Prosím o kontrolu logu

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: memphisto, Mods_senior, Security team

hukuj
Level 1
Level 1
Příspěvky: 98
Registrován: září 10
Bydliště: Brno
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod hukuj » 22 čer 2017 21:01

Vkládám fixlog a sděluji, že ten provoz PC je asi o dost lepší. Teda, jako laik nepoznám, jestli to načítání, který se mi ndá furt spíš pomalejší, je normální vzhledem k množství zobrazovanýho obsahu (především na streetview) či slabší rychlosti netu či ke kvalitě prohlížeče (firefox). Ta červená kontrolka na PC, že pořád běží nějaké procesy je tam taky na můj vkus dost často, ale i to je možná normální. Takže jestli ještě v tom logu nenajdete nějaké "smetí" (tomu vůbec nerozumím), tak je to asi O.K.



Fix result of Farbar Recovery Scan Tool (x64) Version: 21-06-2017 01
Ran by oem (22-06-2017 20:43:02) Run:1
Running from C:\Users\oem\Desktop
Loaded Profiles: oem (Available Profiles: oem & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <====== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1790967181-1192606045-1394816446-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1790967181-1192606045-1394816446-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
U3 idsvc; no ImagePath
C:\Users\oem\AppData\Local\Resmon.ResmonCfg
Task: {0C2EF0F0-E792-41E6-9AE4-3BD356969CEF} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {314B6C75-4518-43F8-ADB8-C2F8F58CBD98} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {4C341985-85C1-4F3B-846D-0AF412DEB523} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {5D35FDBC-2D31-439F-A91F-FD7C050AC533} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {610AA9A2-63CD-41E5-9D07-C6A8359F6276} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {612AE01E-C162-423B-883F-9F94076E37F9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-11] (Google Inc.)
Task: {7E34F811-A593-4961-8097-A08EAFF4A3CE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {83270AEA-A59F-4059-A941-C09FE190E014} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {8DFDF5F1-EBFE-405D-B786-536B31A48D7B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {92686821-42D3-4DC0-AC6A-495099EFBF47} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {C033880F-E473-461F-AE0A-331B5F0FF79B} - System32\Tasks\GoogleUpdateTaskMachineUA1cf8d5b25fe0c8d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-11] (Google Inc.)
Task: {E9DD7D1F-80A7-4B75-9EFD-51D82F0FEE55} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {EA06FDAB-967F-42DF-8E07-86B8EFEEED36} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {EB031068-2AC6-431A-B545-5A4228FAE067} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <====== ATTENTION => restored successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-1790967181-1192606045-1394816446-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-1790967181-1192606045-1394816446-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} => key removed successfully
HKLM\Software\Classes\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => key removed successfully
HKLM\System\CurrentControlSet\Services\idsvc => key removed successfully
idsvc => service removed successfully
C:\Users\oem\AppData\Local\Resmon.ResmonCfg => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C2EF0F0-E792-41E6-9AE4-3BD356969CEF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C2EF0F0-E792-41E6-9AE4-3BD356969CEF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{314B6C75-4518-43F8-ADB8-C2F8F58CBD98} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{314B6C75-4518-43F8-ADB8-C2F8F58CBD98} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4C341985-85C1-4F3B-846D-0AF412DEB523} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C341985-85C1-4F3B-846D-0AF412DEB523} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D35FDBC-2D31-439F-A91F-FD7C050AC533} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D35FDBC-2D31-439F-A91F-FD7C050AC533} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{610AA9A2-63CD-41E5-9D07-C6A8359F6276} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{610AA9A2-63CD-41E5-9D07-C6A8359F6276} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{612AE01E-C162-423B-883F-9F94076E37F9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{612AE01E-C162-423B-883F-9F94076E37F9} => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E34F811-A593-4961-8097-A08EAFF4A3CE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E34F811-A593-4961-8097-A08EAFF4A3CE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{83270AEA-A59F-4059-A941-C09FE190E014} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83270AEA-A59F-4059-A941-C09FE190E014} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8DFDF5F1-EBFE-405D-B786-536B31A48D7B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DFDF5F1-EBFE-405D-B786-536B31A48D7B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92686821-42D3-4DC0-AC6A-495099EFBF47} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92686821-42D3-4DC0-AC6A-495099EFBF47} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C033880F-E473-461F-AE0A-331B5F0FF79B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C033880F-E473-461F-AE0A-331B5F0FF79B} => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1cf8d5b25fe0c8d => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA1cf8d5b25fe0c8d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E9DD7D1F-80A7-4B75-9EFD-51D82F0FEE55} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9DD7D1F-80A7-4B75-9EFD-51D82F0FEE55} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA06FDAB-967F-42DF-8E07-86B8EFEEED36} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA06FDAB-967F-42DF-8E07-86B8EFEEED36} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EB031068-2AC6-431A-B545-5A4228FAE067} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB031068-2AC6-431A-B545-5A4228FAE067} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 108225473 B
Java, Flash, Steam htmlcache => 1790 B
Windows/system/drivers => 12469445 B
Edge => 108 B
Chrome => 208896 B
Firefox => 381070793 B
Opera => 113664 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 13874 B
NetworkService => 0 B
oem => 158713087 B
DefaultAppPool => 0 B

