Prosím o kontrlolu logu Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

mnouckk
Level 1.5
Level 1.5
Příspěvky: 101
Registrován: únor 13
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrlolu logu

Příspěvekod mnouckk » 23 pro 2017 21:37

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-12-2017 01
Ran by mnouckk (23-12-2017 21:23:01)
Running from C:\Users\mnouckk\Desktop
Windows 10 Pro Version 1709 16299.125 (X64) (2017-12-12 10:49:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-701642952-2800314590-2487764554-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-701642952-2800314590-2487764554-503 - Limited - Disabled)
Guest (S-1-5-21-701642952-2800314590-2487764554-501 - Limited - Enabled) => C:\Users\Guest
mnouckk (S-1-5-21-701642952-2800314590-2487764554-1000 - Administrator - Enabled) => C:\Users\mnouckk
postgres (S-1-5-21-701642952-2800314590-2487764554-1013 - Limited - Enabled) => C:\Users\postgres.mnouckk-PC.000
WDAGUtilityAccount (S-1-5-21-701642952-2800314590-2487764554-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-701642952-2800314590-2487764554-1000\...\uTorrent) (Version: 3.4.6.42178 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
888poker (HKLM-x32\...\{8929687A-B499-45BF-927C-63F54383996A}) (Version: 7.1.30017 - 888poker) Hidden
888poker (HKU\S-1-5-21-701642952-2800314590-2487764554-1000\...\InstallShield_{8929687A-B499-45BF-927C-63F54383996A}) (Version: 7.1.30017 - 888poker)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_0) (Version: 19.0 - Adobe Systems Incorporated)
Aktualizace NVIDIA 31.0.1.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 31.0.1.0 - NVIDIA Corporation) Hidden
AmericasCardroom (HKLM-x32\...\296836EA-EF3A-4C36-8C13-3A6C1DB2D4BE) (Version: 16.6 - IGSoft)
Anno 1404 (HKLM-x32\...\{518A54AE-002F-406F-BB48-620676AB9960}) (Version: 1.00.0000 - Ubisoft) Hidden
Assassin's Creed IV Black Flag (HKLM-x32\...\Uplay Install 273) (Version: - Ubisoft)
AviSynth 2.5 (HKLM-x32\...\Avisynth) (Version: - )
Balíček ovladače systému Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bitcoin Core (64-bit) (HKU\S-1-5-21-701642952-2800314590-2487764554-1000\...\Bitcoin Core (64-bit)) (Version: 0.14.2 - Bitcoin Core project)
CCleaner (HKLM\...\CCleaner) (Version: 5.36 - Piriform)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1714 - CyberLink Corp.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.6.0.0283 - Disc Soft Ltd)
Darts 17 version 1 (HKLM-x32\...\{DD3AE7C2-AF8C-4809-BFEE-A765C03663DC}_is1) (Version: 1 - Dartssoftware.com)
ELEX (HKLM-x32\...\1885888793_is1) (Version: 1.0.2846.0_cz_fixes - GOG.com)
Facebook Gameroom 1.11.6549.23876 (HKLM-x32\...\{628CC5F4-CCF3-4093-9B96-008667D11498}) (Version: 1.11.6549.23876 - Facebook)
FormatFactory 3.3.4.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.4.0 - Format Factory)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Drive (HKLM-x32\...\{9BC95947-92FD-438B-A168-C01F9A5B7292}) (Version: 2.34.7529.6838 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKU\S-1-5-21-701642952-2800314590-2487764554-1000\...\Governor of Poker 2 Premium Edition) (Version: 1.0.0.0 - Alawar Entertainment Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hearthstone Deck Tracker (HKU\S-1-5-21-701642952-2800314590-2487764554-1000\...\HearthstoneDeckTracker) (Version: 1.5.10 - HearthSim)
High-Definition Video Playback 10 (HKLM-x32\...\{237CCB62-8454-43E3-B158-3ACD0134852E}) (Version: 7.0.11400.29.0 - Nero AG) Hidden
Icmizer (HKU\S-1-5-21-701642952-2800314590-2487764554-1000\...\bcfaecc00feb2640) (Version: 2.9.7.7 - Valentin Kuzub)
Innkeeper (HKU\S-1-5-21-701642952-2800314590-2487764554-1000\...\Innkeeper) (Version: 0.4.18 - Curse Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) Small Business Advantage (HKLM-x32\...\{6A6D86CD-B004-46b7-8951-7BB75A776F8C}) (Version: 3.1.57.8824 - Intel(R) Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{31A4168C-5D92-45D0-8C9B-4506BB975EC4}) (Version: 4.2.40.2418 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Java 8 Update 141 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
join.me (HKU\S-1-5-21-701642952-2800314590-2487764554-1000\...\JoinMe) (Version: 2.3.1.1046 - LogMeIn, Inc.)
join.me.launcher (HKLM-x32\...\{910ECE43-4D0D-4FAB-BE1F-6992F0495624}) (Version: 1.0.514.0 - LogMeIn, Inc.) Hidden
Kinect for Windows Speech Recognition Language Pack (de-DE) (HKLM-x32\...\{898AA67F-99B8-4C7F-9611-B11F98EF6E78}) (Version: 11.0.7413.611 - Microsoft Corporation)
Kinect for Windows Speech Recognition Language Pack (en-AU) (HKLM-x32\...\{48CEC0A3-AE10-4EE3-AC62-76D3D58792E5}) (Version: 11.0.7400.336 - Microsoft Corporation)
Kinect for Windows Speech Recognition Language Pack (en-CA) (HKLM-x32\...\{9C5505DA-F9C1-46CB-9F8F-AC38F8EA518A}) (Version: 11.0.7400.336 - Microsoft Corporation)
Kinect for Windows Speech Recognition Language Pack (en-GB) (HKLM-x32\...\{A0186231-0A8B-455A-8A25-B64AABCC11A6}) (Version: 11.0.7400.336 - Microsoft Corporation)
Kinect for Windows Speech Recognition Language Pack (en-IE) (HKLM-x32\...\{998D5259-3BED-4710-98FF-D63387B5429E}) (Version: 11.0.7400.336 - Microsoft Corporation)
Kinect for Windows Speech Recognition Language Pack (en-NZ) (HKLM-x32\...\{07FC9CAD-FCEC-4186-BB83-EF7CCC9372BA}) (Version: 11.0.7400.336 - Microsoft Corporation)
Kinect for Windows Speech Recognition Language Pack (en-US) (HKLM-x32\...\{8AAA44BB-487E-4D01-AF76-484ACB90DBFE}) (Version: 11.0.7400.336 - Microsoft Corporation)
Kinect for Windows Speech Recognition Language Pack (es-ES) (HKLM-x32\...\{F49AF755-A5C3-4252-A190-5772B2669C3B}) (Version: 11.0.7400.336 - Microsoft Corporation)
Kinect for Windows Speech Recognition Language Pack (es-MX) (HKLM-x32\...\{E8F3B154-03CE-4120-8B9D-9E83ED5F3AD7}) (Version: 11.0.7400.336 - Microsoft Corporation)
