Tranfer přes CMD - prosím o kontrolu logu Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

mastík
nováček
Příspěvky: 15
Registrován: leden 18
Pohlaví: Muž
Stav:
Offline

Re: Tranfer přes CMD - prosím o kontrolu logu

Příspěvekod mastík » 12 led 2018 18:24

!!!ČÁST 4!!!


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by honza (12-01-2018 18:19:59)
Running from C:\Users\honza\Desktop
Windows 10 Pro Version 1703 15063.850 (X64) (2017-10-06 11:35:45)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3112688569-585586772-3143591606-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3112688569-585586772-3143591606-503 - Limited - Disabled)
Guest (S-1-5-21-3112688569-585586772-3143591606-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3112688569-585586772-3143591606-1003 - Limited - Enabled)
honza (S-1-5-21-3112688569-585586772-3143591606-1001 - Administrator - Enabled) => C:\Users\honza

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3112688569-585586772-3143591606-1001\...\uTorrent) (Version: 3.5.0.44178 - BitTorrent Inc.)
7-Zip 17.01 beta (x64) (HKLM\...\7-Zip) (Version: 17.01 beta - Igor Pavlov)
8GadgetPack (HKLM-x32\...\{36E60904-D465-40F7-82A7-A9C7A84C29B7}) (Version: 24.0.0 - 8GadgetPack.net)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.0 - Adobe Systems Incorporated)
Adobe Illustrator CS6 (HKLM-x32\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)
Altap Salamander 2.54 (HKLM-x32\...\Altap Salamander 2.54) (Version: 2.54 - ALTAP)
Altap Salamander 3.08 (x64) (HKLM\...\Altap Salamander 3.08 (x64)) (Version: 3.08 - ALTAP)
Aplikace Intel® PROSet/Wireless (HKLM-x32\...\{de9d82da-dc00-4586-97fe-1b0021f2246d}) (Version: 19.2.0 - Intel Corporation)
ArcGIS 10.4 License Manager (HKLM-x32\...\{E1393226-725C-42F8-A672-4E5AC55EFBDE}) (Version: 10.4.5524 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS 10.4 License Manager (HKLM-x32\...\ArcGIS 10.4 License Manager) (Version: 10.4.5524 - Environmental Systems Research Institute, Inc.)
ArcGIS 10.4.1 for Desktop (HKLM-x32\...\{CB0C9578-75CB-45E5-BD81-A600BA33B0C3}) (Version: 10.4.5686 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS 10.4.1 for Desktop (HKLM-x32\...\ArcGIS 10.4.1 for Desktop) (Version: 10.4.5686 - Environmental Systems Research Institute, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.9.2322 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform)
Counter-Strike 1.6 v43g (HKU\S-1-5-21-3112688569-585586772-3143591606-1001\...\Counter-Strike 1.6_is1) (Version: - Valve)
Dell Digital Delivery (HKLM-x32\...\{7294961D-6EC1-4418-9017-0180A0C78A91}) (Version: 3.2.1006.0 - Dell Products, LP)
Dell SupportAssistAgent (HKLM\...\{8D7B279C-A661-465C-9658-F62FBD6A6B91}) (Version: 2.1.3.5 - Dell)
Dell Update - SupportAssist Update Plugin (HKLM\...\{6E43CF20-4BAC-4D88-A52E-1BD85320192B}) (Version: 3.0.0.2840 - Dell Inc.)
Empire Earth II (HKLM-x32\...\{DF315348-721C-40B8-BAE2-58C6C7D935A2}) (Version: - )
Empire Earth II Gold Edition (HKLM-x32\...\Empire Earth II Gold Edition_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Inkscape 0.92.2 (HKLM-x32\...\Inkscape) (Version: 0.92.2 - Inkscape Project)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11002.3418 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1045 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4799 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.2.1030 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{97F4CEAE-8F2B-4012-93CC-75428373214D}) (Version: 19.00.1621.3340 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.9177.0 - Waves Audio Ltd.) Hidden
Microsoft Office 365 - cs-cz (HKLM\...\O365HomePremRetail - cs-cz) (Version: 16.0.8730.2175 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3112688569-585586772-3143591606-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