RecycleBin => 544290192 B
EmptyTemp: => 1.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:43:42 ====



Reklama
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 36689
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 22 čer 2017 22:19

Udělej znovu Memtest.

Časový limit - príkaz Command Timeout Počet operací, které byly přerušené kvůli časovému limitu pro pevný disk. Za normálních okolností by se tato hodnota měla rovnat nule. Jestliže je hodnota vyšší než nula, pravděpodobně jsou nějaké problémy s napájením, nebo je datový kabel zoxidovaný.

Vyměň kabel SATA u HDD a zasuň ho do jiného konektoru.

Pak udělej znovu CrystalDiskInfo.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

hukuj
Level 1
Level 1
Příspěvky: 98
Registrován: září 10
Bydliště: Brno
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod hukuj » 28 čer 2017 19:53

Aha ... kabel SATA u HDD ... tak to je pro "pololamu" úkol. Nahlídl jsem do PC a pokud jsem tipl dobře, co je HDD, tak k tomu vedou dva kabely. Jeden je placatej s užší koncovkou a jeden "pětidrátovej" se širší koncovkou. Troufnu se zeptat po číslech:
1. Kterej z nich mám vyměnit ?
2. A je to datový nebo napájecí kabel?
3. A ten novej mám zasunout do jiného konektoru v tom HDD?
Díky.

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 36689
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 28 čer 2017 21:30

-Ten datovej , užší.
- ano.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

hukuj
Level 1
Level 1
Příspěvky: 98
Registrován: září 10
Bydliště: Brno
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod hukuj » 01 črc 2017 19:17

Tak SATA kabel jsem vyměnil, ale na HDD jsem nenašel jinej konektor pro něho. Jsou tam ještě dva vstupy ale jiný. Tak jsem to připojil do toho stejnýho. Jo a taky jsem projel ten memtest (bylo diskutováno dříve) dýl než 2 hodiny a pořád 0 errors.

A vkládám aktuální log z CDI:

----------------------------------------------------------------------------
CrystalDiskInfo 7.0.5 (C) 2008-2016 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 10 [10.0 Build 14393] (x64)
Date : 2017/07/01 19:12:30

-- Controller Map ----------------------------------------------------------
+ PCI Standardní dvoukanálový řadič IDE [ATA]
- ATA Channel 0 (0)
- ATA Channel 1 (1)
+ PCI Standardní dvoukanálový řadič IDE [ATA]
+ ATA Channel 0 (0)
- TSSTcorp CDDVDW SH-224DB ATA Device
- SAMSUNG HD502HJ ATA Device
- ATA Channel 1 (1)
- Řadič prostorů úložišť [SCSI]

-- Disk List ---------------------------------------------------------------
(1) SAMSUNG HD502HJ : 500,1 GB [0/0/0, pd1]

----------------------------------------------------------------------------
(1) SAMSUNG HD502HJ
----------------------------------------------------------------------------
Model : SAMSUNG HD502HJ
Firmware : 1AJ10001
Serial Number : S20BJ9BZ827083
Disk Size : 500,1 GB (8,4/137,4/500,1/500,1)
Buffer Size : 16384 KB
Queue Depth : 32
# of Sectors : 976773168
Rotation Rate : 7200 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 6
Transfer Mode : ---- | SATA/300
Power On Hours : 30052 hod.
Power On Count : 4507 krát
Temperature : 34 C (93 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, AAM, 48bit LBA, NCQ
APM Level : 0000h [OFF]
AAM Level : FE00h [OFF]
Drive Letter : C:

