition 20150716
MicroWorld-eScan 20150717
Microsoft 20150717
NANO-Antivirus 20150717
Panda 20150717
Qihoo-360 20150717
Rising 20150713
SUPERAntiSpyware 20150717
Sophos 20150717
Symantec 20150717
Tencent 20150717
TheHacker 20150713
TotalDefense 20150717
TrendMicro 20150717
TrendMicro-HouseCall 20150717
VBA32 20150717
VIPRE 20150717
ViRobot 20150717
Zoner 20150717
nProtect 20150717

[bobsch2]

SHA256: ec7c6bc4205712a0a78c68f7f0f762ac7e62276720a61a6877a94f6a573f0aa7
File name: NixSrv.exe.config
Detection ratio: 0 / 56
Analysis date: 2015-08-23 15:58:48 UTC ( 1 týden, 3 dny ago )

SHA256: ec7c6bc4205712a0a78c68f7f0f762ac7e62276720a61a6877a94f6a573f0aa7
File name: NixSrv.exe.config
Detection ratio: 0 / 56
Analysis date: 2015-08-23 15:58:48 UTC ( 1 týden, 3 dny ago )

SHA256: fa942633b5f1d8891359025abe213569c251712d6f713effd06480a0e6333c50
File name: mshvpltu.dat
Detection ratio: 0 / 56
Analysis date: 2015-09-02 18:27:44 UTC ( 0 minut ago )

SHA256: d13689cf4e286e9d73bc13bf700ea178f12844b1525807a6cb4deeeb585b86c9
File name: mspxgj.dat
Detection ratio: 0 / 56
Analysis date: 2015-09-02 18:29:55 UTC ( 0 minut ago )

SHA256: 9506e92291a1894c614c6f4283010908889f5b57e987477322083b40a868201f
File name: noseventmessages.dll
Detection ratio: 0 / 55
Analysis date: 2015-07-12 16:34:33 UTC ( 1 měsíc, 3 týdny ago )


SHA256: b880842f4d9a215eb92123d3830b5abc6f2545231c70e921b380508a0b753a9c
File name: msbvyza.com
Detection ratio: 26 / 56
Analysis date: 2015-08-06 23:50:16 UTC ( 3 týdny, 5 dnů ago )

Antivirus Result Update
ALYac Trojan.GenericKD.2619076 20150807
AVG Atros.CKTA 20150806
AVware Trojan.Win32.Generic!BT 20150806
Ad-Aware Trojan.GenericKD.2619076 20150807
Agnitum Backdoor.Androm!SGZHb5U/o2I 20150806
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20150806
Arcabit Trojan.Generic.D27F6C4 20150807
Avast Win32:Malware-gen 20150807
Avira TR/Dropper.MSIL.179739 20150807
Baidu-International Backdoor.Win32.Androm.huca 20150806
BitDefender Trojan.GenericKD.2619076 20150806
DrWeb BackDoor.Andromeda.22 20150806
ESET-NOD32 a variant of MSIL/Kryptik.DCM 20150806
Emsisoft Trojan.GenericKD.2619076 (B) 20150806
F-Secure Trojan.GenericKD.2619076 20150806
GData Trojan.GenericKD.2619076 20150806
Kaspersky Backdoor.Win32.Androm.huca 20150806
MicroWorld-eScan Trojan.GenericKD.2619076 20150806
NANO-Antivirus Trojan.Win32.Androm.duwwsj 20150806
Panda Generic Suspicious 20150806
Qihoo-360 Win32/Trojan.Dropper.ea7 20150807
Rising PE:Trojan.Win32.Generic.18EBC63E!418104894 20150731
Sophos Mal/Generic-S 20150806
Symantec WS.Reputation.1 20150806
VIPRE Trojan.Win32.Generic!BT 20150807
nProtect Trojan.GenericKD.2619076 20150806

SHA256: 32f951e387f757c0c2aab0c5212976bd67e7a428e40fd422ebc76261bb608404
File name: e4583b264e8a2ae987431ecbdf4260117cc833f5
Detection ratio: 2 / 55
Analysis date: 2014-09-01 15:13:41 UTC ( 1 rok ago )
•
Antivirus Result Update
Bkav HW32.Keylogger.qcag 20140829
Symantec WS.Reputation.1