Kinect for Windows Speech Recognition Language Pack (fr-CA) (HKLM-x32\...\{7D179500-CA0C-4456-B624-C15876B15F39}) (Version: 11.0.7400.336 - Microsoft Corporation)
Kinect for Windows Speech Recognition Language Pack (fr-FR) (HKLM-x32\...\{4CC174AA-25BC-46FF-B1E2-13B24AFB6142}) (Version: 11.0.7400.336 - Microsoft Corporation)
Kinect for Windows Speech Recognition Language Pack (it-IT) (HKLM-x32\...\{969D900A-3481-4A77-B888-D24160D4D727}) (Version: 11.0.7400.336 - Microsoft Corporation)
Kinect for Windows Speech Recognition Language Pack (ja-JP) (HKLM-x32\...\{EDA8693D-9E82-4FD1-98C8-0DC4F9141E0F}) (Version: 11.0.7400.336 - Microsoft Corporation)
Lenovo Phone Manager (HKLM-x32\...\{48D6D221-9262-4159-9DBF-E40DA8478648}) (Version: 1.4.1.10090 - Lenovo)
LenovoUsbDriver 1.0.12 (HKLM-x32\...\LenovoUsbDriver) (Version: 1.0.12 - Lenovo)
Malwarebytes verze 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-701642952-2800314590-2487764554-1000\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Server Speech Platform Runtime (x64) (HKLM\...\{3B433087-E62E-4BF5-97F9-4AF6E1C2409C}) (Version: 11.0.7400.345 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (en-IN) (HKLM-x32\...\{3B06AC90-DE68-44A9-95EB-0A3C1AF1514F}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (pl-PL) (HKLM-x32\...\{BEFB9378-5E88-4266-8EB1-C92869449885}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (pt-BR) (HKLM-x32\...\{F6B5EB21-0ABF-487C-B9A9-D9DB259C4403}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (ru-RU) (HKLM-x32\...\{9419B7EA-6A4B-4A57-8E2A-3BDD4676118F}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (zh-CN) (HKLM-x32\...\{BAD2A75A-1708-47BA-A498-20890D2C78A7}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version: - )
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.11100.10.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.10800.7.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.11000.10.100 - Nero AG)
Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.13100 - Nero AG)
NVIDIA GeForce Experience 3.11.0.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.11.0.73 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 388.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.43 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 388.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.43 - NVIDIA Corporation)
NVIDIA PhysX (Legacy) (HKLM-x32\...\{FAAC26AD-73BA-40CE-86AA-C9213F9E064A}) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.108.211.0 - Overwolf Ltd.)
Ovládací panel NVIDIA 388.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 388.43 - NVIDIA Corporation) Hidden
partypoker (HKLM-x32\...\PartyPoker) (Version: - PartyGaming)
partypoker (HKU\S-1-5-21-701642952-2800314590-2487764554-1000\...\PartyPoker) (Version: - )
pgAgent 3.4.0 (HKLM-x32\...\pgAgent 3.4.0-1) (Version: 3.4.0-1 - EnterpriseDB)
PgBouncer 1.7.2 (HKLM-x32\...\PgBouncer 1.7.2-1) (Version: 1.7.2-1 - EnterpriseDB)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version: - PokerStars.eu)
PokerTracker 4 (remove only) (HKLM-x32\...\PokerTracker4) (Version: - )
PostgreSQL 8.4 (HKLM-x32\...\PostgreSQL 8.4) (Version: 8.4 - PostgreSQL Global Development Group)
PostgreSQL 9.6 (HKLM\...\PostgreSQL 9.6) (Version: 9.6 - PostgreSQL Global Development Group)
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7069 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
SpellForce 3 (HKLM-x32\...\1419313792_is1) (Version: - GOG.com)
SpellForce 3 (HKLM-x32\...\SpellForce 3_is1) (Version: 1.12 - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StormWare Pamica DEMO (HKLM-x32\...\{F33C46B4-2527-4DDD-ABF7-21629F04CF17}) (Version: 5.1.10601.4 - StormWare)
System Requirements Lab CYRI (HKLM-x32\...\{2DF5765E-5386-4540-9383-DBC9A0A596F9}) (Version: 6.0.15.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{2CB97642-5ED9-4782-915A-AEC145FBD253}) (Version: 6.1.4.0 - Husdawg, LLC)
TableDroid (HKU\S-1-5-21-701642952-2800314590-2487764554-1000\...\89575a69128c5744) (Version: 1.0.0.88 - Black Diamond Software Inc.)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
Ticket To Ride 1.0 (HKLM-x32\...\Ticket To Ride 1.0) (Version: - Days of Wonder)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Uplay (HKLM-x32\...\Uplay) (Version: 45.0 - Ubisoft)
uRage Illuminated Driver (HKLM-x32\...\{F1A273BD-6A9E-41D8-A111-5E56ACD286F8}) (Version: 1.0 - Hama)
VGA Boost (HKLM-x32\...\{809ACFAE-9A4D-4C60-9223-D8B615CD8CBA}}_is1) (Version: 1.0.0.7 - MSI)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Winamax (HKU\S-1-5-21-701642952-2800314590-2487764554-1000\...\Winamax 4.1.1) (Version: 4.1.1 - Winamax)
Winamax (HKU\S-1-5-21-701642952-2800314590-2487764554-1000\...\Winamax 4.2.3) (Version: 4.2.3 - Winamax)
Winamax (HKU\S-1-5-21-701642952-2800314590-2487764554-1000\...\Winamax 4.4.2) (Version: 4.4.2 - Winamax)
Winamax (HKU\S-1-5-21-701642952-2800314590-2487764554-1000\...\Winamax 4.5.0) (Version: 4.5.0 - Winamax)
Windows Driver Package - BigNox Corporation (VBoxUSB) USB (09/16/2015 4.3.12) (HKLM\...\76B144D15273552931249392EDB13C0BBD52C84E) (Version: 09/16/2015 4.3.12 - BigNox Corporation)
Windows Driver Package - BigNox Corporation VBoxUSBMon System (09/16/2015 4.3.12) (HKLM\...\39F54A37125643D2E1E90FA7D81F36ACC9441510) (Version: 09/16/2015 4.3.12 - BigNox Corporation)
Windows Driver Package - BigNox Corporation XQHDrv System (09/16/2015 4.3.12) (HKLM\...\0147813640F7AF69F569581EE672B6BE1E71798E) (Version: 09/16/2015 4.3.12 - BigNox Corporation)
World in Conflict (HKLM-x32\...\Uplay Install 90) (Version: - Ubisoft)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)

