zasekává se mi pc, prosím o kontrolu logů.

Příspěvekod **jaro3** » 16 říj 2017 22:32

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-1946532270-2715632215-171416604-1001\...\MountPoints2: {e819a6ee-2e44-11e7-84c3-1c1b0d7ce751} - "K:\HiSuiteDownLoader.exe"
ShortcutTarget: Twitch.lnk -> C:\Users\teikq\AppData\Roaming\Twitch\Bin\Twitch.exe (No File)
SearchScopes: HKU\S-1-5-21-1946532270-2715632215-171416604-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [enafhpjmlnpmbdnbpjkihmadnkfnpiim] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
C:\Users\teikq\AppData\Local\yc
C:\ProgramData\flwjycbm.bab

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt

Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

CHR Extension: (Визуальные Закладки Mail.Ru) -- používáš ho?

Reklama

TeIkQ · Příspěvekod **TeIkQ** » 17 říj 2017 01:22

tady:

Fix result of Farbar Recovery Scan Tool (x64) Version: 16-10-2017
Ran by teikq (17-10-2017 00:40:46) Run:2
Running from C:\Users\teikq\Desktop
Loaded Profiles: teikq (Available Profiles: defaultuser0 & teikq & postgres)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-1946532270-2715632215-171416604-1001\...\MountPoints2: {e819a6ee-2e44-11e7-84c3-1c1b0d7ce751} - "K:\HiSuiteDownLoader.exe"
ShortcutTarget: Twitch.lnk -> C:\Users\teikq\AppData\Roaming\Twitch\Bin\Twitch.exe (No File)
SearchScopes: HKU\S-1-5-21-1946532270-2715632215-171416604-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [enafhpjmlnpmbdnbpjkihmadnkfnpiim] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
C:\Users\teikq\AppData\Local\yc
C:\ProgramData\flwjycbm.bab

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKU\S-1-5-21-1946532270-2715632215-171416604-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e819a6ee-2e44-11e7-84c3-1c1b0d7ce751} => key not found.
HKLM\Software\Classes\CLSID\{e819a6ee-2e44-11e7-84c3-1c1b0d7ce751} => key not found.
C:\Users\teikq\AppData\Roaming\Twitch\Bin\Twitch.exe => not found.
HKU\S-1-5-21-1946532270-2715632215-171416604-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} => key not found.
HKLM\Software\Classes\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\enafhpjmlnpmbdnbpjkihmadnkfnpiim => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key not found.
"C:\Users\teikq\AppData\Local\yc" => not found.
"C:\ProgramData\flwjycbm.bab" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 2112608 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 8618884 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 58916 B
NetworkService => 7968 B
defaultuser0 => 0 B
teikq => 6038585 B
postgres => 0 B
postgres.DESKTOP-7RPTDON => 0 B

RecycleBin => 0 B
EmptyTemp: => 16.1 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 00:41:06 ====

Nn, nepoužívám, stáhlo se mi to samo.. to je doplňěk ? Ho tu nevidím (chrome://extensions). Mám to jako domovskou stránku v chromu, zkoušel jsem jí změnit, ale asi špatně, páč to tam pořád je.

Příspěvekod **jaro3** » 17 říj 2017 10:44

CHR Extension: (Визуальные Закладки Mail.Ru) - C:\Users\teikq\AppData\Local\Google\Chrome\User Data\Default\Extensions\enafhpjmlnpmbdnbpjkihmadnkfnpiim [2017-10-16]

smažeme potom.

Nedodal si log z Addition.txt ...
je tady:
C:\FRST\Logs

TeIkQ · Příspěvekod **TeIkQ** » 17 říj 2017 13:47

Omlouvám se, zapomněl jsem. Tady je:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-10-2017
Ran by teikq (16-10-2017 21:09:41)
Running from C:\Users\teikq\Desktop
Windows 10 Home Version 1607 170917-1700 (X64) (2017-04-15 14:56:40)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1946532270-2715632215-171416604-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1946532270-2715632215-171416604-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1946532270-2715632215-171416604-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-1946532270-2715632215-171416604-501 - Limited - Disabled)
postgres (S-1-5-21-1946532270-2715632215-171416604-1007 - Limited - Enabled) => C:\Users\postgres.DESKTOP-7RPTDON
teikq (S-1-5-21-1946532270-2715632215-171416604-1001 - Administrator - Enabled) => C:\Users\teikq