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 100 _51 000000000001 Počet chyb čtení
02 252 252 __0 000000000000 Průchodnost disku
03 _83 _82 _25 000000001481 Čas na roztočení ploten
04 _96 _96 __0 0000000011A9 Počet spuštění/zastavení
05 252 252 _10 000000000000 Počet přemapovaných sektorů
07 252 252 _51 000000000000 Počet chybných hledání
08 252 252 _15 000000000000 Čas potřebný na vyhledání
09 100 100 __0 000000007564 Hodin v činnosti
0A 252 252 _51 000000000000 Počet opakovaných pokusů o roztočení ploten
0B 252 252 __0 000000000000 Počet pokusů o překalibrování
0C _96 _96 __0 00000000119B Počet cyklů zapnutí zařízení
BF 252 252 __0 000000000000 Počet udalostí zaznamenaných otřesovým senzorem
C0 252 252 __0 000000000000 Počet vypnutí disku
C2 _64 _56 __0 002C00130022 Teplota
C3 100 100 __0 000000000000 Počet oprav chybného čtení
C4 252 252 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 252 252 __0 000000000000 Počet podezřelých sektorů
C6 252 252 __0 000000000000 Počet neopravitelných sektorů
C7 100 100 __0 000000000003 Počet chyb v kontrolním součtu UltraDMA
C8 100 100 __0 000000000001 Počet chyb při zápisu sektorů
DF 252 252 __0 000000000000 Zatížení budiče magnetických hlav způsobené opakovanými úkony
E1 100 100 __0 0000000011AB Počet cyklů načítání/vymazání

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0040 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 5332 3042 4A39 425A 3832 3730 3833 2020 2020 2020
020: 0000 8000 0050 3141 4A31 3030 3031 5341 4D53 554E
030: 4720 4844 3530 3248 4A20 2020 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 1706 0000 004C 0040
080: 01FF 0028 746B 7F69 4123 7469 BC41 4123 407F 0026
090: 0026 0000 FFFE 0000 FE00 0000 0000 0000 0000 0000
100: 6030 3A38 0000 0000 0000 0000 4000 0000 5002 4E92
110: 0330 A451 0000 0000 0000 0000 0000 0000 0000 401C
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0002 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 003F 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 1C20 0000 0000
220: 0000 0000 101F 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0400 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 7AA5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 2F 00 64 64 01 00 00 00 00 00 00 02 26
010: 00 FC FC 00 00 00 00 00 00 00 03 23 00 53 52 81
020: 14 00 00 00 00 00 04 32 00 60 60 A9 11 00 00 00
030: 00 00 05 33 00 FC FC 00 00 00 00 00 00 00 07 2E
040: 00 FC FC 00 00 00 00 00 00 00 08 24 00 FC FC 00
050: 00 00 00 00 00 00 09 32 00 64 64 64 75 00 00 00
060: 00 00 0A 32 00 FC FC 00 00 00 00 00 00 00 0B 32
070: 00 FC FC 00 00 00 00 00 00 00 0C 32 00 60 60 9B
080: 11 00 00 00 00 00 BF 22 00 FC FC 00 00 00 00 00
090: 00 00 C0 22 00 FC FC 00 00 00 00 00 00 00 C2 02
0A0: 00 40 38 22 00 13 00 2C 00 00 C3 3A 00 64 64 00
0B0: 00 00 00 00 00 00 C4 32 00 FC FC 00 00 00 00 00
0C0: 00 00 C5 32 00 FC FC 00 00 00 00 00 00 00 C6 30
0D0: 00 FC FC 00 00 00 00 00 00 00 C7 36 00 64 64 03
0E0: 00 00 00 00 00 00 C8 2A 00 64 64 01 00 00 00 00
0F0: 00 00 DF 32 00 FC FC 00 00 00 00 00 00 00 E1 32
100: 00 64 64 AB 11 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 84 12 00 5B
170: 03 00 01 00 02 4F 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0E

