Prosím o kontrolu logu Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

hukuj
Level 1.5
Level 1.5
Příspěvky: 102
Registrován: září 10
Bydliště: Brno
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod hukuj » 05 čer 2017 21:55

Tady jsou logy z DelFix a CrystalDisk. Ten Memtest jsem zatím dvě hodiny nevydržel. Mám ho napřed zkusit? Pokud sem nemám vkládat nějaký log, tak nevím, co z něj sám poznám. Děkuju.

# DelFix v1.013 - Logfile created 05/06/2017 at 21:39:39
# Updated 17/04/2016 by Xplode
# Username : oem - OEM-PC
# Operating System : Windows 10 Home (64 bits)

~ Removing disinfection tools ...

Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\zoek-results2017-06-03-103219.log
Deleted : C:\Users\oem\Desktop\AdwCleaner.exe
Deleted : C:\Users\oem\Desktop\JRT.exe
Deleted : C:\Users\oem\Desktop\HiJackThis.lnk
Deleted : C:\Users\oem\Desktop\RogueKiller_portable64.exe
Deleted : C:\Users\oem\Desktop\zoek.exe
Deleted : C:\Users\oem\Downloads\TFC.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Cleaning system restore ...

Deleted : RP #49 [Windows Update | 05/23/2017 17:21:43]
Deleted : RP #50 [Windows Update | 06/01/2017 17:54:14]
Deleted : RP #51 [JRT Pre-Junkware Removal | 06/02/2017 19:32:26]
Deleted : RP #52 [Removed TomTom HOME. | 06/04/2017 09:59:47]

New restore point created !

########## - EOF - ##########






----------------------------------------------------------------------------
CrystalDiskInfo 7.0.5 (C) 2008-2016 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 10 [10.0 Build 14393] (x64)
Date : 2017/06/05 21:47:29

-- Controller Map ----------------------------------------------------------
+ PCI Standardní dvoukanálový řadič IDE [ATA]
- ATA Channel 0 (0)
- ATA Channel 1 (1)
+ PCI Standardní dvoukanálový řadič IDE [ATA]
+ ATA Channel 0 (0)
- TSSTcorp CDDVDW SH-224DB ATA Device
- SAMSUNG HD502HJ ATA Device
- ATA Channel 1 (1)
- Řadič prostorů úložišť [SCSI]

-- Disk List ---------------------------------------------------------------
(1) SAMSUNG HD502HJ : 500,1 GB [0/0/0, pd1]

----------------------------------------------------------------------------
(1) SAMSUNG HD502HJ
----------------------------------------------------------------------------
Model : SAMSUNG HD502HJ
Firmware : 1AJ10001
Serial Number : S20BJ9BZ827083
Disk Size : 500,1 GB (8,4/137,4/500,1/500,1)
Buffer Size : 16384 KB
Queue Depth : 32
# of Sectors : 976773168
Rotation Rate : 7200 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 6
Transfer Mode : ---- | SATA/300
Power On Hours : 29702 hod.
Power On Count : 4481 krát
Temperature : 35 C (95 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, AAM, 48bit LBA, NCQ
APM Level : 0000h [OFF]
AAM Level : FE00h [OFF]
Drive Letter : C:

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 100 _51 000000000000 Počet chyb čtení
02 252 252 __0 000000000000 Průchodnost disku
03 _83 _82 _25 0000000014D4 Čas na roztočení ploten
04 _96 _96 __0 00000000118F Počet spuštění/zastavení
05 252 252 _10 000000000000 Počet přemapovaných sektorů
07 252 252 _51 000000000000 Počet chybných hledání
08 252 252 _15 000000000000 Čas potřebný na vyhledání
09 100 100 __0 000000007406 Hodin v činnosti
0A 252 252 _51 000000000000 Počet opakovaných pokusů o roztočení ploten
0B 252 252 __0 000000000000 Počet pokusů o překalibrování
0C _96 _96 __0 000000001181 Počet cyklů zapnutí zařízení
BF 252 252 __0 000000000000 Počet udalostí zaznamenaných otřesovým senzorem
C0 252 252 __0 000000000000 Počet vypnutí disku
C2 _64 _56 __0 002C00130023 Teplota
C3 100 100 __0 000000000000 Počet oprav chybného čtení
C4 252 252 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 252 252 __0 000000000000 Počet podezřelých sektorů
C6 252 252 __0 000000000000 Počet neopravitelných sektorů
C7 100 100 __0 000000000003 Počet chyb v kontrolním součtu UltraDMA
C8 100 100 __0 000000000001 Počet chyb při zápisu sektorů
DF 252 252 __0 000000000000 Zatížení budiče magnetických hlav způsobené opakovanými úkony
E1 100 100 __0 000000001191 Počet cyklů načítání/vymazání

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0040 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 5332 3042 4A39 425A 3832 3730 3833 2020 2020 2020
020: 0000 8000 0050 3141 4A31 3030 3031 5341 4D53 554E
030: 4720 4844 3530 3248 4A20 2020 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 1706 0000 004C 0040
080: 01FF 0028 746B 7F69 4123 7469 BC41 4123 407F 0026
090: 0026 0000 FFFE 0000 FE00 0000 0000 0000 0000 0000
100: 6030 3A38 0000 0000 0000 0000 4000 0000 5002 4E92
110: 0330 A451 0000 0000 0000 0000 0000 0000 0000 401C
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0002 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 003F 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 1C20 0000 0000
220: 0000 0000 101F 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0400 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 7AA5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 2F 00 64 64 00 00 00 00 00 00 00 02 26
010: 00 FC FC 00 00 00 00 00 00 00 03 23 00 53 52 D4
020: 14 00 00 00 00 00 04 32 00 60 60 8F 11 00 00 00
030: 00 00 05 33 00 FC FC 00 00 00 00 00 00 00 07 2E
040: 00 FC FC 00 00 00 00 00 00 00 08 24 00 FC FC 00
050: 00 00 00 00 00 00 09 32 00 64 64 06 74 00 00 00
060: 00 00 0A 32 00 FC FC 00 00 00 00 00 00 00 0B 32
070: 00 FC FC 00 00 00 00 00 00 00 0C 32 00 60 60 81
080: 11 00 00 00 00 00 BF 22 00 FC FC 00 00 00 00 00
090: 00 00 C0 22 00 FC FC 00 00 00 00 00 00 00 C2 02
0A0: 00 40 38 23 00 13 00 2C 00 00 C3 3A 00 64 64 00
0B0: 00 00 00 00 00 00 C4 32 00 FC FC 00 00 00 00 00
0C0: 00 00 C5 32 00 FC FC 00 00 00 00 00 00 00 C6 30
0D0: 00 FC FC 00 00 00 00 00 00 00 C7 36 00 64 64 03
0E0: 00 00 00 00 00 00 C8 2A 00 64 64 01 00 00 00 00
0F0: 00 00 DF 32 00 FC FC 00 00 00 00 00 00 00 E1 32
100: 00 64 64 91 11 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 84 12 00 5B
170: 03 00 01 00 02 4F 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 68

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 33 00 00 00 00 00 00 00 00 00 00 02 00
010: 00 00 00 00 00 00 00 00 00 00 03 19 00 00 00 00
020: 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00
030: 00 00 05 0A 00 00 00 00 00 00 00 00 00 00 07 33
040: 00 00 00 00 00 00 00 00 00 00 08 0F 00 00 00 00
050: 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00 00
060: 00 00 0A 33 00 00 00 00 00 00 00 00 00 00 0B 00
070: 00 00 00 00 00 00 00 00 00 00 0C 00 00 00 00 00
080: 00 00 00 00 00 00 BF 00 00 00 00 00 00 00 00 00
090: 00 00 C0 00 00 00 00 00 00 00 00 00 00 00 C2 00
0A0: 00 00 00 00 00 00 00 00 00 00 C3 00 00 00 00 00
0B0: 00 00 00 00 00 00 C4 00 00 00 00 00 00 00 00 00
0C0: 00 00 C5 00 00 00 00 00 00 00 00 00 00 00 C6 00
0D0: 00 00 00 00 00 00 00 00 00 00 C7 00 00 00 00 00
0E0: 00 00 00 00 00 00 C8 00 00 00 00 00 00 00 00 00
0F0: 00 00 DF 00 00 00 00 00 00 00 00 00 00 00 E1 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3B

Reklama
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 06 čer 2017 09:32

Memtest rozhodně udělej aspoň 2h.

0000000014D4 Čas na roztočení ploten
Udělej znovu i CDI.

+
Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

hukuj
Level 1.5
Level 1.5
Příspěvky: 102
Registrován: září 10
Bydliště: Brno
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod hukuj » 07 čer 2017 20:47

Stáhl jsem si ten FRST 64 z uvedeného odkazu, ale při pokusu o spuštění mi systém to vyhodí tuto hlášku: "Filtr SmartScreen programu Windows Defender zabránil spuštění nerozpoznané aplikace. Spuštění této aplikace by mohlo ohrozit počítač." Mám se na to vykašlat a "přesto spusit", jak se mě to ptá? Jako laik se bojím.

Jo a připojuju aktuální log z CDI.


CrystalDiskInfo 7.0.5 (C) 2008-2016 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 10 [10.0 Build 14393] (x64)
Date : 2017/06/07 20:41:44

-- Controller Map ----------------------------------------------------------
+ PCI Standardní dvoukanálový řadič IDE [ATA]
- ATA Channel 0 (0)
- ATA Channel 1 (1)
+ PCI Standardní dvoukanálový řadič IDE [ATA]
+ ATA Channel 0 (0)
- TSSTcorp CDDVDW SH-224DB ATA Device
- SAMSUNG HD502HJ ATA Device
- ATA Channel 1 (1)
- Řadič prostorů úložišť [SCSI]

-- Disk List ---------------------------------------------------------------
(1) SAMSUNG HD502HJ : 500,1 GB [0/0/0, pd1]

----------------------------------------------------------------------------
(1) SAMSUNG HD502HJ
----------------------------------------------------------------------------
Model : SAMSUNG HD502HJ
Firmware : 1AJ10001
Serial Number : S20BJ9BZ827083
Disk Size : 500,1 GB (8,4/137,4/500,1/500,1)
Buffer Size : 16384 KB
Queue Depth : 32
# of Sectors : 976773168
Rotation Rate : 7200 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 6
Transfer Mode : ---- | SATA/300
Power On Hours : 29732 hod.
Power On Count : 4483 krát
Temperature : 33 C (91 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, AAM, 48bit LBA, NCQ
APM Level : 0000h [OFF]
AAM Level : FE00h [OFF]
Drive Letter : C:

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 100 _51 000000000000 Počet chyb čtení
02 252 252 __0 000000000000 Průchodnost disku
03 _83 _82 _25 000000001517 Čas na roztočení ploten
04 _96 _96 __0 000000001191 Počet spuštění/zastavení
05 252 252 _10 000000000000 Počet přemapovaných sektorů
07 252 252 _51 000000000000 Počet chybných hledání
08 252 252 _15 000000000000 Čas potřebný na vyhledání
09 100 100 __0 000000007424 Hodin v činnosti
0A 252 252 _51 000000000000 Počet opakovaných pokusů o roztočení ploten
0B 252 252 __0 000000000000 Počet pokusů o překalibrování
0C _96 _96 __0 000000001183 Počet cyklů zapnutí zařízení
BF 252 252 __0 000000000000 Počet udalostí zaznamenaných otřesovým senzorem
C0 252 252 __0 000000000000 Počet vypnutí disku
C2 _64 _56 __0 002C00130021 Teplota
C3 100 100 __0 000000000000 Počet oprav chybného čtení
C4 252 252 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 252 252 __0 000000000000 Počet podezřelých sektorů
C6 252 252 __0 000000000000 Počet neopravitelných sektorů
C7 100 100 __0 000000000003 Počet chyb v kontrolním součtu UltraDMA
C8 100 100 __0 000000000001 Počet chyb při zápisu sektorů
DF 252 252 __0 000000000000 Zatížení budiče magnetických hlav způsobené opakovanými úkony
E1 100 100 __0 000000001193 Počet cyklů načítání/vymazání

