!!!ČÁST 4!!!
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by honza (12-01-2018 18:19:59)
Running from C:\Users\honza\Desktop
Windows 10 Pro Version 1703 15063.850 (X64) (2017-10-06 11:35:45)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3112688569-585586772-3143591606-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3112688569-585586772-3143591606-503 - Limited - Disabled)
Guest (S-1-5-21-3112688569-585586772-3143591606-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3112688569-585586772-3143591606-1003 - Limited - Enabled)
honza (S-1-5-21-3112688569-585586772-3143591606-1001 - Administrator - Enabled) => C:\Users\honza
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-3112688569-585586772-3143591606-1001\...\uTorrent) (Version: 3.5.0.44178 - BitTorrent Inc.)
7-Zip 17.01 beta (x64) (HKLM\...\7-Zip) (Version: 17.01 beta - Igor Pavlov)
8GadgetPack (HKLM-x32\...\{36E60904-D465-40F7-82A7-A9C7A84C29B7}) (Version: 24.0.0 - 8GadgetPack.net)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.0 - Adobe Systems Incorporated)
Adobe Illustrator CS6 (HKLM-x32\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)
Altap Salamander 2.54 (HKLM-x32\...\Altap Salamander 2.54) (Version: 2.54 - ALTAP)
Altap Salamander 3.08 (x64) (HKLM\...\Altap Salamander 3.08 (x64)) (Version: 3.08 - ALTAP)
Aplikace Intel® PROSet/Wireless (HKLM-x32\...\{de9d82da-dc00-4586-97fe-1b0021f2246d}) (Version: 19.2.0 - Intel Corporation)
ArcGIS 10.4 License Manager (HKLM-x32\...\{E1393226-725C-42F8-A672-4E5AC55EFBDE}) (Version: 10.4.5524 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS 10.4 License Manager (HKLM-x32\...\ArcGIS 10.4 License Manager) (Version: 10.4.5524 - Environmental Systems Research Institute, Inc.)
ArcGIS 10.4.1 for Desktop (HKLM-x32\...\{CB0C9578-75CB-45E5-BD81-A600BA33B0C3}) (Version: 10.4.5686 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS 10.4.1 for Desktop (HKLM-x32\...\ArcGIS 10.4.1 for Desktop) (Version: 10.4.5686 - Environmental Systems Research Institute, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.9.2322 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform)
Counter-Strike 1.6 v43g (HKU\S-1-5-21-3112688569-585586772-3143591606-1001\...\Counter-Strike 1.6_is1) (Version: - Valve)
Dell Digital Delivery (HKLM-x32\...\{7294961D-6EC1-4418-9017-0180A0C78A91}) (Version: 3.2.1006.0 - Dell Products, LP)
Dell SupportAssistAgent (HKLM\...\{8D7B279C-A661-465C-9658-F62FBD6A6B91}) (Version: 2.1.3.5 - Dell)
Dell Update - SupportAssist Update Plugin (HKLM\...\{6E43CF20-4BAC-4D88-A52E-1BD85320192B}) (Version: 3.0.0.2840 - Dell Inc.)
Empire Earth II (HKLM-x32\...\{DF315348-721C-40B8-BAE2-58C6C7D935A2}) (Version: - )
Empire Earth II Gold Edition (HKLM-x32\...\Empire Earth II Gold Edition_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Inkscape 0.92.2 (HKLM-x32\...\Inkscape) (Version: 0.92.2 - Inkscape Project)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11002.3418 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1045 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4799 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.2.1030 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{97F4CEAE-8F2B-4012-93CC-75428373214D}) (Version: 19.00.1621.3340 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.9177.0 - Waves Audio Ltd.) Hidden
Microsoft Office 365 - cs-cz (HKLM\...\O365HomePremRetail - cs-cz) (Version: 16.0.8730.2175 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3112688569-585586772-3143591606-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
MiniTool Partition Wizard Free 10.2.2 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.5.1 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}) (Version: 9.09.1112 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8730.2175 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2175 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2175 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.8730.2175 - Microsoft Corporation) Hidden
OpenOffice 4.1.4 (HKLM-x32\...\{BDB210E1-06C5-451F-BDAC-C18DDC7C2F14}) (Version: 4.14.9788 - Apache Software Foundation)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
QGIS 2.18.13 'Las Palmas' (HKLM\...\QGIS 2.18) (Version: - QGIS Development Team)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.17.016 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8142 - Realtek Semiconductor Corp.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
spacedesk Windows DRIVER (HKLM\...\{1CDB62B4-D807-4EF0-A810-E5F705E39A8F}) (Version: 0.9.972.0 - datronicsoft Inc.)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0079 - ST Microelectronics)
Synaptics WBF Driver 5011 (11) (HKLM\...\{87B6C8C9-2301-4BE4-9724-C78AF0891F55}) (Version: 4.5.314.0 - Synaptics)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{1F3E59DD-7DCE-4103-9528-57DA43134312}) (Version: 2.9.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
Windows Desktop Gadgets (HKLM\...\Windows Desktop Gadgets_is1) (Version: 2.0 - hxxp://gadgetsrevived.com)
Wise Auto Shutdown 1.6.2 (HKLM-x32\...\Wise Auto Shutdown_is1) (Version: 1.6.2 - WiseCleaner.com, Inc.)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3112688569-585586772-3143591606-1001_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3112688569-585586772-3143591606-1001_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\honza\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-3112688569-585586772-3143591606-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\honza\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-3112688569-585586772-3143591606-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Audio Ltd)