[bobsch2]

SHA256: e8f2c5fea0590a70afa2f1ff842f2b0bd4675bd3fb83af0ed565f0b5a082b223
File name: runner.exe
Detection ratio: 37 / 57
Analysis date: 2015-08-30 06:08:01 UTC ( 3 dny, 12 hodin ago )
0 0
Analysis
File detail
Additional information
Comments 0
Votes
Antivirus Result Update
ALYac Gen:Variant.Adware.Kazy.597341 20150830
AVG Generic.1E1 20150830
AVware Amonetize (fs) 20150830
Ad-Aware Gen:Variant.Adware.Kazy.597341 20150830
Agnitum PUA.Downloader! 20150829
AhnLab-V3 PUP/Win32.Amonetize 20150829
Antiy-AVL Trojan[Downloader:not-a-virus]/Win32.Agent.dcsa 20150830
Arcabit Trojan.Adware.Kazy.D91D5D 20150830
Avast Win32:Amonetize-JO [PUP] 20150830
Avira ADWARE/Amonetize.Gen7 20150829
Baidu-International PUA.Win32.Dlhelper.BERS 20150829
BitDefender Gen:Variant.Adware.Kazy.597341 20150830
CAT-QuickHeal PUA.Bershnetll.Gen 20150829
Comodo Application.Win32.LoadMoney.IARS 20150830
Cyren W32/S-53544127!Eldorado 20150830
DrWeb Trojan.Amonetize 20150830
ESET-NOD32 a variant of Win32/Amonetize.DW potentially unwanted 20150830
Emsisoft Gen:Variant.Adware.Kazy.597341 (B) 20150830
F-Prot W32/S-53544127!Eldorado 20150829
F-Secure Gen:Variant.Adware.Kazy 20150829
Fortinet Riskware/Agent 20150830
GData Gen:Variant.Adware.Kazy.597341 20150830
K7AntiVirus Unwanted-Program ( 004b62221 ) 20150830
K7GW Unwanted-Program ( 004b62221 ) 20150830
Kaspersky not-a-virus:Downloader.Win32.Agent.dcsa 20150830
Malwarebytes PUP.Optional.Bundle 20150829
McAfee Artemis!D2CDFED88FA8 20150830
McAfee-GW-Edition Artemis 20150829
MicroWorld-eScan Gen:Variant.Adware.Kazy.597341 20150830
NANO-Antivirus Trojan.Win32.Agent.dvsthi 20150830
Panda Trj/Genetic.gen 20150829
Qihoo-360 Win32/Virus.Adware.8c5 20150830
Sophos Amonetize (PUA) 20150829
Symantec SAPE.Amonetize.206 20150829
TrendMicro TROJ_GEN.R08NC0EHQ15 20150830
VBA32 Signed-Downware.Dlhelper 20150829
VIPRE Amonetize (fs) 20150830

[bobsch2]

SHA256: d3b3bd413571e51c18ae6a0719c10f91a65e14be8c05c5ebc81d7aa1cecb1e59
File name: Sniper Elite Nazi Zombie Army - HDxDaniel.exe
Detection ratio: 8 / 54
Analysis date: 2014-07-04 08:17:59 UTC ( 1 rok, 2 měsíce ago )
1 1
Analysis
File detail
Relationships
Additional information
Comments 0
Votes
Behavioural information
Antivirus Result Update
Baidu-International HackTool.Win32.CheatEngine.alMY 20140704
Bkav W32.Clod802.Trojan.aab6 20140702
ESET-NOD32 a variant of Win32/HackTool.CheatEngine.AF 20140704
Jiangmin TrojanDropper.Injector.bhlg 20140704
K7AntiVirus Hacktool ( 004174341 ) 20140703
K7GW Hacktool ( 004174341 ) 20140703
Symantec WS.Reputation.1 20140704
ViRobot Trojan.Win32.A.Inject.3725312 20140704
AVG 20140704
Ad-Aware

[bobsch2]