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 33 00 00 00 00 00 00 00 00 00 00 02 00
010: 00 00 00 00 00 00 00 00 00 00 03 19 00 00 00 00
020: 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00
030: 00 00 05 0A 00 00 00 00 00 00 00 00 00 00 07 33
040: 00 00 00 00 00 00 00 00 00 00 08 0F 00 00 00 00
050: 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00 00
060: 00 00 0A 33 00 00 00 00 00 00 00 00 00 00 0B 00
070: 00 00 00 00 00 00 00 00 00 00 0C 00 00 00 00 00
080: 00 00 00 00 00 00 BF 00 00 00 00 00 00 00 00 00
090: 00 00 C0 00 00 00 00 00 00 00 00 00 00 00 C2 00
0A0: 00 00 00 00 00 00 00 00 00 00 C3 00 00 00 00 00
0B0: 00 00 00 00 00 00 C4 00 00 00 00 00 00 00 00 00
0C0: 00 00 C5 00 00 00 00 00 00 00 00 00 00 00 C6 00
0D0: 00 00 00 00 00 00 00 00 00 00 C7 00 00 00 00 00
0E0: 00 00 00 00 00 00 C8 00 00 00 00 00 00 00 00 00
0F0: 00 00 DF 00 00 00 00 00 00 00 00 00 00 00 E1 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3B

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 36689
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 02 črc 2017 09:19

0000000014D4 Čas na roztočení ploten
000000001517 Čas na roztočení ploten
000000001481 Čas na roztočení ploten
problém s diskem tady je , ale nevím do jaké míry má vliv na funkčnost a problémy.

Jeden konektor na SATA? Dost rarita . Ale tam problém není.

Takže myslíš , že je to OK?

Pokud se ti to ještě nezdá:
Stáhni si OTL by OldTimer
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt

Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

hukuj
Level 1
Level 1
Příspěvky: 98
Registrován: září 10
Bydliště: Brno
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod hukuj » 10 črc 2017 20:17

Rozumím tomu dobře, že ten čas na roztočení ploten je furt špatně a ten novej kabel SATA to nespravil? Takže jsem teď provedl provedl to OTL a připojuju oba logy.


Napřed půlku toho prvního:


OTL logfile created on: 10.7.2017 19:47:44 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\oem\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.14393.0)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,75 Gb Total Physical Memory | 0,71 Gb Available Physical Memory | 40,69% Memory free
3,82 Gb Paging File | 1,90 Gb Available in Paging File | 49,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,22 Gb Total Space | 275,99 Gb Free Space | 59,32% Space Free | Partition Type: NTFS

Computer Name: OEM-PC | User Name: oem | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found
PRC - C:\Users\oem\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Copyright 2017.)
PRC - C:\Users\oem\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe ()
PRC - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia)
PRC - C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Program Files\AVAST Software\Avast\AvChrome.dll ()
MOD - C:\Program Files\AVAST Software\Avast\tasks_core.dll ()
MOD - C:\Program Files\AVAST Software\Avast\ffl2.dll ()
MOD - C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll ()
MOD - C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll ()
MOD - C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll ()
MOD - C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe ()