CustomCLSID: HKU\S-1-5-21-3112688569-585586772-3143591606-1001_Classes\CLSID\{C78B614E-F3EA-11D2-94A1-00E0292A01E3}\InprocServer32 -> C:\Program Files\Altap Salamander\utils\salextx64.dll (ALTAP)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-05] (AVAST Software)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-05] (AVAST Software)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-01-12] ()
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2017-08-29] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-05] (AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-05] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\System32\DriverStore\FileRepository\ki124538.inf_amd64_38801626506e1429\igfxDTCM.dll [2017-09-27] (Intel Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-01-12] ()
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-05] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0532133B-5BC0-4172-9026-6BA3FFAA3AC8} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-01-12] (Microsoft Corporation)
Task: {07A82510-E607-4CF2-AFDC-67C443C3BE78} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-07] (AVAST Software)
Task: {100CC5A0-F905-4195-A6F2-B17534932456} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-09-05] (Oracle Corporation)
Task: {14A08720-A025-4F04-9D9A-7EC995AEC6EC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-20] (Piriform Ltd)
Task: {3D78F9E9-4D78-49C7-AB3E-EF9A1637BC33} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-12-22] (Dell Inc.)
Task: {4B9899EB-911F-4A67-9037-AAC3AD308887} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {4F61066C-0D22-44A4-938B-467727E285AD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-06] (Google Inc.)
Task: {55237CD1-A9A6-4AA0-B757-5AE8CD63D244} - System32\Tasks\qacOUAiUfjXn => C:\Program Files (x86)\uWiiwHfuJiKta.bat [2017-03-18] () <==== ATTENTION
Task: {57CE572E-0FB5-429E-B1E2-D11D0E0585B1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {5C556706-7F0A-4D0A-A05A-5A182F294BE0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-06] (Google Inc.)
Task: {65B021F1-E824-400C-AC76-A84E2B0300E7} - System32\Tasks\wRoOQ => C:\Users\honza\AppData\Local\kTaAyUTOs.bat [2017-03-18] () <==== ATTENTION
Task: {8175DCC8-64F4-4113-BF9B-8D538DBED3E1} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-10-13] (Intel(R) Corporation)
Task: {A99A92EF-09F7-449B-9985-1084CFDA73F0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-01-02] (Microsoft Corporation)
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Acrobat Update Task" /ENABLE
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\AdobeAAMUpdater-1.0-MicrosoftAccount-honza.ch88@gmail.com" /ENABLE
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\AVGPCTuneUp_Task_BkGndMaintenance" /ENABLE
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\CCleanerSkipUAC" /ENABLE
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\Dell SupportAssistAgent AnonymousRegistration" /ENABLE
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\Dell SupportAssistAgent AutoUpdate" /ENABLE
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\eYoxIin" /ENABLE
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\Intel PTT EK Recertification" /ENABLE
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\Java Platform SE Auto Updater" /ENABLE
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task v2" /ENABLE
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(13): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-3112688569-585586772-3143591606-1001" /ENABLE
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(14): schtasks.exe -> /Change /TN "\PCDDataUploadTask" /ENABLE
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(15): schtasks.exe -> /Change /TN "\qacOUAiUfjXn" /ENABLE
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(16): schtasks.exe -> /Change /TN "\SystemToolsDailyTest" /ENABLE
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(17): schtasks.exe -> /Change /TN "\User_Feed_Synchronization-{071816E5-9019-4C93-AF88-441AF8B0A51B}" /ENABLE
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(18): schtasks.exe -> /Change /TN "\wRoOQ" /ENABLE
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(19): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {AACD783D-1228-4C63-B1E4-53E87A22D992} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {B496B8D6-2B0F-4666-A552-B2B03FAAA4E6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-01-02] (Microsoft Corporation)
Task: {BD684330-D5BB-4032-9740-DF5B75F77DB7} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-honza.ch88@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-04-28] (Adobe Systems Incorporated)
Task: {BF95E463-97AB-4449-BDD1-BD33C6CFFB1B} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-01-05] (AVAST Software)
Task: {CA7D1798-668D-454A-BCB5-07EB5369B5B1} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {D37E5F5F-E538-4304-A836-6843EE9221B8} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-12] (Microsoft Corporation)
Task: {EA36356D-C657-4909-900C-AD12C44CDC1E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-12] (Microsoft Corporation)
Task: {FDF68AAB-F172-4589-8A71-6FC80082EE0C} - System32\Tasks\Dell SupportAssistAgent AnonymousRegistration => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-12-22] (Dell Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\honza\Desktop\QGIS Desktop 2.18.13.lnk -> C:\Program Files\QGIS 2.18\bin\nircmd.exe (NirSoft) -> exec hide C:\PROGRA~1\QGIS2~1.18\bin\qgis.bat