SHA256: cf1d1196cc7c614206ad275b6b00b8b44ba58701e799ab92c6cc6382820cc02b
File name: sezav105+5tr.exe
Detection ratio: 5 / 50
Analysis date: 2014-03-17 20:46:47 UTC ( 1 rok, 5 měsíců ago )
0 0
Analysis
File detail
Relationships
Additional information
Comments 0
Votes
Antivirus Result Update
CMC Hoax.Win32.BadJoke.ScreenFlicker!O 20140313
Malwarebytes PUP.HackTool.Agent 20140317
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.S 20140317
SUPERAntiSpyware Heur.Agent/Gen-HackRelated 20140315
Symantec WS.Reputation.1 20140317
AVG

[bobsch2]

SHA256:8f5248258f303f45297e5ab398f1f636a6dcef3b621f88453c64e4dd9033cec7
File name:uTorrent.exeDetection ratio:0 / 57
Analysis date:2015-09-01 11:51:33 UTC ( 1 den, 7 hodin ago )

[bobsch2]

Fix result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by Admin (2015-09-02 21:10:08) Run:2
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin & Arnochtomag)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Task: {340E2711-6915-44A7-84C7-099F5ADCEF84} - System32\Tasks\{5DAA6C18-4E11-47AB-84E7-6D7833E6EF52} => pcalua.exe -a "C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe" -c -bootremove -uninst:RelevantKnowledge
Task: {3B80B10B-087F-4706-9D74-6419E6000CDE} - \RegClean Pro -> No File <==== ATTENTION
Task: {5A0FDD56-4D69-40EB-8055-8349D84758BC} - \RegClean Pro_UPDATES -> No File <==== ATTENTION
Task: {7B28679D-60B4-49FB-A39F-38EBC3A457DA} - \Advanced System~Protector -> No File <==== ATTENTION
Task: {8E25C4FD-A423-415E-B609-7A904A769373} - \AmiUpdXp -> No File <==== ATTENTION
Task: {9E05A5A0-ADC7-4E2F-95AD-83457B5DD26A} - System32\Tasks\{090A7667-9D2C-4E90-9B83-2922596563FD} => pcalua.exe -a C:\Users\Admin\AppData\Local\Temp\SQZF289.tmp\keygen.exe -d C:\Windows\system32
Task: {9F86CA0A-32CD-475D-B78C-97CD1283BB7D} - System32\Tasks\{AC96AB1F-438D-47D1-9BC2-16F547003F67} => pcalua.exe -a C:\Users\Admin\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=ima
Task: {A5385174-5EAA-4B3F-9E3B-58944EF4CCBD} - \Advanced System~Protector_startup -> No File <==== ATTENTION
Task: {A8F8A46E-9664-41E2-A538-30EF5ADE4FD6} - \LaunchPreSignup -> No File <==== ATTENTION
Task: {D59D9B85-6D43-4079-BAA2-09B3BBD2A182} - \RegClean Pro_DEFAULT -> No File <==== ATTENTION
Task: {DA37DB67-96CA-4836-978F-4E40454B1B6A} - System32\Tasks\Trigger KMS Activation => C:\Program Files\Microsoft Office\KMSnano Final\TriggerKMS.exe [2013-02-10] ()
C:\Users\Admin\LOCALS~1\Temp\msayuysae.exe
C:\ProgramData\ExtTag
C:\Users\Admin\AppData\Local\Temp\SQZF289.tmp\keygen.exe
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
AlternateDataStreams: C:\ProgramData\TEMP:24051EFF
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\ProgramData\TEMP:661DFA1C
AlternateDataStreams: C:\ProgramData\TEMP:A9662AE0
AlternateDataStreams: C:\ProgramData\TEMP:D026A5A4
IE trusted site: HKU\S-1-5-21-572532400-2546031134-3008305638-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-572532400-2546031134-3008305638-1000\...\webcompanion.com -> hxxp://webcompanion.com
MSCONFIG\startupreg: MagicWand => C:\Users\Admin\AppData\Roaming\MagicWand\upd.exe
MSCONFIG\startupreg: mncgtkvuSrv => C:\Windows\system32\mncgtkvu.vbe
MSCONFIG\startupreg: mncppcqnSrv => C:\Windows\system32\mncppcqn.vbe
MSCONFIG\startupreg: mncruvtahSrv => C:\Windows\system32\mncruvtah.vbe
MSCONFIG\startupreg: mnctftvaqSrv => C:\Windows\system32\mnctftvaq.vbe
MSCONFIG\startupreg: NtVdmSrv => C:\Windows\inf\ntvdm.vbe
AppInit_DLLs: C:\ProgramData\ExtTag\Indigotip.dll => C:\ProgramData\ExtTag\Indigotip.dll [212992 2015-08-29] ()
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-572532400-2546031134-3008305638-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... JvpjJZk&q={searchTerms}
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search
SearchScopes: HKU\S-1-5-21-572532400-2546031134-3008305638-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... JvpjJZk&q={searchTerms}