========== Services (SafeList) ==========

SRV:64bit: - (CoreMessagingRegistrar) -- C:\Windows\SysNative\CoreMessaging.dll (Microsoft Corporation)
SRV:64bit: - (NetSetupSvc) -- C:\Windows\SysNative\NetSetupSvc.dll (Microsoft Corporation)
SRV:64bit: - (MBAMService) -- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (aswbIDSAgent) -- C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe (AVAST Software s.r.o.)
SRV:64bit: - (WdNisSvc) -- C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (wisvc) -- C:\Windows\SysNative\FlightSettings.dll (Microsoft Corporation)
SRV:64bit: - (DmEnrollmentSvc) -- C:\Windows\SysNative\Windows.Internal.Management.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (UsoSvc) -- C:\Windows\SysNative\usocore.dll (Microsoft Corporation)
SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation)
SRV:64bit: - (NgcCtnrSvc) -- C:\Windows\SysNative\NgcCtnrSvc.dll (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc) -- C:\Windows\SysNative\Unistore.dll (Microsoft Corporation)
SRV:64bit: - (UserManager) -- C:\Windows\SysNative\usermgr.dll (Microsoft Corporation)
SRV:64bit: - (RetailDemo) -- C:\Windows\SysNative\RDXService.dll (Microsoft Corporation)
SRV:64bit: - (NgcSvc) -- C:\Windows\SysNative\ngcsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (DiagTrack) -- C:\Windows\SysNative\diagtrack.dll (Microsoft Corporation)
SRV:64bit: - (DoSvc) -- C:\Windows\SysNative\dosvc.dll (Microsoft Corporation)
SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation)
SRV:64bit: - (tzautoupdate) -- C:\Windows\SysNative\tzautoupdate.dll (Microsoft Corporation)
SRV:64bit: - (MapsBroker) -- C:\Windows\SysNative\moshost.dll (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc) -- C:\Windows\SysNative\PimIndexMaintenance.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvcext.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvcext.dll (Microsoft Corporation)
SRV:64bit: - (XblAuthManager) -- C:\Windows\SysNative\XblAuthManager.dll (Microsoft Corporation)
SRV:64bit: - (XboxNetApiSvc) -- C:\Windows\SysNative\XboxNetApiSvc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation)
SRV:64bit: - (FrameServer) -- C:\Windows\SysNative\FrameServer.dll (Microsoft Corporation)
SRV:64bit: - (SensorDataService) -- C:\Windows\SysNative\SensorDataService.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc) -- C:\Windows\SysNative\UserDataService.dll (Microsoft Corporation)
SRV:64bit: - (DbxSvc) -- C:\Windows\SysNative\DbxSvc.exe (Dropbox, Inc.)
SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation)
SRV:64bit: - (CDPUserSvc) -- C:\Windows\SysNative\cdpusersvc.dll (Microsoft Corporation)
SRV:64bit: - (CDPSvc) -- C:\Windows\SysNative\cdpsvc.dll (Microsoft Corporation)
SRV:64bit: - (EntAppSvc) -- C:\Windows\SysNative\EnterpriseAppMgmtSvc.dll (Microsoft Corporation)
SRV:64bit: - (StateRepository) -- C:\Windows\SysNative\Windows.StateRepository.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (PhoneSvc) -- C:\Windows\SysNative\PhoneService.dll (Microsoft Corporation)
SRV:64bit: - (LicenseManager) -- C:\Windows\SysNative\LicenseManagerSvc.dll (Microsoft Corporation)
SRV:64bit: - (w3logsvc) -- C:\Windows\SysNative\inetsrv\w3logsvc.dll (Microsoft Corporation)
SRV:64bit: - (MSMQ) -- C:\Windows\SysNative\mqsvc.exe (Microsoft Corporation)
SRV:64bit: - (RmSvc) -- C:\Windows\SysNative\RMapi.dll (Microsoft Corporation)
SRV:64bit: - (SensorService) -- C:\Windows\SysNative\SensorService.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicvmsession) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (WalletService) -- C:\Windows\SysNative\WalletService.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (shpamsvc) -- C:\Windows\SysNative\Windows.SharedPC.AccountManager.dll (Microsoft Corporation)