MiniTool Partition Wizard Free 10.2.2 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.5.1 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}) (Version: 9.09.1112 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8730.2175 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2175 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2175 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.8730.2175 - Microsoft Corporation) Hidden
OpenOffice 4.1.4 (HKLM-x32\...\{BDB210E1-06C5-451F-BDAC-C18DDC7C2F14}) (Version: 4.14.9788 - Apache Software Foundation)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
QGIS 2.18.13 'Las Palmas' (HKLM\...\QGIS 2.18) (Version: - QGIS Development Team)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.17.016 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8142 - Realtek Semiconductor Corp.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
spacedesk Windows DRIVER (HKLM\...\{1CDB62B4-D807-4EF0-A810-E5F705E39A8F}) (Version: 0.9.972.0 - datronicsoft Inc.)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0079 - ST Microelectronics)
Synaptics WBF Driver 5011 (11) (HKLM\...\{87B6C8C9-2301-4BE4-9724-C78AF0891F55}) (Version: 4.5.314.0 - Synaptics)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{1F3E59DD-7DCE-4103-9528-57DA43134312}) (Version: 2.9.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
Windows Desktop Gadgets (HKLM\...\Windows Desktop Gadgets_is1) (Version: 2.0 - hxxp://gadgetsrevived.com)
Wise Auto Shutdown 1.6.2 (HKLM-x32\...\Wise Auto Shutdown_is1) (Version: 1.6.2 - WiseCleaner.com, Inc.)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3112688569-585586772-3143591606-1001_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3112688569-585586772-3143591606-1001_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\honza\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-3112688569-585586772-3143591606-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\honza\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-3112688569-585586772-3143591606-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Audio Ltd)
CustomCLSID: HKU\S-1-5-21-3112688569-585586772-3143591606-1001_Classes\CLSID\{C78B614E-F3EA-11D2-94A1-00E0292A01E3}\InprocServer32 -> C:\Program Files\Altap Salamander\utils\salextx64.dll (ALTAP)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-05] (AVAST Software)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-05] (AVAST Software)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-01-12] ()
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2017-08-29] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-05] (AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-05] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\System32\DriverStore\FileRepository\ki124538.inf_amd64_38801626506e1429\igfxDTCM.dll [2017-09-27] (Intel Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-01-12] ()
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-05] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0532133B-5BC0-4172-9026-6BA3FFAA3AC8} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-01-12] (Microsoft Corporation)
Task: {07A82510-E607-4CF2-AFDC-67C443C3BE78} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-07] (AVAST Software)
Task: {100CC5A0-F905-4195-A6F2-B17534932456} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-09-05] (Oracle Corporation)
Task: {14A08720-A025-4F04-9D9A-7EC995AEC6EC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-20] (Piriform Ltd)
Task: {3D78F9E9-4D78-49C7-AB3E-EF9A1637BC33} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-12-22] (Dell Inc.)
Task: {4B9899EB-911F-4A67-9037-AAC3AD308887} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {4F61066C-0D22-44A4-938B-467727E285AD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-06] (Google Inc.)
Task: {55237CD1-A9A6-4AA0-B757-5AE8CD63D244} - System32\Tasks\qacOUAiUfjXn => C:\Program Files (x86)\uWiiwHfuJiKta.bat [2017-03-18] () <==== ATTENTION
