prosím o kontrolu logu

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Lagett
nováček
Příspěvky: 26
Registrován: říjen 17
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu

Příspěvekod Lagett » 19 úno 2018 17:11

problémy stále stejné...

Reklama
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu

Příspěvekod jaro3 » 19 úno 2018 17:50

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Lagett
nováček
Příspěvky: 26
Registrován: říjen 17
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu

Příspěvekod Lagett » 19 úno 2018 19:59

kdyz sem pustil zoek, tak se mi seknul o polozky firefox, neslo to vypnout nic s tim delat, musel sem restartovat pc, ale log to vyhodilo(posilal sem), ted sem to zkousel v nouzaku a seklo se to u empty FF cache, musel sem znova restart, bezelo to asi 2 hodiny.., tak posilam znova log

Zoek.exe Version 5.0.0.2 Updated 04-Februari-2018
Tool run by Jenda on po 19.02.2018 at 17:18:59,54.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Safe Mode MINIMAL No Internet Access Detected
Launched: C:\Users\Jenda\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2018-02-16-192959.log 2068 bytes
C:\zoek-results2018-02-17-023359.log 1988 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== FireFox Fix ======================

Deleted from C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\w4szhopx.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\w4szhopx.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\w4szhopx.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\w4szhopx.default
- Undetermined - %ProfilePath%\extensions\sko-extension@firma.seznam.cz.xpi
- Undetermined - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\w4szhopx.default
7C287305070FA26E37B1A822FDBD0488 - C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U151
61A992D1093451F466C1ACFD907645B4 - C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.1510.12
81D6D6EE6226773449C5CBE9496EDAF6 - C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrlui.dll - Microsoft® Silverlight
FC18E6D133877BE07C753552705A5B8C - C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll - Silverlight Plug-In


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{15C4DF55-4B67-495A-A3D3-A497C4A49EE0}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
HKCU\SearchScopes\{287B0028-ABB7-4899-BBB4-A4419B9B1C36} - http://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_28314
HKCU\SearchScopes\{2A25CDDF-9589-4E6D-BFFD-40BD2FFFEA75} - http://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_28314
HKCU\SearchScopes\{498A34E7-6673-4428-A563-3A037520CF66} - http://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_28314
HKCU\SearchScopes\{61645204-122F-4B19-AB27-927D637E39DF} - http://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_28314
HKCU\SearchScopes\{8745616F-B37E-49DC-A3FF-329A55543BDA} - http://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_28314
HKCU\SearchScopes\{B5E9BDE9-7B72-4CE8-AA1F-7657E9F1D39D} - http://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_28314
HKCU\SearchScopes\{C8EADEDE-EC66-4C94-893E-8A497F1051D8} - http://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_28314
HKCU\SearchScopes\{E13B0731-49A7-4824-80C6-55A14B7DC0DC} - http://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_28314

==== Reset Google Chrome ======================

C:\Users\Jenda\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Jenda\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Jenda\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Jenda\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jenda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Jenda\AppData\Local\Mozilla\Firefox\Profiles\w4szhopx.default\cache2 emptied successfully
C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\w4szhopx.default\storage\default\https+++twitter.com\cache emptied successfully
C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\w4szhopx.default\storage\default\https+++www.twitch.tv\cache emptied successfully
C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\w4szhopx.default\storage\default\https+++www.youtube.com\cache emptied successfully

Lagett
nováček
Příspěvky: 26
Registrován: říjen 17
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu

Příspěvekod Lagett » 19 úno 2018 20:02

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.02.2018
Ran by Jenda (administrator) on JENDA-PC (19-02-2018 20:00:18)
Running from C:\Users\Jenda\Desktop
Loaded Profiles: Jenda & postgres (Available Profiles: Jenda & postgres)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\pg_ctl.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.681\SSScheduler.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9068040 2016-11-09] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKU\S-1-5-21-2896805088-437792320-3916761231-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-2896805088-437792320-3916761231-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [58899912 2018-02-02] (Skype Technologies S.A.)
HKU\S-1-5-21-2896805088-437792320-3916761231-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10290608 2018-02-07] (Piriform Ltd)
HKU\S-1-5-21-2896805088-437792320-3916761231-1006\...\Run: [T-Mobile CManager] => "C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-02-11]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.681\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2018-01-19]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.1.138
Tcpip\..\Interfaces\{12E81E8B-FB4F-4FFA-8443-A86BFF443193}: [DhcpNameServer] 10.0.1.138