ShortcutWithArgument: C:\Users\honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Vzdálená plocha Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
==================== Loaded Modules (Whitelisted) ==============
2018-01-02 20:43 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-01-08 18:45 - 2018-01-08 18:45 - 000798208 _____ () C:\Windows\system32\spacedeskService.exe
2018-01-08 18:45 - 2018-01-08 18:45 - 000364032 _____ () C:\Windows\system32\spacedeskServiceTray.exe
2017-03-18 21:58 - 2017-03-18 21:58 - 000138000 _____ () C:\Windows\SYSTEM32\inputhost.dll
2018-01-12 11:40 - 2018-01-12 11:40 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2017-03-18 21:59 - 2017-03-19 03:32 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-10-12 10:17 - 2013-06-06 19:16 - 000012520 _____ () C:\Users\honza\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter.gadget\CoreTempReader.dll
2017-10-12 10:17 - 2013-06-06 19:16 - 000015080 _____ () C:\Users\honza\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter.gadget\GetCoreTempInfoNET.dll
2017-10-12 10:17 - 2013-06-06 19:16 - 000014056 _____ () C:\Users\honza\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter.gadget\SystemInfo.dll
2018-01-04 11:34 - 2018-01-04 11:34 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-04 11:34 - 2018-01-04 11:34 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-04 11:34 - 2018-01-04 11:34 - 024670720 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-04 11:34 - 2018-01-04 11:34 - 002550272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\skypert.dll
2018-01-04 11:34 - 2018-01-04 11:34 - 000667648 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-01-09 02:57 - 2018-01-03 10:20 - 002873688 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\swiftshader\libglesv2.dll
2018-01-09 02:57 - 2018-01-03 10:20 - 000137048 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\swiftshader\libegl.dll
2018-01-05 16:46 - 2018-01-05 16:46 - 000206152 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2018-01-05 16:46 - 2018-01-05 16:46 - 000058016 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2018-01-05 16:46 - 2018-01-05 16:46 - 000057504 _____ () C:\Program Files\AVAST Software\Avast\dll_loader.dll
2017-10-06 20:33 - 2017-10-06 20:33 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-01-05 16:46 - 2018-01-05 16:46 - 000289272 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-01-05 16:46 - 2018-01-05 16:46 - 000282560 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2016-12-05 10:58 - 2016-12-05 10:58 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-03-18 22:03 - 2018-01-12 11:35 - 000000753 _____ C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3112688569-585586772-3143591606-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\honza\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{4d319b5d-986d-473f-be2e-f2dc1616e471}.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\StartupFolder: => "Secunia PSI Tray.lnk"
HKLM\...\StartupApproved\Run: => "RtHDVBg_PushButton"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "AvgUi"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "IAStorIcon"
HKU\S-1-5-21-3112688569-585586772-3143591606-1001\...\StartupApproved\StartupFolder: => "Poslat do aplikace OneNote.lnk"
HKU\S-1-5-21-3112688569-585586772-3143591606-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3112688569-585586772-3143591606-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3112688569-585586772-3143591606-1001\...\StartupApproved\Run: => "AdobeBridge"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{7A460A3D-C87F-4C84-B565-B8BFCF2AD312}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{28A2E7C9-3430-4F9F-81A5-66E4EF7371CC}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{DF13D1B9-DA8E-442B-9700-E5B98BDD7687}] => (Allow) C:\Users\honza\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FF60D0DC-C528-4DAF-90A0-8A12D38FAF68}] => (Allow) C:\Users\honza\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5EF4D96F-45F6-4033-9D00-142100EF7AF1}] => (Allow) C:\Users\honza\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3E5FE6A9-4797-4E82-9678-5E598348E7E8}] => (Allow) C:\Users\honza\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{67CC0453-B42D-42AF-B7CB-9D0F5E668EA8}] => (Allow) C:\Users\honza\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7C19402D-E527-4E50-AEAB-72A8FE0BC042}] => (Allow) C:\Users\honza\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{708F3EB8-4698-404E-BA47-9E6FA01AD5FA}C:\program files\altap salamander\salamand.exe] => (Allow) C:\program files\altap salamander\salamand.exe
FirewallRules: [UDP Query User{0D90964B-DFC1-4A8A-B70C-58FDB663D41F}C:\program files\altap salamander\salamand.exe] => (Allow) C:\program files\altap salamander\salamand.exe
FirewallRules: [TCP Query User{BADE8844-F256-4122-BCA5-0FFC1F893D07}C:\games\counter-strike 1.6\hl.exe] => (Allow) C:\games\counter-strike 1.6\hl.exe
FirewallRules: [UDP Query User{2271AEFA-4031-485F-BCC3-83CEB22F2254}C:\games\counter-strike 1.6\hl.exe] => (Allow) C:\games\counter-strike 1.6\hl.exe
FirewallRules: [TCP Query User{030C9401-91E6-4C59-A03E-235E1A7C9592}C:\program files (x86)\gog.com\empire earth ii\ee2.exe] => (Allow) C:\program files (x86)\gog.com\empire earth ii\ee2.exe
FirewallRules: [UDP Query User{74B17E76-C919-4DCE-ABCF-2D03FB4FD044}C:\program files (x86)\gog.com\empire earth ii\ee2.exe] => (Allow) C:\program files (x86)\gog.com\empire earth ii\ee2.exe