Reklama
mnouckk
Level 1.5
Level 1.5
Příspěvky: 101
Registrován: únor 13
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrlolu logu

Příspěvekod mnouckk » 23 pro 2017 21:38

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-701642952-2800314590-2487764554-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-701642952-2800314590-2487764554-1000_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\mnouckk\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-701642952-2800314590-2487764554-1000_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\mnouckk\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-12-22] ()
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-11-28] (NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-12-22] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01DA0E2B-0B26-4F3D-8DAD-8987C15ED523} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {01DA52F9-2DE2-4004-BC66-35FFB5D0A450} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {01F7BCFE-2BDE-4480-8BD3-CF75E2816E7D} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-11-16] (NVIDIA Corporation)
Task: {062830EE-6169-4E94-862B-E48B60CA554A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-08] (Microsoft Corporation)
Task: {09D34A30-A0A5-4A9F-B964-05B3E2B60C5E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {0D81066F-8845-4247-BEFF-D1C017E721D2} - System32\Tasks\{8692DA6A-0757-4C39-AD09-55A618FE5E41} => C:\Windows\system32\pcalua.exe -a C:\Users\mnouckk\Downloads\Constellation-0\freehra_Constellation-windows-installer.exe -d C:\Users\mnouckk\Downloads\Constellation-0
Task: {1147485E-D7B8-42F5-B7C1-998B2F4CF03B} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {14122DCD-5123-4C1C-9C16-6271942E0117} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {16B5EE89-5394-4409-BC80-B336B238407A} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {189E9F71-F366-437E-AE32-45AE2DDF4C7A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-08] (Microsoft Corporation)
Task: {19955679-10D2-4B48-B49F-8A22E9FC7B70} - System32\Tasks\Intel(R) Small Business Advantage\Delete Cookies => C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\HealthCenter.CleanupTool.exe [2016-01-28] (Intel Corporation)
Task: {19CFE622-8F94-45C2-8996-4C876060397A} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {19D0D0B5-4C1F-4C0B-8624-3E18226D113D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-17] (Google Inc.)
Task: {1A0039AA-06C3-41FB-9E14-748DE2C26D74} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {1AB07928-6FE7-4472-AE2C-5DD1F198EFC9} - System32\Tasks\Intel(R) Small Business Advantage\Delete Temporary Internet Files => C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\HealthCenter.CleanupTool.exe [2016-01-28] (Intel Corporation)
Task: {1B9370F6-703E-478E-89A9-3914970E4F15} - System32\Tasks\Intel(R) Small Business Advantage\DeleteCookiesCacheEntries => C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\HealthCenter.CleanupTool.exe [2016-01-28] (Intel Corporation)
Task: {1D7B34E8-78B4-4C07-A565-0B14CC488C48} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1E418559-0060-4E31-9FB0-2469A9809A7D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {2325AA5F-343A-4735-ABF8-18B3F51A989F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2A3A08ED-EEEC-4F37-931E-2B0B1B5FA7CC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2DA14970-8C72-4E38-9840-ABF805893A70} - System32\Tasks\Intel(R) Small Business Advantage\DeleteTempFilesCacheEntries => C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\HealthCenter.CleanupTool.exe [2016-01-28] (Intel Corporation)
Task: {3750A62C-E4DF-44F2-8DE7-0805C84C612E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3B2E968D-5856-4B59-B769-8F45A827A9B0} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {40755996-CE5D-4375-AD9D-65A3A85D1EBA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-17] (Google Inc.)
Task: {44B6B96D-552F-4DE9-B3A1-F9B255318295} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {47C97D34-EBA5-46C3-BA7B-2EEEC38B3FE6} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-11-16] (NVIDIA Corporation)
Task: {4A72BF84-EBF6-4FD6-A698-D23C66E89D39} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-11-16] (NVIDIA Corporation)
Task: {505C2B22-489C-483C-94FD-6BB26F8B2ACC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {59B537B6-BB52-43E6-8CBD-119420C99C5E} - System32\Tasks\{19807A0D-EABC-4276-AF9E-DCB9A6869785} => C:\Windows\system32\pcalua.exe -a C:\Users\mnouckk\Desktop\hijackthis.exe -d C:\Users\mnouckk\Desktop
Task: {6168A985-DD5B-4E48-BED7-F83BC0827FCE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {62BFC759-AB52-4805-B41D-EEE884714612} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {67A6415B-0FB5-4E4D-B4BB-B28AB8404CFB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-12] (Adobe Systems Incorporated)
Task: {683C81A1-BB04-4CD3-8DED-E0EE41C2D65D} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
Task: {6C2F11BD-C4C3-4CD1-833D-864728E2DCFF} - System32\Tasks\{C6A5BA10-2EC3-4761-94FC-3C4264628A8C} => C:\Windows\system32\pcalua.exe -a "D:\Hry ISO\Civlization 4 Complete Edition CZ\CIV4 cestina colonization.exe" -d "D:\Hry ISO\Civlization 4 Complete Edition CZ"
Task: {6EC4CBDF-13EF-47C1-96B9-250451AA75B1} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-10-18] (Piriform Ltd)
Task: {773E2907-C0C0-4C18-8696-4C073D6199FE} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-11-16] (NVIDIA Corporation)
Task: {781E1FE0-696A-401D-80D0-9B044A56461C} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7887D92A-C8EF-48B3-A617-1C41662F583E} - System32\Tasks\{CB3DCCED-9D8D-4B00-9BEB-DAD5F71A989A} => C:\Windows\system32\pcalua.exe -a C:\Users\mnouckk\Downloads\VobSub_2.23.exe -d C:\Users\mnouckk\Downloads
Task: {7C60CFEC-FCC1-4325-B073-DCF4605B2AD5} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2017-12-18] (Overwolf LTD)
Task: {7FE5F351-DDD1-4337-B811-C59E22A7991F} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {82F8CBEA-F8B0-4AF6-87C0-E7F95C0BB081} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {841AE96D-24B3-4732-BD62-2CA6A5CB5D8C} - \mnouckk -> No File <==== ATTENTION
Task: {875C2748-4651-4E7B-943C-BDB061B3A81E} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-11-16] (NVIDIA Corporation)
Task: {878326FE-3DDB-46D9-9828-28E6B1E6F873} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-11-16] (NVIDIA Corporation)
Task: {88A56B95-8762-4EFC-866E-D09679B50D42} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8B04D7E6-1C7D-4081-8ED6-B59FCB81B17A} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8F8E4363-2F82-4690-A697-E7CC676D0E6F} - System32\Tasks\{9F3DB54B-66FD-488C-AC32-4DB303D68FD9} => C:\Windows\system32\pcalua.exe -a "D:\Hry ISO\Civlization 4 Complete Edition CZ\CIV4 cestina colonization.exe" -d "D:\Hry ISO\Civlization 4 Complete Edition CZ"
Task: {9C840EA1-BE9C-49AA-BA76-07E90C7E85B8} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {9EEEEF51-E552-4AAE-99EC-94BE7987933A} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A134ABC6-EAAF-43C7-A332-49CD320E4F52} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-08] (Microsoft Corporation)
Task: {A3119BD1-0FD5-4549-99DC-C406871319D7} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-11-16] (NVIDIA Corporation)
Task: {A8B41E00-0CF6-4437-8704-D645502F871D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A976F126-D02A-4A2D-A3FC-78758780B1B9} - System32\Tasks\{0D12145C-C035-45D6-B463-C83922A1CA1E} => C:\Windows\system32\pcalua.exe -a "C:\Users\mnouckk\Downloads\CIVIV_CZ110 (1)\CIVIV_CZ110.exe" -d "C:\Users\mnouckk\Downloads\CIVIV_CZ110 (1)"
Task: {AE2AB985-F184-4D5B-99F3-CFBE923DE750} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-10-18] (Piriform Ltd)
Task: {AEE27177-A462-4C18-9D93-54DBC62386EA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {B3225CBD-D4AC-487F-9514-B9CE5DE3B278} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-08] (Microsoft Corporation)
Task: {B444A20A-D8E0-442A-9020-8EC524C5B767} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {B80C3EB8-4373-4EE3-9D5C-13A4B5883E1B} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BA2F34C3-D34B-4DDF-BABE-7FE643125092} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {BD71E03D-41E7-462D-AEAB-10CA11E3AB2A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {C2D54BE1-13CB-4F64-97EA-3CB6B03849BC} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-11-16] (NVIDIA Corporation)
Task: {DE2EE8EE-091C-48AA-8231-2BB8AB4FB963} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E0BDADCD-969C-4E81-9AC6-EA8267FCC7D2} - System32\Tasks\{2EAB9641-FB41-4FCB-B87A-7BFF3E5ADDF3} => C:\Program Files (x86)\Paper Dragon Games\Constellation\uninstall.exe
Task: {E4E243EF-A4F6-48DD-B7FB-2607A86DFBF1} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E569FBBD-1009-4B24-97F5-26D8A685E50C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {EBE05B51-0F9E-48C8-B172-CC5072B2A887} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {ED3A12D7-A57A-4CD8-8923-E638EDF48D19} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {ED41AC41-5CC1-4C8C-A5C0-738ACDBFDACB} - System32\Tasks\lenovo mobile auto run => C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe [2014-09-29] (Lenovo)
Task: {EDE297BC-A135-4278-B145-D871C245CF78} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {F3052681-F184-4868-A254-6B83503F65CE} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F3C4DC70-3C74-4B60-99AA-CEB8BFA5B271} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {F6D0B70D-03A3-4F6D-8D0E-3A6B71F6D063} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {FAEC6463-F848-45FB-BB45-E4112184881D} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\mnouckk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Sрouštěč арlikаcí Chrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <==== Cyrillic
Shortcut: C:\Users\mnouckk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Нangоuts Gоoglе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <==== Cyrillic
Shortcut: C:\Users\mnouckk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоoglе Chromе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <==== Cyrillic
Shortcut: C:\Users\mnouckk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnet Eхрlorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) <==== Cyrillic
Shortcut: C:\Users\mnouckk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gоoglе Сhromе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <==== Cyrillic