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-2896805088-437792320-3916761231-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKLM-x32 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL =
SearchScopes: HKU\S-1-5-21-2896805088-437792320-3916761231-1000 -> {287B0028-ABB7-4899-BBB4-A4419B9B1C36} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_28314
SearchScopes: HKU\S-1-5-21-2896805088-437792320-3916761231-1000 -> {2A25CDDF-9589-4E6D-BFFD-40BD2FFFEA75} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_28314
SearchScopes: HKU\S-1-5-21-2896805088-437792320-3916761231-1000 -> {498A34E7-6673-4428-A563-3A037520CF66} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_28314
SearchScopes: HKU\S-1-5-21-2896805088-437792320-3916761231-1000 -> {61645204-122F-4B19-AB27-927D637E39DF} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_28314
SearchScopes: HKU\S-1-5-21-2896805088-437792320-3916761231-1000 -> {8745616F-B37E-49DC-A3FF-329A55543BDA} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_28314
SearchScopes: HKU\S-1-5-21-2896805088-437792320-3916761231-1000 -> {B5E9BDE9-7B72-4CE8-AA1F-7657E9F1D39D} URL = hxxp://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_28314
SearchScopes: HKU\S-1-5-21-2896805088-437792320-3916761231-1000 -> {C8EADEDE-EC66-4C94-893E-8A497F1051D8} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_28314
SearchScopes: HKU\S-1-5-21-2896805088-437792320-3916761231-1000 -> {E13B0731-49A7-4824-80C6-55A14B7DC0DC} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_28314
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-11-07] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-07] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: w4szhopx.default
FF ProfilePath: C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\w4szhopx.default [2018-02-19]
FF Homepage: Mozilla\Firefox\Profiles\w4szhopx.default -> about:home
FF NewTab: Mozilla\Firefox\Profiles\w4szhopx.default -> about:newtab
FF Extension: (Seznam pro Firefox - Esko) - C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\w4szhopx.default\Extensions\sko-extension@firma.seznam.cz.xpi [2017-11-29]
FF Extension: (Adblock Plus) - C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\w4szhopx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-12]
FF Extension: (No Name) - C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\w4szhopx.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]
FF SearchPlugin: C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\w4szhopx.default\searchplugins\seznam-avast.xml [2017-01-06]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-02-06] ()
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-07] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-08-21] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-08-21] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [408104 2017-05-30] (EasyAntiCheat Ltd)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2017-09-12] (Futuremark)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2016-08-26] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.681\McCHSvc.exe [404376 2018-02-04] (McAfee, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 postgresql-8.4; "c:\postgreSQL\bin\pg_ctl.exe" runservice -N "postgresql-8.4" -D "c:/postgreSQL/data" -w [X] <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-05-25] (Huawei Technologies Co., Ltd.)
R3 ssdevfactory; C:\Windows\System32\DRIVERS\ssdevfactory.sys [46408 2017-06-02] (SteelSeries ApS)
R3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [54560 2018-01-09] (SteelSeries ApS)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2018-02-17] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2018-02-17] (Zemana Ltd.)
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S4 nvvhci; system32\DRIVERS\nvvhci.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-19 20:00 - 2018-02-19 20:01 - 000014814 _____ C:\Users\Jenda\Desktop\FRST.txt
2018-02-19 20:00 - 2018-02-19 20:00 - 000000000 ____D C:\FRST
2018-02-19 19:58 - 2018-02-19 19:58 - 002403840 _____ (Farbar) C:\Users\Jenda\Desktop\FRST64.exe
2018-02-19 17:18 - 2018-02-19 19:53 - 000346456 _____ C:\Windows\ntbtlog.txt
2018-02-17 22:29 - 2018-02-17 22:30 - 000029878 _____ C:\Users\Jenda\Desktop\cc_20180217_222944.reg
2018-02-17 22:24 - 2018-02-17 22:24 - 000201728 _____ (OldTimer Tools) C:\Users\Jenda\Desktop\OTC(1).exe
2018-02-17 22:24 - 2018-02-17 22:24 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-02-17 22:24 - 2018-02-17 22:24 - 000002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-02-17 22:24 - 2018-02-17 22:24 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-02-17 22:24 - 2018-02-17 22:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-02-17 22:24 - 2018-02-17 22:24 - 000000000 ____D C:\Program Files\CCleaner
2018-02-17 22:23 - 2018-02-17 22:23 - 011217568 _____ (Piriform Ltd) C:\Users\Jenda\Desktop\ccsetup540.exe
2018-02-17 22:23 - 2018-02-17 22:23 - 011217568 _____ (Piriform Ltd) C:\Users\Jenda\Desktop\ccsetup540(1).exe
2018-02-17 22:23 - 2018-02-17 22:23 - 000000000 ___SD C:\32788R22FWJFW
2018-02-17 22:22 - 2018-02-19 17:10 - 000000000 ____D C:\Users\Jenda\Desktop\backups
2018-02-17 21:02 - 2018-02-17 21:02 - 000002182 _____ C:\Users\Jenda\Desktop\gho.txt
2018-02-17 21:02 - 2018-02-17 21:02 - 000000512 _____ C:\Users\Jenda\Desktop\MBR.dat
2018-02-17 18:31 - 2018-02-17 18:31 - 000000000 _____ C:\Users\Jenda\Desktop\8645,37.txt
2018-02-17 17:28 - 2018-02-17 22:23 - 000000000 ____D C:\Windows\erdnt
2018-02-17 17:13 - 2018-02-19 20:01 - 000043204 _____ C:\Windows\ZAM.krnl.trace
2018-02-17 17:13 - 2018-02-19 20:01 - 000019508 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-02-17 17:13 - 2018-02-17 17:13 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2018-02-17 17:13 - 2018-02-17 17:13 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2018-02-17 17:13 - 2018-02-17 17:13 - 000001148 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2018-02-17 17:13 - 2018-02-17 17:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2018-02-17 17:13 - 2018-02-17 17:13 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-02-17 17:12 - 2018-02-17 17:12 - 000000000 ____D C:\Users\Jenda\AppData\Local\Zemana
2018-02-17 16:46 - 2018-02-17 16:46 - 006625600 _____ (Zemana Ltd. ) C:\Users\Jenda\Desktop\Zemana.AntiMalware.Setup.exe
2018-02-17 08:16 - 2018-02-17 08:16 - 000000000 ____D C:\Users\Jenda\AppData\Local\Apple
2018-02-16 19:32 - 2018-02-16 19:32 - 001168896 _____ C:\Users\Jenda\Desktop\zoek.exe
2018-02-16 19:32 - 2018-02-16 19:32 - 000000000 ____D C:\zoek_backup