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0040 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 5332 3042 4A39 425A 3832 3730 3833 2020 2020 2020
020: 0000 8000 0050 3141 4A31 3030 3031 5341 4D53 554E
030: 4720 4844 3530 3248 4A20 2020 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 1706 0000 004C 0040
080: 01FF 0028 746B 7F69 4123 7469 BC41 4123 407F 0026
090: 0026 0000 FFFE 0000 FE00 0000 0000 0000 0000 0000
100: 6030 3A38 0000 0000 0000 0000 4000 0000 5002 4E92
110: 0330 A451 0000 0000 0000 0000 0000 0000 0000 401C
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0002 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 003F 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 1C20 0000 0000
220: 0000 0000 101F 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0400 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 7AA5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 2F 00 64 64 00 00 00 00 00 00 00 02 26
010: 00 FC FC 00 00 00 00 00 00 00 03 23 00 53 52 17
020: 15 00 00 00 00 00 04 32 00 60 60 91 11 00 00 00
030: 00 00 05 33 00 FC FC 00 00 00 00 00 00 00 07 2E
040: 00 FC FC 00 00 00 00 00 00 00 08 24 00 FC FC 00
050: 00 00 00 00 00 00 09 32 00 64 64 24 74 00 00 00
060: 00 00 0A 32 00 FC FC 00 00 00 00 00 00 00 0B 32
070: 00 FC FC 00 00 00 00 00 00 00 0C 32 00 60 60 83
080: 11 00 00 00 00 00 BF 22 00 FC FC 00 00 00 00 00
090: 00 00 C0 22 00 FC FC 00 00 00 00 00 00 00 C2 02
0A0: 00 40 38 21 00 13 00 2C 00 00 C3 3A 00 64 64 00
0B0: 00 00 00 00 00 00 C4 32 00 FC FC 00 00 00 00 00
0C0: 00 00 C5 32 00 FC FC 00 00 00 00 00 00 00 C6 30
0D0: 00 FC FC 00 00 00 00 00 00 00 C7 36 00 64 64 03
0E0: 00 00 00 00 00 00 C8 2A 00 64 64 01 00 00 00 00
0F0: 00 00 DF 32 00 FC FC 00 00 00 00 00 00 00 E1 32
100: 00 64 64 93 11 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 84 12 00 5B
170: 03 00 01 00 02 4F 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 33 00 00 00 00 00 00 00 00 00 00 02 00
010: 00 00 00 00 00 00 00 00 00 00 03 19 00 00 00 00
020: 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00
030: 00 00 05 0A 00 00 00 00 00 00 00 00 00 00 07 33
040: 00 00 00 00 00 00 00 00 00 00 08 0F 00 00 00 00
050: 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00 00
060: 00 00 0A 33 00 00 00 00 00 00 00 00 00 00 0B 00
070: 00 00 00 00 00 00 00 00 00 00 0C 00 00 00 00 00
080: 00 00 00 00 00 00 BF 00 00 00 00 00 00 00 00 00
090: 00 00 C0 00 00 00 00 00 00 00 00 00 00 00 C2 00
0A0: 00 00 00 00 00 00 00 00 00 00 C3 00 00 00 00 00
0B0: 00 00 00 00 00 00 C4 00 00 00 00 00 00 00 00 00
0C0: 00 00 C5 00 00 00 00 00 00 00 00 00 00 00 C6 00
0D0: 00 00 00 00 00 00 00 00 00 00 C7 00 00 00 00 00
0E0: 00 00 00 00 00 00 C8 00 00 00 00 00 00 00 00 00
0F0: 00 00 DF 00 00 00 00 00 00 00 00 00 00 00 E1 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3B

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 07 čer 2017 22:19

http://www.bleepingcomputer.com/download/roguekiller/

http://www.adlice.com/download/roguekil ... HlwZT14NjQ

0000000014D4 Čas na roztočení ploten
000000001517 Čas na roztočení ploten
Čas potřebný k roztočení ploten. S časem se zhoršuje, avšak poměrně pomalu. Náhlá změna značí poškození motorku otáčejícího plotny.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

hukuj
Level 1.5
Level 1.5
Příspěvky: 102
Registrován: září 10
Bydliště: Brno
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod hukuj » 08 čer 2017 22:02

Nevím, nechápu:
1. Ten Roguekiller si mám znovu nainstalovat a PC tím projet?
2. Ty "časy k rozočení ploten" teda znamenají, že mám poškozenej nějakej motorek? A to se dá v PC vyměnit?
3. A ten FRST64, jak jsem se ptal, teda můžu risknout spustit nebo raději ne?

Předem díky za sestup na mou úroveň.

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 08 čer 2017 22:40

RK si už dělal , tak to nech.

ten disk má nejpíš vadu motorku , ložiska , řízení otáček , to se opravit nedá , jen vyměnit celý disk.

FrSt udělej , podle návodu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

hukuj
Level 1.5
Level 1.5
Příspěvky: 102
Registrován: září 10
Bydliště: Brno
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod hukuj » 16 čer 2017 22:56

Tady jsou logy z FRST. Udělal jsem to už dávno a myslel jsem si, že jsem je sem už vložil. Asi ne. Tak až teď.

Napřed jeden:


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-06-2017
Ran by oem (administrator) on OEM-PC (11-06-2017 22:25:17)
Running from C:\Users\oem\Desktop
Loaded Profiles: oem (Available Profiles: oem & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
() C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1705.1301.0_x64__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkypeHost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-08] (AVAST Software)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14522512 2017-04-03] (Copyright 2017.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2770432 2010-02-10] (VIA)
HKLM-x32\...\Run: [ATICustomerCare] => C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-03-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Live! Central 3] => C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe [461312 2013-08-15] (Creative Technology Ltd)
HKU\S-1-5-21-1790967181-1192606045-1394816446-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [572416 2017-03-04] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-08] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-08] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk [2017-05-08]
ShortcutTarget: AVer HID Receiver.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVerQuick.lnk [2017-05-08]
ShortcutTarget: AVerQuick.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe (AVerMedia TECHNOLOGIES, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{fbbe13cc-a1be-44c5-8ebf-9bcdbd7e22a2}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1790967181-1192606045-1394816446-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1790967181-1192606045-1394816446-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-1790967181-1192606045-1394816446-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.cz/
HKU\S-1-5-21-1790967181-1192606045-1394816446-1000\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxp://www.google.cz/
SearchScopes: HKU\S-1-5-21-1790967181-1192606045-1394816446-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-26] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-26] (Microsoft Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareu ... PIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareu ... /CTPID.cab
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-26] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-26] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-26] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\oem\AppData\Roaming\TomTom\HOME\Profiles\sobfh24o.default [2017-06-04]
FF NewTab: TomTom\HOME\Profiles\sobfh24o.default -> about:newtab
FF Homepage: TomTom\HOME\Profiles\sobfh24o.default -> about:home
FF Extension: (Emulator) - C:\Users\oem\AppData\Roaming\TomTom\HOME\Profiles\sobfh24o.default\Extensions\Navcore.8.010.9369@tomtom.com [2014-08-03] [not signed]
FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2014-07-02] [not signed]
FF ProfilePath: C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\y504fwoy.default [2017-06-11]
FF NewTab: Mozilla\Firefox\Profiles\y504fwoy.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\y504fwoy.default -> www.google.cz/
FF Extension: (Avast SafePrice) - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\y504fwoy.default\Extensions\sp@avast.com.xpi [2017-06-01]
FF Extension: (Please enter your password) - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\y504fwoy.default\Extensions\stefanvandamme@stefanvd.net.xpi [2017-06-11]
FF Extension: (Avast Online Security) - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\y504fwoy.default\Extensions\wrc@avast.com.xpi [2017-06-01]
FF Extension: (WOT) - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\y504fwoy.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2017-05-10]
FF Extension: (Adblock Plus) - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\y504fwoy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-08]
FF Extension: (Follow-on Search Telemetry) - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\y504fwoy.default\features\{1d3846c4-0110-4388-b4f6-e575de114b9b}\followonsearch@mozilla.com.xpi [2017-06-06]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1228198.dll [2017-02-27] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-26] (Microsoft Corporation)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-06-03] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-06-03] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll [2010-10-16] (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll [2010-09-21] (Veetle Inc)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-08] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-08] (AVAST Software)
R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [352256 2008-09-10] (AVerMedia) [File not signed]
R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [413696 2008-10-09] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3971264 2017-05-14] (Microsoft Corporation)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [42096 2016-12-21] (Dropbox, Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-28] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14522512 2017-04-03] (Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [311808 2017-05-08] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [190256 2017-05-08] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334576 2017-05-08] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [49016 2017-05-08] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-05-08] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-05-08] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [128648 2017-05-08] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-05-08] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-05-08] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1007160 2017-05-08] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [569192 2017-05-08] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [158880 2017-05-16] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-05-08] (AVAST Software)
R3 AVerA706_x64; C:\WINDOWS\system32\DRIVERS\AVerA706_x64.sys [1422080 2009-06-10] (AVerMedia TECHNOLOGIES, Inc.)
S3 AVerBDA3x_x64; C:\WINDOWS\System32\DRIVERS\AVerBDA3x_x64.sys [1523840 2008-08-27] (AVerMedia TECHNOLOGIES, Inc.) [File not signed]
R2 BrPar; C:\WINDOWS\System32\drivers\BrPar64a.sys [30528 2006-11-06] (Brother Industries Ltd.)
S3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [113592 2017-06-01] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [252832 2017-06-02] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-06-01] (Malwarebytes)
R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-06-03] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-06-03] (Zemana Ltd.)
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-11 22:25 - 2017-06-11 22:26 - 00018597 _____ C:\Users\oem\Desktop\FRST.txt
2017-06-11 22:25 - 2017-06-11 22:25 - 00000000 ____D C:\Users\oem\Desktop\FRST-OlderVersion
2017-06-11 22:24 - 2017-06-11 22:25 - 00000000 ____D C:\FRST
2017-06-11 19:20 - 2017-06-11 19:22 - 00000000 ____D C:\Users\oem\Desktop\vrbice
2017-06-11 15:37 - 2017-06-11 15:37 - 03352278 _____ C:\Users\oem\Desktop\03 Venta la Tonta (Alegrias).wma
2017-06-08 21:52 - 2017-06-08 21:52 - 26377288 _____ C:\Users\oem\Desktop\RogueKiller_portable64.exe
2017-06-08 21:51 - 2017-06-08 21:55 - 35426672 _____ (Adlice Software ) C:\Users\oem\Desktop\RogueKiller_setup_ref3.exe
2017-06-07 20:38 - 2017-06-11 22:25 - 02438656 _____ (Farbar) C:\Users\oem\Desktop\FRST64.exe
2017-06-06 15:50 - 2017-06-06 15:50 - 00414084 _____ C:\Users\oem\Desktop\nef_elem_entry_test_marking_overlay.pdf
2017-06-06 15:49 - 2017-06-06 15:49 - 00431243 _____ C:\Users\oem\Desktop\nef_elem_entry_test.pdf
2017-06-06 15:49 - 2017-06-06 15:49 - 00415050 _____ C:\Users\oem\Desktop\nef_elem_entry_test_answersheet.pdf
2017-06-06 15:48 - 2017-06-06 15:48 - 00467275 _____ C:\Users\oem\Desktop\nef_elem_endtest_b.pdf
2017-06-06 15:48 - 2017-06-06 15:48 - 00430003 _____ C:\Users\oem\Desktop\nef_elem_endtest_answersheet_b.pdf
2017-06-06 15:47 - 2017-06-06 15:47 - 00429750 _____ C:\Users\oem\Desktop\nef_elem_endtest_answersheet_a.pdf
2017-06-06 15:46 - 2017-06-06 15:46 - 00466920 _____ C:\Users\oem\Desktop\nef_elem_endtest_a.pdf
2017-06-05 21:48 - 2017-06-07 20:42 - 00008422 _____ C:\Users\oem\Desktop\crystal disk.txt
2017-06-05 21:46 - 2017-06-05 21:46 - 00001273 _____ C:\Users\oem\Desktop\CrystalDiskInfo.lnk
2017-06-05 21:46 - 2017-06-05 21:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2017-06-05 21:46 - 2017-06-05 21:46 - 00000000 ____D C:\Program Files (x86)\CrystalDiskInfo
2017-06-05 21:44 - 2017-06-05 21:44 - 00000000 ____D C:\Users\oem\Desktop\MemTest
2017-06-05 21:41 - 2017-06-05 21:41 - 00001041 _____ C:\Users\oem\Desktop\DelFix.txt
2017-06-05 21:39 - 2017-06-05 21:40 - 00001041 _____ C:\DelFix.txt
2017-06-04 17:40 - 2017-06-04 17:18 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2017-06-04 17:34 - 2017-06-04 17:43 - 00000000 ____D C:\zoek
2017-06-03 21:58 - 2017-06-11 22:25 - 00747322 _____ C:\WINDOWS\ZAM.krnl.trace
2017-06-03 21:58 - 2017-06-11 22:25 - 00734955 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-06-03 21:58 - 2017-06-03 21:58 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-06-03 21:58 - 2017-06-03 21:58 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-06-03 21:58 - 2017-06-03 21:58 - 00001221 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-06-03 21:58 - 2017-06-03 21:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-06-03 21:58 - 2017-06-03 21:58 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-06-03 21:57 - 2017-06-03 21:57 - 00000000 ____D C:\Users\oem\AppData\Local\Zemana
2017-06-03 09:26 - 2017-06-03 09:27 - 00000000 ____D C:\Users\oem\AppData\Local\Adobe
2017-06-02 21:58 - 2017-06-02 22:48 - 00000000 ____D C:\ProgramData\RogueKiller
2017-06-02 21:43 - 2017-06-02 21:43 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-06-02 21:43 - 2017-06-02 21:43 - 00000000 ____D C:\ProgramData\Sophos
2017-06-02 21:43 - 2017-06-02 21:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-06-02 21:42 - 2017-06-02 21:42 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-06-02 21:41 - 2017-06-02 21:42 - 168674720 _____ (Sophos Limited) C:\Users\oem\Downloads\Sophos Virus Removal Tool.exe
2017-06-02 21:20 - 2017-06-02 21:20 - 00252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\3CD25977.sys
2017-06-01 20:45 - 2017-06-02 21:22 - 00252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-01 20:45 - 2017-06-01 20:50 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-06-01 20:45 - 2017-06-01 20:45 - 00188312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-06-01 20:45 - 2017-06-01 20:45 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-06-01 20:45 - 2017-06-01 20:45 - 00044960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-06-01 20:45 - 2017-06-01 20:45 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-06-01 20:45 - 2017-06-01 20:45 - 00000000 ____D C:\Program Files\Malwarebytes
2017-06-01 20:45 - 2017-05-31 11:09 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-06-01 20:44 - 2017-06-01 20:44 - 00000000 ____D C:\Users\oem\AppData\Local\CEF
2017-06-01 20:43 - 2017-06-01 20:44 - 64025992 _____ (Malwarebytes ) C:\Users\oem\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.139-1.0.2060.exe
2017-06-01 20:31 - 2017-06-01 20:31 - 00000000 ____D C:\Users\oem\AppData\Local\AVerMedia
2017-06-01 20:17 - 2017-06-01 20:17 - 09551280 _____ (Piriform Ltd) C:\Users\oem\Downloads\ccsetup530.exe
2017-06-01 20:08 - 2017-06-01 20:08 - 00050688 _____ (Atribune.org) C:\Users\oem\Downloads\ATF-Cleaner.exe
2017-05-31 21:48 - 2017-05-31 21:48 - 00000029 _____ C:\Users\oem\Documents\hosts.txt
2017-05-31 21:24 - 2017-05-31 21:24 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-05-31 19:55 - 2017-05-31 19:55 - 00264999 _____ C:\Users\oem\Desktop\neco-z-fulghuma-i-from-fulghum-i-auto_preview-1.pdf
2017-05-27 13:35 - 2017-05-27 13:36 - 00023829 _____ C:\Users\oem\Downloads\výkaz práce květen(1).xlsx
2017-05-27 13:18 - 2017-05-27 13:18 - 00016788 _____ C:\Users\oem\Downloads\výkaz práce květen.xlsx
2017-05-25 09:33 - 2017-05-25 09:33 - 02695591 _____ C:\Users\oem\Desktop\J. Nosek - e-book foto.pdf
2017-05-23 15:00 - 2017-05-23 15:33 - 00000000 ____D C:\Users\oem\Documents\daňhelová_úkol_VR
2017-05-19 20:59 - 2017-05-19 20:59 - 00029456 _____ C:\Users\oem\Downloads\my home town.odt
2017-05-19 20:57 - 2017-05-19 20:57 - 00257572 _____ C:\Users\oem\Downloads\Prezentaced Aj.odp
2017-05-19 19:46 - 2017-05-19 19:46 - 00992590 _____ C:\Users\oem\Downloads\My Town - Znojmo.pptx
2017-05-19 17:50 - 2017-05-19 17:50 - 03065344 _____ C:\Users\oem\Downloads\Hotel Presentation.ppt
2017-05-17 16:33 - 2017-05-17 16:33 - 01401821 _____ C:\Users\oem\Downloads\Angličtina.pptx
2017-05-16 17:02 - 2017-05-16 17:02 - 00317975 _____ C:\Users\oem\Desktop\Individualni-rozpis-IB2017-1.pdf
2017-05-16 16:24 - 2017-05-16 16:24 - 16677977 _____ C:\Users\oem\Downloads\Senec-ppt.pptx
2017-05-15 19:49 - 2017-05-15 19:49 - 08152473 _____ C:\Users\oem\Downloads\Bay.pptx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-11 22:24 - 2016-11-16 00:12 - 00000000 ____D C:\Users\oem\AppData\LocalLow\Mozilla
2017-06-11 22:08 - 2016-10-02 12:41 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-11 15:51 - 2017-05-06 11:42 - 00000000 ____D C:\Users\oem\Documents\AVerTV
2017-06-11 15:41 - 2012-04-16 18:29 - 00000000 ____D C:\Users\oem\AppData\Roaming\vlc
2017-06-11 11:52 - 2017-03-15 21:57 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-06-09 16:04 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-09 16:04 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-09 12:29 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-08 22:54 - 2010-10-09 11:17 - 00000309 _____ C:\WINDOWS\Brownie.ini
2017-06-08 22:05 - 2015-12-28 20:29 - 00000000 ____D C:\Users\oem\AppData\Local\Packages
2017-06-08 18:18 - 2013-12-30 21:29 - 00000000 ____D C:\Users\oem\Desktop\Helena
2017-06-08 12:56 - 2017-05-03 15:24 - 00117760 ___SH C:\Users\oem\Downloads\Thumbs.db
2017-06-08 12:32 - 2016-12-06 11:54 - 00003268 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-08 12:32 - 2015-12-28 20:35 - 00002421 _____ C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-08 12:32 - 2015-12-28 20:35 - 00000000 ___RD C:\Users\oem\OneDrive
2017-06-08 11:58 - 2017-01-01 17:19 - 01072128 ___SH C:\Users\oem\Desktop\Thumbs.db
2017-06-08 11:58 - 2010-10-18 21:18 - 00000000 ____D C:\VueScan
2017-06-08 08:32 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-06 15:46 - 2012-07-13 12:21 - 00000000 ____D C:\Users\oem\Documents\Vyúčtování SIPO
2017-06-05 21:24 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF
2017-06-05 11:15 - 2016-10-02 12:43 - 00000423 _____ C:\WINDOWS\BRWMARK.INI
2017-06-04 22:07 - 2010-10-07 22:58 - 00000000 ____D C:\Users\oem\Documents\Zálohy PC
2017-06-04 17:42 - 2016-10-02 13:17 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-04 17:42 - 2016-07-16 08:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-06-03 22:00 - 2016-10-02 12:47 - 00000000 ____D C:\Users\oem
2017-06-03 11:26 - 2014-11-09 22:17 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-06-02 21:57 - 2016-10-02 13:17 - 00003942 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1426012878
2017-06-02 21:57 - 2010-10-24 21:53 - 00000000 ____D C:\Program Files (x86)\Opera
2017-06-02 21:20 - 2014-11-02 22:59 - 00000000 ____D C:\Users\oem\AppData\Roaming\Lavasoft
2017-06-01 20:45 - 2014-11-08 13:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-01 20:19 - 2016-11-05 15:32 - 00000000 ____D C:\WINDOWS\Minidump
2017-06-01 20:17 - 2015-12-29 17:17 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-06-01 20:09 - 2015-12-28 20:42 - 00000000 ____D C:\Users\oem\AppData\Local\Comms
2017-05-31 21:24 - 2016-10-02 13:17 - 00003994 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1462900984
2017-05-30 19:14 - 2017-03-18 00:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-30 19:14 - 2016-11-22 17:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-05-30 19:14 - 2012-05-05 15:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-27 16:37 - 2010-10-09 20:36 - 00000000 ____D C:\Users\oem\Documents\IVANA
2017-05-26 07:15 - 2016-07-16 13:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-05-26 07:12 - 2010-10-08 21:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-05-23 19:25 - 2013-08-20 23:13 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-05-23 19:22 - 2010-10-05 16:41 - 132223576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-05-19 21:00 - 2010-10-28 15:02 - 00000000 ____D C:\Users\oem\AppData\Roaming\OpenOffice.org2
2017-05-16 21:41 - 2014-11-27 00:52 - 00158880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2017-05-13 19:44 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\rescache