ShortcutWithArgument: C:\Users\mnouckk\AppData\Local\Google\Chrome\User Data\Spouštěč aplikací Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\mnouckk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Spouštěč aplikací Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list

==================== Loaded Modules (Whitelisted) ==============

2017-03-13 22:52 - 2017-11-16 02:41 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-06-27 16:10 - 2016-03-10 01:38 - 001544795 _____ () C:\Program Files (x86)\PgBouncer\bin\pgbouncer.exe
2014-09-05 21:29 - 2014-09-05 21:29 - 000076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2017-09-29 14:41 - 2017-09-29 14:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-12-22 18:48 - 2017-12-22 18:48 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2017-12-12 11:00 - 2017-12-12 11:00 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-12 11:00 - 2017-12-12 11:00 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2007-12-30 11:23 - 2007-12-30 11:23 - 001365504 _____ () C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
2017-12-14 20:31 - 2017-12-06 05:24 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\libglesv2.dll
2017-12-14 20:31 - 2017-12-06 05:24 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\libegl.dll
2016-06-27 16:10 - 2015-08-13 12:47 - 002491564 _____ () C:\Program Files (x86)\PgBouncer\bin\libevent-2-0-5.dll
2016-11-23 20:43 - 2014-07-22 10:00 - 000172032 _____ () c:\postgreSQL\bin\LIBPQ.dll
2016-11-23 20:44 - 2012-08-14 14:19 - 000999424 _____ () c:\postgreSQL\bin\libxml2.dll
2014-04-16 11:43 - 2013-09-16 20:19 - 001242584 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-03-13 22:52 - 2017-11-16 02:41 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2014-09-29 14:05 - 2014-09-29 14:05 - 000109736 _____ () C:\Program Files (x86)\MagicPlus\crashreport.dll
2014-09-29 14:05 - 2014-09-29 14:05 - 000351400 _____ () C:\Program Files (x86)\MagicPlus\UsbHelper.dll
2007-12-30 11:24 - 2007-12-30 11:24 - 000140288 _____ () C:\Program Files (x86)\Rainlendar2\plugins\iCalendarPlugin.dll
2017-03-13 22:52 - 2017-11-16 02:40 - 066906560 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:A31FAD21 [346]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2017-12-22 18:40 - 000000753 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-701642952-2800314590-2487764554-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\mnouckk\Downloads\608887.jpg
HKU\S-1-5-21-701642952-2800314590-2487764554-1013\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run32: => "BDRegion"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "Dare-U mouse"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "MagicPlusHelper"
HKU\S-1-5-21-701642952-2800314590-2487764554-1000\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
HKU\S-1-5-21-701642952-2800314590-2487764554-1000\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-701642952-2800314590-2487764554-1000\...\StartupApproved\Run: => "join.me.launcher"
HKU\S-1-5-21-701642952-2800314590-2487764554-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-701642952-2800314590-2487764554-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-701642952-2800314590-2487764554-1000\...\StartupApproved\Run: => "Battle.net"
HKU\S-1-5-21-701642952-2800314590-2487764554-1000\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-701642952-2800314590-2487764554-1000\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-701642952-2800314590-2487764554-1000\...\StartupApproved\Run: => "OfficeSyncProcess"
HKU\S-1-5-21-701642952-2800314590-2487764554-1000\...\StartupApproved\Run: => "Uninstall C:\Users\mnouckk\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
HKU\S-1-5-21-701642952-2800314590-2487764554-1000\...\StartupApproved\Run: => "CCleaner"
HKU\S-1-5-21-701642952-2800314590-2487764554-1000\...\StartupApproved\Run: => "GalaxyClient"
HKU\S-1-5-21-701642952-2800314590-2487764554-1000\...\StartupApproved\Run: => "Track-o-Bot"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C2AA3760-E6E9-4DE0-9F3A-2F9DE4F41DB2}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\World in Conflict\wic_ds.exe
FirewallRules: [{6D5748C5-0EAB-4331-91A3-0BD1729BE906}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\World in Conflict\wic_ds.exe
FirewallRules: [{E990FDF6-EB8E-496A-99E9-537EA9120EA4}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\World in Conflict\wic_online.exe
FirewallRules: [{A72C1839-3CCD-4F6C-AD8E-525A954E7F0A}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\World in Conflict\wic_online.exe
FirewallRules: [{EBA1FE2F-C90C-4A29-8033-E9631184DE63}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\World in Conflict\wic.exe
FirewallRules: [{6E333951-7AD6-4A4D-B014-FA338F773EB8}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\World in Conflict\wic.exe
FirewallRules: [{07E6951C-27AB-49B3-B525-78C8AE4CB264}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{88CD5319-FBB2-47BE-B7CC-CE55BC7C570D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B32864EA-3A07-41CA-B627-4C475DB22374}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1A913977-6904-48FE-9C9C-A140D50893EF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{8230D40B-C196-4D1A-8486-CA5048A5593C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [UDP Query User{E3F95D0D-1A31-4D2F-A3C6-E6915DEADF39}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [TCP Query User{E6817658-73C3-4D4D-86E6-20FDD34E0BB9}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [{DB78D264-9A34-4967-ADEB-0558CBD39027}] => (Allow) C:\Users\mnouckk\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A204DD56-9CC2-4AD5-A73C-C3F515998666}] => (Allow) C:\Users\mnouckk\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{53B9EAF5-78DF-4E98-879E-5AECF19E4222}] => (Allow) C:\Users\mnouckk\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A5ADF900-13AC-4909-9738-51A73E7C332E}] => (Allow) C:\Users\mnouckk\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A7649345-F8A8-430A-862C-D2B683F4E2BF}] => (Allow) C:\Users\mnouckk\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8580A7D4-5B0A-4341-AE20-EE876EF920DF}] => (Allow) C:\Users\mnouckk\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{48A3275C-67A1-4CF9-9C06-9A485BBF6628}] => (Allow) LPort=5432