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1946532270-2715632215-171416604-1001\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.)
Active Directory Authentication Library for SQL Server (HKLM\...\{32C0D7B2-1046-43AC-98AD-B748E1910916}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (HKLM-x32\...\{F40FA676-46B1-4609-85EF-D2F1F79E0C0E}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.7.2314 - AVAST Software)
Azure AD Authentication Connected Service (HKLM-x32\...\{8A1AD070-269F-4A15-AAB5-76AB896EF195}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
Combonator version 1.75 (HKLM-x32\...\{1E8A5FB7-0573-4083-823B-B4E31962F0BC}_is1) (Version: 1.75 - Fuse Media LLC)
CPUID HWMonitor 1.33 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.33 - )
CrystalDiskInfo 7.0.5 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.0.5 - Crystal Dew World)
Dotfuscator and Analytics Community Edition 5.22.0 (HKLM-x32\...\{60018889-9E0F-43E8-9B89-29E8C828B40A}) (Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
Entity Framework 6.1.3 Tools for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
f.lux (HKU\S-1-5-21-1946532270-2715632215-171416604-1001\...\Flux) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Holdem Manager 2 (HKLM-x32\...\HoldemManager2) (Version: - )
HWiNFO64 Version 5.58 (HKLM\...\HWiNFO64_is1) (Version: 5.58 - Martin Malík - REALiX)
IIS 10.0 Express (HKLM\...\{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}) (Version: 10.0.1736 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - )
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
KB4023057 (HKLM\...\{0C050BEE-16BE-4998-8959-2A421433DB6E}) (Version: 2.5.0.0 - Microsoft Corporation)
League of Legends (HKLM-x32\...\{E80C09B5-A296-47E9-BD4B-BCCF2FDCA13E}) (Version: 4.1.2 - Riot Games) Hidden
LibreOffice 5.3.3.2 (HKLM\...\{DB76C19A-1E2A-4A8F-9AB7-3FC315EC57C7}) (Version: 5.3.3.2 - The Document Foundation)
Malwarebytes verze 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Medal of Honor - Allied Assault War Chest (HKLM-x32\...\Medal of Honor - Allied Assault War Chest_is1) (Version: - GOG.com)
Medal of Honor Allied Assault v 1.0.0.1 (HKLM-x32\...\Medal of Honor Allied Assault v 1.0.0.1_is1) (Version: - .)
MetaTrader 5 (HKLM\...\MetaTrader 5) (Version: 5.00 - MetaQuotes Software Corp.)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (čeština) (HKLM-x32\...\{E249803A-BD5B-4FDC-A630-976C2971F5B4}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (čeština) (HKLM-x32\...\{25C7677B-0398-46A3-A0EE-7B393D20FA30}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1946532270-2715632215-171416604-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects (HKLM-x32\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects (x64) (HKLM\...\{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service (HKLM-x32\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM-x32\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
MSBuild/NuGet Integration 14.0 (x86) (HKLM-x32\...\{128C1654-3B9E-4959-8BFB-CE6F09C0A01D}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 20.0.1 - OBS Project)
PokerStars.cz (HKLM-x32\...\PokerStars.cz) (Version: - PokerStars.cz)
PokerStrategy.com Equilab (HKLM-x32\...\{86D09F48-CDAB-4B4C-8806-F6C16F17935A}) (Version: 1.2.8.0 - PokerStrategy.com)
PostgreSQL 8.4 (HKLM-x32\...\PostgreSQL 8.4) (Version: 8.4 - PostgreSQL Global Development Group)
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT (HKLM-x32\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
Prohlížeč Seznam.cz (HKU\S-1-5-21-1946532270-2715632215-171416604-1001\...\Seznam Browser) (Version: - Seznam.cz a.s.)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.0 r2746 - )
Roslyn Language Services - x86 (HKLM-x32\...\{6970C7E1-F99D-388D-8903-DF8FCE677FED}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
Spotify (HKU\S-1-5-21-1946532270-2715632215-171416604-1001\...\Spotify) (Version: 1.0.64.399.g4637b02a - Spotify AB)
StarsHelper (HKLM-x32\...\StarsHelper) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (HKLM-x32\...\{7A95671A-759E-3B83-B763-4289D1D24D73}) (Version: 14.102.25619 - Microsoft) Hidden
Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
TN2 (HKLM-x32\...\{5EA9A919-61B4-42A0-B057-511DA81FC240}) (Version: 2.6.13 - PASG)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.10 release candidate 1 - Ghisler Software GmbH)
Twitch (HKU\S-1-5-21-1946532270-2715632215-171416604-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