==================== Files in the root of some directories =======

2016-08-21 13:12 - 2016-08-21 13:13 - 0388608 _____ (Trend Micro Inc.) C:\Program Files (x86)\hijackthis.exe
2017-05-31 21:56 - 2017-05-31 21:56 - 0010168 _____ () C:\Program Files (x86)\hijackthis.log
2010-10-27 22:53 - 2016-07-28 20:11 - 0005120 _____ () C:\Users\oem\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-10-24 20:46 - 2010-10-24 20:46 - 0007605 _____ () C:\Users\oem\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-03 22:57

==================== End of FRST.txt ============================

hukuj
Level 1.5
Level 1.5
Příspěvky: 102
Registrován: září 10
Bydliště: Brno
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod hukuj » 16 čer 2017 22:59

A druhej:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-06-2017
Ran by oem (11-06-2017 22:27:25)
Running from C:\Users\oem\Desktop
Windows 10 Home Version 1607 (X64) (2016-10-02 11:22:29)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1790967181-1192606045-1394816446-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1790967181-1192606045-1394816446-503 - Limited - Disabled)
Guest (S-1-5-21-1790967181-1192606045-1394816446-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1790967181-1192606045-1394816446-1185 - Limited - Enabled)
oem (S-1-5-21-1790967181-1192606045-1394816446-1000 - Administrator - Enabled) => C:\Users\oem

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.8.198 - Adobe Systems, Inc.)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Agfa ScanWise 1.70 (HKLM-x32\...\Agfa ScanWise 1.70) (Version: - )
Agfa ScanWise 2.00 (HKLM-x32\...\Agfa ScanWise 2.00) (Version: - )
AGFAnet Print Service (HKLM-x32\...\AGFAnet Print Service) (Version: - )
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio FREE v.1.14.5 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.14.5 - Ashampoo GmbH & Co. KG)
ATI Catalyst Install Manager (HKLM\...\{8E3FABF5-C3B9-7F7E-4AAE-977D77D48C51}) (Version: 3.0.782.0 - ATI Technologies, Inc.)
ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
AVerMedia Applications (HKLM-x32\...\InstallShield_{92C41B26-EBC5-41C5-8B6F-E3EF7E57FF16}) (Version: 1.0.4 - AVerMedia Technologies, Inc.)
AVerMedia Applications (x32 Version: 1.0.4 - AVerMedia Technologies, Inc.) Hidden
AVerTV (HKLM-x32\...\InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}) (Version: 6.0.18 - AVerMedia Technologies, Inc.)
AVerTV (x32 Version: 6.0.18 - AVerMedia Technologies, Inc.) Hidden
BlazeDVD 6.0 (HKLM-x32\...\BlazeDVD 6.0_is1) (Version: - )
Brother HL-2035 (HKLM-x32\...\{F1C88595-815F-44D3-BE90-84509DD428BE}) (Version: 1.00 - Brother)
capella reader (HKLM-x32\...\{6C70FBE1-6451-4F49-B0C0-7E464E73DF9B}) (Version: 7.1.16 - capella software AG)
ccc-core-static (x32 Version: 2010.0706.2128.36662 - Název společnosti:) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
CODEXIS JUSTICE 5.23.1 (HKLM-x32\...\CDJUS_is1) (Version: - ATLAS consulting, spol. s r.o.)
Cole2k Media - Codec Pack (Advanced) 8.0.2 (HKLM-x32\...\Cole2k Media - Codec Pack) (Version: 8.0.2 - Cole2k Media)
Creative Live! Central 3 (HKLM-x32\...\Creative Live! Central 2) (Version: 3.01.29 - Creative Technology Ltd)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative System Information (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
CrystalDiskInfo 7.0.5 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.0.5 - Crystal Dew World)
ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - )
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
Free Audio Editor (HKLM-x32\...\Free Audio Editor) (Version: - FAE Inc.)
Free AVI Player (HKLM-x32\...\{7DED55EA-FB69-4101-AD5D-3D7F985E68A7}) (Version: 1.00.0000 - Media Freeware)
Free Easy Burner V 5.1 (HKLM-x32\...\Free Easy Burner_is1) (Version: 5.1.0.0 - Koyote soft)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Malwarebytes verze 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Office 2000 Premium (HKLM-x32\...\{00000405-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 365 - cs-cz (HKLM\...\O365HomePremRetail - cs-cz) (Version: 16.0.8067.2115 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1790967181-1192606045-1394816446-1000\...\OneDriveSetup.exe) (Version: 17.3.6915.0529 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 53.0.3 (x86 cs) (HKLM-x32\...\Mozilla Firefox 53.0.3 (x86 cs)) (Version: 53.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.3.6347 - Mozilla)
Mozilla Thunderbird 52.1.1 (x86 cs) (HKLM-x32\...\Mozilla Thunderbird 52.1.1 (x86 cs)) (Version: 52.1.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.8067.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.8067.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.8067.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7967.2073 - Microsoft Corporation) Hidden
OpenOffice.org 1.9.129 (HKLM-x32\...\{9FD36563-6744-4A36-924C-9E2A863DC1EF}) (Version: 1.9129.8953 - OpenOffice.org)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Opera Stable 45.0.2552.888 (HKLM-x32\...\Opera 45.0.2552.888) (Version: 45.0.2552.888 - Opera Software)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
SafeZone Stable 3.55.2393.607 (x32 Version: 3.55.2393.607 - Avast Software) Hidden
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
Skype™ 7.37 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.0 - Sophos Limited)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Lord of the Rings FREE Trial (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Název společnosti:)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Veetle TV 0.9.18 (HKLM-x32\...\Veetle TV) (Version: 0.9.18 - Veetle, Inc)
VIA Platforma Ovladače zařízení (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VueScan (HKLM-x32\...\VueScan) (Version: - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
XnView 1.97.8 (HKLM-x32\...\XnView_is1) (Version: 1.97.8 - Gougelet Pierre-e)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.0.388 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1790967181-1192606045-1394816446-1000_Classes\CLSID\{25815CC0-43F4-3C75-8C3A-A139D9ADE740}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-05-06 11:41 - 2008-10-09 12:15 - 00413696 ____R () C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-05-10 20:35 - 2017-04-28 02:49 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2017-05-06 11:41 - 2008-06-10 20:34 - 00159744 ____R () C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
2017-05-23 08:41 - 2017-05-23 08:41 - 03918848 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1705.1301.0_x64__8wekyb3d8bbwe\Calculator.exe
2017-06-08 08:31 - 2017-06-08 08:31 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-08 08:31 - 2017-06-08 08:31 - 00201728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-08 08:31 - 2017-06-08 08:31 - 43318784 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-08 08:31 - 2017-06-08 08:31 - 02427904 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\skypert.dll
2016-10-02 13:34 - 2016-10-02 13:34 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 19:10 - 2017-03-04 08:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 19:07 - 2017-03-04 08:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 19:07 - 2017-03-04 08:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 19:07 - 2017-03-04 08:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-05-10 20:35 - 2017-04-28 01:36 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-05-10 20:35 - 2017-04-28 01:37 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-05-05 08:12 - 2017-05-05 08:33 - 00020480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-05-05 08:12 - 2017-05-05 08:33 - 26322944 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-05-05 08:12 - 2017-05-05 08:33 - 00441856 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-05-05 08:12 - 2017-05-05 08:33 - 02139648 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-05-05 08:12 - 2017-05-05 08:33 - 02901928 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-05-05 08:12 - 2017-05-05 08:33 - 00046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2016-06-03 08:46 - 2016-06-03 08:48 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-05-05 08:12 - 2017-05-05 08:33 - 00641024 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-05-05 08:12 - 2017-05-05 08:33 - 01062400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2017-05-08 15:04 - 2012-06-09 18:33 - 00053248 _____ () C:\Program Files (x86)\Common Files\AVerMedia\dll\MsgLog.DLL
2017-05-08 17:19 - 2017-05-08 17:19 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-08 17:20 - 2017-05-08 17:20 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-08 17:20 - 2017-05-08 17:20 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-05-08 17:19 - 2017-05-08 17:19 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-08 17:19 - 2017-05-08 17:19 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-05-08 17:19 - 2017-05-08 17:19 - 00291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-05-08 17:19 - 2017-05-08 17:19 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-06-04 17:19 - 2017-06-04 17:19 - 00000753 _____ C:\WINDOWS\system32\Drivers\etc\hosts