FirewallRules: [{EFDF53D3-7789-4A13-B81F-088082477E46}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{9F2199D1-6C29-4535-A0FB-050173DF70EB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3B40A6BC-75C3-4B52-B437-17B8FE9D794D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6FDEB997-82FE-4C57-9876-761585F7D026}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{4D416B71-DBA6-4A4C-B5EA-1718F47BF130}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{70B6339B-C26E-486D-BEC7-20F2386E3517}C:\program files (x86)\the witcher 2 (cz)\bin\witcher2.exe] => (Allow) C:\program files (x86)\the witcher 2 (cz)\bin\witcher2.exe
FirewallRules: [UDP Query User{15EFB0CC-8F4D-41D8-90F8-0CE6B177CA9B}C:\program files (x86)\the witcher 2 (cz)\bin\witcher2.exe] => (Allow) C:\program files (x86)\the witcher 2 (cz)\bin\witcher2.exe
FirewallRules: [{C856099F-E047-48B8-B57A-D7318EDD84C0}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{5C83D264-7690-4F61-91CD-C80A146726A3}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{91A875F7-A314-4E08-8D94-CFC32D36C772}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{E8B0A5F4-18BD-408E-B9D5-8730F0D30638}C:\users\mnouckk\appdata\local\join.me\join.me.exe] => (Allow) C:\users\mnouckk\appdata\local\join.me\join.me.exe
FirewallRules: [UDP Query User{995CA28B-194F-4957-BA14-F0DF1AFF9354}C:\users\mnouckk\appdata\local\join.me\join.me.exe] => (Allow) C:\users\mnouckk\appdata\local\join.me\join.me.exe
FirewallRules: [TCP Query User{78857ACF-2E39-431C-A7C4-D5D514DF7BC7}C:\users\mnouckk\downloads\bitcoin-0.11.0-win64\bitcoin-0.11.0\bin\bitcoin-qt.exe] => (Allow) C:\users\mnouckk\downloads\bitcoin-0.11.0-win64\bitcoin-0.11.0\bin\bitcoin-qt.exe
FirewallRules: [UDP Query User{DF90A4A2-5605-4002-8069-8276BC2E9B99}C:\users\mnouckk\downloads\bitcoin-0.11.0-win64\bitcoin-0.11.0\bin\bitcoin-qt.exe] => (Allow) C:\users\mnouckk\downloads\bitcoin-0.11.0-win64\bitcoin-0.11.0\bin\bitcoin-qt.exe
FirewallRules: [{6CC55BA8-85AF-4313-AD01-1D02F50BA239}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7B0AAF6B-C5F5-47DB-8FFC-41731A426C91}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{4F2B4E98-C1CC-4F14-90F6-0C99547E0806}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{DB27D500-9CC0-491F-879E-E54A3A2CDADD}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{F564D04E-E5E0-4C61-B1E5-0DE437315995}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{D2766447-D8C5-4E1B-AD2C-245ACBB9C77C}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{F41268E3-B606-4BC0-BBE4-7CC12541C003}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gothic\system\GOTHIC.EXE
FirewallRules: [{F32D09BE-ACE2-43F2-B330-59446E5980FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gothic\system\GOTHIC.EXE
FirewallRules: [{3D6CCF22-7511-4259-B19E-4DF324F8FA8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arcania Fall of Setarrif\Arcania Addon.exe
FirewallRules: [{B57626B4-490D-44C2-951F-5D62CF4E0EA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arcania Fall of Setarrif\Arcania Addon.exe
FirewallRules: [{5360DA03-1ECA-4BA5-8FDC-D087CA3CFD9A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arcania Gothic 4\Arcania.exe
FirewallRules: [{3598974A-C566-4EAC-8DAE-244D873BD692}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arcania Gothic 4\Arcania.exe
FirewallRules: [TCP Query User{CE1D13C1-2AEF-446C-B4F5-AB335457B60F}C:\program files (x86)\magicplus\magicplus.exe] => (Allow) C:\program files (x86)\magicplus\magicplus.exe
FirewallRules: [UDP Query User{84300EAD-88C8-4AD7-91F1-45AC9B2705A5}C:\program files (x86)\magicplus\magicplus.exe] => (Allow) C:\program files (x86)\magicplus\magicplus.exe
FirewallRules: [TCP Query User{7DCA9CF0-27E8-43FA-995B-FC55677B2CFE}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{64206C29-97A6-44BC-9D92-C33132D9EF20}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{4E807D01-A76A-461D-9D57-A7533F8B58B3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{6B96E7CC-3D19-475A-B3B9-98D17F8AC17D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{EFEFC4DB-E76B-4509-9322-A42531F3CA50}] => (Allow) C:\Users\mnouckk\AppData\Roaming\Steganos\OnlineShield\Proxy\node.exe
FirewallRules: [{4D42B8FC-25B7-418A-AA28-8FA439D767D1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{AA8F8396-0887-4541-89AC-3ABEBD5C57FC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{52FC79F8-5934-474D-A6A2-137DB57CA3C7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F164B463-3D6D-424C-A132-CF3FA7FC8C10}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E5852537-FDE8-4FA3-8532-C8562DDC74D6}] => (Allow) C:\Program Files (x86)\Alawar\Governor of Poker 2\GovernorofPoker2_PE_Alawar_v1.5.exe
FirewallRules: [{40669AA4-CA07-4FDC-9798-0DF33A826882}] => (Allow) C:\Program Files (x86)\Alawar\Governor of Poker 2\GovernorofPoker2_PE_Alawar_v1.5.wrp.exe
FirewallRules: [{00B015BF-F967-4568-A7AF-2F6A58798A54}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{B7826103-1BFE-49A2-8960-FA65605D32DE}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{521743C0-4C0E-471E-BB0D-C10826BFDECD}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed IV Black Flag\AC4BFMP.exe
FirewallRules: [{1DA1658E-6538-464F-A001-E2D64474BF68}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed IV Black Flag\AC4BFMP.exe
FirewallRules: [{1E89A8E1-3B0D-4517-B41C-3A576D3AC8C1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

13-12-2017 18:55:49 Windows Update
19-12-2017 22:30:27 Windows Update
21-12-2017 23:43:44 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/23/2017 09:23:34 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2017-12-23 21:23:34 CETFATAL: database locale is incompatible with operating system
2017-12-23 21:23:34 CETDETAIL: The database was initialized with LC_COLLATE "Czech_Czech Republic.1250", which is not recognized by setlocale().
2017-12-23 21:23:34 CETHINT: Recreate the database with another locale or install the missing locale.

Error: (12/23/2017 09:23:14 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2017-12-23 21:23:14 CETFATAL: database locale is incompatible with operating system
2017-12-23 21:23:14 CETDETAIL: The database was initialized with LC_COLLATE "Czech_Czech Republic.1250", which is not recognized by setlocale().
2017-12-23 21:23:14 CETHINT: Recreate the database with another locale or install the missing locale.