FirewallRules: [TCP Query User{F319955B-90C4-4327-992E-212BD3852DEC}C:\program files (x86)\gog.com\empire earth ii\ee2x.exe] => (Allow) C:\program files (x86)\gog.com\empire earth ii\ee2x.exe
FirewallRules: [UDP Query User{BFF24017-6623-4177-BDA0-16B75B74278C}C:\program files (x86)\gog.com\empire earth ii\ee2x.exe] => (Allow) C:\program files (x86)\gog.com\empire earth ii\ee2x.exe
FirewallRules: [{452629E9-DAF8-466A-9108-A03B3065A210}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0A04D6B2-8E2C-4FC6-A88C-2C35D735FA65}] => (Allow) C:\Windows\system32\spacedeskService.exe
==================== Restore Points =========================
31-12-2017 04:32:29 Naplánovaný kontrolní bod
05-01-2018 10:46:35 Installed DirectX
08-01-2018 16:32:38 Windows Update
09-01-2018 02:25:09 JRT Pre-Junkware Removal
10-01-2018 19:18:16 Installed spacedesk Windows DRIVER
11-01-2018 10:38:49 JRT Pre-Junkware Removal
12-01-2018 11:34:42 zoek.exe restore point
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/12/2018 11:13:59 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
Error: (01/12/2018 11:13:59 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
Error: (01/12/2018 11:13:48 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
Error: (01/12/2018 11:13:48 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
Error: (01/12/2018 11:09:42 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (01/12/2018 10:37:18 AM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Odkaz na objekt není nastaven na instanci objektu.
Error: (01/12/2018 10:37:05 AM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Odkaz na objekt není nastaven na instanci objektu.
Error: (01/11/2018 11:42:16 PM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Odkaz na objekt není nastaven na instanci objektu.
Error: (01/11/2018 11:42:16 PM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Odkaz na objekt není nastaven na instanci objektu.
Error: (01/11/2018 06:00:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 321808386.exe, version: 0.0.0.0, time stamp: 0x2a425e4d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x25ffc08b
Faulting process ID: 0x15a4
Faulting application start time: 0x01d38afdac080c4e
Faulting application path: C:\Users\honza\AppData\Local\Temp\is-C1GM4.tmp\321808386.exe
Faulting module path: unknown
Report ID: 7e71c66d-c7c2-4522-b9c2-fdd1dccda80a
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (01/12/2018 06:18:28 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Služba platformy připojených zařízení service terminated with the following error:
Unspecified error
Error: (01/12/2018 06:07:04 PM) (Source: DCOM) (EventID: 10010) (User: DELL)
Description: The server {21F282D1-A881-49E1-9A3A-26E44E39B86C} did not register with DCOM within the required timeout.
Error: (01/12/2018 06:05:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Služba platformy připojených zařízení service terminated with the following error:
Unspecified error
Error: (01/12/2018 06:05:04 PM) (Source: DCOM) (EventID: 10010) (User: DELL)
Description: The server {21F282D1-A881-49E1-9A3A-26E44E39B86C} did not register with DCOM within the required timeout.
Error: (01/12/2018 06:03:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Služba platformy připojených zařízení service terminated with the following error:
Unspecified error
Error: (01/12/2018 06:03:04 PM) (Source: DCOM) (EventID: 10010) (User: DELL)
Description: The server {F94358B1-E9AE-4D5C-AF66-CE50E67803C7} did not register with DCOM within the required timeout.
Error: (01/12/2018 06:02:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Služba platformy připojených zařízení service terminated with the following error:
Unspecified error
Error: (01/12/2018 06:02:10 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Služba platformy připojených zařízení service terminated with the following error:
Unspecified error
Error: (01/12/2018 06:01:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Služba platformy připojených zařízení service terminated with the following error:
Unspecified error
Error: (01/12/2018 06:00:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The specifické pro aplikaci permission settings do not grant Místní Aktivace permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (pomocí LRPC) running in the application container Není k dispozici SID (Není k dispozici). This security permission can be modified using the Component Services administrative tool.
CodeIntegrity:
===================================
Date: 2017-11-02 22:45:15.259
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2017-11-02 22:44:40.432
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2017-11-02 22:44:40.138
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2017-11-02 22:44:30.852
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2017-11-02 22:44:30.140
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2017-11-02 22:44:29.971
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2017-11-02 22:44:29.810
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2017-11-02 20:18:14.816
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2017-11-02 20:05:40.615
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2017-11-02 19:54:28.067
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 44%
Total physical RAM: 8090.73 MB
Available physical RAM: 4525.23 MB
Total Virtual: 8602.73 MB
Available Virtual: 4893.23 MB
==================== Drives ================================
Drive c: (DISK) (Fixed) (Total:226.6 GB) (Free:99.15 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: A045A805)
Partition: GPT.