SRV:64bit: - (dmwappushservice) -- C:\Windows\SysNative\dmwappushsvc.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DcpSvc) -- C:\Windows\SysNative\dcpsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (diagnosticshub.standardcollector.service) -- C:\Windows\SysNative\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (Microsoft Corporation)
SRV:64bit: - (WpnUserService_6a456f) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_6a456f) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_6a456f) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_6a456f) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_6a456f) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_6a456f) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (CDPUserSvc_6a456f) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc) -- C:\Windows\SysNative\APHostService.dll (Microsoft Corporation)
SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation)
SRV:64bit: - (TieringEngineService) -- C:\Windows\SysNative\TieringEngineService.exe (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (SmsRouter) -- C:\Windows\SysNative\SmsRouterSvc.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (MessagingService) -- C:\Windows\SysNative\MessagingService.dll (Microsoft Corporation)
SRV:64bit: - (tiledatamodelsvc) -- C:\Windows\SysNative\tileobjserver.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation)
SRV:64bit: - (WpnService) -- C:\Windows\SysNative\wpnservice.dll (Microsoft Corporation)
SRV:64bit: - (icssvc) -- C:\Windows\SysNative\tetheringservice.dll (Microsoft Corporation)
SRV:64bit: - (TimeBrokerSvc) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (WpnUserService) -- C:\Windows\SysNative\WpnUserService.dll (Microsoft Corporation)
SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\lfsvc.dll (Microsoft Corporation)
SRV:64bit: - (DevQueryBroker) -- C:\Windows\SysNative\DevQueryBroker.dll (Microsoft Corporation)
SRV:64bit: - (XblGameSave) -- C:\Windows\SysNative\XblGameSave.dll (Microsoft Corporation)
SRV:64bit: - (ClipSVC) -- C:\Windows\SysNative\ClipSVC.dll (Microsoft Corporation)
SRV:64bit: - (AJRouter) -- C:\Windows\SysNative\AJRouter.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (DsSvc) -- C:\Windows\SysNative\dssvc.dll (Microsoft Corporation)
SRV:64bit: - (embeddedmode) -- C:\Windows\SysNative\embeddedmodesvc.dll (Microsoft Corporation)
SRV:64bit: - (HvHost) -- C:\Windows\SysNative\hvhostsvc.dll (Microsoft Corporation)
SRV:64bit: - (BthHFSrv) -- C:\Windows\SysNative\BthHFSrv.dll (Microsoft Corporation)
SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (ZAMSvc) -- C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Copyright 2017.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (CoreMessagingRegistrar) -- C:\Windows\SysWOW64\CoreMessaging.dll (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PrintNotify) -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (DmEnrollmentSvc) -- C:\Windows\SysWOW64\Windows.Internal.Management.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (UnistoreSvc) -- C:\Windows\SysWOW64\Unistore.dll (Microsoft Corporation)
SRV - (StateRepository) -- C:\Windows\SysWOW64\Windows.StateRepository.dll (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (w3logsvc) -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AVerScheduleService) -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe ()
SRV - (AVerRemote) -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia)