TypeScript Power Tool (HKLM-x32\...\{465ACA24-B8D6-4FEC-A42D-9EFCB92CD560}) (Version: 1.8.34.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{BA5762C7-D35F-4725-A4BD-525854127018}) (Version: 1.8.36.0 - Microsoft Corporation) Hidden
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VS Update core components (HKLM-x32\...\{B2918D01-1D89-34D3-87EF-A28121BC6EB7}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
vs_update3notification (HKLM-x32\...\{AB3DF932-C990-34D4-BF43-970F760DA3CD}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
WinRAR 5.50 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.1 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-14] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-14] (AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-04-13] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-04-13] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-14] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-14] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-04-13] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-04-13] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0935D619-A6E3-41D7-BF2C-18D70C669FEF} - System32\Tasks\SafeZone scheduled Autoupdate 1492269550 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {29BC23D4-E473-48E3-A861-66A45BD01A9E} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
Task: {433348B4-23DB-4740-9A44-47ECC1D894D4} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-10-14] (AVAST Software)
Task: {98F9C980-2DD5-4CC7-92A9-39CA4AB0E477} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-15] (Google Inc.)
Task: {C11B2E83-AE9C-4928-879E-E2D66C45B0D2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-15] (Google Inc.)
Task: {C97A5DBA-7D46-4DF7-9E08-753EB66CCAD1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
Task: {D1C1F04A-1220-4BCF-982C-407E862F2D34} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {F8BD2671-6118-44B0-A9CA-3B78EE19B49F} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-7RPTDON-teikq => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-26] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 13:42 - 2016-07-16 13:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-10-01 00:43 - 2017-09-07 08:01 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-10-05 12:39 - 2017-10-11 07:27 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-10-05 12:39 - 2017-10-11 07:27 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-04-15 21:05 - 2016-09-07 06:56 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-04-15 21:05 - 2017-03-04 08:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-04-15 21:02 - 2017-03-04 08:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-04-15 21:02 - 2017-03-04 08:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-04-15 21:02 - 2017-03-04 08:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-10-10 20:32 - 2017-09-18 04:14 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-10-10 20:32 - 2017-09-18 04:16 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-10-14 23:40 - 2017-10-14 23:40 - 000067408 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2017-09-29 19:27 - 2017-09-21 09:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-29 19:27 - 2017-09-21 09:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2017-04-15 17:43 - 2017-04-15 17:44 - 001695440 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8600.40525.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2017-05-25 22:39 - 2014-07-22 11:00 - 000172032 _____ () C:\Program Files (x86)\PostgreSQL\8.4\bin\LIBPQ.dll
2017-05-25 22:40 - 2012-08-14 15:19 - 000999424 _____ () C:\Program Files (x86)\PostgreSQL\8.4\bin\libxml2.dll
2017-10-14 23:40 - 2017-10-14 23:40 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-10-14 23:40 - 2017-10-14 23:40 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-09-15 19:27 - 2017-09-15 19:27 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-10-14 23:40 - 2017-10-14 23:40 - 000217088 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-10-14 23:40 - 2017-10-14 23:40 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-10-14 23:40 - 2017-10-14 23:40 - 000234280 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-10-14 23:40 - 2017-10-14 23:40 - 000700656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 13:47 - 2017-10-16 20:01 - 000000753 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1946532270-2715632215-171416604-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1946532270-2715632215-171416604-1007\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 52.56.51.39 - 178.132.6.57