SearchScopes: HKU\S-1-5-21-572532400-2546031134-3008305638-1000 -> {012E1000-
SearchScopes: HKU\S-1-5-21-572532400-2546031134-3008305638-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... JvpjJZk&q={searchTerms}
BHO: No Name -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> No File
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: No Name -> {9FD3D761-2B09-DA1A-0229-0248A05B0334} -> No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
FF Homepage: C:\ProgramData\ExtTags\ff.HP
FF NewTab: C:\ProgramData\ExtTags\ff.NT
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zfecvo39.default\extensions\defsearchp@gmail.com [not found]
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zfecvo39.default\extensions\deskCutv2@gmail.com [not found]
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zfecvo39.default\extensions\f8783004-c434-4bd0-9f81-9a39dd64baaa@08ad07c4-3f21-451d-9045-9e0d5dc8aa9e.com [not found]
OPR Extension: (No Name) - C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\kfjnfapiocpibeddeekmbikhpegjhdgi [2014-09-27]
R2 ExtTag; C:\ProgramData\ExtTag\ExtTag.exe [33792 2015-08-27] () [File not signed]
U3 aqgcfbtq; C:\Windows\System32\Drivers\aqgcfbtq.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 avchv; system32\DRIVERS\avchv.sys [X]
C:\ProgramData\ExtTags
C:\ProgramData\ExtTag
C:\ProgramData\update
C:\Users\Admin\AppData\Roaming\MagicWand\upd.exe
C:\Windows\system32\mncgtkvu.vbe
C:\Windows\system32\mncppcqn.vbe
C:\Windows\system32\mncruvtah.vbe
C:\Windows\system32\mnctftvaq.vbe
C:\Windows\inf\ntvdm.vbe
C:\Windows\system32\DRIVERS\avchv.sys
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{340E2711-6915-44A7-84C7-099F5ADCEF84}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{340E2711-6915-44A7-84C7-099F5ADCEF84}" => key removed successfully
C:\Windows\System32\Tasks\{5DAA6C18-4E11-47AB-84E7-6D7833E6EF52} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5DAA6C18-4E11-47AB-84E7-6D7833E6EF52}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B80B10B-087F-4706-9D74-6419E6000CDE} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A0FDD56-4D69-40EB-8055-8349D84758BC} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_UPDATES => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B28679D-60B4-49FB-A39F-38EBC3A457DA} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System~Protector => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E25C4FD-A423-415E-B609-7A904A769373} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E05A5A0-ADC7-4E2F-95AD-83457B5DD26A} => key not found.
C:\Windows\System32\Tasks\{090A7667-9D2C-4E90-9B83-2922596563FD} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{090A7667-9D2C-4E90-9B83-2922596563FD} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F86CA0A-32CD-475D-B78C-97CD1283BB7D} => key not found.
C:\Windows\System32\Tasks\{AC96AB1F-438D-47D1-9BC2-16F547003F67} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AC96AB1F-438D-47D1-9BC2-16F547003F67} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5385174-5EAA-4B3F-9E3B-58944EF4CCBD} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System~Protector_startup => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8F8A46E-9664-41E2-A538-30EF5ADE4FD6} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchPreSignup => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D59D9B85-6D43-4079-BAA2-09B3BBD2A182} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_DEFAULT => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA37DB67-96CA-4836-978F-4E40454B1B6A} => key not found.
C:\Windows\System32\Tasks\Trigger KMS Activation => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Trigger KMS Activation => key not found.
"C:\Users\Admin\LOCALS~1\Temp\msayuysae.exe" => File/Folder not found.

"C:\ProgramData\ExtTag" folder move:

Could not move "C:\ProgramData\ExtTag" => Scheduled to move on reboot.