==================== End of Addition.txt ============================
Tranfer přes CMD - prosím o kontrolu logu Vyřešeno
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43072
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Tranfer přes CMD - prosím o kontrolu logu
instaluj:
Wise Cleaner
AVG PC TuneUp
Mám obavu , že máš nakažený Avast , to je free verze?
Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.
(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).
Ulož jej na na plochu jako fixlist.txt
Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.
1529915770.exe, 128027985.exe, 2019716523.exe
to bysme museli vyhledat , nebo znáš umístění?
Wise Cleaner
AVG PC TuneUp
Mám obavu , že máš nakažený Avast , to je free verze?
Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.
Kód: Vybrat vše
Start
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3112688569-585586772-3143591606-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [ccjleegmemocfpghkhpjmiccjcacackp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
C:\Windows\System32\Tasks\wRoOQ
C:\Windows\System32\Tasks\qacOUAiUfjXn
C:\Users\honza\AppData\Local\WMI.ini
C:\Windows\yyCcIhyYadIe
C:\Windows\SysWOW64\mihLk
C:\Program Files (x86)\uWiiwHfuJiKta
C:\Users\honza\AppData\Local\kTaAyUTOs
C:\Windows\cumyZkIPowIa.exe
C:\Program Files\Common Files\AVG
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Program Files (x86)\AVG
C:\Program Files (x86)\uWiiwHfuJiKta
C:\Program Files (x86)\uWiiwHfuJiKta.bat
C:\Users\honza\AppData\Local\kTaAyUTOs
C:\Users\honza\AppData\Local\kTaAyUTOs.bat
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {4F61066C-0D22-44A4-938B-467727E285AD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-06] (Google Inc.)
Task: {55237CD1-A9A6-4AA0-B757-5AE8CD63D244} - System32\Tasks\qacOUAiUfjXn => C:\Program Files (x86)\uWiiwHfuJiKta.bat [2017-03-18] () <==== ATTENTION
Task: {65B021F1-E824-400C-AC76-A84E2B0300E7} - System32\Tasks\wRoOQ => C:\Users\honza\AppData\Local\kTaAyUTOs.bat [2017-03-18] () <==== ATTENTION
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(15): schtasks.exe -> /Change /TN "\qacOUAiUfjXn" /ENABLE
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(18): schtasks.exe -> /Change /TN "\wRoOQ" /ENABLE
HKLM\...\StartupApproved\Run: => "AvgUi"
C:\Users\honza\AppData\Local\Temp\is-C1GM4.tmp\321808386.exe
EmptyTemp:
End
(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).
Ulož jej na na plochu jako fixlist.txt
Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.
1529915770.exe, 128027985.exe, 2019716523.exe
to bysme museli vyhledat , nebo znáš umístění?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Tranfer přes CMD - prosím o kontrolu logu
Avast mam free verzi. Nicmene soubory 1529915770.exe, 128027985.exe, 2019716523.exe se po cmd s transferem (viz. muj predchozi prispevek) vytvori v C:\Users\honza\Appdata\Local\Temp
Někdy je Avast detekuje a hodí do Virové truhly, jindy tam zustane a dela problemy, dokud do slozky nenajedu a Avast si uvedomi, ze to tam nema být.
Každopádně log z FRST:
Fix result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by honza (12-01-2018 22:18:58) Run:1
Running from C:\Users\honza\Desktop\vir
Loaded Profiles: honza (Available Profiles: honza)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3112688569-585586772-3143591606-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [ccjleegmemocfpghkhpjmiccjcacackp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
C:\Windows\System32\Tasks\wRoOQ
C:\Windows\System32\Tasks\qacOUAiUfjXn
C:\Users\honza\AppData\Local\WMI.ini
C:\Windows\yyCcIhyYadIe
C:\Windows\SysWOW64\mihLk
C:\Program Files (x86)\uWiiwHfuJiKta
C:\Users\honza\AppData\Local\kTaAyUTOs
C:\Windows\cumyZkIPowIa.exe
C:\Program Files\Common Files\AVG
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Program Files (x86)\AVG
C:\Program Files (x86)\uWiiwHfuJiKta
C:\Program Files (x86)\uWiiwHfuJiKta.bat
C:\Users\honza\AppData\Local\kTaAyUTOs
C:\Users\honza\AppData\Local\kTaAyUTOs.bat
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {4F61066C-0D22-44A4-938B-467727E285AD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-06] (Google Inc.)