127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1790967181-1192606045-1394816446-1000\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
HKLM\...\StartupApproved\StartupFolder: => "AVerQuick.lnk"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{92EF399F-636C-46B6-93F7-2FC339F8AB63}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{AD194D74-D6F3-4909-9F8A-6CC321D0D916}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{FC5B1CFA-B346-4766-9718-D9ABCB3E877A}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{B5619FC0-4A2C-46E2-8337-BCA478754A58}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F4EB9708-16FA-4C2F-82FA-A21C6EC567EF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F1CA1836-B687-447C-A1B8-BE6DA7B3BDFA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D0ECF659-CC23-4362-8606-578F3850F0DA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{7691528D-F936-4B3C-A834-FF76423AD927}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{17B1F439-01DE-488B-9FC5-97FA7BE7B9C6}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{40098E58-32B9-44D4-A5C2-3A8D195BE772}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596_0\SZBrowser.exe
FirewallRules: [{7DC03693-9716-4D17-A809-C29D3E13EED1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A3ECFEC2-5B30-4625-9F18-CBE522D92444}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{47B66B5B-6555-429E-8F90-38C6EC3DD59A}] => (Allow) C:\Program Files (x86)\Opera\45.0.2552.881\opera.exe
FirewallRules: [{DAC09DFF-B1FE-4541-9FAC-A776A8DBB684}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607\SZBrowser.exe
FirewallRules: [{28AFA625-F487-46A7-82E3-493EDDCA4C36}] => (Allow) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe

==================== Restore Points =========================

08-06-2017 13:25:45 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/11/2017 05:23:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program explorer.exe verze 10.0.14393.1198 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 914

Čas spuštění: 01d2e296fa1ba7f4

Čas ukončení: 0

Cesta k aplikaci: C:\Windows\explorer.exe

ID hlášení: cbf1be59-4eb9-11e7-a7f2-485b3976fef1

Úplný název balíčku s chybou:

ID aplikace související s balíčkem s chybou:

Error: (06/11/2017 11:47:19 AM) (Source: COM) (EventID: 10031) (User: )
Description: Při zrušení zařazení vlastního zařazeného objektu byla provedena kontrola zásad zrušení zařazení a třída {F6C29334-47DC-4397-9150-F549CF1D4861} byla odmítnuta.

Error: (06/11/2017 11:36:17 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu BITS v knihovně DLL C:\Windows\System32\bitsperf.dll se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (06/09/2017 04:44:57 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu BITS v knihovně DLL C:\Windows\System32\bitsperf.dll se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (06/08/2017 01:26:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.

Error: (06/07/2017 05:10:13 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu BITS v knihovně DLL C:\Windows\System32\bitsperf.dll se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (06/05/2017 09:40:52 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (06/05/2017 09:40:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.

Error: (06/05/2017 07:55:11 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu BITS v knihovně DLL C:\Windows\System32\bitsperf.dll se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (06/04/2017 05:42:49 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) Systém nemůže nalézt uvedený soubor.


System errors:
=============
Error: (06/11/2017 11:42:00 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
a APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (06/09/2017 09:21:58 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
a APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (06/08/2017 08:23:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
a APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (06/07/2017 08:14:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
a APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (06/06/2017 03:50:36 PM) (Source: DCOM) (EventID: 10016) (User: OEM-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli oem-PC\oem (SID: S-1-5-21-1790967181-1192606045-1394816446-1000) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (06/06/2017 03:49:10 PM) (Source: DCOM) (EventID: 10016) (User: OEM-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli oem-PC\oem (SID: S-1-5-21-1790967181-1192606045-1394816446-1000) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (06/06/2017 03:46:28 PM) (Source: DCOM) (EventID: 10016) (User: OEM-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli oem-PC\oem (SID: S-1-5-21-1790967181-1192606045-1394816446-1000) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (06/06/2017 03:44:31 PM) (Source: DCOM) (EventID: 10016) (User: OEM-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli oem-PC\oem (SID: S-1-5-21-1790967181-1192606045-1394816446-1000) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (06/06/2017 03:44:20 PM) (Source: DCOM) (EventID: 10016) (User: OEM-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli oem-PC\oem (SID: S-1-5-21-1790967181-1192606045-1394816446-1000) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (06/06/2017 03:44:09 PM) (Source: DCOM) (EventID: 10016) (User: OEM-PC)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli oem-PC\oem (SID: S-1-5-21-1790967181-1192606045-1394816446-1000) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.


CodeIntegrity:
===================================
Date: 2017-02-01 13:25:10.269
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-01 13:25:10.237
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-01 13:25:10.167
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-01 13:25:10.136
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-01 13:25:10.082
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-01 13:25:10.035
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-01 13:25:09.982
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-01 13:25:09.914
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-01 13:25:09.866
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-01 13:25:09.799
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD Athlon(tm) II X2 240e Processor
Percentage of memory in use: 65%
Total physical RAM: 1790.05 MB
Available physical RAM: 610.28 MB
Total Virtual: 3649.44 MB
Available Virtual: 1631.63 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.22 GB) (Free:283.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E7F4425A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 17 čer 2017 10:50

Ran by oem (administrator) on OEM-PC (11-06-2017 22:25:17)

potřebuji nejnovější !
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

hukuj
Level 1.5
Level 1.5
Příspěvky: 102
Registrován: září 10
Bydliště: Brno
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod hukuj » 18 čer 2017 15:50

Pochopil jsem z těch pokynů (snad správně) jen to, že scany z toho FRST mají být aktuální. Takže vkládám tady jeden...