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswStm) -- C:\Windows\SysNative\drivers\aswstm.sys (AVAST Software)
DRV:64bit: - (ZAM) -- C:\Windows\SysNative\drivers\zam64.sys (Zemana Ltd.)
DRV:64bit: - (ZAM_Guard) -- C:\Windows\SysNative\drivers\zamguard64.sys (Zemana Ltd.)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes)
DRV:64bit: - (MBAMWebProtection) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes)
DRV:64bit: - (MBAMFarflt) -- C:\Windows\SysNative\drivers\farflt.sys (Malwarebytes)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys (AVAST Software)
DRV:64bit: - (aswHwid) -- C:\Windows\SysNative\drivers\aswHwid.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)
DRV:64bit: - (aswblog) -- C:\Windows\SysNative\drivers\aswbloga.sys (AVAST Software s.r.o.)
DRV:64bit: - (aswbidsdriver) -- C:\Windows\SysNative\drivers\aswbidsdrivera.sys (AVAST Software s.r.o.)
DRV:64bit: - (aswbidsh) -- C:\Windows\SysNative\drivers\aswbidsha.sys (AVAST Software s.r.o.)
DRV:64bit: - (aswbuniv) -- C:\Windows\SysNative\drivers\aswbuniva.sys (AVAST Software s.r.o.)
DRV:64bit: - (scmbus) -- C:\Windows\SysNative\drivers\scmbus.sys (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (xboxgip) -- C:\Windows\SysNative\drivers\xboxgip.sys (Microsoft Corporation)
DRV:64bit: - (wdiwifi) -- C:\Windows\SysNative\drivers\WdiWiFi.sys (Microsoft Corporation)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (iorate) -- C:\Windows\SysNative\drivers\iorate.sys (Microsoft Corporation)
DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation)
DRV:64bit: - (megasas2i) -- C:\Windows\SysNative\drivers\MegaSas2i.sys (Avago Technologies)
DRV:64bit: - (hvservice) -- C:\Windows\SysNative\drivers\hvservice.sys (Microsoft Corporation)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (xinputhid) -- C:\Windows\SysNative\drivers\xinputhid.sys (Microsoft Corporation)
DRV:64bit: - (MQAC) -- C:\Windows\SysNative\drivers\mqac.sys (Microsoft Corporation)
DRV:64bit: - (Wof) -- C:\WINDOWS\SysNative\drivers\wof.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation)
DRV:64bit: - (wcifs) -- C:\Windows\SysNative\drivers\wcifs.sys (Microsoft Corporation)
DRV:64bit: - (CapImg) -- C:\Windows\SysNative\drivers\capimg.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\WdNisDrv.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (applockerfltr) -- C:\Windows\SysNative\drivers\applockerfltr.sys (Microsoft Corporation)
DRV:64bit: - (ReFSv1) -- C:\WINDOWS\SysNative\drivers\refsv1.sys (Microsoft Corporation)
DRV:64bit: - (WindowsTrustedRT) -- C:\Windows\SysNative\drivers\WindowsTrustedRT.sys (Microsoft Corporation)
DRV:64bit: - (GpuEnergyDrv) -- C:\Windows\SysNative\drivers\gpuenergydrv.sys (Microsoft Corporation)
DRV:64bit: - (Ufx01000) -- C:\Windows\SysNative\drivers\ufx01000.sys (Microsoft Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation)
DRV:64bit: - (UcmTcpciCx0101) -- C:\Windows\SysNative\drivers\UcmTcpciCx.sys (Microsoft Corporation)
DRV:64bit: - (UcmCx0101) -- C:\Windows\SysNative\drivers\UcmCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (storqosflt) -- C:\Windows\SysNative\drivers\storqosflt.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (UrsCx01000) -- C:\Windows\SysNative\drivers\urscx01000.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (IndirectKmd) -- C:\Windows\SysNative\drivers\IndirectKmd.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\WINDOWS\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (cnghwassist) -- C:\Windows\SysNative\drivers\cnghwassist.sys (Microsoft Corporation)
DRV:64bit: - (MMCSS) -- C:\Windows\SysNative\drivers\mmcss.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation)
DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (clreg) -- C:\Windows\SysNative\drivers\registry.sys (Microsoft Corporation)
DRV:64bit: - (wcnfs) -- C:\Windows\SysNative\drivers\wcnfs.sys (Microsoft Corporation)
DRV:64bit: - (Ucx01000) -- C:\Windows\SysNative\drivers\Ucx01000.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (NetAdapterCx) -- C:\Windows\SysNative\drivers\NetAdapterCx.sys ()
DRV:64bit: - (FileCrypt) -- C:\Windows\SysNative\drivers\filecrypt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbflt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (UdeCx) -- C:\Windows\SysNative\drivers\Udecx.sys (Microsoft Corporation)
DRV:64bit: - (vhf) -- C:\Windows\SysNative\drivers\vhf.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (ufxsynopsys) -- C:\Windows\SysNative\drivers\ufxsynopsys.sys (Microsoft Corporation)
DRV:64bit: - (UfxChipidea) -- C:\Windows\SysNative\drivers\UfxChipidea.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (UcmUcsi) -- C:\Windows\SysNative\drivers\UcmUcsi.sys (Microsoft Corporation)
DRV:64bit: - (UrsChipidea) -- C:\Windows\SysNative\drivers\urschipidea.sys (Microsoft Corporation)
DRV:64bit: - (UrsSynopsys) -- C:\Windows\SysNative\drivers\urssynopsys.sys (Microsoft Corporation)
DRV:64bit: - (genericusbfn) -- C:\Windows\SysNative\drivers\genericusbfn.sys (Microsoft Corporation)
DRV:64bit: - (WindowsTrustedRTProxy) -- C:\Windows\SysNative\drivers\WindowsTrustedRTProxy.sys (Microsoft Corporation)
DRV:64bit: - (iaLPSS2i_I2C) -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C.sys (Intel Corporation)
DRV:64bit: - (iai2c) -- C:\Windows\SysNative\drivers\iai2c.sys (Intel(R) Corporation)