Task: {55237CD1-A9A6-4AA0-B757-5AE8CD63D244} - System32\Tasks\qacOUAiUfjXn => C:\Program Files (x86)\uWiiwHfuJiKta.bat [2017-03-18] () <==== ATTENTION
Task: {65B021F1-E824-400C-AC76-A84E2B0300E7} - System32\Tasks\wRoOQ => C:\Users\honza\AppData\Local\kTaAyUTOs.bat [2017-03-18] () <==== ATTENTION
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(15): schtasks.exe -> /Change /TN "\qacOUAiUfjXn" /ENABLE
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(18): schtasks.exe -> /Change /TN "\wRoOQ" /ENABLE
HKLM\...\StartupApproved\Run: => "AvgUi"
C:\Users\honza\AppData\Local\Temp\is-C1GM4.tmp\321808386.exe
EmptyTemp:
End
*****************
Processes closed successfully.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
"HKLM\SOFTWARE\Policies\Google" => removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found
"HKU\S-1-5-21-3112688569-585586772-3143591606-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => removed successfully
HKLM\Software\Classes\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ccjleegmemocfpghkhpjmiccjcacackp" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => removed successfully
C:\Windows\System32\Tasks\wRoOQ => moved successfully
C:\Windows\System32\Tasks\qacOUAiUfjXn => moved successfully
C:\Users\honza\AppData\Local\WMI.ini => moved successfully
C:\Windows\yyCcIhyYadIe => moved successfully
C:\Windows\SysWOW64\mihLk => moved successfully
C:\Program Files (x86)\uWiiwHfuJiKta => moved successfully
C:\Users\honza\AppData\Local\kTaAyUTOs => moved successfully
C:\Windows\cumyZkIPowIa.exe => moved successfully
C:\Program Files\Common Files\AVG => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\Program Files (x86)\AVG => moved successfully
"C:\Program Files (x86)\uWiiwHfuJiKta" => not found
C:\Program Files (x86)\uWiiwHfuJiKta.bat => moved successfully
"C:\Users\honza\AppData\Local\kTaAyUTOs" => not found
C:\Users\honza\AppData\Local\kTaAyUTOs.bat => moved successfully
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4F61066C-0D22-44A4-938B-467727E285AD} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F61066C-0D22-44A4-938B-467727E285AD}" => removed successfully
"C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{55237CD1-A9A6-4AA0-B757-5AE8CD63D244}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55237CD1-A9A6-4AA0-B757-5AE8CD63D244}" => removed successfully
"C:\Windows\System32\Tasks\qacOUAiUfjXn" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\qacOUAiUfjXn" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{65B021F1-E824-400C-AC76-A84E2B0300E7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65B021F1-E824-400C-AC76-A84E2B0300E7}" => removed successfully
"C:\Windows\System32\Tasks\wRoOQ" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\wRoOQ" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{AA2AC5C5-A7F0-4449-9913-9A996890551D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA2AC5C5-A7F0-4449-9913-9A996890551D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\TreeC:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(15): schtasks.exe" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA2AC5C5-A7F0-4449-9913-9A996890551D} => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\TreeC:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(18): schtasks.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\AvgUi" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AvgUi" => not found
"C:\Users\honza\AppData\Local\Temp\is-C1GM4.tmp\321808386.exe" => not found
=========== EmptyTemp: ==========
BITS transfer queue => 6053888 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12834987 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1181578 B
Edge => 1697 B
Chrome => 461626870 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 9760 B
NetworkService => 7934 B
honza => 976420 B
RecycleBin => 491527 B
EmptyTemp: => 460.8 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 22:19:25 ====
Někdy je Avast detekuje a hodí do Virové truhly, jindy tam zustane a dela problemy, dokud do slozky nenajedu a Avast si uvedomi, ze to tam nema být.
Každopádně log z FRST:
Fix result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by honza (12-01-2018 22:18:58) Run:1
Running from C:\Users\honza\Desktop\vir
Loaded Profiles: honza (Available Profiles: honza)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3112688569-585586772-3143591606-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [ccjleegmemocfpghkhpjmiccjcacackp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
C:\Windows\System32\Tasks\wRoOQ
C:\Windows\System32\Tasks\qacOUAiUfjXn
C:\Users\honza\AppData\Local\WMI.ini
C:\Windows\yyCcIhyYadIe
C:\Windows\SysWOW64\mihLk
C:\Program Files (x86)\uWiiwHfuJiKta
C:\Users\honza\AppData\Local\kTaAyUTOs
C:\Windows\cumyZkIPowIa.exe
C:\Program Files\Common Files\AVG
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Program Files (x86)\AVG
C:\Program Files (x86)\uWiiwHfuJiKta
C:\Program Files (x86)\uWiiwHfuJiKta.bat
C:\Users\honza\AppData\Local\kTaAyUTOs
C:\Users\honza\AppData\Local\kTaAyUTOs.bat
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {4F61066C-0D22-44A4-938B-467727E285AD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-06] (Google Inc.)