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-06-2017 01
Ran by oem (administrator) on OEM-PC (18-06-2017 11:44:41)
Running from C:\Users\oem\Desktop
Loaded Profiles: oem (Available Profiles: oem & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
() C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1705.1301.0_x64__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.524.10020.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-08] (AVAST Software)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15534736 2017-06-16] (Copyright 2017.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2770432 2010-02-10] (VIA)
HKLM-x32\...\Run: [ATICustomerCare] => C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-03-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Live! Central 3] => C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe [461312 2013-08-15] (Creative Technology Ltd)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <====== ATTENTION
HKU\S-1-5-21-1790967181-1192606045-1394816446-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [572416 2017-03-04] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-08] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-08] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk [2017-05-08]
ShortcutTarget: AVer HID Receiver.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVerQuick.lnk [2017-05-08]
ShortcutTarget: AVerQuick.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe (AVerMedia TECHNOLOGIES, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{fbbe13cc-a1be-44c5-8ebf-9bcdbd7e22a2}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1790967181-1192606045-1394816446-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1790967181-1192606045-1394816446-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-1790967181-1192606045-1394816446-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.cz/
HKU\S-1-5-21-1790967181-1192606045-1394816446-1000\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxp://www.google.cz/
SearchScopes: HKU\S-1-5-21-1790967181-1192606045-1394816446-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-06-17] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-06-17] (Microsoft Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareu ... PIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareu ... /CTPID.cab
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-17] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-17] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-17] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-17] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\oem\AppData\Roaming\TomTom\HOME\Profiles\sobfh24o.default [2017-06-04]
FF NewTab: TomTom\HOME\Profiles\sobfh24o.default -> about:newtab
FF Homepage: TomTom\HOME\Profiles\sobfh24o.default -> about:home
FF Extension: (Emulator) - C:\Users\oem\AppData\Roaming\TomTom\HOME\Profiles\sobfh24o.default\Extensions\Navcore.8.010.9369@tomtom.com [2014-08-03] [not signed]
FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2014-07-02] [not signed]
FF ProfilePath: C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\y504fwoy.default [2017-06-18]
FF NewTab: Mozilla\Firefox\Profiles\y504fwoy.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\y504fwoy.default -> www.google.cz/
FF Extension: (Avast SafePrice) - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\y504fwoy.default\Extensions\sp@avast.com.xpi [2017-06-01]
FF Extension: (Please enter your password) - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\y504fwoy.default\Extensions\stefanvandamme@stefanvd.net.xpi [2017-06-11]
FF Extension: (Avast Online Security) - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\y504fwoy.default\Extensions\wrc@avast.com.xpi [2017-06-01]
FF Extension: (WOT) - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\y504fwoy.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2017-05-10]
FF Extension: (Adblock Plus) - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\y504fwoy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-08]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-17] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-17] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1228198.dll [2017-02-27] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-26] (Microsoft Corporation)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-06-03] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-06-03] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll [2010-10-16] (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll [2010-09-21] (Veetle Inc)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-08] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-08] (AVAST Software)
R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [352256 2008-09-10] (AVerMedia) [File not signed]
R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [413696 2008-10-09] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4122816 2017-06-10] (Microsoft Corporation)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [42096 2016-12-21] (Dropbox, Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-28] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15534736 2017-06-16] (Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [311808 2017-05-08] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [190256 2017-05-08] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334576 2017-05-08] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [49016 2017-05-08] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-05-08] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-05-08] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [128648 2017-05-08] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-05-08] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-05-08] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1007160 2017-05-08] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [569192 2017-05-08] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [158880 2017-05-16] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-05-08] (AVAST Software)
R3 AVerA706_x64; C:\WINDOWS\system32\DRIVERS\AVerA706_x64.sys [1422080 2009-06-10] (AVerMedia TECHNOLOGIES, Inc.)
S3 AVerBDA3x_x64; C:\WINDOWS\System32\DRIVERS\AVerBDA3x_x64.sys [1523840 2008-08-27] (AVerMedia TECHNOLOGIES, Inc.) [File not signed]
R2 BrPar; C:\WINDOWS\System32\drivers\BrPar64a.sys [30528 2006-11-06] (Brother Industries Ltd.)
S3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [113592 2017-06-01] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [252832 2017-06-02] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-06-01] (Malwarebytes)
R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-06-03] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-06-03] (Zemana Ltd.)
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-18 11:44 - 2017-06-18 11:45 - 00018717 _____ C:\Users\oem\Desktop\FRST.txt
2017-06-17 11:08 - 2017-06-17 11:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-06-16 23:08 - 2017-06-16 23:08 - 04697901 _____ C:\Users\oem\Downloads\zizen-1.alza.cz.mobi
2017-06-16 23:08 - 2017-06-16 23:08 - 01679351 _____ C:\Users\oem\Downloads\zizen-1.alza.cz.epub
2017-06-15 17:48 - 2017-06-15 17:48 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-06-15 16:41 - 2017-06-15 16:41 - 00578153 _____ C:\Users\oem\Desktop\cz_artistry_special_care_collection_ll_final.pdf
2017-06-15 13:15 - 2017-06-03 12:50 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-15 13:15 - 2017-06-03 12:16 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-15 13:15 - 2017-06-03 12:11 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-15 13:15 - 2017-06-03 12:09 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-15 13:15 - 2017-06-03 12:06 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-15 13:15 - 2017-06-03 11:59 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-06-15 13:15 - 2017-06-03 11:59 - 00118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-15 13:15 - 2017-06-03 11:58 - 00340832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-15 13:15 - 2017-06-03 11:55 - 00780640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-06-15 13:15 - 2017-06-03 11:54 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-15 13:15 - 2017-06-03 11:52 - 01021784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-06-15 13:15 - 2017-06-03 11:52 - 00607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2017-06-15 13:15 - 2017-06-03 11:52 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2017-06-15 13:15 - 2017-06-03 11:50 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-06-15 13:15 - 2017-06-03 11:50 - 00381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-06-15 13:15 - 2017-06-03 11:49 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-15 13:15 - 2017-06-03 11:48 - 00857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2017-06-15 13:15 - 2017-06-03 11:48 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2017-06-15 13:15 - 2017-06-03 11:45 - 22220864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-15 13:15 - 2017-06-03 11:44 - 01412640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-15 13:15 - 2017-06-03 11:44 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-15 13:15 - 2017-06-03 11:39 - 05686272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-15 13:15 - 2017-06-03 11:39 - 02532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-15 13:15 - 2017-06-03 11:33 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-15 13:15 - 2017-06-03 11:32 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-15 13:15 - 2017-06-03 11:31 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-06-15 13:15 - 2017-06-03 11:31 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-15 13:15 - 2017-06-03 11:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-06-15 13:15 - 2017-06-03 11:28 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-06-15 13:15 - 2017-06-03 11:26 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-06-15 13:15 - 2017-06-03 11:26 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBrokerUI.dll
2017-06-15 13:15 - 2017-06-03 11:23 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-15 13:15 - 2017-06-03 11:22 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-06-15 13:15 - 2017-06-03 11:22 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcorehc.dll
2017-06-15 13:15 - 2017-06-03 11:22 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
2017-06-15 13:15 - 2017-06-03 11:20 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-06-15 13:15 - 2017-06-03 11:19 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-06-15 13:15 - 2017-06-03 11:16 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2017-06-15 13:15 - 2017-06-03 11:16 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-15 13:15 - 2017-06-03 11:15 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-15 13:15 - 2017-06-03 11:15 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-15 13:15 - 2017-06-03 11:15 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-15 13:15 - 2017-06-03 11:14 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-15 13:15 - 2017-06-03 11:14 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-15 13:15 - 2017-06-03 11:14 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-15 13:15 - 2017-06-03 11:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdProxy.dll
2017-06-15 13:15 - 2017-06-03 11:09 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcorehc.dll
2017-06-15 13:15 - 2017-06-03 11:08 - 02643968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-15 13:15 - 2017-06-03 11:08 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-06-15 13:15 - 2017-06-03 11:08 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-15 13:15 - 2017-06-03 11:07 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-15 13:15 - 2017-06-03 11:07 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-06-15 13:15 - 2017-06-03 11:05 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-06-15 13:15 - 2017-06-03 11:05 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hnetcfg.dll
2017-06-15 13:15 - 2017-06-03 11:04 - 02006528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-15 13:15 - 2017-06-03 11:04 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-15 13:15 - 2017-06-03 11:03 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-15 13:15 - 2017-06-03 11:02 - 02997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-15 13:15 - 2017-06-03 10:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-06-15 13:15 - 2017-06-03 10:52 - 03403264 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-15 13:15 - 2017-06-03 10:51 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2017-06-15 13:15 - 2017-06-03 10:50 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-15 13:15 - 2017-06-03 10:49 - 00903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-15 13:15 - 2017-06-03 10:48 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-15 13:15 - 2017-06-03 10:48 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-15 13:15 - 2017-06-03 10:48 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-06-15 13:15 - 2017-06-03 10:40 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-15 13:15 - 2017-05-25 07:56 - 00038752 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-06-15 13:15 - 2017-03-04 08:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-06-15 13:15 - 2017-03-04 08:16 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2017-06-15 13:15 - 2016-09-07 06:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2017-06-15 13:14 - 2017-06-03 12:50 - 00192856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-06-15 13:14 - 2017-06-03 12:14 - 01564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-06-15 13:14 - 2017-06-03 12:14 - 01214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-06-15 13:14 - 2017-06-03 12:14 - 00629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-06-15 13:14 - 2017-06-03 12:14 - 00544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-06-15 13:14 - 2017-06-03 12:14 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-15 13:14 - 2017-06-03 12:14 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-06-15 13:14 - 2017-06-03 12:14 - 00334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-06-15 13:14 - 2017-06-03 12:14 - 00233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-06-15 13:14 - 2017-06-03 12:14 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-06-15 13:14 - 2017-06-03 12:14 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-06-15 13:14 - 2017-06-03 12:14 - 00096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-06-15 13:14 - 2017-06-03 12:14 - 00034648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-06-15 13:14 - 2017-06-03 12:11 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-15 13:14 - 2017-06-03 12:08 - 07783256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-15 13:14 - 2017-06-03 12:01 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-15 13:14 - 2017-06-03 11:59 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-15 13:14 - 2017-06-03 11:53 - 00404824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-15 13:14 - 2017-06-03 11:51 - 02187104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-15 13:14 - 2017-06-03 11:51 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-06-15 13:14 - 2017-06-03 11:49 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-06-15 13:14 - 2017-06-03 11:49 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-15 13:14 - 2017-06-03 11:48 - 01112416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2017-06-15 13:14 - 2017-06-03 11:48 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-15 13:14 - 2017-06-03 11:48 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-15 13:14 - 2017-06-03 11:44 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-06-15 13:14 - 2017-06-03 11:40 - 01566552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-15 13:14 - 2017-06-03 11:40 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-15 13:14 - 2017-06-03 11:39 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-15 13:14 - 2017-06-03 11:22 - 07217152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-15 13:14 - 2017-06-03 11:18 - 22569984 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-15 13:14 - 2017-06-03 11:16 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-15 13:14 - 2017-06-03 11:15 - 19414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-15 13:14 - 2017-06-03 11:15 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-15 13:14 - 2017-06-03 11:14 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-15 13:14 - 2017-06-03 11:11 - 00353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-06-15 13:14 - 2017-06-03 11:10 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-06-15 13:14 - 2017-06-03 11:10 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-06-15 13:14 - 2017-06-03 11:10 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBrokerUI.dll
2017-06-15 13:14 - 2017-06-03 11:09 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2017-06-15 13:14 - 2017-06-03 11:09 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2017-06-15 13:14 - 2017-06-03 11:08 - 12187648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-15 13:14 - 2017-06-03 11:08 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-06-15 13:14 - 2017-06-03 11:08 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-15 13:14 - 2017-06-03 11:07 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\HNetCfgClient.dll
2017-06-15 13:14 - 2017-06-03 11:06 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-15 13:14 - 2017-06-03 11:06 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-06-15 13:14 - 2017-06-03 11:04 - 06042624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-15 13:14 - 2017-06-03 11:03 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-06-15 13:14 - 2017-06-03 11:01 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-15 13:14 - 2017-06-03 11:00 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-15 13:14 - 2017-06-03 10:58 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2017-06-15 13:14 - 2017-06-03 10:56 - 13091840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-15 13:14 - 2017-06-03 10:53 - 08125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-15 13:14 - 2017-06-03 10:52 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-06-15 13:14 - 2017-06-03 10:52 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-15 13:14 - 2017-06-03 10:52 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2017-06-15 13:14 - 2017-06-03 10:51 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-06-15 13:14 - 2017-06-03 10:50 - 04744704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-15 13:14 - 2017-06-03 10:49 - 03615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-15 13:14 - 2017-06-03 10:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-15 13:14 - 2017-06-03 10:49 - 02475520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-15 13:14 - 2017-06-03 10:49 - 02318848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-15 13:14 - 2017-06-03 10:49 - 01845248 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-15 13:14 - 2017-06-03 10:49 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-15 13:14 - 2017-06-03 10:49 - 00351744 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnetcfg.dll
2017-06-15 13:14 - 2017-06-03 10:48 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-06-15 13:14 - 2017-06-03 10:46 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-15 13:14 - 2017-06-03 08:08 - 00080078 _____ C:\WINDOWS\system32\normidna.nls
2017-06-15 13:14 - 2017-03-04 08:22 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-06-15 13:14 - 2017-03-04 08:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-06-15 12:21 - 2017-06-15 12:21 - 00061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-06-12 11:52 - 2017-06-12 11:59 - 00067072 _____ C:\Users\oem\Desktop\Kopie - Faktura ABC květen.xls
2017-06-11 22:25 - 2017-06-18 11:44 - 00000000 ____D C:\Users\oem\Desktop\FRST-OlderVersion
2017-06-11 22:24 - 2017-06-18 11:44 - 00000000 ____D C:\FRST
2017-06-11 19:20 - 2017-06-11 19:22 - 00000000 ____D C:\Users\oem\Desktop\vrbice
2017-06-11 15:37 - 2017-06-11 15:37 - 03352278 _____ C:\Users\oem\Desktop\03 Venta la Tonta (Alegrias).wma
2017-06-08 21:52 - 2017-06-08 21:52 - 26377288 _____ C:\Users\oem\Desktop\RogueKiller_portable64.exe
2017-06-08 21:51 - 2017-06-08 21:55 - 35426672 _____ (Adlice Software ) C:\Users\oem\Desktop\RogueKiller_setup_ref3.exe
2017-06-07 20:38 - 2017-06-18 11:44 - 02438656 _____ (Farbar) C:\Users\oem\Desktop\FRST64.exe
2017-06-06 15:50 - 2017-06-06 15:50 - 00414084 _____ C:\Users\oem\Desktop\nef_elem_entry_test_marking_overlay.pdf
2017-06-06 15:49 - 2017-06-06 15:49 - 00431243 _____ C:\Users\oem\Desktop\nef_elem_entry_test.pdf
2017-06-06 15:49 - 2017-06-06 15:49 - 00415050 _____ C:\Users\oem\Desktop\nef_elem_entry_test_answersheet.pdf
2017-06-06 15:48 - 2017-06-06 15:48 - 00467275 _____ C:\Users\oem\Desktop\nef_elem_endtest_b.pdf
2017-06-06 15:48 - 2017-06-06 15:48 - 00430003 _____ C:\Users\oem\Desktop\nef_elem_endtest_answersheet_b.pdf
2017-06-06 15:47 - 2017-06-06 15:47 - 00429750 _____ C:\Users\oem\Desktop\nef_elem_endtest_answersheet_a.pdf
2017-06-06 15:46 - 2017-06-06 15:46 - 00466920 _____ C:\Users\oem\Desktop\nef_elem_endtest_a.pdf
2017-06-05 21:48 - 2017-06-07 20:42 - 00008422 _____ C:\Users\oem\Desktop\crystal disk.txt
2017-06-05 21:46 - 2017-06-05 21:46 - 00001273 _____ C:\Users\oem\Desktop\CrystalDiskInfo.lnk
2017-06-05 21:46 - 2017-06-05 21:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2017-06-05 21:46 - 2017-06-05 21:46 - 00000000 ____D C:\Program Files (x86)\CrystalDiskInfo
2017-06-05 21:44 - 2017-06-05 21:44 - 00000000 ____D C:\Users\oem\Desktop\MemTest
2017-06-05 21:41 - 2017-06-05 21:41 - 00001041 _____ C:\Users\oem\Desktop\DelFix.txt
2017-06-05 21:39 - 2017-06-05 21:40 - 00001041 _____ C:\DelFix.txt
2017-06-04 17:40 - 2017-06-04 17:18 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2017-06-04 17:34 - 2017-06-04 17:43 - 00000000 ____D C:\zoek
2017-06-03 21:58 - 2017-06-18 11:44 - 00751840 _____ C:\WINDOWS\ZAM.krnl.trace
2017-06-03 21:58 - 2017-06-18 11:44 - 00749235 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-06-03 21:58 - 2017-06-17 11:08 - 00001145 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-06-03 21:58 - 2017-06-17 11:08 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-06-03 21:58 - 2017-06-03 21:58 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-06-03 21:58 - 2017-06-03 21:58 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-06-03 21:57 - 2017-06-03 21:57 - 00000000 ____D C:\Users\oem\AppData\Local\Zemana
2017-06-03 09:26 - 2017-06-03 09:27 - 00000000 ____D C:\Users\oem\AppData\Local\Adobe
2017-06-02 21:58 - 2017-06-02 22:48 - 00000000 ____D C:\ProgramData\RogueKiller
2017-06-02 21:43 - 2017-06-02 21:43 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-06-02 21:43 - 2017-06-02 21:43 - 00000000 ____D C:\ProgramData\Sophos
2017-06-02 21:43 - 2017-06-02 21:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-06-02 21:42 - 2017-06-02 21:42 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-06-02 21:41 - 2017-06-02 21:42 - 168674720 _____ (Sophos Limited) C:\Users\oem\Downloads\Sophos Virus Removal Tool.exe
2017-06-02 21:20 - 2017-06-02 21:20 - 00252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\3CD25977.sys
2017-06-01 20:45 - 2017-06-02 21:22 - 00252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-01 20:45 - 2017-06-01 20:50 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-06-01 20:45 - 2017-06-01 20:45 - 00188312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-06-01 20:45 - 2017-06-01 20:45 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-06-01 20:45 - 2017-06-01 20:45 - 00044960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-06-01 20:45 - 2017-06-01 20:45 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-06-01 20:45 - 2017-06-01 20:45 - 00000000 ____D C:\Program Files\Malwarebytes
2017-06-01 20:45 - 2017-05-31 11:09 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-06-01 20:44 - 2017-06-01 20:44 - 00000000 ____D C:\Users\oem\AppData\Local\CEF
2017-06-01 20:43 - 2017-06-01 20:44 - 64025992 _____ (Malwarebytes ) C:\Users\oem\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.139-1.0.2060.exe
2017-06-01 20:31 - 2017-06-01 20:31 - 00000000 ____D C:\Users\oem\AppData\Local\AVerMedia
2017-06-01 20:17 - 2017-06-01 20:17 - 09551280 _____ (Piriform Ltd) C:\Users\oem\Downloads\ccsetup530.exe
2017-06-01 20:08 - 2017-06-01 20:08 - 00050688 _____ (Atribune.org) C:\Users\oem\Downloads\ATF-Cleaner.exe
2017-05-31 21:48 - 2017-05-31 21:48 - 00000029 _____ C:\Users\oem\Documents\hosts.txt
2017-05-31 21:24 - 2017-05-31 21:24 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-05-31 19:55 - 2017-05-31 19:55 - 00264999 _____ C:\Users\oem\Desktop\neco-z-fulghuma-i-from-fulghum-i-auto_preview-1.pdf
2017-05-27 13:35 - 2017-05-27 13:36 - 00023829 _____ C:\Users\oem\Downloads\výkaz práce květen(1).xlsx
2017-05-27 13:18 - 2017-05-27 13:18 - 00016788 _____ C:\Users\oem\Downloads\výkaz práce květen.xlsx
2017-05-25 09:33 - 2017-05-25 09:33 - 02695591 _____ C:\Users\oem\Desktop\J. Nosek - e-book foto.pdf
2017-05-23 15:00 - 2017-05-23 15:33 - 00000000 ____D C:\Users\oem\Documents\daňhelová_úkol_VR
2017-05-19 20:59 - 2017-05-19 20:59 - 00029456 _____ C:\Users\oem\Downloads\my home town.odt
2017-05-19 20:57 - 2017-05-19 20:57 - 00257572 _____ C:\Users\oem\Downloads\Prezentaced Aj.odp
2017-05-19 19:46 - 2017-05-19 19:46 - 00992590 _____ C:\Users\oem\Downloads\My Town - Znojmo.pptx
2017-05-19 17:50 - 2017-05-19 17:50 - 03065344 _____ C:\Users\oem\Downloads\Hotel Presentation.ppt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-18 11:44 - 2016-11-16 00:12 - 00000000 ____D C:\Users\oem\AppData\LocalLow\Mozilla
2017-06-18 11:38 - 2016-10-02 12:41 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-18 10:23 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-18 10:23 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-18 10:21 - 2010-10-08 21:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-06-17 23:22 - 2010-10-09 11:17 - 00000309 _____ C:\WINDOWS\Brownie.ini
2017-06-17 19:05 - 2015-12-28 20:29 - 00000000 ____D C:\Users\oem\AppData\Local\Packages
2017-06-17 12:10 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-17 12:10 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-17 11:35 - 2016-07-16 13:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-17 11:19 - 2012-04-16 18:29 - 00000000 ____D C:\Users\oem\AppData\Roaming\vlc
2017-06-17 11:09 - 2015-12-28 20:42 - 00000000 ____D C:\Users\oem\AppData\Local\Comms
2017-06-15 20:13 - 2016-11-22 17:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-06-15 20:13 - 2012-05-05 15:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-15 20:12 - 2015-12-28 20:29 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-15 17:58 - 2016-10-02 13:17 - 00003942 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1426012878
2017-06-15 17:58 - 2010-10-24 21:53 - 00000000 ____D C:\Program Files (x86)\Opera
2017-06-15 17:55 - 2016-10-02 12:46 - 02371880 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-15 17:55 - 2016-07-17 00:25 - 00872078 _____ C:\WINDOWS\system32\perfh005.dat
2017-06-15 17:55 - 2016-07-17 00:25 - 00228952 _____ C:\WINDOWS\system32\perfc005.dat
2017-06-15 17:51 - 2016-10-02 13:17 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-15 17:51 - 2016-10-02 12:41 - 00349824 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-15 17:51 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF
2017-06-15 17:50 - 2016-07-16 08:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-06-15 17:48 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-15 17:48 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-15 17:48 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-15 17:42 - 2016-10-02 12:47 - 00000000 ____D C:\Users\oem
2017-06-15 13:29 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-15 12:12 - 2013-03-13 23:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-15 12:12 - 2013-03-13 23:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-14 12:43 - 2017-01-01 17:19 - 01101824 ___SH C:\Users\oem\Desktop\Thumbs.db
2017-06-14 11:44 - 2016-12-06 11:54 - 00003268 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-14 11:44 - 2015-12-28 20:35 - 00002421 _____ C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-14 11:44 - 2015-12-28 20:35 - 00000000 ___RD C:\Users\oem\OneDrive
2017-06-14 11:40 - 2013-08-20 23:13 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-14 11:34 - 2010-10-05 16:41 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-14 11:33 - 2015-12-09 23:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-13 18:28 - 2013-12-30 21:29 - 00000000 ____D C:\Users\oem\Desktop\Helena
2017-06-13 08:41 - 2010-10-09 20:36 - 00000000 ____D C:\Users\oem\Documents\IVANA
2017-06-12 11:57 - 2016-10-02 12:43 - 00000423 _____ C:\WINDOWS\BRWMARK.INI
2017-06-11 15:51 - 2017-05-06 11:42 - 00000000 ____D C:\Users\oem\Documents\AVerTV
2017-06-11 11:52 - 2017-03-15 21:57 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-06-11 11:52 - 2012-06-27 16:17 - 00000000 ____D C:\ProgramData\Skype
2017-06-08 12:56 - 2017-05-03 15:24 - 00117760 ___SH C:\Users\oem\Downloads\Thumbs.db
2017-06-08 11:58 - 2010-10-18 21:18 - 00000000 ____D C:\VueScan
2017-06-06 15:46 - 2012-07-13 12:21 - 00000000 ____D C:\Users\oem\Documents\Vyúčtování SIPO
2017-06-04 22:07 - 2010-10-07 22:58 - 00000000 ____D C:\Users\oem\Documents\Zálohy PC
2017-06-03 11:26 - 2014-11-09 22:17 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-06-03 08:36 - 2016-07-16 13:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-03 08:36 - 2016-07-16 13:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-02 21:20 - 2014-11-02 22:59 - 00000000 ____D C:\Users\oem\AppData\Roaming\Lavasoft
2017-06-01 20:45 - 2014-11-08 13:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-01 20:19 - 2016-11-05 15:32 - 00000000 ____D C:\WINDOWS\Minidump
2017-06-01 20:17 - 2015-12-29 17:17 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-05-31 21:24 - 2016-10-02 13:17 - 00003994 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1462900984
2017-05-30 19:14 - 2017-03-18 00:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-19 21:00 - 2010-10-28 15:02 - 00000000 ____D C:\Users\oem\AppData\Roaming\OpenOffice.org2