Task: {57CE572E-0FB5-429E-B1E2-D11D0E0585B1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {5C556706-7F0A-4D0A-A05A-5A182F294BE0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-06] (Google Inc.)
Task: {65B021F1-E824-400C-AC76-A84E2B0300E7} - System32\Tasks\wRoOQ => C:\Users\honza\AppData\Local\kTaAyUTOs.bat [2017-03-18] () <==== ATTENTION
Task: {8175DCC8-64F4-4113-BF9B-8D538DBED3E1} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-10-13] (Intel(R) Corporation)
Task: {A99A92EF-09F7-449B-9985-1084CFDA73F0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-01-02] (Microsoft Corporation)
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Acrobat Update Task" /ENABLE
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\AdobeAAMUpdater-1.0-MicrosoftAccount-honza.ch88@gmail.com" /ENABLE
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\AVGPCTuneUp_Task_BkGndMaintenance" /ENABLE
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\CCleanerSkipUAC" /ENABLE
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\Dell SupportAssistAgent AnonymousRegistration" /ENABLE
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\Dell SupportAssistAgent AutoUpdate" /ENABLE
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\eYoxIin" /ENABLE
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\Intel PTT EK Recertification" /ENABLE
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\Java Platform SE Auto Updater" /ENABLE
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task v2" /ENABLE
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(13): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-3112688569-585586772-3143591606-1001" /ENABLE
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(14): schtasks.exe -> /Change /TN "\PCDDataUploadTask" /ENABLE
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(15): schtasks.exe -> /Change /TN "\qacOUAiUfjXn" /ENABLE
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(16): schtasks.exe -> /Change /TN "\SystemToolsDailyTest" /ENABLE
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(17): schtasks.exe -> /Change /TN "\User_Feed_Synchronization-{071816E5-9019-4C93-AF88-441AF8B0A51B}" /ENABLE
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(18): schtasks.exe -> /Change /TN "\wRoOQ" /ENABLE
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(19): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {AACD783D-1228-4C63-B1E4-53E87A22D992} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {B496B8D6-2B0F-4666-A552-B2B03FAAA4E6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-01-02] (Microsoft Corporation)
Task: {BD684330-D5BB-4032-9740-DF5B75F77DB7} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-honza.ch88@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-04-28] (Adobe Systems Incorporated)
Task: {BF95E463-97AB-4449-BDD1-BD33C6CFFB1B} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-01-05] (AVAST Software)
Task: {CA7D1798-668D-454A-BCB5-07EB5369B5B1} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {D37E5F5F-E538-4304-A836-6843EE9221B8} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-12] (Microsoft Corporation)
Task: {EA36356D-C657-4909-900C-AD12C44CDC1E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-12] (Microsoft Corporation)
Task: {FDF68AAB-F172-4589-8A71-6FC80082EE0C} - System32\Tasks\Dell SupportAssistAgent AnonymousRegistration => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-12-22] (Dell Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\honza\Desktop\QGIS Desktop 2.18.13.lnk -> C:\Program Files\QGIS 2.18\bin\nircmd.exe (NirSoft) -> exec hide C:\PROGRA~1\QGIS2~1.18\bin\qgis.bat
ShortcutWithArgument: C:\Users\honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Vzdálená plocha Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp

==================== Loaded Modules (Whitelisted) ==============

2018-01-02 20:43 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-01-08 18:45 - 2018-01-08 18:45 - 000798208 _____ () C:\Windows\system32\spacedeskService.exe
2018-01-08 18:45 - 2018-01-08 18:45 - 000364032 _____ () C:\Windows\system32\spacedeskServiceTray.exe
2017-03-18 21:58 - 2017-03-18 21:58 - 000138000 _____ () C:\Windows\SYSTEM32\inputhost.dll
2018-01-12 11:40 - 2018-01-12 11:40 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2017-03-18 21:59 - 2017-03-19 03:32 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-10-12 10:17 - 2013-06-06 19:16 - 000012520 _____ () C:\Users\honza\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter.gadget\CoreTempReader.dll
2017-10-12 10:17 - 2013-06-06 19:16 - 000015080 _____ () C:\Users\honza\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter.gadget\GetCoreTempInfoNET.dll
2017-10-12 10:17 - 2013-06-06 19:16 - 000014056 _____ () C:\Users\honza\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter.gadget\SystemInfo.dll
2018-01-04 11:34 - 2018-01-04 11:34 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-04 11:34 - 2018-01-04 11:34 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-04 11:34 - 2018-01-04 11:34 - 024670720 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-04 11:34 - 2018-01-04 11:34 - 002550272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\skypert.dll
2018-01-04 11:34 - 2018-01-04 11:34 - 000667648 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-01-09 02:57 - 2018-01-03 10:20 - 002873688 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\swiftshader\libglesv2.dll
2018-01-09 02:57 - 2018-01-03 10:20 - 000137048 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\swiftshader\libegl.dll
2018-01-05 16:46 - 2018-01-05 16:46 - 000206152 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2018-01-05 16:46 - 2018-01-05 16:46 - 000058016 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2018-01-05 16:46 - 2018-01-05 16:46 - 000057504 _____ () C:\Program Files\AVAST Software\Avast\dll_loader.dll
2017-10-06 20:33 - 2017-10-06 20:33 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-01-05 16:46 - 2018-01-05 16:46 - 000289272 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-01-05 16:46 - 2018-01-05 16:46 - 000282560 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2016-12-05 10:58 - 2016-12-05 10:58 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 22:03 - 2018-01-12 11:35 - 000000753 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3112688569-585586772-3143591606-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\honza\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{4d319b5d-986d-473f-be2e-f2dc1616e471}.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "Secunia PSI Tray.lnk"
HKLM\...\StartupApproved\Run: => "RtHDVBg_PushButton"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "AvgUi"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "IAStorIcon"
HKU\S-1-5-21-3112688569-585586772-3143591606-1001\...\StartupApproved\StartupFolder: => "Poslat do aplikace OneNote.lnk"
HKU\S-1-5-21-3112688569-585586772-3143591606-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3112688569-585586772-3143591606-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3112688569-585586772-3143591606-1001\...\StartupApproved\Run: => "AdobeBridge"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7A460A3D-C87F-4C84-B565-B8BFCF2AD312}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{28A2E7C9-3430-4F9F-81A5-66E4EF7371CC}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{DF13D1B9-DA8E-442B-9700-E5B98BDD7687}] => (Allow) C:\Users\honza\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FF60D0DC-C528-4DAF-90A0-8A12D38FAF68}] => (Allow) C:\Users\honza\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5EF4D96F-45F6-4033-9D00-142100EF7AF1}] => (Allow) C:\Users\honza\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3E5FE6A9-4797-4E82-9678-5E598348E7E8}] => (Allow) C:\Users\honza\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{67CC0453-B42D-42AF-B7CB-9D0F5E668EA8}] => (Allow) C:\Users\honza\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7C19402D-E527-4E50-AEAB-72A8FE0BC042}] => (Allow) C:\Users\honza\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{708F3EB8-4698-404E-BA47-9E6FA01AD5FA}C:\program files\altap salamander\salamand.exe] => (Allow) C:\program files\altap salamander\salamand.exe
FirewallRules: [UDP Query User{0D90964B-DFC1-4A8A-B70C-58FDB663D41F}C:\program files\altap salamander\salamand.exe] => (Allow) C:\program files\altap salamander\salamand.exe
FirewallRules: [TCP Query User{BADE8844-F256-4122-BCA5-0FFC1F893D07}C:\games\counter-strike 1.6\hl.exe] => (Allow) C:\games\counter-strike 1.6\hl.exe
FirewallRules: [UDP Query User{2271AEFA-4031-485F-BCC3-83CEB22F2254}C:\games\counter-strike 1.6\hl.exe] => (Allow) C:\games\counter-strike 1.6\hl.exe
FirewallRules: [TCP Query User{030C9401-91E6-4C59-A03E-235E1A7C9592}C:\program files (x86)\gog.com\empire earth ii\ee2.exe] => (Allow) C:\program files (x86)\gog.com\empire earth ii\ee2.exe
FirewallRules: [UDP Query User{74B17E76-C919-4DCE-ABCF-2D03FB4FD044}C:\program files (x86)\gog.com\empire earth ii\ee2.exe] => (Allow) C:\program files (x86)\gog.com\empire earth ii\ee2.exe
FirewallRules: [TCP Query User{F319955B-90C4-4327-992E-212BD3852DEC}C:\program files (x86)\gog.com\empire earth ii\ee2x.exe] => (Allow) C:\program files (x86)\gog.com\empire earth ii\ee2x.exe
FirewallRules: [UDP Query User{BFF24017-6623-4177-BDA0-16B75B74278C}C:\program files (x86)\gog.com\empire earth ii\ee2x.exe] => (Allow) C:\program files (x86)\gog.com\empire earth ii\ee2x.exe
FirewallRules: [{452629E9-DAF8-466A-9108-A03B3065A210}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0A04D6B2-8E2C-4FC6-A88C-2C35D735FA65}] => (Allow) C:\Windows\system32\spacedeskService.exe