2018-02-16 16:45 - 2018-02-17 16:45 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-02-16 16:44 - 2018-02-16 19:35 - 000000000 ____D C:\ProgramData\RogueKiller
2018-02-16 13:01 - 2018-02-16 13:01 - 026937928 _____ (Adlice Software) C:\Users\Jenda\Desktop\RogueKiller_portable64.exe
2018-02-16 13:00 - 2018-02-16 13:00 - 000002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2018-02-16 13:00 - 2018-02-16 13:00 - 000000000 ____D C:\ProgramData\Sophos
2018-02-16 13:00 - 2018-02-16 13:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2018-02-16 13:00 - 2018-02-16 13:00 - 000000000 ____D C:\Program Files (x86)\Sophos
2018-02-16 12:59 - 2018-02-16 12:59 - 000001684 _____ C:\Users\Jenda\Desktop\malvare.txt
2018-02-16 12:58 - 2018-02-16 13:00 - 191548536 _____ (Sophos Limited) C:\Users\Jenda\Desktop\Sophos Virus Removal Tool.exe
2018-02-16 12:56 - 2018-02-16 12:56 - 000003550 _____ C:\Users\Jenda\Desktop\JRT.txt
2018-02-16 12:50 - 2018-02-16 12:50 - 001790024 _____ (Malwarebytes) C:\Users\Jenda\Desktop\JRT.exe
2018-02-16 02:58 - 2018-02-16 02:58 - 000001200 _____ C:\Users\Jenda\Desktop\CrystalDiskInfo.lnk
2018-02-16 02:58 - 2018-02-16 02:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2018-02-16 02:58 - 2018-02-16 02:58 - 000000000 ____D C:\Program Files (x86)\CrystalDiskInfo
2018-02-16 02:57 - 2018-02-16 02:57 - 000001682 _____ C:\Users\Jenda\Desktop\xxx.txt
2018-02-16 02:54 - 2018-02-16 02:54 - 003947992 _____ (Crystal Dew World ) C:\Users\Jenda\Desktop\CrystalDiskInfo7_5_1.exe
2018-02-16 02:52 - 2018-02-16 02:52 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-02-16 02:52 - 2018-02-16 02:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-02-16 02:52 - 2018-02-16 02:52 - 000000000 ____D C:\Program Files\Malwarebytes
2018-02-16 02:52 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-02-16 02:47 - 2018-02-16 17:26 - 000000000 ____D C:\AdwCleaner
2018-02-16 02:46 - 2018-02-17 22:54 - 000000000 ____D C:\Users\Jenda\AppData\Local\Apps\2.0
2018-02-16 01:35 - 2018-02-16 01:35 - 008222496 _____ (Malwarebytes) C:\Users\Jenda\Desktop\AdwCleaner.exe
2018-02-16 01:34 - 2018-02-16 01:34 - 067502232 _____ (Malwarebytes ) C:\Users\Jenda\Desktop\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3958.exe
2018-02-16 01:33 - 2018-02-16 01:33 - 000448512 _____ (OldTimer Tools) C:\Users\Jenda\Desktop\TFC.exe
2018-02-15 23:56 - 2018-02-15 23:56 - 000050688 _____ (Atribune.org) C:\Users\Jenda\Desktop\ATF-Cleaner.exe
2018-02-15 21:51 - 2018-02-15 21:51 - 000388608 _____ (Trend Micro Inc.) C:\Users\Jenda\Desktop\HijackThis.exe
2018-02-11 15:28 - 2018-02-17 12:47 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2018-02-11 15:28 - 2018-02-11 15:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2018-01-30 23:49 - 2018-01-30 23:49 - 1410630568 _____ C:\Users\Jenda\Desktop\9Ts.cfr
2018-01-30 23:49 - 2018-01-30 23:49 - 000017757 _____ C:\Users\Jenda\Desktop\9Ts.cfr.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-19 19:59 - 2016-11-16 22:30 - 000000000 ____D C:\Users\Jenda\AppData\LocalLow\Mozilla
2018-02-19 19:59 - 2011-04-12 09:34 - 000668866 _____ C:\Windows\system32\perfh005.dat
2018-02-19 19:59 - 2011-04-12 09:34 - 000141526 _____ C:\Windows\system32\perfc005.dat
2018-02-19 19:59 - 2009-07-14 06:13 - 001584554 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-19 19:59 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-02-19 19:55 - 2017-11-03 02:23 - 000000000 ____D C:\Program Files (x86)\Steam
2018-02-19 19:54 - 2015-05-09 23:22 - 000000000 ____D C:\ProgramData\NVIDIA
2018-02-19 19:54 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-19 17:19 - 2015-05-30 18:03 - 000000000 ____D C:\Users\Jenda\AppData\Local\ElevatedDiagnostics
2018-02-19 17:14 - 2009-07-14 06:08 - 000032540 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-02-19 17:04 - 2015-05-10 19:38 - 000000000 ____D C:\Users\Jenda\AppData\Roaming\TS3Client
2018-02-19 13:10 - 2015-06-30 20:21 - 000000000 ____D C:\Users\Jenda\AppData\Local\Equilab
2018-02-19 12:58 - 2009-07-14 05:45 - 000021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-19 12:58 - 2009-07-14 05:45 - 000021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-19 03:30 - 2015-05-10 00:29 - 000000000 ____D C:\Users\Jenda\AppData\Roaming\HoldemManager
2018-02-19 02:17 - 2017-03-21 23:37 - 000000000 ____D C:\Users\Jenda\AppData\Local\PokerStars.CZ
2018-02-18 17:15 - 2017-03-21 23:36 - 000000000 ____D C:\Program Files (x86)\PokerStars.CZ
2018-02-17 22:54 - 2017-04-02 21:55 - 000000000 ____D C:\Users\Jenda\AppData\Local\Deployment
2018-02-17 22:27 - 2015-08-25 01:52 - 000000000 ____D C:\Users\Jenda\AppData\Local\CrashDumps
2018-02-17 20:54 - 2009-07-14 03:34 - 000000215 _____ C:\Windows\system.ini
2018-02-17 18:33 - 2017-11-02 23:53 - 000000000 ____D C:\Users\Jenda\AppData\Roaming\Seznam.cz
2018-02-17 18:29 - 2015-05-10 00:24 - 000001088 _____ C:\Users\Public\Desktop\HoldemManager2.lnk
2018-02-17 18:29 - 2015-05-10 00:24 - 000000000 ____D C:\Program Files (x86)\Holdem Manager 2
2018-02-17 17:39 - 2017-05-13 21:42 - 000000000 ____D C:\Users\Subs
2018-02-17 17:27 - 2015-05-09 23:18 - 000000000 ____D C:\Users\Jenda
2018-02-16 21:26 - 2015-05-10 00:24 - 000000000 ____D C:\Users\postgres
2018-02-16 02:52 - 2015-11-26 02:45 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-14 21:36 - 2017-06-05 08:12 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-14 21:36 - 2015-07-15 09:40 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-02-14 03:47 - 2015-07-13 21:53 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-14 03:47 - 2015-07-13 21:53 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-12 01:58 - 2015-12-31 02:16 - 000000000 ____D C:\Users\Jenda\Desktop\files
2018-02-12 01:52 - 2015-05-10 11:47 - 000002008 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2018-02-11 15:28 - 2015-11-14 12:49 - 000000000 ____D C:\Program Files\McAfee Security Scan
2018-02-09 07:41 - 2015-05-09 23:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-08 21:08 - 2016-11-16 11:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-02-07 22:24 - 2017-12-01 14:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-02-07 22:24 - 2015-05-10 00:10 - 000001306 _____ C:\Users\Public\Desktop\Skype.lnk
2018-02-06 21:22 - 2015-05-10 11:47 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-02-06 21:22 - 2015-05-10 11:47 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-06 21:22 - 2015-05-10 11:47 - 000004396 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-02-06 21:22 - 2015-05-10 11:47 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-02-06 21:22 - 2015-05-10 11:47 - 000000000 ____D C:\Windows\system32\Macromed