==================== Files in the root of some directories =======

2016-08-21 13:12 - 2016-08-21 13:13 - 0388608 _____ (Trend Micro Inc.) C:\Program Files (x86)\hijackthis.exe
2017-05-31 21:56 - 2017-05-31 21:56 - 0010168 _____ () C:\Program Files (x86)\hijackthis.log
2010-10-27 22:53 - 2016-07-28 20:11 - 0005120 _____ () C:\Users\oem\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-10-24 20:46 - 2010-10-24 20:46 - 0007605 _____ () C:\Users\oem\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-13 13:24

==================== End of FRST.txt ============================

hukuj
Level 1.5
Level 1.5
Příspěvky: 102
Registrován: září 10
Bydliště: Brno
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod hukuj » 18 čer 2017 15:51

... a tady druhej

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2017 01
Ran by oem (18-06-2017 11:46:55)
Running from C:\Users\oem\Desktop
Windows 10 Home Version 1607 (X64) (2016-10-02 11:22:29)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1790967181-1192606045-1394816446-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1790967181-1192606045-1394816446-503 - Limited - Disabled)
Guest (S-1-5-21-1790967181-1192606045-1394816446-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1790967181-1192606045-1394816446-1185 - Limited - Enabled)
oem (S-1-5-21-1790967181-1192606045-1394816446-1000 - Administrator - Enabled) => C:\Users\oem