==================== Restore Points =========================

31-12-2017 04:32:29 Naplánovaný kontrolní bod
05-01-2018 10:46:35 Installed DirectX
08-01-2018 16:32:38 Windows Update
09-01-2018 02:25:09 JRT Pre-Junkware Removal
10-01-2018 19:18:16 Installed spacedesk Windows DRIVER
11-01-2018 10:38:49 JRT Pre-Junkware Removal
12-01-2018 11:34:42 zoek.exe restore point

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/12/2018 11:13:59 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (01/12/2018 11:13:59 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (01/12/2018 11:13:48 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (01/12/2018 11:13:48 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (01/12/2018 11:09:42 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (01/12/2018 10:37:18 AM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Odkaz na objekt není nastaven na instanci objektu.

Error: (01/12/2018 10:37:05 AM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Odkaz na objekt není nastaven na instanci objektu.

Error: (01/11/2018 11:42:16 PM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Odkaz na objekt není nastaven na instanci objektu.

Error: (01/11/2018 11:42:16 PM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Odkaz na objekt není nastaven na instanci objektu.

Error: (01/11/2018 06:00:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 321808386.exe, version: 0.0.0.0, time stamp: 0x2a425e4d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x25ffc08b
Faulting process ID: 0x15a4
Faulting application start time: 0x01d38afdac080c4e
Faulting application path: C:\Users\honza\AppData\Local\Temp\is-C1GM4.tmp\321808386.exe
Faulting module path: unknown
Report ID: 7e71c66d-c7c2-4522-b9c2-fdd1dccda80a
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (01/12/2018 06:18:28 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Služba platformy připojených zařízení service terminated with the following error:
Unspecified error

Error: (01/12/2018 06:07:04 PM) (Source: DCOM) (EventID: 10010) (User: DELL)
Description: The server {21F282D1-A881-49E1-9A3A-26E44E39B86C} did not register with DCOM within the required timeout.

Error: (01/12/2018 06:05:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Služba platformy připojených zařízení service terminated with the following error:
Unspecified error

Error: (01/12/2018 06:05:04 PM) (Source: DCOM) (EventID: 10010) (User: DELL)
Description: The server {21F282D1-A881-49E1-9A3A-26E44E39B86C} did not register with DCOM within the required timeout.

Error: (01/12/2018 06:03:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Služba platformy připojených zařízení service terminated with the following error:
Unspecified error

Error: (01/12/2018 06:03:04 PM) (Source: DCOM) (EventID: 10010) (User: DELL)
Description: The server {F94358B1-E9AE-4D5C-AF66-CE50E67803C7} did not register with DCOM within the required timeout.

Error: (01/12/2018 06:02:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Služba platformy připojených zařízení service terminated with the following error:
Unspecified error

Error: (01/12/2018 06:02:10 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Služba platformy připojených zařízení service terminated with the following error:
Unspecified error

Error: (01/12/2018 06:01:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Služba platformy připojených zařízení service terminated with the following error:
Unspecified error

Error: (01/12/2018 06:00:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The specifické pro aplikaci permission settings do not grant Místní Aktivace permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (pomocí LRPC) running in the application container Není k dispozici SID (Není k dispozici). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
Date: 2017-11-02 22:45:15.259
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-11-02 22:44:40.432
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-11-02 22:44:40.138
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-11-02 22:44:30.852
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-11-02 22:44:30.140
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-11-02 22:44:29.971
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-11-02 22:44:29.810
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-11-02 20:18:14.816
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-11-02 20:05:40.615
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-11-02 19:54:28.067
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 44%
Total physical RAM: 8090.73 MB
Available physical RAM: 4525.23 MB
Total Virtual: 8602.73 MB
Available Virtual: 4893.23 MB

==================== Drives ================================

Drive c: (DISK) (Fixed) (Total:226.6 GB) (Free:99.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: A045A805)

Partition: GPT.