==================== Files in the root of some directories =======

2017-01-06 00:31 - 2017-01-06 00:31 - 000007602 _____ () C:\Users\Jenda\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-02-17 17:57

==================== End of FRST.txt ============================

Lagett
nováček
Příspěvky: 26
Registrován: říjen 17
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu

Příspěvekod Lagett » 19 úno 2018 20:02

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.02.2018
Ran by Jenda (19-02-2018 20:01:27)
Running from C:\Users\Jenda\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2015-05-09 22:18:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2896805088-437792320-3916761231-500 - Administrator - Disabled)
Guest (S-1-5-21-2896805088-437792320-3916761231-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2896805088-437792320-3916761231-1012 - Limited - Enabled)
Jenda (S-1-5-21-2896805088-437792320-3916761231-1000 - Administrator - Enabled) => C:\Users\Jenda
postgres (S-1-5-21-2896805088-437792320-3916761231-1006 - Limited - Enabled) => C:\Users\postgres

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

888poker (HKLM-x32\...\{ED175C0B-CA34-44DD-B37F-D2705FAF8673}) (Version: 6.22.30010 - 888poker) Hidden
888poker (HKU\S-1-5-21-2896805088-437792320-3916761231-1000\...\InstallShield_{ED175C0B-CA34-44DD-B37F-D2705FAF8673}) (Version: 6.22.30010 - 888poker)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 18.011.20036 - Adobe Systems Incorporated)
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bitcoin Core (64-bit) (HKU\S-1-5-21-2896805088-437792320-3916761231-1000\...\Bitcoin Core (64-bit)) (Version: 0.15.1 - Bitcoin Core project)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.69.1079 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 5.40 - Piriform)
CPUID HWMonitor 1.32 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.32 - )
CrystalDiskInfo 7.5.1 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.5.1 - Crystal Dew World)
Electrum (HKU\S-1-5-21-2896805088-437792320-3916761231-1000\...\Electrum) (Version: 3.0.2 - Electrum Technologies GmbH)
Futuremark SystemInfo (HKLM-x32\...\{80DAA2DD-18D3-4C18-927E-8D150C112912}) (Version: 5.2.624.0 - Futuremark)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.167 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
Holdem Manager 2 (HKLM-x32\...\HoldemManager2) (Version: - )
HoldemResources Calculator (HKLM-x32\...\HoldemResources Calculator) (Version: release - HoldemResources)
HWiNFO32 Version 4.36 (HKLM-x32\...\HWiNFO32_is1) (Version: 4.36 - Martin Malík - REALiX)
HWiNFO64 Version 4.62 (HKLM\...\HWiNFO64_is1) (Version: 4.62 - Martin Malík - REALiX)
Icmizer (HKU\S-1-5-21-2896805088-437792320-3916761231-1000\...\bcfaecc00feb2640) (Version: 2.11.3.0 - Valentin Kuzub)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
iTunes (HKLM\...\{EB7E0903-21E9-4851-99D3-D7E54B51031C}) (Version: 12.7.0.166 - Apple Inc.)
Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Malwarebytes verze 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.681.1 - McAfee, Inc.)
Microsoft .NET Framework 4.6.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110405-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 58.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 58.0.2 (x64 cs)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 58.0.2.6611 - Mozilla)
NVIDIA Ovladač 3D Vision 385.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 385.41 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 385.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 385.41 - NVIDIA Corporation)
OCCT 4.5.1 (HKLM-x32\...\OCCT) (Version: 4.5.1 - Ocbase.com)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
Ovládací panel NVIDIA 385.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 385.41 - NVIDIA Corporation) Hidden
partypoker (HKLM-x32\...\PartyPoker) (Version: - PartyGaming)
PCMark 10 (HKLM\...\{ACE3FF20-4423-40B2-AC00-83134F24BA90}) (Version: 1.0.1275.0 - Futuremark) Hidden
PCMark 10 (HKLM-x32\...\{a5fc954d-24df-456f-be6c-f41917d446d3}) (Version: 1.0.1275.0 - Futuremark)
Podpora aplikací Apple (32bitová) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Podpora aplikací Apple (64bitová) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
PokerSnowie (HKLM-x32\...\PokerSnowie_is1) (Version: - Snowie Games Ltd)
PokerStars.cz (HKLM-x32\...\PokerStars.cz) (Version: - PokerStars.cz)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version: - PokerStars.eu)
PokerStrategy.com Equilab (HKLM-x32\...\{86D09F48-CDAB-4B4C-8806-F6C16F17935A}) (Version: 1.2.8.0 - PokerStrategy.com)
PostgreSQL 8.4 (HKLM-x32\...\PostgreSQL 8.4) (Version: 8.4 - PostgreSQL Global Development Group)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.92.115.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7982 - Realtek Semiconductor Corp.)
Sada Compatibility Pack pro systém Office 2007 (HKLM-x32\...\{90120000-0020-0405-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
SessionLord (HKLM-x32\...\{1E80B1FD-8A06-4B70-86B6-CEB9E5C8EFB1}) (Version: 1.0.23 - SessionLord Ltd.)
SessionLord (HKLM-x32\...\{4ceecc68-b7e1-4161-8a66-e14102ae4a39}) (Version: 1.0.6 - SessionLord Ltd.) Hidden
Seznam Software (HKU\S-1-5-21-2896805088-437792320-3916761231-1000\...\SeznamInstall) (Version: 2.1.30 - Seznam.cz)
Skype verze 8.15 (HKLM-x32\...\Skype_is1) (Version: 8.15 - Skype Technologies S.A.)
SoftPerfect WiFi Guard version 1.0.3 (HKLM\...\{38AFD787-4D2E-4442-92D2-7739F5F92CF4}_is1) (Version: 1.0.3 - SoftPerfect Research)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.11.11 (HKLM\...\SteelSeries Engine 3) (Version: 3.11.11 - SteelSeries ApS)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.18.1 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)
Windows Driver Package - Microsoft (xusb21) XnaComposite (08/13/2009 2.1.0.1349) (HKLM\...\0AEBEF6F936CFE16E003F7E141631FAB754D9816) (Version: 08/13/2009 2.1.0.1349 - Microsoft)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-02-17] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-08-22] (NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-02-17] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0017A5CD-0668-47D0-9126-236B6BAFA5DB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-01-17] (Adobe Systems Incorporated)
Task: {06ABCCFF-4CF4-4B9D-B601-7758D162839B} - System32\Tasks\{DFE6B8F2-C7DB-4C5A-BC92-210BD2363710} => C:\Windows\system32\pcalua.exe -a C:\Users\Jenda\Desktop\ccsetup536.exe -d C:\Users\Jenda\Desktop
Task: {11C676C6-79C9-4AFE-9258-A09FF745B1D6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-02-07] (Piriform Ltd)
Task: {2F7C8A0F-D3AC-43F0-A66F-8EB7D9DAA629} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-13] (Google Inc.)
Task: {492CD30B-3936-4271-AB15-1778BE78538B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-13] (Google Inc.)
Task: {53DF04E8-9BD4-4C94-8A06-BF1E8462A9C1} - System32\Tasks\{2FEFB79B-4FC6-43AE-858D-17005EDB4F69} => C:\Windows\system32\pcalua.exe -a C:\Users\Jenda\Desktop\hwinfo32-lista-centrumcz.exe -d C:\Users\Jenda\Desktop
Task: {AB621370-1B45-4085-961C-FF2D48E657CC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {B2BB77D5-3478-4DA4-BAC1-C4BAC77AFA5A} - System32\Tasks\Microsoft\Windows\MemDiag => C:\Windows\system32\mdres.exe [2009-07-14] (Microsoft Corporation)
Task: {C1897AE3-044F-4F62-9DCF-B2610AA0FE29} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-02-07] (Piriform Ltd)
Task: {F5E4A85C-B059-400B-A91D-F5BF586BFD14} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-06] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Jenda\Desktop\Universal Replayer.lnk -> C:\Windows\System32\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://www.universal-replayer.net/jws/universal_replayer.jnlp "C:\Users\Jenda\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\16a3839d-44fc601d"