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.8.198 - Adobe Systems, Inc.)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Agfa ScanWise 1.70 (HKLM-x32\...\Agfa ScanWise 1.70) (Version: - )
Agfa ScanWise 2.00 (HKLM-x32\...\Agfa ScanWise 2.00) (Version: - )
AGFAnet Print Service (HKLM-x32\...\AGFAnet Print Service) (Version: - )
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio FREE v.1.14.5 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.14.5 - Ashampoo GmbH & Co. KG)
ATI Catalyst Install Manager (HKLM\...\{8E3FABF5-C3B9-7F7E-4AAE-977D77D48C51}) (Version: 3.0.782.0 - ATI Technologies, Inc.)
ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
AVerMedia Applications (HKLM-x32\...\InstallShield_{92C41B26-EBC5-41C5-8B6F-E3EF7E57FF16}) (Version: 1.0.4 - AVerMedia Technologies, Inc.)
AVerMedia Applications (x32 Version: 1.0.4 - AVerMedia Technologies, Inc.) Hidden
AVerTV (HKLM-x32\...\InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}) (Version: 6.0.18 - AVerMedia Technologies, Inc.)
AVerTV (x32 Version: 6.0.18 - AVerMedia Technologies, Inc.) Hidden
BlazeDVD 6.0 (HKLM-x32\...\BlazeDVD 6.0_is1) (Version: - )
Brother HL-2035 (HKLM-x32\...\{F1C88595-815F-44D3-BE90-84509DD428BE}) (Version: 1.00 - Brother)
capella reader (HKLM-x32\...\{6C70FBE1-6451-4F49-B0C0-7E464E73DF9B}) (Version: 7.1.16 - capella software AG)
ccc-core-static (x32 Version: 2010.0706.2128.36662 - Název společnosti:) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
CODEXIS JUSTICE 5.23.1 (HKLM-x32\...\CDJUS_is1) (Version: - ATLAS consulting, spol. s r.o.)
Cole2k Media - Codec Pack (Advanced) 8.0.2 (HKLM-x32\...\Cole2k Media - Codec Pack) (Version: 8.0.2 - Cole2k Media)
Creative Live! Central 3 (HKLM-x32\...\Creative Live! Central 2) (Version: 3.01.29 - Creative Technology Ltd)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative System Information (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
CrystalDiskInfo 7.0.5 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.0.5 - Crystal Dew World)
ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - )
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
Free Audio Editor (HKLM-x32\...\Free Audio Editor) (Version: - FAE Inc.)
Free AVI Player (HKLM-x32\...\{7DED55EA-FB69-4101-AD5D-3D7F985E68A7}) (Version: 1.00.0000 - Media Freeware)
Free Easy Burner V 5.1 (HKLM-x32\...\Free Easy Burner_is1) (Version: 5.1.0.0 - Koyote soft)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Malwarebytes verze 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Office 2000 Premium (HKLM-x32\...\{00000405-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 365 - cs-cz (HKLM\...\O365HomePremRetail - cs-cz) (Version: 16.0.8201.2102 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1790967181-1192606045-1394816446-1000\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 53.0.3 (x86 cs) (HKLM-x32\...\Mozilla Firefox 53.0.3 (x86 cs)) (Version: 53.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.3.6347 - Mozilla)
Mozilla Thunderbird 52.2.0 (x86 cs) (HKLM-x32\...\Mozilla Thunderbird 52.2.0 (x86 cs)) (Version: 52.2.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.8201.2102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.8201.2102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.8201.2102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
OpenOffice.org 1.9.129 (HKLM-x32\...\{9FD36563-6744-4A36-924C-9E2A863DC1EF}) (Version: 1.9129.8953 - OpenOffice.org)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Opera Stable 45.0.2552.898 (HKLM-x32\...\Opera 45.0.2552.898) (Version: 45.0.2552.898 - Opera Software)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
SafeZone Stable 3.55.2393.607 (x32 Version: 3.55.2393.607 - Avast Software) Hidden
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
Skype™ 7.37 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.0 - Sophos Limited)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Lord of the Rings FREE Trial (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Název společnosti:)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Veetle TV 0.9.18 (HKLM-x32\...\Veetle TV) (Version: 0.9.18 - Veetle, Inc)
VIA Platforma Ovladače zařízení (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VueScan (HKLM-x32\...\VueScan) (Version: - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
XnView 1.97.8 (HKLM-x32\...\XnView_is1) (Version: 1.97.8 - Gougelet Pierre-e)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.49 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1790967181-1192606045-1394816446-1000_Classes\CLSID\{25815CC0-43F4-3C75-8C3A-A139D9ADE740}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07384B14-007F-4289-B9D0-C3B6C6200C50} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
Task: {0852946E-2ED1-42D8-8944-3F59CB8CD40D} - System32\Tasks\{740941F6-B678-4D46-9DA7-343A1CF1DDC2} => C:\Program Files (x86)\AVerMedia\AVerTV\AVerTV.exe [2008-09-15] (AVerMedia Technologies, Inc.)
Task: {0AFF24C9-0B6F-4524-8D77-5A24E04B5B41} - System32\Tasks\{9F3D9FA7-523D-4D4A-8A99-AB9C4066A53D} => C:\Program Files (x86)\AVerMedia\AVerTV 3D\AVerTV.exe
Task: {0C2EF0F0-E792-41E6-9AE4-3BD356969CEF} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {0F85E834-EDA3-4E4C-A83A-30B166B9B599} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1790967181-1192606045-1394816446-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {16BE0755-E983-43A4-955D-F5BAE265BFAF} - System32\Tasks\{511EFB78-1B11-455A-8754-94E6196D36B9} => C:\Program Files (x86)\AVerMedia\AVerTV\AVerTV.exe [2008-09-15] (AVerMedia Technologies, Inc.)
Task: {257C4763-9585-460F-8C4D-75A209AA18EB} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {25B09656-15D8-4DD1-99FF-E1AA1E909013} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-10] (Microsoft Corporation)
Task: {28EB8C43-2A3C-4898-8786-31ECFC89CBE6} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2C4BB480-96CA-4040-81D4-AED50702C4E8} - System32\Tasks\{EA5B5004-DC11-418B-89F1-4EE0BC92C221} => C:\Program Files (x86)\AVerMedia\AVerTV\AVerTV.exe [2008-09-15] (AVerMedia Technologies, Inc.)
Task: {314B6C75-4518-43F8-ADB8-C2F8F58CBD98} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {36432C7A-95DA-4886-B3B2-2E654F15C69A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {379D4892-0C2B-4B1A-9721-86A54437AD34} - System32\Tasks\{0F8146EF-0E21-49D1-89C7-6C11B40E913F} => C:\Program Files (x86)\AVerMedia\AVerTV 3D\AVerTV.exe
Task: {3E30B45B-FABC-4954-BB59-49E04DD6F233} - System32\Tasks\{BB269DD7-6808-4D6C-A4FB-98D7FB3325BB} => C:\Program Files (x86)\AVerMedia\AVerTV\AVerTV.exe [2008-09-15] (AVerMedia Technologies, Inc.)
Task: {40CDB2C7-3A77-49F0-8F25-816A79C494BB} - System32\Tasks\{3CD28AC0-DF80-4E53-A283-033B1FBFDA58} => C:\Program Files (x86)\AVerMedia\AVerTV\AVerTV.exe [2008-09-15] (AVerMedia Technologies, Inc.)
Task: {41D982BF-6747-426B-B8DA-A6FA2499DCB3} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1790967181-1192606045-1394816446-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {41EFFB58-6290-4AFA-87D1-C251C8113F14} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {444A48A6-930E-4EAF-B6DC-48C8BF060F56} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
Task: {47E81A88-6813-416B-AB07-92FD04D48A50} - System32\Tasks\{C67CD2E5-F81C-490B-96BE-FEE18BA18692} => C:\Program Files (x86)\AVerMedia\AVerTV\AVerTV.exe [2008-09-15] (AVerMedia Technologies, Inc.)
Task: {4A841B53-5665-4846-8AE2-ED77FF9A8851} - System32\Tasks\{5FB4FF8E-876B-4117-8C3E-C7DA9F342BBB} => pcalua.exe -a "C:\Program Files\AP6\SnugTV\ISSetupPrerequisites\{083DC809-22E2-4629-AC9B-CEF3CDE9B52E}\vcredist_x86.exe" -d "C:\Program Files\AP6\SnugTV\ISSetupPrerequisites\{083DC809-22E2-4629-AC9B-CEF3CDE9B52E}"
Task: {4BE1246E-B430-4EEB-99E7-F6808D36CB0F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {4C341985-85C1-4F3B-846D-0AF412DEB523} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4C552DA7-BEC1-43F8-A98B-C5DBF79F4866} - System32\Tasks\{5D13063D-6CFF-4088-B96B-76B85F2C9A29} => C:\Program Files (x86)\Agfa\ScanWise 1_70\scanwise.exe [2001-02-05] (Agfa)
Task: {4D6FAF64-F054-40C5-AF32-355561E671DE} - System32\Tasks\{C893D4A5-F975-484F-817D-672D46B93D29} => C:\Program Files (x86)\AVerMedia\AVerTV 3D\AVerTV.exe
Task: {4E2A69B4-F63D-4A97-B18C-D0EB40C05BAE} - System32\Tasks\{A96B60A5-8E25-4B19-B9EF-3B6670CAC0FF} => C:\Program Files (x86)\AVerMedia\AVerTV\AVerTV.exe [2008-09-15] (AVerMedia Technologies, Inc.)
Task: {4F5254EC-17B5-42FB-B320-7E3462D84FD8} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {504891CD-A715-4A23-AF6A-DCD6B2A27C9D} - System32\Tasks\{2B73FD21-25FC-43B3-832B-160767D4069C} => C:\Program Files (x86)\AVerMedia\AVerTV\AVerTV.exe [2008-09-15] (AVerMedia Technologies, Inc.)
Task: {506DD5CE-12FA-406E-B8EA-0FF3D33E259C} - System32\Tasks\{F5BDB4CB-51F0-42C8-A887-F6103995F11F} => pcalua.exe -a D:\menu.exe -d D:\
Task: {534E0819-D199-49C1-B2FB-B77BB9CC5BF2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {545C95AE-8C40-48EA-8D7A-33FDF8184E31} - System32\Tasks\{CA9530F7-AC00-4F50-80E6-951BA7304DA0} => C:\Program Files (x86)\AVerMedia\AVerTV\AVerTV.exe [2008-09-15] (AVerMedia Technologies, Inc.)
Task: {59F3234B-A20B-403E-B44D-1A856D3AA92C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software)
Task: {5AE888A8-5792-4B8A-A453-B87689C6A42E} - System32\Tasks\Opera scheduled Autoupdate 1426012878 => C:\Program Files (x86)\Opera\launcher.exe [2017-06-12] (Opera Software)
Task: {5D35FDBC-2D31-439F-A91F-FD7C050AC533} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {5FA39806-04A0-4580-9E06-9304FE6E7BBE} - System32\Tasks\{60CD2873-BCF7-441B-A3FE-BDFA1E3EBB4A} => C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2008-06-10] ()
Task: {610AA9A2-63CD-41E5-9D07-C6A8359F6276} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {612AE01E-C162-423B-883F-9F94076E37F9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-11] (Google Inc.)
Task: {614AA93D-BD4F-4B57-9447-DDBC4F943670} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {649D2B97-95F6-4373-AC3A-F23B51EEE715} - System32\Tasks\{D2AD59F3-B3BD-485C-9724-B0C03EA7FD46} => C:\Program Files (x86)\AVerMedia\AVerTV\AVerTV.exe [2008-09-15] (AVerMedia Technologies, Inc.)
Task: {6564F156-AD03-4FE0-B357-1784C6A5D52C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {68E7CC2B-F7A4-45D1-B560-09DAAE1968AA} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6F5ECDF5-F241-4707-A7DD-D39E7F440AEA} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {741CA32E-0249-4281-98E0-6E603A27D030} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {7509BFB5-AB5B-4356-85BD-21CE6AA272ED} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1790967181-1192606045-1394816446-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe
Task: {7A106C83-564D-46D3-A442-65921D2A7B26} - System32\Tasks\{BDB1CC77-CF81-4C39-B89A-9930B794C8FB} => C:\Program Files (x86)\AVerMedia\AVerTV\AVerTV.exe [2008-09-15] (AVerMedia Technologies, Inc.)
Task: {7BA82B54-1E67-4E14-ADB5-A48F1C7304A9} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\oem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {7C38978A-85D6-4B1D-AE57-EACA9BCAE4B9} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1790967181-1192606045-1394816446-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {7E34F811-A593-4961-8097-A08EAFF4A3CE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {7ECFC5BC-CAC7-41AB-B728-C53FC6E53C59} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1790967181-1192606045-1394816446-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe
Task: {7FFCD898-FFD3-4F42-8508-E072DD5845D8} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {83270AEA-A59F-4059-A941-C09FE190E014} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {848EB751-3D37-4358-8C50-C4A73C49C410} - System32\Tasks\{BC0C5950-D154-40AB-B982-5FC258C23257} => C:\Program Files (x86)\AVerMedia\AVerTV\AVerTV.exe [2008-09-15] (AVerMedia Technologies, Inc.)
Task: {8DFDF5F1-EBFE-405D-B786-536B31A48D7B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8E6B96E9-F17B-4C2D-81DD-96A400E5B259} - System32\Tasks\SafeZone scheduled Autoupdate 1462900984 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-05-17] (Avast Software)
Task: {92686821-42D3-4DC0-AC6A-495099EFBF47} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9433C27E-BC15-45E2-A0FC-136D52352CFC} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {94ADCC71-BC10-4C36-B107-F449A039E547} - System32\Tasks\{F452DCDD-36EA-449B-BE7B-7BB656DF496E} => C:\Program Files (x86)\AVerMedia\AVerTV\AVerTV.exe [2008-09-15] (AVerMedia Technologies, Inc.)
Task: {9C7354B6-196D-47BC-BCAB-1A4E5CD28D2F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-05-19] (Piriform Ltd)
Task: {9F19E7F7-FF54-43C5-8C2B-09E7A38C5C16} - System32\Tasks\{63820B26-03C3-4825-99A7-29241EC6EE12} => C:\Program Files (x86)\AVerMedia\AVerTV\AVerTV.exe [2008-09-15] (AVerMedia Technologies, Inc.)
Task: {A8175D07-FA84-4799-8A98-5187E2C4C18C} - System32\Tasks\{5B360BCD-E536-4C21-AC7C-B0C55FD96DBC} => C:\Program Files (x86)\AVerMedia\AVerTV\AVerTV.exe [2008-09-15] (AVerMedia Technologies, Inc.)
Task: {AA25522C-5CD6-4B16-885D-7C6964333BE9} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {B4E4A375-C9C5-4B6C-94EC-774DC817E7D9} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B53B9BE1-74D4-4F7D-9F30-E2FF3358ECAB} - System32\Tasks\{101BE7D7-E102-4007-B2D9-9CD4F4AB5F81} => C:\Program Files (x86)\AVerMedia\AVerTV\AVerTV.exe [2008-09-15] (AVerMedia Technologies, Inc.)
Task: {B7C70446-C70D-44FE-9D4F-DA4C362EC60E} - System32\Tasks\{78B8041F-4B40-4557-91DC-4F8B557C3DB5} => C:\Program Files (x86)\AVerMedia\AVerTV\AVerTV.exe [2008-09-15] (AVerMedia Technologies, Inc.)
Task: {B82C12F1-CFAA-4C44-ACA6-E1FEE72AE417} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-10] (Microsoft Corporation)
Task: {BD70100D-80F6-4B24-BB18-0A5A0112D346} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {BF56B19B-EB19-4BCE-9DF3-83CC9691C396} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-17] ()
Task: {C033880F-E473-461F-AE0A-331B5F0FF79B} - System32\Tasks\GoogleUpdateTaskMachineUA1cf8d5b25fe0c8d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-11] (Google Inc.)
Task: {C105C196-41BF-4E1E-A8D6-011AE17AEAAC} - System32\Tasks\{417BC7CA-D070-46A8-9340-BB1A7FCFAB78} => C:\Program Files (x86)\AVerMedia\AVerTV 3D\AVerTV.exe
Task: {C51D2BC0-3608-4D66-8C93-06D6B1B2FBAA} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C697E36A-74C5-4537-9ADC-2B312CAF31F8} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1790967181-1192606045-1394816446-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {C6B44FD6-0412-4C4F-B445-BB9EB5CAF7A6} - System32\Tasks\{D35A96BF-F067-4AEB-95A0-0D4220149C99} => C:\Program Files (x86)\AVerMedia\AVerTV\AVerTV.exe [2008-09-15] (AVerMedia Technologies, Inc.)
Task: {CA8681BD-90E0-4420-B415-725C0F88A2AD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-06-14] (Microsoft Corporation)
Task: {D1EF33B6-CFEF-4687-A42E-8DA629988701} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D3C6D430-74DC-47E7-B3C3-492BD3EDFC5B} - System32\Tasks\{FE7F8B51-955C-457A-80DF-DA970C52F3E7} => C:\Program Files (x86)\AVerMedia\AVerTV\AVerTV.exe [2008-09-15] (AVerMedia Technologies, Inc.)
Task: {D4421C0D-00CB-4986-B752-AEBFDFF86181} - System32\Tasks\{E75CCFB8-946F-496C-AF3F-A41D7B187401} => C:\Program Files (x86)\AVerMedia\AVerTV\AVerTV.exe [2008-09-15] (AVerMedia Technologies, Inc.)
Task: {D6020B7B-F586-4AAE-A6E3-7E46D0DCB27E} - System32\Tasks\{381F4E99-B1D7-4C27-8B7B-46BEC37C145C} => C:\Program Files (x86)\AVerMedia\AVerTV\AVerTV.exe [2008-09-15] (AVerMedia Technologies, Inc.)
Task: {D6813670-D55A-44E0-BBA1-53762D043F23} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-17] (Adobe Systems Incorporated)
Task: {D6F3E6FB-E090-49FD-85E4-21A831EBB908} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-06-17] (Microsoft Corporation)
Task: {D7C307F0-CAE3-45A9-ADC9-70C9433FEB78} - System32\Tasks\{92CDA227-EFBD-4F5E-B887-4BA8C1529B25} => C:\Program Files (x86)\AVerMedia\AVerTV\AVerTV.exe [2008-09-15] (AVerMedia Technologies, Inc.)
Task: {E6FC8486-CEB9-4E1B-998B-78E9773209BF} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E9DD7D1F-80A7-4B75-9EFD-51D82F0FEE55} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {EA06FDAB-967F-42DF-8E07-86B8EFEEED36} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {EB031068-2AC6-431A-B545-5A4228FAE067} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {EBF469A1-B054-4D43-ABE7-72C45D893B3B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F0962460-88A4-4925-8569-CDA589696682} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F1BA18BE-3E42-4246-A679-984A1AEECCAD} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-17] ()
Task: {F31BA45F-7AF4-4745-9F02-FBBCCEADD412} - System32\Tasks\{5D08BA52-FAFC-4E0D-8020-4EFBD9C5DA8A} => C:\Program Files (x86)\AVerMedia\AVerTV\AVerTV.exe [2008-09-15] (AVerMedia Technologies, Inc.)
Task: {F923427A-0952-47E7-975B-54B760395F65} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-08] (AVAST Software)
Task: {FA4A507C-C485-44E4-B5CF-E723C97700C2} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1790967181-1192606045-1394816446-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {FC8200BB-FE67-468C-8BFB-DACB1E094F1A} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {FCB6228D-493E-4B86-A931-82F32D37453E} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FF7F6C5B-F011-49D7-B18D-6FB17F64234C} - System32\Tasks\{211A7952-A09A-4B19-9667-A54346FB0102} => C:\Program Files (x86)\AVerMedia\AVerTV\AVerTV.exe [2008-09-15] (AVerMedia Technologies, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-05-06 11:41 - 2008-10-09 12:15 - 00413696 ____R () C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-06-15 13:14 - 2017-06-03 12:01 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2016-10-02 13:34 - 2016-10-02 13:34 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 19:10 - 2017-03-04 08:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 19:07 - 2017-03-04 08:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 19:07 - 2017-03-04 08:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 19:07 - 2017-03-04 08:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-06-15 13:14 - 2017-06-03 10:47 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-06-15 13:14 - 2017-06-03 10:51 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-06-08 08:31 - 2017-06-08 08:31 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-08 08:31 - 2017-06-08 08:31 - 00201728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-08 08:31 - 2017-06-08 08:31 - 43318784 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-08 08:31 - 2017-06-08 08:31 - 02427904 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\skypert.dll
2017-05-06 11:41 - 2008-06-10 20:34 - 00159744 ____R () C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
2017-05-23 08:41 - 2017-05-23 08:41 - 03918848 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1705.1301.0_x64__8wekyb3d8bbwe\Calculator.exe
2017-06-15 12:03 - 2017-06-18 10:23 - 00020480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.524.10020.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-06-15 12:03 - 2017-06-18 10:23 - 27430400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.524.10020.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-06-15 12:03 - 2017-06-18 10:23 - 00460288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.524.10020.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-06-15 12:03 - 2017-06-18 10:23 - 02275328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.524.10020.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-06-08 08:30 - 2017-06-08 08:31 - 03139496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.524.10020.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-15 12:03 - 2017-06-18 10:23 - 00046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.524.10020.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2016-06-03 08:46 - 2016-06-03 08:48 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.524.10020.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-06-15 12:03 - 2017-06-18 10:23 - 00900096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.524.10020.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-05-05 08:12 - 2017-05-05 08:33 - 01062400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.524.10020.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-03-04 09:42 - 2016-03-04 09:43 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.524.10020.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2017-05-08 15:04 - 2012-06-09 18:33 - 00053248 _____ () C:\Program Files (x86)\Common Files\AVerMedia\dll\MsgLog.DLL
2017-05-08 17:19 - 2017-05-08 17:19 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-08 17:20 - 2017-05-08 17:20 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-08 17:20 - 2017-05-08 17:20 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-05-08 17:19 - 2017-05-08 17:19 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-08 17:19 - 2017-05-08 17:19 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-05-08 17:19 - 2017-05-08 17:19 - 00291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-05-08 17:19 - 2017-05-08 17:19 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-06-04 17:19 - 2017-06-04 17:19 - 00000753 _____ C:\WINDOWS\system32\Drivers\etc\hosts