Error: (12/23/2017 09:22:34 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2017-12-23 21:22:34 CETFATAL: database locale is incompatible with operating system
2017-12-23 21:22:34 CETDETAIL: The database was initialized with LC_COLLATE "Czech_Czech Republic.1250", which is not recognized by setlocale().
2017-12-23 21:22:34 CETHINT: Recreate the database with another locale or install the missing locale.

Error: (12/23/2017 09:22:14 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2017-12-23 21:22:14 CETFATAL: database locale is incompatible with operating system
2017-12-23 21:22:14 CETDETAIL: The database was initialized with LC_COLLATE "Czech_Czech Republic.1250", which is not recognized by setlocale().
2017-12-23 21:22:14 CETHINT: Recreate the database with another locale or install the missing locale.

Error: (12/23/2017 09:21:34 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2017-12-23 21:21:34 CETFATAL: database locale is incompatible with operating system
2017-12-23 21:21:34 CETDETAIL: The database was initialized with LC_COLLATE "Czech_Czech Republic.1250", which is not recognized by setlocale().
2017-12-23 21:21:34 CETHINT: Recreate the database with another locale or install the missing locale.

Error: (12/23/2017 09:21:14 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2017-12-23 21:21:14 CETFATAL: database locale is incompatible with operating system
2017-12-23 21:21:14 CETDETAIL: The database was initialized with LC_COLLATE "Czech_Czech Republic.1250", which is not recognized by setlocale().
2017-12-23 21:21:14 CETHINT: Recreate the database with another locale or install the missing locale.

Error: (12/23/2017 09:20:34 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2017-12-23 21:20:34 CETFATAL: database locale is incompatible with operating system
2017-12-23 21:20:34 CETDETAIL: The database was initialized with LC_COLLATE "Czech_Czech Republic.1250", which is not recognized by setlocale().
2017-12-23 21:20:34 CETHINT: Recreate the database with another locale or install the missing locale.

Error: (12/23/2017 09:20:14 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2017-12-23 21:20:14 CETFATAL: database locale is incompatible with operating system
2017-12-23 21:20:14 CETDETAIL: The database was initialized with LC_COLLATE "Czech_Czech Republic.1250", which is not recognized by setlocale().
2017-12-23 21:20:14 CETHINT: Recreate the database with another locale or install the missing locale.

Error: (12/23/2017 09:19:34 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2017-12-23 21:19:34 CETFATAL: database locale is incompatible with operating system
2017-12-23 21:19:34 CETDETAIL: The database was initialized with LC_COLLATE "Czech_Czech Republic.1250", which is not recognized by setlocale().
2017-12-23 21:19:34 CETHINT: Recreate the database with another locale or install the missing locale.

Error: (12/23/2017 09:19:14 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2017-12-23 21:19:14 CETFATAL: database locale is incompatible with operating system
2017-12-23 21:19:14 CETDETAIL: The database was initialized with LC_COLLATE "Czech_Czech Republic.1250", which is not recognized by setlocale().
2017-12-23 21:19:14 CETHINT: Recreate the database with another locale or install the missing locale.


System errors:
=============
Error: (12/23/2017 09:16:33 PM) (Source: DCOM) (EventID: 10016) (User: MNOUCKK-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli mnouckk-PC\mnouckk (SID: S-1-5-21-701642952-2800314590-2487764554-1000) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (12/22/2017 07:23:18 PM) (Source: DCOM) (EventID: 10016) (User: MNOUCKK-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli mnouckk-PC\mnouckk (SID: S-1-5-21-701642952-2800314590-2487764554-1000) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (12/22/2017 07:22:40 PM) (Source: DCOM) (EventID: 10016) (User: MNOUCKK-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli mnouckk-PC\mnouckk (SID: S-1-5-21-701642952-2800314590-2487764554-1000) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (12/22/2017 06:47:27 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Správce stažených map přestala během spouštění reagovat.

Error: (12/22/2017 06:45:20 PM) (Source: DCOM) (EventID: 10016) (User: MNOUCKK-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli mnouckk-PC\mnouckk (SID: S-1-5-21-701642952-2800314590-2487764554-1000) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (12/22/2017 06:43:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba NetMsmqActivator závisí na službě WAS, která neuspěla při spuštění v důsledku následující chyby:
Neplatné údaje.

Error: (12/22/2017 06:43:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba NetPipeActivator závisí na službě WAS, která neuspěla při spuštění v důsledku následující chyby:
Neplatné údaje.

Error: (12/22/2017 06:43:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba NetTcpActivator závisí na službě WAS, která neuspěla při spuštění v důsledku následující chyby:
Neplatné údaje.

Error: (12/22/2017 06:43:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba W3SVC závisí na službě WAS, která neuspěla při spuštění v důsledku následující chyby:
Neplatné údaje.

Error: (12/22/2017 06:43:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba WAS byla ukončena s následující chybou:
Neplatné údaje.


CodeIntegrity:
===================================
Date: 2017-12-21 22:19:54.819
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2017-12-15 15:29:18.155
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2017-12-15 15:29:18.130
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2017-12-15 15:29:18.112
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2017-12-15 15:29:18.078
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2017-12-15 15:29:18.049
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2017-12-15 15:29:18.016
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2017-12-15 15:29:16.529
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2017-12-15 15:29:16.031
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2017-12-15 13:55:37.919
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz
Percentage of memory in use: 37%
Total physical RAM: 8119.98 MB
Available physical RAM: 5107.78 MB
Total Virtual: 16311.98 MB
Available Virtual: 13189.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:466.8 GB) (Free:101.13 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Místní disk) (Fixed) (Total:464.71 GB) (Free:54.5 GB) NTFS
Drive j: () (Removable) (Total:14.72 GB) (Free:10.71 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B59C16E0)
Partition 1: (Active) - (Size=466.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=464.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.7 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrlolu logu

Příspěvekod jaro3 » 24 pro 2017 10:15

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
SearchScopes: HKU\S-1-5-21-701642952-2800314590-2487764554-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\MICROS~3\Office14\URLREDIR.DLL => No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\MICROS~3\Office14\NPAUTHZ.DLL [No File]
FF Plugin HKU\S-1-5-21-701642952-2800314590-2487764554-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\The Settlers 7 - Paths to a Kingdom\Data\Base\_Dbg\Bin\Release\orbit\npuplaypc.dll [No File]
CHR HKU\S-1-5-21-701642952-2800314590-2487764554-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ahkmpjnmnhjkpkacdhkliipnncobgkhk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [clgckgfbhciacomhlchmgdnplmdiadbj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fbkdlibjhnblcbjjecnlpkldhbkedfhj] - hxxps://clients2.google.com/service/update2/crx
U3 idsvc; no ImagePath
C:\ProgramData\mntemp
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
Task: {09D34A30-A0A5-4A9F-B964-05B3E2B60C5E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {19D0D0B5-4C1F-4C0B-8624-3E18226D113D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-17] (Google Inc.)
Task: {2A3A08ED-EEEC-4F37-931E-2B0B1B5FA7CC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3750A62C-E4DF-44F2-8DE7-0805C84C612E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {40755996-CE5D-4375-AD9D-65A3A85D1EBA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-17] (Google Inc.)
Task: {505C2B22-489C-483C-94FD-6BB26F8B2ACC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {6168A985-DD5B-4E48-BED7-F83BC0827FCE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {62BFC759-AB52-4805-B41D-EEE884714612} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7FE5F351-DDD1-4337-B811-C59E22A7991F} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {82F8CBEA-F8B0-4AF6-87C0-E7F95C0BB081} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {841AE96D-24B3-4732-BD62-2CA6A5CB5D8C} - \mnouckk -> No File <==== ATTENTION
Task: {88A56B95-8762-4EFC-866E-D09679B50D42} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {9C840EA1-BE9C-49AA-BA76-07E90C7E85B8} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {DE2EE8EE-091C-48AA-8231-2BB8AB4FB963} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E569FBBD-1009-4B24-97F5-26D8A685E50C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {EBE05B51-0F9E-48C8-B172-CC5072B2A887} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F6D0B70D-03A3-4F6D-8D0E-3A6B71F6D063} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Shortcut: C:\Users\mnouckk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Sрouštěč арlikаcí Chrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <==== Cyrillic
Shortcut: C:\Users\mnouckk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Нangоuts Gоoglе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <==== Cyrillic
Shortcut: C:\Users\mnouckk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоoglе Chromе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <==== Cyrillic
Shortcut: C:\Users\mnouckk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnet Eхрlorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) <==== Cyrillic
Shortcut: C:\Users\mnouckk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gоoglе Сhromе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <==== Cyrillic