==================== Loaded Modules (Whitelisted) ==============

2017-09-01 01:49 - 2017-09-01 01:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-08-26 10:08 - 2016-08-26 10:08 - 000192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
2018-02-17 17:13 - 2018-02-17 17:13 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2017-09-11 13:45 - 2017-09-11 13:45 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2017-09-11 13:45 - 2017-09-11 13:45 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2018-02-07 18:47 - 2018-02-07 18:47 - 000080136 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2015-05-10 00:24 - 2014-02-18 09:11 - 000172032 _____ () c:\postgreSQL\bin\LIBPQ.dll
2015-05-10 00:24 - 2012-08-14 14:19 - 000999424 _____ () c:\postgreSQL\bin\libxml2.dll
2017-11-03 02:24 - 2017-11-29 06:09 - 000781088 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-11-03 02:24 - 2016-09-01 02:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-11-03 02:24 - 2016-09-01 02:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-11-03 02:24 - 2016-09-01 02:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-11-03 02:24 - 2017-12-15 20:59 - 002558752 _____ () C:\Program Files (x86)\Steam\video.dll
2017-12-15 16:19 - 2017-11-04 02:54 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2017-12-15 16:19 - 2017-11-04 02:54 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2017-12-15 16:19 - 2017-11-04 02:54 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2017-12-15 16:19 - 2017-11-04 02:54 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2017-12-15 16:19 - 2017-11-04 02:54 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2017-11-03 02:24 - 2017-12-15 20:59 - 000904992 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-11-03 02:24 - 2016-07-04 23:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-12-01 14:38 - 2018-02-02 21:48 - 001782904 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
2017-12-01 14:38 - 2018-02-02 21:48 - 000088064 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node
2017-12-01 14:38 - 2018-02-02 21:48 - 002559616 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
2017-12-01 14:38 - 2018-02-02 21:48 - 000031872 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
2017-11-03 02:25 - 2017-09-07 03:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2017-11-03 02:25 - 2017-10-31 05:44 - 071471904 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-11-03 02:24 - 2015-09-25 00:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2018-02-07 22:24 - 2018-02-02 21:48 - 000208384 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\electron-ssid\build\Release\electron-ssid.node
2017-12-01 14:38 - 2018-02-02 21:48 - 000400384 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\@paulcbetts\spellchecker\build\Release\spellchecker.node
2017-12-01 14:38 - 2018-02-02 21:48 - 000129536 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
2017-12-01 14:38 - 2018-02-02 21:48 - 002167808 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\skypert.dll
2015-05-09 23:36 - 2012-07-18 04:55 - 001198912 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2018-02-19 17:23 - 000000841 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2896805088-437792320-3916761231-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jenda\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.1.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{14EF55CF-C556-4396-B794-94507AD5C53C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ACB569ED-625D-49C1-AC40-B6F227350A12}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DE6D80F1-A30C-4BD9-BFE9-08A1342FCAE5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{038D3C03-E6C8-43DC-BBC7-AB019DEB5E69}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D8894E68-1E48-4642-9C14-75E6515DB427}] => (Allow) LPort=5432
FirewallRules: [{3333751F-DF3B-40EC-B404-4A9C2ECD96F4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{DB8F2E46-615D-40BA-9136-5EBA332A18BA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{4F0713F5-B0D2-4927-8330-D7048E115CF0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{4DF42937-48C1-4591-BD88-07C9DC1747E5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{AEB56F54-8CED-4CB3-BCDB-D8E2CE488B01}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C9DA8370-038B-4D1A-B279-9935FBE359BA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DE78BBD8-34F5-4BC1-A58C-33F72659EDF2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D28D0CE6-1A6A-4ED9-937D-7D49EA88372C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{43E72258-DE8F-4C56-9A68-83D7D2F038B7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{73B10F63-BF9A-48E9-BFBE-072208CAAAA9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{811C1D21-1EAB-4D99-ACE2-325F7C91E71A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{CBAA0380-4D16-4C86-9686-78AED3FDD005}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4424AF3F-4DD4-4DAD-B8C9-64DEB15719D5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{686BC59C-D366-4D93-92CC-726E033E99C7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{80A4D746-F5F1-4250-8B82-330108DCDB09}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3CD9EDDC-B2C8-462B-85A9-EDC5D20A28D9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ACC137E7-F440-425A-9BA4-183C077C940A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{0CCEBB77-C55A-4AE0-9A0B-EA00DA033200}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{54688C11-5E0A-4917-BE6B-BABAE4ABBFCA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{925A7BD6-30AC-48F8-9269-C1AFCA74A907}] => (Allow) F:\dota\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3FDDD62C-BEC6-4BA2-AB79-2443EDCBB693}] => (Allow) F:\dota\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{59E3EF64-2878-4928-8D25-6581A6964648}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{65143DC9-4704-40A4-A7C1-E7E73D7085B3}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{693FB9EB-3A25-4C7D-B59D-FBE1607E1E8D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{726F1491-94F1-4531-B138-AAA452F7EBCC}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{A7C5FDC4-5239-4175-A1BD-E1AAD3550D18}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