127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1790967181-1192606045-1394816446-1000\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
HKLM\...\StartupApproved\StartupFolder: => "AVerQuick.lnk"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{92EF399F-636C-46B6-93F7-2FC339F8AB63}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{AD194D74-D6F3-4909-9F8A-6CC321D0D916}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{FC5B1CFA-B346-4766-9718-D9ABCB3E877A}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{B5619FC0-4A2C-46E2-8337-BCA478754A58}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F4EB9708-16FA-4C2F-82FA-A21C6EC567EF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F1CA1836-B687-447C-A1B8-BE6DA7B3BDFA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D0ECF659-CC23-4362-8606-578F3850F0DA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{7691528D-F936-4B3C-A834-FF76423AD927}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{17B1F439-01DE-488B-9FC5-97FA7BE7B9C6}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{40098E58-32B9-44D4-A5C2-3A8D195BE772}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596_0\SZBrowser.exe
FirewallRules: [{7DC03693-9716-4D17-A809-C29D3E13EED1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A3ECFEC2-5B30-4625-9F18-CBE522D92444}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{DAC09DFF-B1FE-4541-9FAC-A776A8DBB684}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607\SZBrowser.exe
FirewallRules: [{28AFA625-F487-46A7-82E3-493EDDCA4C36}] => (Allow) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
FirewallRules: [{C3E1C0A8-783F-4780-A22E-C0EDB8646D5B}] => (Allow) C:\Program Files (x86)\Opera\45.0.2552.898\opera.exe

==================== Restore Points =========================

08-06-2017 13:25:45 Naplánovaný kontrolní bod
14-06-2017 11:29:33 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/16/2017 08:44:41 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu BITS v knihovně DLL C:\Windows\System32\bitsperf.dll se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (06/16/2017 01:44:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: OEM-PC)
Description: Balíček Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe+App se ukončil, protože jeho pozastavování trvalo moc dlouho.

Error: (06/15/2017 05:51:14 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) Systém nemůže nalézt uvedený soubor.

Error: (06/15/2017 05:03:33 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu BITS v knihovně DLL C:\Windows\System32\bitsperf.dll se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (06/15/2017 12:13:00 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) Systém nemůže nalézt uvedený soubor.

Error: (06/14/2017 11:39:52 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu BITS v knihovně DLL C:\Windows\System32\bitsperf.dll se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (06/14/2017 11:29:54 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.

Error: (06/13/2017 12:11:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OEM-PC)
Description: Aplikaci Microsoft.Windows.Photos_8wekyb3d8bbwe!App se nepovedlo aktivovat, protože došlo k chybě: -2147417836. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (06/12/2017 07:53:26 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu BITS v knihovně DLL C:\Windows\System32\bitsperf.dll se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (06/11/2017 05:23:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program explorer.exe verze 10.0.14393.1198 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 914

Čas spuštění: 01d2e296fa1ba7f4

Čas ukončení: 0

Cesta k aplikaci: C:\Windows\explorer.exe

ID hlášení: cbf1be59-4eb9-11e7-a7f2-485b3976fef1

Úplný název balíčku s chybou:

ID aplikace související s balíčkem s chybou:


System errors:
=============
Error: (06/18/2017 10:14:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
a APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (06/17/2017 11:08:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba ZAM Controller Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (06/17/2017 11:07:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
a APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (06/16/2017 08:04:44 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
a APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (06/15/2017 08:11:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
a APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (06/15/2017 05:51:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba NetTcpActivator závisí na službě NetTcpPortSharing, která neuspěla při spuštění v důsledku následující chyby:
Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.

Error: (06/15/2017 05:51:12 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba HomeGroupListener skončila s následující chybou specifickou pro službu:
%%2147944153 = Pro mapovač koncových bodů nejsou k dispozici další koncové body.

Error: (06/15/2017 05:49:53 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Služba Služba úložiště se po přijetí pokynu pro vypnutí neukončila správně.

Error: (06/15/2017 05:43:22 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Služba Aktualizovat službu Orchestrator pro Windows Update se po přijetí pokynu pro vypnutí neukončila správně.

Error: (06/15/2017 12:17:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
a APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.


CodeIntegrity:
===================================
Date: 2017-02-01 13:25:10.269
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-01 13:25:10.237
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-01 13:25:10.167
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-01 13:25:10.136
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-01 13:25:10.082
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-01 13:25:10.035
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-01 13:25:09.982
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-01 13:25:09.914
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-01 13:25:09.866
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-01 13:25:09.799
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD Athlon(tm) II X2 240e Processor
Percentage of memory in use: 56%
Total physical RAM: 1790.05 MB
Available physical RAM: 783.04 MB
Total Virtual: 3555.58 MB
Available Virtual: 1607.56 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.22 GB) (Free:278.82 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E7F4425A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 18 čer 2017 19:04

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <====== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1790967181-1192606045-1394816446-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1790967181-1192606045-1394816446-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
U3 idsvc; no ImagePath
C:\Users\oem\AppData\Local\Resmon.ResmonCfg
Task: {0C2EF0F0-E792-41E6-9AE4-3BD356969CEF} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {314B6C75-4518-43F8-ADB8-C2F8F58CBD98} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {4C341985-85C1-4F3B-846D-0AF412DEB523} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {5D35FDBC-2D31-439F-A91F-FD7C050AC533} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {610AA9A2-63CD-41E5-9D07-C6A8359F6276} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {612AE01E-C162-423B-883F-9F94076E37F9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-11] (Google Inc.)
Task: {7E34F811-A593-4961-8097-A08EAFF4A3CE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {83270AEA-A59F-4059-A941-C09FE190E014} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {8DFDF5F1-EBFE-405D-B786-536B31A48D7B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {92686821-42D3-4DC0-AC6A-495099EFBF47} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {C033880F-E473-461F-AE0A-331B5F0FF79B} - System32\Tasks\GoogleUpdateTaskMachineUA1cf8d5b25fe0c8d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-11] (Google Inc.)
Task: {E9DD7D1F-80A7-4B75-9EFD-51D82F0FEE55} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {EA06FDAB-967F-42DF-8E07-86B8EFEEED36} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {EB031068-2AC6-431A-B545-5A4228FAE067} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

Pak popiš případné problémy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 5 hostů