"C:\Users\Admin\AppData\Local\Temp\SQZF289.tmp\keygen.exe" => File/Folder not found.
"C:\ProgramData\TEMP" => ":1CE11B51" ADS not found.
"C:\ProgramData\TEMP" => ":24051EFF" ADS not found.
"C:\ProgramData\TEMP" => ":56E2E879" ADS not found.
"C:\ProgramData\TEMP" => ":661DFA1C" ADS not found.
"C:\ProgramData\TEMP" => ":A9662AE0" ADS not found.
"C:\ProgramData\TEMP" => ":D026A5A4" ADS not found.
HKU\S-1-5-21-572532400-2546031134-3008305638-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost => key not found.
HKU\S-1-5-21-572532400-2546031134-3008305638-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => key not found.
MSCONFIG\startupreg: MagicWand => C:\Users\Admin\AppData\Roaming\MagicWand\upd.exe => Error: No automatic fix found for this entry.
MSCONFIG\startupreg: mncgtkvuSrv => C:\Windows\system32\mncgtkvu.vbe => Error: No automatic fix found for this entry.
MSCONFIG\startupreg: mncppcqnSrv => C:\Windows\system32\mncppcqn.vbe => Error: No automatic fix found for this entry.
MSCONFIG\startupreg: mncruvtahSrv => C:\Windows\system32\mncruvtah.vbe => Error: No automatic fix found for this entry.
MSCONFIG\startupreg: mnctftvaqSrv => C:\Windows\system32\mnctftvaq.vbe => Error: No automatic fix found for this entry.
MSCONFIG\startupreg: NtVdmSrv => C:\Windows\inf\ntvdm.vbe => Error: No automatic fix found for this entry.
"C:\ProgramData\ExtTag\Indigotip.dll" => Value data not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\.QMDeskTopGCIcon => key not found.
HKCR\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key not found.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-572532400-2546031134-3008305638-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch => key not found.
HKCR\Wow6432Node\CLSID\ielnksrch => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
HKCR\Wow6432Node\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
HKU\S-1-5-21-572532400-2546031134-3008305638-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-572532400-2546031134-3008305638-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKU\S-1-5-21-572532400-2546031134-3008305638-1000 -> {012E1000- => value not found.
HKU\S-1-5-21-572532400-2546031134-3008305638-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch} => key not found.
HKCR\CLSID\{ielnksrch} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6} => key not found.
HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FD3D761-2B09-DA1A-0229-0248A05B0334} => key not found.
HKCR\CLSID\{9FD3D761-2B09-DA1A-0229-0248A05B0334} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value not found.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found.
Firefox "homepage" removed successfully
Firefox "newtab" removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zfecvo39.default\extensions\defsearchp@gmail.com => not found.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zfecvo39.default\extensions\deskCutv2@gmail.com => not found.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zfecvo39.default\extensions\f8783004-c434-4bd0-9f81-9a39dd64baaa@08ad07c4-3f21-451d-9045-9e0d5dc8aa9e.com => not found.
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\kfjnfapiocpibeddeekmbikhpegjhdgi not found.
ExtTag => Unable to stop service.
ExtTag => service removed successfully
aqgcfbtq => service not found.
avchv => service removed successfully
C:\ProgramData\ExtTags => moved successfully

"C:\ProgramData\ExtTag" folder move:

Could not move "C:\ProgramData\ExtTag" => Scheduled to move on reboot.

C:\ProgramData\update => moved successfully
C:\Users\Admin\AppData\Roaming\MagicWand\upd.exe => moved successfully
"C:\Windows\system32\mncgtkvu.vbe" => File/Folder not found.
"C:\Windows\system32\mncppcqn.vbe" => File/Folder not found.
"C:\Windows\system32\mncruvtah.vbe" => File/Folder not found.
"C:\Windows\system32\mnctftvaq.vbe" => File/Folder not found.
"C:\Windows\inf\ntvdm.vbe" => File/Folder not found.
"C:\Windows\system32\DRIVERS\avchv.sys" => File/Folder not found.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-09-02 21:12:41)<=

C:\ProgramData\ExtTag => moved successfully
C:\ProgramData\ExtTag => Is moved successfully

==== End of Fixlog 21:12:44 ====

[Orcus]

Dodej prosím odkazy na virus total po reanalýze souborů. Takto to je dost zmatené a nevíme jestli jsou výsledky aktuální.