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.


CHR DefaultSearchURL: Default -> hxxp://go.mail.ru/search?q={searchTerms}&fr=chxtn9.0.25__PARAM__
CHR DefaultSearchKeyword: Default -> mail.ru
CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms}
CHR Extension: (Mail.Ru) - C:\Users\mnouckk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkmpjnmnhjkpkacdhkliipnncobgkhk [2017-12-22]

mail.ru používáš?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

mnouckk
Level 1.5
Level 1.5
Příspěvky: 101
Registrován: únor 13
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrlolu logu

Příspěvekod mnouckk » 24 pro 2017 13:27

Nepoužívám, mail.ru a její různé odnože jsou právě jedním z těch problémů, které se automaticky spouští v chromu po startu pc.

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-12-2017 01
Ran by mnouckk (24-12-2017 13:21:35) Run:1
Running from C:\Users\mnouckk\Desktop
Loaded Profiles: mnouckk & postgres (Available Profiles: mnouckk & postgres & Guest & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
SearchScopes: HKU\S-1-5-21-701642952-2800314590-2487764554-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\MICROS~3\Office14\URLREDIR.DLL => No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\MICROS~3\Office14\NPAUTHZ.DLL [No File]
FF Plugin HKU\S-1-5-21-701642952-2800314590-2487764554-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\The Settlers 7 - Paths to a Kingdom\Data\Base\_Dbg\Bin\Release\orbit\npuplaypc.dll [No File]
CHR HKU\S-1-5-21-701642952-2800314590-2487764554-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ahkmpjnmnhjkpkacdhkliipnncobgkhk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [clgckgfbhciacomhlchmgdnplmdiadbj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fbkdlibjhnblcbjjecnlpkldhbkedfhj] - hxxps://clients2.google.com/service/update2/crx
U3 idsvc; no ImagePath
C:\ProgramData\mntemp
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
Task: {09D34A30-A0A5-4A9F-B964-05B3E2B60C5E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {19D0D0B5-4C1F-4C0B-8624-3E18226D113D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-17] (Google Inc.)
Task: {2A3A08ED-EEEC-4F37-931E-2B0B1B5FA7CC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3750A62C-E4DF-44F2-8DE7-0805C84C612E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {40755996-CE5D-4375-AD9D-65A3A85D1EBA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-17] (Google Inc.)
Task: {505C2B22-489C-483C-94FD-6BB26F8B2ACC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {6168A985-DD5B-4E48-BED7-F83BC0827FCE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {62BFC759-AB52-4805-B41D-EEE884714612} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7FE5F351-DDD1-4337-B811-C59E22A7991F} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {82F8CBEA-F8B0-4AF6-87C0-E7F95C0BB081} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {841AE96D-24B3-4732-BD62-2CA6A5CB5D8C} - \mnouckk -> No File <==== ATTENTION
Task: {88A56B95-8762-4EFC-866E-D09679B50D42} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {9C840EA1-BE9C-49AA-BA76-07E90C7E85B8} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {DE2EE8EE-091C-48AA-8231-2BB8AB4FB963} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E569FBBD-1009-4B24-97F5-26D8A685E50C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {EBE05B51-0F9E-48C8-B172-CC5072B2A887} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F6D0B70D-03A3-4F6D-8D0E-3A6B71F6D063} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Shortcut: C:\Users\mnouckk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\S?ou�t�� ??lik?c� Chr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <==== Cyrillic
Shortcut: C:\Users\mnouckk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\?ang?uts G?ogl?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <==== Cyrillic
Shortcut: C:\Users\mnouckk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G?ogl? Chrom?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <==== Cyrillic
Shortcut: C:\Users\mnouckk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\L?un?h Int?rnet E??lorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) <==== Cyrillic
Shortcut: C:\Users\mnouckk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\G?ogl? ?hrom?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <==== Cyrillic

EmptyTemp:
End
*****************

Processes closed successfully.
"HKU\S-1-5-21-701642952-2800314590-2487764554-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => removed successfully
HKLM\Software\Classes\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => removed successfully
"HKLM\Software\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0" => removed successfully
"HKU\S-1-5-21-701642952-2800314590-2487764554-1000\Software\MozillaPlugins\ubisoft.com/uplaypc" => removed successfully
C:\Program Files (x86)\Ubisoft\The Settlers 7 - Paths to a Kingdom\Data\Base\_Dbg\Bin\Release\orbit\npuplaypc.dll => not found.
"HKU\S-1-5-21-701642952-2800314590-2487764554-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ahkmpjnmnhjkpkacdhkliipnncobgkhk" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\clgckgfbhciacomhlchmgdnplmdiadbj" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fbkdlibjhnblcbjjecnlpkldhbkedfhj" => removed successfully
"HKLM\System\CurrentControlSet\Services\idsvc" => removed successfully
idsvc => service removed successfully
C:\ProgramData\mntemp => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\PowerISO" => removed successfully
HKLM\Software\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => key not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxDTCM" => removed successfully
HKLM\Software\Classes\CLSID\{9B5F5829-A529-4B12-814A-E81BCB8D93FC} => key not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\PowerISO" => removed successfully
HKLM\Software\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{09D34A30-A0A5-4A9F-B964-05B3E2B60C5E} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09D34A30-A0A5-4A9F-B964-05B3E2B60C5E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{19D0D0B5-4C1F-4C0B-8624-3E18226D113D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19D0D0B5-4C1F-4C0B-8624-3E18226D113D}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2A3A08ED-EEEC-4F37-931E-2B0B1B5FA7CC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A3A08ED-EEEC-4F37-931E-2B0B1B5FA7CC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3750A62C-E4DF-44F2-8DE7-0805C84C612E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3750A62C-E4DF-44F2-8DE7-0805C84C612E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{40755996-CE5D-4375-AD9D-65A3A85D1EBA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40755996-CE5D-4375-AD9D-65A3A85D1EBA}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{505C2B22-489C-483C-94FD-6BB26F8B2ACC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{505C2B22-489C-483C-94FD-6BB26F8B2ACC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6168A985-DD5B-4E48-BED7-F83BC0827FCE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6168A985-DD5B-4E48-BED7-F83BC0827FCE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62BFC759-AB52-4805-B41D-EEE884714612}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62BFC759-AB52-4805-B41D-EEE884714612}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7FE5F351-DDD1-4337-B811-C59E22A7991F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FE5F351-DDD1-4337-B811-C59E22A7991F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{82F8CBEA-F8B0-4AF6-87C0-E7F95C0BB081}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82F8CBEA-F8B0-4AF6-87C0-E7F95C0BB081}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{841AE96D-24B3-4732-BD62-2CA6A5CB5D8C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{841AE96D-24B3-4732-BD62-2CA6A5CB5D8C}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\mnouckk => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88A56B95-8762-4EFC-866E-D09679B50D42}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88A56B95-8762-4EFC-866E-D09679B50D42}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C840EA1-BE9C-49AA-BA76-07E90C7E85B8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C840EA1-BE9C-49AA-BA76-07E90C7E85B8}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE2EE8EE-091C-48AA-8231-2BB8AB4FB963}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE2EE8EE-091C-48AA-8231-2BB8AB4FB963}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E569FBBD-1009-4B24-97F5-26D8A685E50C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E569FBBD-1009-4B24-97F5-26D8A685E50C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EBE05B51-0F9E-48C8-B172-CC5072B2A887}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBE05B51-0F9E-48C8-B172-CC5072B2A887}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6D0B70D-03A3-4F6D-8D0E-3A6B71F6D063}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6D0B70D-03A3-4F6D-8D0E-3A6B71F6D063}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
C:\Users\mnouckk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\S?ou�t�� ??lik?c� Chr?m?.lnk => not found.
"C:\Users\mnouckk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\?ang?uts G?ogl?.lnk" => Could not move.
"C:\Users\mnouckk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G?ogl? Chrom?.lnk" => Could not move.
"C:\Users\mnouckk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\L?un?h Int?rnet E??lorer Browser.lnk" => Could not move.
"C:\Users\mnouckk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\G?ogl? ?hrom?.lnk" => Could not move.