==================== End of Addition.txt ============================

Reklama
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Tranfer přes CMD - prosím o kontrolu logu

Příspěvekod jaro3 » 12 led 2018 20:12

instaluj:
Wise Cleaner
AVG PC TuneUp


Mám obavu , že máš nakažený Avast , to je free verze?

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3112688569-585586772-3143591606-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [ccjleegmemocfpghkhpjmiccjcacackp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
C:\Windows\System32\Tasks\wRoOQ
C:\Windows\System32\Tasks\qacOUAiUfjXn
C:\Users\honza\AppData\Local\WMI.ini
C:\Windows\yyCcIhyYadIe
C:\Windows\SysWOW64\mihLk
C:\Program Files (x86)\uWiiwHfuJiKta
C:\Users\honza\AppData\Local\kTaAyUTOs
C:\Windows\cumyZkIPowIa.exe
C:\Program Files\Common Files\AVG
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Program Files (x86)\AVG
C:\Program Files (x86)\uWiiwHfuJiKta
C:\Program Files (x86)\uWiiwHfuJiKta.bat
C:\Users\honza\AppData\Local\kTaAyUTOs
C:\Users\honza\AppData\Local\kTaAyUTOs.bat
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {4F61066C-0D22-44A4-938B-467727E285AD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-06] (Google Inc.)
Task: {55237CD1-A9A6-4AA0-B757-5AE8CD63D244} - System32\Tasks\qacOUAiUfjXn => C:\Program Files (x86)\uWiiwHfuJiKta.bat [2017-03-18] () <==== ATTENTION
Task: {65B021F1-E824-400C-AC76-A84E2B0300E7} - System32\Tasks\wRoOQ => C:\Users\honza\AppData\Local\kTaAyUTOs.bat [2017-03-18] () <==== ATTENTION
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(15): schtasks.exe -> /Change /TN "\qacOUAiUfjXn" /ENABLE
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(18): schtasks.exe -> /Change /TN "\wRoOQ" /ENABLE
HKLM\...\StartupApproved\Run: => "AvgUi"
C:\Users\honza\AppData\Local\Temp\is-C1GM4.tmp\321808386.exe

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

1529915770.exe, 128027985.exe, 2019716523.exe
to bysme museli vyhledat , nebo znáš umístění?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

mastík
nováček
Příspěvky: 15
Registrován: leden 18
Pohlaví: Muž
Stav:
Offline

Re: Tranfer přes CMD - prosím o kontrolu logu

Příspěvekod mastík » 12 led 2018 22:40

Avast mam free verzi. Nicmene soubory 1529915770.exe, 128027985.exe, 2019716523.exe se po cmd s transferem (viz. muj predchozi prispevek) vytvori v C:\Users\honza\Appdata\Local\Temp
Někdy je Avast detekuje a hodí do Virové truhly, jindy tam zustane a dela problemy, dokud do slozky nenajedu a Avast si uvedomi, ze to tam nema být.



Každopádně log z FRST:



Fix result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by honza (12-01-2018 22:18:58) Run:1
Running from C:\Users\honza\Desktop\vir
Loaded Profiles: honza (Available Profiles: honza)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3112688569-585586772-3143591606-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [ccjleegmemocfpghkhpjmiccjcacackp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
C:\Windows\System32\Tasks\wRoOQ
C:\Windows\System32\Tasks\qacOUAiUfjXn
C:\Users\honza\AppData\Local\WMI.ini
C:\Windows\yyCcIhyYadIe
C:\Windows\SysWOW64\mihLk
C:\Program Files (x86)\uWiiwHfuJiKta
C:\Users\honza\AppData\Local\kTaAyUTOs
C:\Windows\cumyZkIPowIa.exe
C:\Program Files\Common Files\AVG
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Program Files (x86)\AVG
C:\Program Files (x86)\uWiiwHfuJiKta
C:\Program Files (x86)\uWiiwHfuJiKta.bat
C:\Users\honza\AppData\Local\kTaAyUTOs
C:\Users\honza\AppData\Local\kTaAyUTOs.bat
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {4F61066C-0D22-44A4-938B-467727E285AD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-06] (Google Inc.)
Task: {55237CD1-A9A6-4AA0-B757-5AE8CD63D244} - System32\Tasks\qacOUAiUfjXn => C:\Program Files (x86)\uWiiwHfuJiKta.bat [2017-03-18] () <==== ATTENTION
Task: {65B021F1-E824-400C-AC76-A84E2B0300E7} - System32\Tasks\wRoOQ => C:\Users\honza\AppData\Local\kTaAyUTOs.bat [2017-03-18] () <==== ATTENTION
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(15): schtasks.exe -> /Change /TN "\qacOUAiUfjXn" /ENABLE
Task: {AA2AC5C5-A7F0-4449-9913-9A996890551D} - C:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(18): schtasks.exe -> /Change /TN "\wRoOQ" /ENABLE
HKLM\...\StartupApproved\Run: => "AvgUi"
C:\Users\honza\AppData\Local\Temp\is-C1GM4.tmp\321808386.exe