Task: {55237CD1-A9A6-4AA0-B757-5AE8CD63D244} - System32\Tasks\qacOUAiUfjXn => C:\Program Files (x86)\uWiiwHfuJiKta.bat [2017-03-18] () <==== ATTENTION
Task: {65B021F1-E824-400C-AC76-A84E2B0300E7} - System32\Tasks\wRoOQ => C:\Users\honza\AppData\Local\kTaAyUTOs.bat [2017-03-18] () <==== ATTENTION
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(15): schtasks.exe -> /Change /TN "\qacOUAiUfjXn" /ENABLE
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(18): schtasks.exe -> /Change /TN "\wRoOQ" /ENABLE
HKLM\...\StartupApproved\Run: => "AvgUi"
C:\Users\honza\AppData\Local\Temp\is-C1GM4.tmp\321808386.exe
EmptyTemp:
End
*****************
Processes closed successfully.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
"HKLM\SOFTWARE\Policies\Google" => removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found
"HKU\S-1-5-21-3112688569-585586772-3143591606-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => removed successfully
HKLM\Software\Classes\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ccjleegmemocfpghkhpjmiccjcacackp" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => removed successfully
C:\Windows\System32\Tasks\wRoOQ => moved successfully
C:\Windows\System32\Tasks\qacOUAiUfjXn => moved successfully
C:\Users\honza\AppData\Local\WMI.ini => moved successfully
C:\Windows\yyCcIhyYadIe => moved successfully
C:\Windows\SysWOW64\mihLk => moved successfully
C:\Program Files (x86)\uWiiwHfuJiKta => moved successfully
C:\Users\honza\AppData\Local\kTaAyUTOs => moved successfully
C:\Windows\cumyZkIPowIa.exe => moved successfully
C:\Program Files\Common Files\AVG => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\Program Files (x86)\AVG => moved successfully
"C:\Program Files (x86)\uWiiwHfuJiKta" => not found
C:\Program Files (x86)\uWiiwHfuJiKta.bat => moved successfully
"C:\Users\honza\AppData\Local\kTaAyUTOs" => not found
C:\Users\honza\AppData\Local\kTaAyUTOs.bat => moved successfully
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4F61066C-0D22-44A4-938B-467727E285AD} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F61066C-0D22-44A4-938B-467727E285AD}" => removed successfully
"C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{55237CD1-A9A6-4AA0-B757-5AE8CD63D244}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55237CD1-A9A6-4AA0-B757-5AE8CD63D244}" => removed successfully
"C:\Windows\System32\Tasks\qacOUAiUfjXn" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\qacOUAiUfjXn" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{65B021F1-E824-400C-AC76-A84E2B0300E7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65B021F1-E824-400C-AC76-A84E2B0300E7}" => removed successfully
"C:\Windows\System32\Tasks\wRoOQ" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\wRoOQ" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{AA2AC5C5-A7F0-4449-9913-9A996890551D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA2AC5C5-A7F0-4449-9913-9A996890551D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\TreeC:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(15): schtasks.exe" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA2AC5C5-A7F0-4449-9913-9A996890551D} => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\TreeC:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(18): schtasks.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\AvgUi" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AvgUi" => not found
"C:\Users\honza\AppData\Local\Temp\is-C1GM4.tmp\321808386.exe" => not found
=========== EmptyTemp: ==========
BITS transfer queue => 6053888 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12834987 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1181578 B
Edge => 1697 B
Chrome => 461626870 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 9760 B
NetworkService => 7934 B
honza => 976420 B
RecycleBin => 491527 B
EmptyTemp: => 460.8 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 22:19:25 ====
Re: Tranfer přes CMD - prosím o kontrolu logu
AVG PC TuneUP jsem projel a pár set problemu (v registru, atd.) to opravilo - na dalsi problemy potrebuju plnou verzi.
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43072
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Tranfer přes CMD - prosím o kontrolu logu
AVG PC TuneUP doporučuji odinstalovat , akorát Ti dodrbe registry..
Stáhni Kaspersky VRT
na svojí plochu.
Spusť program Kaspersky VRT, .Program se nainstaluje.
Potvrď licenci a klikni na „Start“ . Pokud program nabídne aktualizaci , klikni dole na na „Download Now“.
- Klikni na ozubené kolečko v pravém horním rohu. V okně vyber kromě již zatržených , svojí jednotku disku , pokud jich máš víc , můžeš zatrhnout všechny.
- zvol „Automatic Scan“ nahoře vlevo. a stiskni tlačítko „Start Scanning“
- Program začne skenovat zatržené jednotky
Zaškrtnuté :
Hidden startup objects
System Memory
Disk boot sectors
Počítač
Místní disk C
Nezašrkrtnuté:
Dokumenty
My email
Místní disk D
Jednotka DVD-Rom (E)
Jednotka BD-ROM (G)
Disketová jednotka
A jiné , např. Flash disky , které máš připojeny.
- povol programu Virus Removal Tool odstranit všechny nalezené infekce
- jakmile sken skončí ,zvol záložku „Report“ , vpravo nahoře (vedle ozubeného kolečka)
- klikni na „Detected Threads“ a klikni na obrázek diskety („Save“)
- ulož do počítače zprávu a vložit ji sem do příspěvku
Stáhni si z některého odkazu SystemLook
SystemLook (32-bit)
http://images.malwareremoval.com/jpshor ... emLook.exe
SystemLook (64-bit)
http://images.malwareremoval.com/jpshor ... ok_x64.exe
a ulož si ho na plochu.
Poklepej na stažený SystemLook , zkopíruj do hlavního text. okna tento následující text:
Klikni na Look ke startu skenu. Když program skončí objeví se v poznámkovém bloku zpráva skenu. Zkopíruj sem celý jeho obsah. Log se také nachází na ploše pod názvem SystemLook.txt.
Stáhni Kaspersky VRT
na svojí plochu.
Spusť program Kaspersky VRT, .Program se nainstaluje.