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKU\S-1-5-21-1946532270-2715632215-171416604-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-1946532270-2715632215-171416604-1001\...\StartupApproved\Run: => "f.lux"
HKU\S-1-5-21-1946532270-2715632215-171416604-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1946532270-2715632215-171416604-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1946532270-2715632215-171416604-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1946532270-2715632215-171416604-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1946532270-2715632215-171416604-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D55451CD-D678-4878-84D8-2F3D37EE21A4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{112B67CC-C86D-4859-9259-8DB24BBD8398}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{529B24B9-1D2D-4FA9-83EE-14DBDAC9941A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E3D38111-BA9D-4E2C-8673-7DA6E05C9FAF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E17022B1-B51B-486E-8C39-13CB636B80A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{EFC364C7-0EE2-4D4B-89CD-8D67F7A67A46}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [TCP Query User{A3D7D056-6FCA-4DDE-90A8-71D4904F50C3}C:\counter-strike 1.6\hl.exe] => (Allow) C:\counter-strike 1.6\hl.exe
FirewallRules: [UDP Query User{7222192E-3EF1-41C4-AA0A-A4C877ACA511}C:\counter-strike 1.6\hl.exe] => (Allow) C:\counter-strike 1.6\hl.exe
FirewallRules: [{EA090752-0AD7-4451-9946-86B428E8DC24}] => (Allow) C:\Program Files\MetaTrader 5\metatester64.exe
FirewallRules: [{8AB0C693-0372-4E7E-A2D3-D575FAE0F110}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{FBF712DF-3D1E-4DF3-886D-5D435DC7C0AE}] => (Allow) LPort=5432
FirewallRules: [{1A8A9887-CEAB-45A1-8FDC-D6CBFAC7586F}] => (Allow) C:\Users\teikq\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1AF363BD-1020-4F8B-B508-04B6C2DE83FD}] => (Allow) C:\Users\teikq\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AAAB4F52-A7E5-4F54-981B-EBCEF9F7328E}] => (Allow) C:\Users\teikq\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{76A1AEFC-366B-47CA-8929-A06B1FD9987F}] => (Allow) C:\Users\teikq\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F742D60A-8291-4BFC-94B0-9DA3546872F4}] => (Allow) C:\Users\teikq\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C6D97B67-CDB2-4B70-9D7A-0162F320C1BC}] => (Allow) C:\Users\teikq\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{B4655901-44DC-4B84-89E1-D5706A38F0A9}C:\users\teikq\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\teikq\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{8B863390-034D-46D4-AE61-81CBF32197C1}C:\users\teikq\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\teikq\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{CA702912-FF35-4EA0-8A31-F71FF5BCED9A}C:\program files (x86)\gog.com\medal of honor\mohaa.exe] => (Allow) C:\program files (x86)\gog.com\medal of honor\mohaa.exe
FirewallRules: [UDP Query User{1A22BD7F-4B4C-4D5D-86F4-F6E138BFAC52}C:\program files (x86)\gog.com\medal of honor\mohaa.exe] => (Allow) C:\program files (x86)\gog.com\medal of honor\mohaa.exe
FirewallRules: [TCP Query User{31CDC022-EB85-4DAE-B86E-A0FE9193C1AF}C:\program files (x86)\gog.com\medal of honor\moh_spearhead.exe] => (Allow) C:\program files (x86)\gog.com\medal of honor\moh_spearhead.exe
FirewallRules: [UDP Query User{F8EA9E19-B227-45C6-A93A-67833746A5B8}C:\program files (x86)\gog.com\medal of honor\moh_spearhead.exe] => (Allow) C:\program files (x86)\gog.com\medal of honor\moh_spearhead.exe
FirewallRules: [TCP Query User{A40C17EC-704B-4065-B5D8-6C3FEB21DD62}C:\program files (x86)\gog.com\medal of honor\moh_breakthrough.exe] => (Allow) C:\program files (x86)\gog.com\medal of honor\moh_breakthrough.exe
FirewallRules: [UDP Query User{A4570537-A8BE-4A69-9056-CEC260D6F56D}C:\program files (x86)\gog.com\medal of honor\moh_breakthrough.exe] => (Allow) C:\program files (x86)\gog.com\medal of honor\moh_breakthrough.exe
FirewallRules: [{044727D5-CE18-40BC-B992-66F7292BA170}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{806A0844-2DA8-43F8-BD3F-271E41838553}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [{A27DE1A7-8457-489A-A683-A8E518308473}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{95C40F07-3CA0-4AAA-AF39-8705B95F0675}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe

==================== Restore Points =========================

13-10-2017 13:07:28 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
15-10-2017 14:11:49 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/16/2017 03:43:49 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.

Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (10/16/2017 03:42:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.

Error: (10/16/2017 02:35:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: wmiprvse.exe, verze: 10.0.14393.0, časové razítko: 0x57899ab2
Název chybujícího modulu: ntdll.dll, verze: 10.0.14393.1715, časové razítko: 0x59b0d03e
Kód výjimky: 0xc0000374
Posun chyby: 0x00000000000f8363
ID chybujícího procesu: 0x790
Čas spuštění chybující aplikace: 0x01d3467aea7f44b8
Cesta k chybující aplikaci: C:\WINDOWS\system32\wbem\wmiprvse.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
ID zprávy: 808a67ba-4a6b-4c72-9267-ad6c54522398
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (10/16/2017 02:33:57 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (10/16/2017 02:33:57 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (10/16/2017 02:33:26 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (10/16/2017 12:34:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: wmiprvse.exe, verze: 10.0.14393.0, časové razítko: 0x57899ab2
Název chybujícího modulu: msvcrt.dll, verze: 7.0.14393.0, časové razítko: 0x57899b47
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000005b1bd
ID chybujícího procesu: 0x11a0
Čas spuštění chybující aplikace: 0x01d34605862e55d1
Cesta k chybující aplikaci: C:\WINDOWS\system32\wbem\wmiprvse.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\msvcrt.dll
ID zprávy: bd3e9d04-7204-4545-926b-7db8c62c480e
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (10/16/2017 12:33:33 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (10/16/2017 12:33:33 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (10/16/2017 12:33:06 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

System errors:
=============
Error: (10/16/2017 08:49:57 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Správce stažených map přestala během spouštění reagovat.

Error: (10/16/2017 08:47:52 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Optimalizace doručení přestala během spouštění reagovat.

Error: (10/16/2017 08:42:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
a APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (10/16/2017 08:40:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (10/16/2017 08:24:10 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (10/16/2017 08:24:09 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (10/16/2017 08:24:09 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (10/16/2017 08:24:09 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (10/16/2017 08:24:08 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (10/16/2017 07:41:20 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Správce stažených map přestala během spouštění reagovat.

CodeIntegrity:
===================================
Date: 2017-10-09 12:42:08.041
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-10-09 12:42:07.747
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\aepic.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD Phenom(tm) II X6 1065T Processor
Percentage of memory in use: 42%
Total physical RAM: 6653.55 MB
Available physical RAM: 3827.27 MB
Total Virtual: 7741.55 MB
Available Virtual: 4816.24 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:219.38 GB) (Free:50.54 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or

(Size: 232.9 GB) (Disk ID: 0007C64A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=219.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=13 GB) - (Type=05)

==================== End of Addition.txt ============================

Příspěvekod **jaro3** » 17 říj 2017 17:47

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
CHR Extension: (Визуальные Закладки Mail.Ru) - C:\Users\teikq\AppData\Local\Google\Chrome\User Data\Default\Extensions\enafhpjmlnpmbdnbpjkihmadnkfnpiim [2017-10-16]
Task: {98F9C980-2DD5-4CC7-92A9-39CA4AB0E477} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-15] (Google Inc.)
Task: {C11B2E83-AE9C-4928-879E-E2D66C45B0D2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-15] (Google Inc.)

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt

Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

Windows Firewall is disabled. ---- máš vypnutý firewall??

TeIkQ · Příspěvekod **TeIkQ** » 18 říj 2017 03:12

Fix result of Farbar Recovery Scan Tool (x64) Version: 16-10-2017
Ran by teikq (18-10-2017 02:58:22) Run:3
Running from C:\Users\teikq\Desktop
Loaded Profiles: teikq & postgres (Available Profiles: defaultuser0 & teikq & postgres)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CHR Extension: (Визуальные Закладки Mail.Ru) - C:\Users\teikq\AppData\Local\Google\Chrome\User Data\Default\Extensions\enafhpjmlnpmbdnbpjkihmadnkfnpiim [2017-10-16]
Task: {98F9C980-2DD5-4CC7-92A9-39CA4AB0E477} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-15] (Google Inc.)
Task: {C11B2E83-AE9C-4928-879E-E2D66C45B0D2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-15] (Google Inc.)