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
"HKLM\SOFTWARE\Policies\Google" => removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found
"HKU\S-1-5-21-3112688569-585586772-3143591606-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => removed successfully
HKLM\Software\Classes\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ccjleegmemocfpghkhpjmiccjcacackp" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => removed successfully
C:\Windows\System32\Tasks\wRoOQ => moved successfully
C:\Windows\System32\Tasks\qacOUAiUfjXn => moved successfully
C:\Users\honza\AppData\Local\WMI.ini => moved successfully
C:\Windows\yyCcIhyYadIe => moved successfully
C:\Windows\SysWOW64\mihLk => moved successfully
C:\Program Files (x86)\uWiiwHfuJiKta => moved successfully
C:\Users\honza\AppData\Local\kTaAyUTOs => moved successfully
C:\Windows\cumyZkIPowIa.exe => moved successfully
C:\Program Files\Common Files\AVG => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\Program Files (x86)\AVG => moved successfully
"C:\Program Files (x86)\uWiiwHfuJiKta" => not found
C:\Program Files (x86)\uWiiwHfuJiKta.bat => moved successfully
"C:\Users\honza\AppData\Local\kTaAyUTOs" => not found
C:\Users\honza\AppData\Local\kTaAyUTOs.bat => moved successfully
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4F61066C-0D22-44A4-938B-467727E285AD} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F61066C-0D22-44A4-938B-467727E285AD}" => removed successfully
"C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{55237CD1-A9A6-4AA0-B757-5AE8CD63D244}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55237CD1-A9A6-4AA0-B757-5AE8CD63D244}" => removed successfully
"C:\Windows\System32\Tasks\qacOUAiUfjXn" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\qacOUAiUfjXn" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{65B021F1-E824-400C-AC76-A84E2B0300E7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65B021F1-E824-400C-AC76-A84E2B0300E7}" => removed successfully
"C:\Windows\System32\Tasks\wRoOQ" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\wRoOQ" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{AA2AC5C5-A7F0-4449-9913-9A996890551D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA2AC5C5-A7F0-4449-9913-9A996890551D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\TreeC:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(15): schtasks.exe" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA2AC5C5-A7F0-4449-9913-9A996890551D} => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\TreeC:\Windows\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(18): schtasks.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\AvgUi" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AvgUi" => not found
"C:\Users\honza\AppData\Local\Temp\is-C1GM4.tmp\321808386.exe" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 6053888 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12834987 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1181578 B
Edge => 1697 B
Chrome => 461626870 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 9760 B
NetworkService => 7934 B
honza => 976420 B

RecycleBin => 491527 B
EmptyTemp: => 460.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:19:25 ====

mastík
nováček
Příspěvky: 15
Registrován: leden 18
Pohlaví: Muž
Stav:
Offline

Re: Tranfer přes CMD - prosím o kontrolu logu

Příspěvekod mastík » 12 led 2018 22:43

AVG PC TuneUP jsem projel a pár set problemu (v registru, atd.) to opravilo - na dalsi problemy potrebuju plnou verzi.

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Tranfer přes CMD - prosím o kontrolu logu

Příspěvekod jaro3 » 13 led 2018 09:58

AVG PC TuneUP doporučuji odinstalovat , akorát Ti dodrbe registry..