17-02-2018 22:23:22 ComboFix created restore point

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/19/2018 07:56:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/19/2018 07:54:58 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2018-02-19 19:54:58 CETFATAL: the database system is starting up

Error: (02/19/2018 05:20:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/19/2018 05:17:28 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2018-02-19 17:17:28 CETFATAL: the database system is starting up

Error: (02/19/2018 05:14:14 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2018-02-19 17:14:14 CETFATAL: the database system is starting up

Error: (02/19/2018 12:49:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/19/2018 12:48:04 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2018-02-19 12:48:04 CETFATAL: the database system is starting up

Error: (02/19/2018 02:17:09 AM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2018-02-19 02:17:09 CETERROR: prepared statement "insertplayer" already exists
2018-02-19 02:17:09 CETSTATEMENT: PREPARE INSERTPLAYER (text,smallint,integer,integer,smallint) AS Insert into players (playername,pokersite_id,cashhands,tourneyhands,optimizationstatus) values ($1,$2,$3,$4,$5) RETURNING player_id;

PREPARE CSUpdate (integer,integer,smallint,smallint,smallint,integer,
integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer)
as
Update CompiledPlayerResults set totalhands = totalhands + $6
, TotalAmountWonincents = TotalAmountWonincents + $7
, TotalRakeincents = TotalRakeincents + $8
, TotalBBsWon = TotalBBsWon + $9
, VPIPHands = VPIPHands + $10
, PFRHands = PFRHands + $11
, CouldColdCall = CouldColdCall + $12
, DidColdCall = DidColdCall + $13
, CouldThreeBet = CouldThreeBet + $14
, DidThreeBet = DidThreeBet + $15
, CouldSqueeze = CouldSqueeze + $16
, DidSqueeze = DidSqueeze + $17
, FacingTwoPreflopRaisers = FacingTwoPreflopRaisers + $18
, CalledTwoPreflopRaisers = CalledTwoPreflopRaisers + $19
, RaisedTwoPreflopRaisers = RaisedTwoPreflopRaisers + $20
, SmallBlindStealAttempted = SmallBlindStealAttempted + $21
, SmallBlindStealDefended = SmallBlindStealDefended + $22
, SmallBlindStealReraised = SmallBlindStealReraised + $23
, BigBlindStealAttempted = BigBlindStealAttempted + $24
, BigBlindStealDefended = BigBlindStealDefended + $25
, BigBlindStealReraised = BigBlindStealReraised + $26
, SawNonSmallShowdown = SawNonSmallShowdown + $27
, WonNonSmallShowdown = WonNonSmallShowdown + $28
, SawLargeShowdown = SawLargeShowdown + $29
, WonLargeShowdown = WonLargeShowdown + $30
, SawNonSmallShowdownLimpedFlop = SawNonSmallShowdownLimpedFlop + $31
, WonNonSmallShowdownLimpedFlop = WonNonSmallShowdownLimpedFlop + $32
, SawLargeShowdownLimpedFlop = SawLargeShowdownLimpedFlop + $33
, WonLargeShowdownLimpedFlop = WonLargeShowdownLimpedFlop + $34
, WonHand = WonHand + $35
, WonHandWhenSawFlop = WonHandWhenSawFlop + $36
, WonHandWhenSawTurn = WonHandWhenSawTurn + $37
, WonHandWhenSawRiver = WonHandWhenSawRiver + $38
, FacedThreeBetPreflop = FacedThreeBetPreflop + $39
, FoldedToThreeBetPreflop = FoldedToThreeBetPreflop + $40
, CalledThreeBetPreflop = CalledThreeBetPreflop + $41
, RaisedThreeBetPreflop = RaisedThreeBetPreflop + $42
, FacedFourBetPreflop = FacedFourBetPreflop + $43
, FoldedToFourBetPreflop = FoldedToFourBetPreflop + $44
, CalledFourBetPreflop = CalledFourBetPreflop + $45
, RaisedFourBetPreflop = RaisedFourBetPreflop + $46
, TurnFoldIPPassOnFlopCB = TurnFoldIPPassOnFlopCB + $47
, TurnCallIPPassOnFlopCB = TurnCallIPPassOnFlopCB + $48
, TurnRaiseIPPassOnFlopCB = TurnRaiseIPPassOnFlopCB + $49
, RiverFoldIPPassOnTurnCB = RiverFoldIPPassOnTurnCB + $50
, RiverCallIPPassOnTurnCB = RiverCallIPPassOnTurnCB + $51
, RiverRaiseIPPassOnTurnCB = RiverRaiseIPPassOnTurnCB + $52
, SawFlop = SawFlop + $53
, SawShowdown = SawShowdown + $54
, WonShowdown = WonShowdown + $55
, TotalBets = TotalBets + $56
, TotalCalls = TotalCalls + $57
, FlopContinuationBetPossible = FlopContinuationBetPossible + $58
, FlopContinuationBetMade = FlopContinuationBetMade + $59
, TurnContinuationBetPossible = TurnContinuationBetPossible + $60
, TurnContinuationBetMade = TurnContinuationBetMade + $61
, RiverContinuationBetPossible = RiverContinuationBetPossible + $62
, RiverContinuationBetMade = RiverContinuationBetMade + $63
, FacingFlopContinuationBet = FacingFlopContinuationBet + $64
, FoldedToFlopContinuationBet = FoldedToFlopContinuationBet + $65
, CalledFlopContinuationBet = CalledFlopContinuationBet + $66
, RaisedFlopContinuationBet = RaisedFlopContinuationBet + $67
, FacingTurnContinuationBet = FacingTurnContinuationBet + $68
, FoldedToTurnContinuationBet = FoldedToTurnContinuationBet + $69
, CalledTurnContinuationBet = CalledTurnContinuationBet + $70
, RaisedTurnContinuationBet = RaisedTurnContinuationBet + $71
, FacingRiverContinuationBet = FacingRiverContinuationBet + $72
, FoldedToRiverContinuationBet = FoldedToRiverContinuationBet + $73
, CalledRiverContinuationBet = CalledRiverContinuationBet + $74
, RaisedRiverContinuationBet = RaisedRiverContinuationBet + $75
, TotalPostFlopStreetsSeen = TotalPostFlopStreetsSeen + $76
, totalaggressivepostflopstreetsseen = totalaggressivepostflopstreetsseen + $77
where compiledplayerresults_id = (select compiledplayerresults_id from compiledplayerresults where player_id = $1
and playedyearandmonth = $2
and numberofplayers = $3
and gametype_id = $4
and bbgroup_id = $5 limit 1);


System errors:
=============
Error: (02/19/2018 07:54:54 PM) (Source: volmgr) (EventID: 45) (User: )
Description: Systému se nepodařilo úspěšně načíst ovladač výpisu stavu systému.