EmptyTemp:
End
*****************

Processes closed successfully.
CHR Extension: (Визуальные Закладки Mail.Ru) - C:\Users\teikq\AppData\Local\Google\Chrome\User Data\Default\Extensions\enafhpjmlnpmbdnbpjkihmadnkfnpiim [2017-10-16] => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{98F9C980-2DD5-4CC7-92A9-39CA4AB0E477} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98F9C980-2DD5-4CC7-92A9-39CA4AB0E477} => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C11B2E83-AE9C-4928-879E-E2D66C45B0D2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C11B2E83-AE9C-4928-879E-E2D66C45B0D2} => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5485508 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 2324 B
Edge => 0 B
Chrome => 718373181 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 8162 B
NetworkService => 0 B
defaultuser0 => 0 B
teikq => 10263830 B
postgres => 0 B
postgres.DESKTOP-7RPTDON => 0 B

RecycleBin => 0 B
EmptyTemp: => 700.1 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 02:58:51 ====

Twl, na ten firewall jsem úplně zapomněl :crazy:

, už je zaplý, tak snad toho žádný malware nevyužil :evil:

Příspěvekod **jaro3** » 18 říj 2017 09:31

OK.

Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt
Další odkazy:
http://ccm.net/download/download-24087-delfix
https://www.bleepingcomputer.com/download/delfix/

Co problémy?

TeIkQ · Příspěvekod **TeIkQ** » 18 říj 2017 21:41

# DelFix v1.013 - Logfile created 18/10/2017 at 21:00:47
# Updated 17/04/2016 by Xplode
# Username : teikq - DESKTOP-7RPTDON
# Operating System : Windows 10 Home (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\zoek-results2017-10-16-134907.log
Deleted : C:\Users\teikq\Desktop\Fixlog.txt
Deleted : C:\Users\teikq\Desktop\FRST64.exe
Deleted : C:\Users\teikq\Downloads\AdwCleaner.exe
Deleted : C:\Users\teikq\Downloads\FRST.exe
Deleted : C:\Users\teikq\Downloads\FRST64.exe
Deleted : C:\Users\teikq\Downloads\JRT.exe
Deleted : C:\Users\teikq\Downloads\hijackthis.exe
Deleted : C:\Users\teikq\Downloads\RogueKiller_portable64.exe
Deleted : C:\Users\teikq\Downloads\TFC.exe
Deleted : C:\Users\teikq\Downloads\zoek (1).exe
Deleted : C:\Users\teikq\Downloads\zoek.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Cleaning system restore ...

Deleted : RP #40 [JRT Pre-Junkware Removal | 10/15/2017 12:11:49]

New restore point created !

########## - EOF - ##########

Vypadá to, že je to čisté, počítač se už neseká. Já už se bál že mám v haj*lu hdd, ale naštěstí to přece jen byl ten bordel.
Vážně, díky za pomoc ! :)

Příspěvekod **jaro3** » 18 říj 2017 22:15

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

TeIkQ · Příspěvekod **TeIkQ** » 18 říj 2017 23:01

Okie, ještě jednou díky za pomoc.

zasekává se mi pc, prosím o kontrolu logů. Vyřešeno

Re: zasekává se mi pc, prosím o kontrolu logů. Vyřešeno

Re: zasekává se mi pc, prosím o kontrolu logů.

Re: zasekává se mi pc, prosím o kontrolu logů.

Re: zasekává se mi pc, prosím o kontrolu logů.

Re: zasekává se mi pc, prosím o kontrolu logů.

Re: zasekává se mi pc, prosím o kontrolu logů.

Re: zasekává se mi pc, prosím o kontrolu logů.

Re: zasekává se mi pc, prosím o kontrolu logů.

Re: zasekává se mi pc, prosím o kontrolu logů.

Re: zasekává se mi pc, prosím o kontrolu logů.

Kdo je online