Stáhni Kaspersky VRT
na svojí plochu.
Spusť program Kaspersky VRT, .Program se nainstaluje.
Potvrď licenci a klikni na „Start“ . Pokud program nabídne aktualizaci , klikni dole na na „Download Now“.
- Klikni na ozubené kolečko v pravém horním rohu. V okně vyber kromě již zatržených , svojí jednotku disku , pokud jich máš víc , můžeš zatrhnout všechny.
- zvol „Automatic Scan“ nahoře vlevo. a stiskni tlačítko „Start Scanning
- Program začne skenovat zatržené jednotky

Zaškrtnuté :
Hidden startup objects
System Memory
Disk boot sectors

Počítač
Místní disk C

Nezašrkrtnuté:
Dokumenty
My email
Místní disk D
Jednotka DVD-Rom (E)
Jednotka BD-ROM (G)
Disketová jednotka

A jiné , např. Flash disky , které máš připojeny.

- povol programu Virus Removal Tool odstranit všechny nalezené infekce
- jakmile sken skončí ,zvol záložku „Report“ , vpravo nahoře (vedle ozubeného kolečka)
- klikni na „Detected Threads“ a klikni na obrázek diskety („Save“)
- ulož do počítače zprávu a vložit ji sem do příspěvku



Stáhni si z některého odkazu SystemLook
SystemLook (32-bit)
http://images.malwareremoval.com/jpshor ... emLook.exe


SystemLook (64-bit)
http://images.malwareremoval.com/jpshor ... ok_x64.exe

a ulož si ho na plochu.

Poklepej na stažený SystemLook , zkopíruj do hlavního text. okna tento následující text:

Kód: Vybrat vše

:filefind
1529915770.exe.*
128027985.exe.*
2019716523.exe.*

Klikni na Look ke startu skenu. Když program skončí objeví se v poznámkovém bloku zpráva skenu. Zkopíruj sem celý jeho obsah. Log se také nachází na ploše pod názvem SystemLook.txt.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

mastík
nováček
Příspěvky: 15
Registrován: leden 18
Pohlaví: Muž
Stav:
Offline

Re: Tranfer přes CMD - prosím o kontrolu logu

Příspěvekod mastík » 13 led 2018 17:08

Kaspersky mi nic nenalezl a SystemLook taky ne (viz. níže). Myslím si, že už je to pryč - celkem dlouho dobu jsem nic nezaznamenal.

SystemLook 30.07.11 by jpshortstuff
Log created at 17:05 on 13/01/2018 by honza
Administrator - Elevation successful

========== filefind ==========

Searching for "1529915770.exe.*"
No files found.

Searching for "128027985.exe.*"
No files found.

Searching for "2019716523.exe.*"
No files found.

-= EOF =-

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Tranfer přes CMD - prosím o kontrolu logu

Příspěvekod jaro3 » 13 led 2018 20:11

Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt
Další odkazy:
http://ccm.net/download/download-24087-delfix
https://www.bleepingcomputer.com/download/delfix/

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

mastík
nováček
Příspěvky: 15
Registrován: leden 18
Pohlaví: Muž
Stav:
Offline

Re: Tranfer přes CMD - prosím o kontrolu logu

Příspěvekod mastík » 13 led 2018 22:48

Hotovo! :) myslím, že už je všechno v pohodě :) dík moc za pomoc

# DelFix v1.013 - Logfile created 13/01/2018 at 22:47:13
# Updated 17/04/2016 by Xplode
# Username : honza - DELL
# Operating System : Windows 10 Pro (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Cleaning system restore ...

Deleted : RP #22 [JRT Pre-Junkware Removal | 01/09/2018 01:25:09]
Deleted : RP #23 [Installed spacedesk Windows DRIVER | 01/10/2018 18:18:16]
Deleted : RP #24 [JRT Pre-Junkware Removal | 01/11/2018 09:38:49]
Deleted : RP #25 [zoek.exe restore point | 01/12/2018 10:34:42]
Deleted : RP #26 [Removed HP LaserJet MFP M129-M134 Basic Device Software | 01/13/2018 16:10:18]

New restore point created !

########## - EOF - ##########


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 7 hostů