Error: (02/19/2018 07:54:52 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Inicializace výpisu stavu systému se nezdařila.

Error: (02/19/2018 07:54:52 PM) (Source: volmgr) (EventID: 45) (User: )
Description: Systému se nepodařilo úspěšně načíst ovladač výpisu stavu systému.

Error: (02/19/2018 07:53:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Služba seznamu sítí závisí na službě Sledování umístění v síti (NLA), která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.

Error: (02/19/2018 07:53:21 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: Služba DCOM zjistila chybu %%1068 = Nepodařilo se zahájit závislou službu nebo skupinu. při pokusu o spuštění služby fdPHost s argumenty za účelem spuštění serveru:
{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (02/19/2018 07:53:21 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: Služba DCOM zjistila chybu %%1068 = Nepodařilo se zahájit závislou službu nebo skupinu. při pokusu o spuštění služby fdPHost s argumenty za účelem spuštění serveru:
{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (02/19/2018 07:53:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Služba seznamu sítí závisí na službě Sledování umístění v síti (NLA), která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.

Error: (02/19/2018 07:53:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Služba seznamu sítí závisí na službě Sledování umístění v síti (NLA), která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.


Windows Defender:
===================================
Date: 2016-04-23 13:23:55.495
Description:
Prohledávání Windows Defender zjistilo chybu při pokusu o načtení podpisů a pokusí se o obnovení sady podpisů, jejichž správnost je potvrzena.
Podpisy, které se měly načíst:Aktuální
Kód chyby:0x80070002
Popis chyby:Systém nemůže nalézt uvedený soubor.
Verze podpisu:0.0.0.0
Verze modulu:0.0.0.0

CodeIntegrity:
===================================

Date: 2018-02-17 17:38:35.422
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-02-17 17:38:35.360
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-09-10 00:22:16.400
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-09-10 00:22:16.384
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-09-09 14:35:08.306
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-09-09 14:35:08.275
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-09-09 09:32:41.039
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-09-09 09:32:41.024
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3570 CPU @ 3.40GHz
Percentage of memory in use: 16%
Total physical RAM: 16317.65 MB
Available physical RAM: 13666.06 MB
Total Virtual: 32633.48 MB
Available Virtual: 29963.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:1.65 GB) NTFS
Drive f: () (Fixed) (Total:931.39 GB) (Free:546.29 GB) NTFS

\\?\Volume{87d98e28-f694-11e4-b3aa-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 119.2 GB) (Disk ID: A8664E11)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: B343F22A)

Partition: GPT.

==================== End of Addition.txt ============================

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu

Příspěvekod jaro3 » 19 úno 2018 21:44

Odinstaluj:
McAfee Security Scan

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
SearchScopes: HKLM-x32 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL =
SearchScopes: HKU\S-1-5-21-2896805088-437792320-3916761231-1000 -> {287B0028-ABB7-4899-BBB4-A4419B9B1C36} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_28314
SearchScopes: HKU\S-1-5-21-2896805088-437792320-3916761231-1000 -> {2A25CDDF-9589-4E6D-BFFD-40BD2FFFEA75} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_28314
SearchScopes: HKU\S-1-5-21-2896805088-437792320-3916761231-1000 -> {498A34E7-6673-4428-A563-3A037520CF66} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_28314
SearchScopes: HKU\S-1-5-21-2896805088-437792320-3916761231-1000 -> {61645204-122F-4B19-AB27-927D637E39DF} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_28314
SearchScopes: HKU\S-1-5-21-2896805088-437792320-3916761231-1000 -> {8745616F-B37E-49DC-A3FF-329A55543BDA} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_28314
SearchScopes: HKU\S-1-5-21-2896805088-437792320-3916761231-1000 -> {B5E9BDE9-7B72-4CE8-AA1F-7657E9F1D39D} URL = hxxp://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_28314
SearchScopes: HKU\S-1-5-21-2896805088-437792320-3916761231-1000 -> {C8EADEDE-EC66-4C94-893E-8A497F1051D8} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_28314
SearchScopes: HKU\S-1-5-21-2896805088-437792320-3916761231-1000 -> {E13B0731-49A7-4824-80C6-55A14B7DC0DC} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_28314
FF Extension: (No Name) - C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\w4szhopx.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
C:\32788R22FWJFW
C:\Users\Jenda\AppData\Local\Resmon.ResmonCfg
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Task: {2F7C8A0F-D3AC-43F0-A66F-8EB7D9DAA629} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-13] (Google Inc.)
Task: {492CD30B-3936-4271-AB15-1778BE78538B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-13] (Google Inc.)

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

Drive c: () (Fixed) (Total:119.14 GB) (Free:1.65 GB) NTFS
Totální nedostatek volného místa na disku!! Něco odinstaluj , smaž. Máš mít nejméně 15-20% volného místa na syst. disku , pro zajištění bezproblémového chodu windows!!
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Lagett
nováček
Příspěvky: 26
Registrován: říjen 17
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu

Příspěvekod Lagett » 19 úno 2018 23:28

Fix result of Farbar Recovery Scan Tool (x64) Version: 17.02.2018
Ran by Jenda (19-02-2018 23:25:47) Run:1
Running from C:\Users\Jenda\Desktop
Loaded Profiles: Jenda & postgres (Available Profiles: Jenda & postgres)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
SearchScopes: HKLM-x32 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL =
SearchScopes: HKU\S-1-5-21-2896805088-437792320-3916761231-1000 -> {287B0028-ABB7-4899-BBB4-A4419B9B1C36} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_28314
SearchScopes: HKU\S-1-5-21-2896805088-437792320-3916761231-1000 -> {2A25CDDF-9589-4E6D-BFFD-40BD2FFFEA75} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_28314
SearchScopes: HKU\S-1-5-21-2896805088-437792320-3916761231-1000 -> {498A34E7-6673-4428-A563-3A037520CF66} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_28314
SearchScopes: HKU\S-1-5-21-2896805088-437792320-3916761231-1000 -> {61645204-122F-4B19-AB27-927D637E39DF} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_28314
SearchScopes: HKU\S-1-5-21-2896805088-437792320-3916761231-1000 -> {8745616F-B37E-49DC-A3FF-329A55543BDA} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_28314
SearchScopes: HKU\S-1-5-21-2896805088-437792320-3916761231-1000 -> {B5E9BDE9-7B72-4CE8-AA1F-7657E9F1D39D} URL = hxxp://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_28314
SearchScopes: HKU\S-1-5-21-2896805088-437792320-3916761231-1000 -> {C8EADEDE-EC66-4C94-893E-8A497F1051D8} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_28314
SearchScopes: HKU\S-1-5-21-2896805088-437792320-3916761231-1000 -> {E13B0731-49A7-4824-80C6-55A14B7DC0DC} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_28314
FF Extension: (No Name) - C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\w4szhopx.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
C:\32788R22FWJFW
C:\Users\Jenda\AppData\Local\Resmon.ResmonCfg
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Task: {2F7C8A0F-D3AC-43F0-A66F-8EB7D9DAA629} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-13] (Google Inc.)
Task: {492CD30B-3936-4271-AB15-1778BE78538B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-13] (Google Inc.)

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKU\S-1-5-21-2896805088-437792320-3916761231-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{287B0028-ABB7-4899-BBB4-A4419B9B1C36}" => removed successfully
HKLM\Software\Classes\CLSID\{287B0028-ABB7-4899-BBB4-A4419B9B1C36} => key not found
"HKU\S-1-5-21-2896805088-437792320-3916761231-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2A25CDDF-9589-4E6D-BFFD-40BD2FFFEA75}" => removed successfully
HKLM\Software\Classes\CLSID\{2A25CDDF-9589-4E6D-BFFD-40BD2FFFEA75} => key not found
"HKU\S-1-5-21-2896805088-437792320-3916761231-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{498A34E7-6673-4428-A563-3A037520CF66}" => removed successfully
HKLM\Software\Classes\CLSID\{498A34E7-6673-4428-A563-3A037520CF66} => key not found
"HKU\S-1-5-21-2896805088-437792320-3916761231-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{61645204-122F-4B19-AB27-927D637E39DF}" => removed successfully
HKLM\Software\Classes\CLSID\{61645204-122F-4B19-AB27-927D637E39DF} => key not found
"HKU\S-1-5-21-2896805088-437792320-3916761231-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8745616F-B37E-49DC-A3FF-329A55543BDA}" => removed successfully
HKLM\Software\Classes\CLSID\{8745616F-B37E-49DC-A3FF-329A55543BDA} => key not found
"HKU\S-1-5-21-2896805088-437792320-3916761231-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B5E9BDE9-7B72-4CE8-AA1F-7657E9F1D39D}" => removed successfully
HKLM\Software\Classes\CLSID\{B5E9BDE9-7B72-4CE8-AA1F-7657E9F1D39D} => key not found
"HKU\S-1-5-21-2896805088-437792320-3916761231-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C8EADEDE-EC66-4C94-893E-8A497F1051D8}" => removed successfully
HKLM\Software\Classes\CLSID\{C8EADEDE-EC66-4C94-893E-8A497F1051D8} => key not found
"HKU\S-1-5-21-2896805088-437792320-3916761231-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E13B0731-49A7-4824-80C6-55A14B7DC0DC}" => removed successfully
HKLM\Software\Classes\CLSID\{E13B0731-49A7-4824-80C6-55A14B7DC0DC} => key not found
C:\Users\Jenda\AppData\Roaming\Mozilla\Firefox\Profiles\w4szhopx.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} => path removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\System\CurrentControlSet\Services\AppMgmt" => removed successfully
AppMgmt => service removed successfully
C:\32788R22FWJFW => moved successfully
C:\Users\Jenda\AppData\Local\Resmon.ResmonCfg => moved successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2F7C8A0F-D3AC-43F0-A66F-8EB7D9DAA629} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F7C8A0F-D3AC-43F0-A66F-8EB7D9DAA629} => could not remove key. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{492CD30B-3936-4271-AB15-1778BE78538B} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{492CD30B-3936-4271-AB15-1778BE78538B} => could not remove key. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => could not remove key. ErrorCode1: 0x00000002

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15548385 B
Java, Flash, Steam htmlcache => 218374003 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 32302798 B
Firefox => 57830109 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33186 B
systemprofile32 => 33058 B
LocalService => 33125 B
NetworkService => 0 B
Jenda => 37594816 B
UpdatusUser => 0 B
postgres => 0 B

RecycleBin => 0 B
EmptyTemp: => 345 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 19-02-2018 23:27:41)


Result of scheduled keys to remove after reboot:

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2F7C8A0F-D3AC-43F0-A66F-8EB7D9DAA629}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F7C8A0F-D3AC-43F0-A66F-8EB7D9DAA629}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{492CD30B-3936-4271-AB15-1778BE78538B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{492CD30B-3936-4271-AB15-1778BE78538B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully

==== End of Fixlog 23:27:41 ====

Uživatelský avatar
Orcus
člen Security týmu
Elite Level 10.5
Elite Level 10.5
Příspěvky: 10645
Registrován: duben 10
Bydliště: Okolo rostou 3 růže =o)
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu

Příspěvekod Orcus » 20 úno 2018 08:44

Udělal si volné místo na disku? Je to nyní lepší?
Láska hřeje, ale uhlí je uhlí. :fire:



Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.

Pár rad k bezpečnosti PC.

Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix

Pokud budete spokojeni , můžete podpořit naše fórum.

Lagett
nováček
Příspěvky: 26
Registrován: říjen 17
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu

Příspěvekod Lagett » 20 úno 2018 21:19

nyni mam 16gb, jeste sem nemel moznost to vyzkouset, dam vedet, diky :)

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu

Příspěvekod jaro3 » 20 úno 2018 22:11

to je stále málo , je to 10% , bude to lepší , ale pro windows je to nedostatečně. Zkus 15% .
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Lagett
nováček
Příspěvky: 26
Registrován: říjen 17
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu

Příspěvekod Lagett » 20 úno 2018 22:42

stáhnul sem to na 21gb, coz je 17% to by mel ostacit, vic uz asi nedam

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu

Příspěvekod jaro3 » 21 úno 2018 18:03

OK , co problémy?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 6 hostů