Potvrď licenci a klikni na „Start“ . Pokud program nabídne aktualizaci , klikni dole na na „Download Now“.
- Klikni na ozubené kolečko v pravém horním rohu. V okně vyber kromě již zatržených , svojí jednotku disku , pokud jich máš víc , můžeš zatrhnout všechny.
- zvol „Automatic Scan“ nahoře vlevo. a stiskni tlačítko „Start Scanning“
- Program začne skenovat zatržené jednotky
Zaškrtnuté :
Hidden startup objects
System Memory
Disk boot sectors
Počítač
Místní disk C
Nezašrkrtnuté:
Dokumenty
My email
Místní disk D
Jednotka DVD-Rom (E)
Jednotka BD-ROM (G)
Disketová jednotka
A jiné , např. Flash disky , které máš připojeny.
- povol programu Virus Removal Tool odstranit všechny nalezené infekce
- jakmile sken skončí ,zvol záložku „Report“ , vpravo nahoře (vedle ozubeného kolečka)
- klikni na „Detected Threads“ a klikni na obrázek diskety („Save“)
- ulož do počítače zprávu a vložit ji sem do příspěvku
Stáhni si z některého odkazu SystemLook
SystemLook (32-bit)
http://images.malwareremoval.com/jpshor ... emLook.exe
SystemLook (64-bit)
http://images.malwareremoval.com/jpshor ... ok_x64.exe
a ulož si ho na plochu.
Poklepej na stažený SystemLook , zkopíruj do hlavního text. okna tento následující text:
Kód: Vybrat vše
:filefind
1529915770.exe.*
128027985.exe.*
2019716523.exe.*
Klikni na Look ke startu skenu. Když program skončí objeví se v poznámkovém bloku zpráva skenu. Zkopíruj sem celý jeho obsah. Log se také nachází na ploše pod názvem SystemLook.txt.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Tranfer přes CMD - prosím o kontrolu logu
Kaspersky mi nic nenalezl a SystemLook taky ne (viz. níže). Myslím si, že už je to pryč - celkem dlouho dobu jsem nic nezaznamenal.
SystemLook 30.07.11 by jpshortstuff
Log created at 17:05 on 13/01/2018 by honza
Administrator - Elevation successful
========== filefind ==========
Searching for "1529915770.exe.*"
No files found.
Searching for "128027985.exe.*"
No files found.
Searching for "2019716523.exe.*"
No files found.
-= EOF =-
SystemLook 30.07.11 by jpshortstuff
Log created at 17:05 on 13/01/2018 by honza
Administrator - Elevation successful
========== filefind ==========
Searching for "1529915770.exe.*"
No files found.
Searching for "128027985.exe.*"
No files found.
Searching for "2019716523.exe.*"
No files found.
-= EOF =-
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43072
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Tranfer přes CMD - prosím o kontrolu logu
Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/
ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci
Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt
Další odkazy:
http://ccm.net/download/download-24087-delfix
https://www.bleepingcomputer.com/download/delfix/
Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
https://toolslib.net/downloads/viewdownload/2-delfix/
ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci
Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt
Další odkazy:
http://ccm.net/download/download-24087-delfix
https://www.bleepingcomputer.com/download/delfix/
Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Tranfer přes CMD - prosím o kontrolu logu
Hotovo! :) myslím, že už je všechno v pohodě :) dík moc za pomoc
# DelFix v1.013 - Logfile created 13/01/2018 at 22:47:13
# Updated 17/04/2016 by Xplode
# Username : honza - DELL
# Operating System : Windows 10 Pro (64 bits)
~ Removing disinfection tools ...
Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
~ Cleaning system restore ...
Deleted : RP #22 [JRT Pre-Junkware Removal | 01/09/2018 01:25:09]
Deleted : RP #23 [Installed spacedesk Windows DRIVER | 01/10/2018 18:18:16]
Deleted : RP #24 [JRT Pre-Junkware Removal | 01/11/2018 09:38:49]
Deleted : RP #25 [zoek.exe restore point | 01/12/2018 10:34:42]
Deleted : RP #26 [Removed HP LaserJet MFP M129-M134 Basic Device Software | 01/13/2018 16:10:18]
New restore point created !
########## - EOF - ##########
# DelFix v1.013 - Logfile created 13/01/2018 at 22:47:13
# Updated 17/04/2016 by Xplode
# Username : honza - DELL
# Operating System : Windows 10 Pro (64 bits)
~ Removing disinfection tools ...
Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
~ Cleaning system restore ...
Deleted : RP #22 [JRT Pre-Junkware Removal | 01/09/2018 01:25:09]
Deleted : RP #23 [Installed spacedesk Windows DRIVER | 01/10/2018 18:18:16]
Deleted : RP #24 [JRT Pre-Junkware Removal | 01/11/2018 09:38:49]
Deleted : RP #25 [zoek.exe restore point | 01/12/2018 10:34:42]
Deleted : RP #26 [Removed HP LaserJet MFP M129-M134 Basic Device Software | 01/13/2018 16:10:18]
New restore point created !
########## - EOF - ##########
Kdo je online
Uživatelé prohlížející si toto fórum: Facebook [Bot] a 39 hostů