=========== EmptyTemp: ==========

BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 24394504 B
Java, Flash, Steam htmlcache => 352134580 B
Windows/system/drivers => 62512 B
Edge => 3385041 B
Chrome => 749357042 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 16674 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 1660 B
NetworkService => 44094 B
mnouckk => 146633212 B
postgres.mnouckk-PC.000 => 16674 B
Guest => 331302 B
DefaultAppPool => 16674 B

RecycleBin => 0 B
EmptyTemp: => 1.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:22:35 ====

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrlolu logu

Příspěvekod jaro3 » 24 pro 2017 16:29

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
CHR DefaultSearchURL: Default -> hxxp://go.mail.ru/search?q={searchTerms}&fr=chxtn9.0.25__PARAM__
CHR DefaultSearchKeyword: Default -> mail.ru
CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms}
CHR Extension: (Mail.Ru) - C:\Users\mnouckk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkmpjnmnhjkpkacdhkliipnncobgkhk [2017-12-22]

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

pak napiš , co problémy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

mnouckk
Level 1.5
Level 1.5
Příspěvky: 101
Registrován: únor 13
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrlolu logu

Příspěvekod mnouckk » 24 pro 2017 17:44

Fixnuto, pc se chová tak jak by mělo, či tedy jak bych očekával. Problém se zdá být vyřešen. Než tedy zaháčkuji, jestě dotaz, co s programy, které jsem instaloval.
Defaultně používám Win Defender, nyní přibyl Zemana a Malwarebytes. Má smysl je nechávat?

Děkuji moc za pomoc a přeji hezké svátky. :)


Fix result of Farbar Recovery Scan Tool (x64) Version: 23-12-2017 01
Ran by mnouckk (24-12-2017 17:36:54) Run:2
Running from C:\Users\mnouckk\Desktop
Loaded Profiles: mnouckk & postgres (Available Profiles: mnouckk & postgres & Guest & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CHR DefaultSearchURL: Default -> hxxp://go.mail.ru/search?q={searchTerms}&fr=chxtn9.0.25__PARAM__
CHR DefaultSearchKeyword: Default -> mail.ru
CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms}
CHR Extension: (Mail.Ru) - C:\Users\mnouckk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkmpjnmnhjkpkacdhkliipnncobgkhk [2017-12-22]

EmptyTemp:
End
*****************

Processes closed successfully.
Chrome DefaultSearchURL => not found.
Chrome DefaultSearchKeyword => not found.
Chrome DefaultSuggestURL => not found.
CHR Extension: (Mail.Ru) - C:\Users\mnouckk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkmpjnmnhjkpkacdhkliipnncobgkhk [2017-12-22] => Error: No automatic fix found for this entry.

=========== EmptyTemp: ==========

BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9466992 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 30970 B
Edge => 0 B
Chrome => 531493208 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 2976 B
mnouckk => 67525 B
postgres.mnouckk-PC.000 => 0 B
Guest => 0 B
DefaultAppPool => 0 B

RecycleBin => 16952 B
EmptyTemp: => 523 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:37:05 ====

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrlolu logu

Příspěvekod jaro3 » 25 pro 2017 10:15

Malwarebytes si ponechej , občas aktualizuj a prověď sken.
Sophos a Zemana můžeš odinstalovat.

Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt
Další odkazy:
http://ccm.net/download/download-24087-delfix
https://www.bleepingcomputer.com/download/delfix/

hezké svátky taky přeji!

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

mnouckk
Level 1.5
Level 1.5
Příspěvky: 101
Registrován: únor 13
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrlolu logu  Vyřešeno

Příspěvekod mnouckk » 25 pro 2017 10:59

Ok, děkuji moc za pomoc a přikládám poslední log.

# DelFix v1.013 - Logfile created 25/12/2017 at 10:57:43
# Updated 17/04/2016 by Xplode
# Username : mnouckk - MNOUCKK-PC
# Operating System : Windows 10 Pro (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\zoek-results2015-07-21-203730.log
Deleted : C:\Users\mnouckk\Desktop\AdwCleaner.exe
Deleted : C:\Users\mnouckk\Desktop\Fixlog.txt
Deleted : C:\Users\mnouckk\Desktop\FRST64.exe
Deleted : C:\Users\mnouckk\Desktop\JRT.exe
Deleted : C:\Users\mnouckk\Desktop\hijackthis.exe
Deleted : C:\Users\mnouckk\Desktop\hijackthis.log
Deleted : C:\Users\mnouckk\Desktop\OTC.exe
Deleted : C:\Users\mnouckk\Desktop\RogueKillerX64.exe
Deleted : C:\Users\mnouckk\Desktop\TFC.exe
Deleted : C:\Users\mnouckk\Desktop\zoek.exe
Deleted : C:\Users\mnouckk\Downloads\JRT.exe
Deleted : C:\Users\mnouckk\Downloads\HijackThis.exe
Deleted : HKCU\console_combofixbackup
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Cleaning system restore ...

Deleted : RP #3 [Windows Update | 12/19/2017 21:30:27]
Deleted : RP #4 [JRT Pre-Junkware Removal | 12/21/2017 22:43:44]
Deleted : RP #5 [Removed Sophos Virus Removal Tool. | 12/25/2017 09:54:59]

New restore point created !

########## - EOF - ##########


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Majestic-12 [Bot] a 8 hostů