DRV:64bit: - (iaLPSS2i_GPIO2) -- C:\Windows\SysNative\drivers\iaLPSS2i_GPIO2.sys (Intel Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (hidinterrupt) -- C:\Windows\SysNative\drivers\hidinterrupt.sys (Microsoft Corporation)
DRV:64bit: - (buttonconverter) -- C:\Windows\SysNative\drivers\buttonconverter.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (iagpio) -- C:\Windows\SysNative\drivers\iagpio.sys (Intel(R) Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (cht4vbd) -- C:\Windows\SysNative\drivers\cht4vx64.sys (Chelsio Communications)
DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra)
DRV:64bit: - (mlx4_bus) -- C:\Windows\SysNative\drivers\mlx4_bus.sys (Mellanox)
DRV:64bit: - (iaStorAV) -- C:\Windows\SysNative\drivers\iaStorAV.sys (Intel Corporation)
DRV:64bit: - (rt640x64) -- C:\Windows\SysNative\drivers\rt640x64.sys (Realtek )
DRV:64bit: - (ibbus) -- C:\Windows\SysNative\drivers\ibbus.sys (Mellanox)
DRV:64bit: - (cht4iscsi) -- C:\Windows\SysNative\drivers\cht4sx64.sys (Chelsio Communications)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (scmdisk0101) -- C:\Windows\SysNative\drivers\scmdisk0101.sys (Microsoft Corporation)
DRV:64bit: - (ndfltr) -- C:\Windows\SysNative\drivers\ndfltr.sys (Mellanox)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI)
DRV:64bit: - (LSI_SAS2i) -- C:\Windows\SysNative\drivers\lsi_sas2i.sys (LSI Corporation)
DRV:64bit: - (LSI_SAS3i) -- C:\Windows\SysNative\drivers\lsi_sas3i.sys (Avago Technologies)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (WinVerbs) -- C:\Windows\SysNative\drivers\winverbs.sys (Mellanox)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (percsas3i) -- C:\Windows\SysNative\drivers\percsas3i.sys (Avago Technologies)
DRV:64bit: - (percsas2i) -- C:\Windows\SysNative\drivers\percsas2i.sys (Avago Technologies)
DRV:64bit: - (storufs) -- C:\Windows\SysNative\drivers\storufs.sys (Microsoft Corporation)
DRV:64bit: - (WinMad) -- C:\Windows\SysNative\drivers\winmad.sys (Mellanox)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (AcpiDev) -- C:\Windows\SysNative\drivers\AcpiDev.sys (Microsoft Corporation)
DRV:64bit: - (volume) -- C:\Windows\SysNative\drivers\volume.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (bcmfn) -- C:\Windows\SysNative\drivers\bcmfn.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (QLogic Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (QLogic Corporation)
DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation)
DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation)
DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (vmgid) -- C:\Windows\SysNative\drivers\vmgid.sys (Microsoft Corporation)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf_amd64.sys (Secunia)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (AVerA706_x64) -- C:\Windows\SysNative\drivers\AVerA706_x64.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV:64bit: - (AVerBDA3x_x64) -- C:\Windows\SysNative\drivers\AVerBDA3x_x64.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV:64bit: - (BrPar) -- C:\Windows\SysNative\drivers\brpar64a.sys (Brother Industries Ltd.)
DRV - (CompositeBus) -- C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\..\SearchScopes,DefaultScope = {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,NewTabPageShow = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Old Start Page = http://www.google.cz/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = cs,en-US;q=0.7,en;q=0.3
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EC 96 67 20 6B D7 D1 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = 6E 15 74 0F 8A 5C D2 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = 01 00 00 00 19 00 00 00 21 FE 1E E4 08 1C D9 F9 99 CA D8 DC AD 4E 09 E1 5A B6 FB EA 41 09 C2 DB 78 02 00 00 00 10 00 00 00 66 50 76 6C 53 7A 52 52 51 25 32 62 49 25 33 64 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE05
IE - HKCU\..\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "CZ"
FF - prefs.js..browser.search.region: "CZ"
FF - prefs.js..browser.startup.homepage: "www.google.cz/"
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20170206
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:54.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1228198.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 54.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 54.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2017.06.21 09:31:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 52.2.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 52.2.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 54.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 54.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2017.06.21 09:31:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 52.2.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 52.2.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2014.07.23 21:03:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oem\AppData\Roaming\mozilla\Extensions
[2010.10.08 19:50:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oem\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.10.17 17:07:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oem\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2017.05.26 11:40:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\browser-extension-data
[2017.05.26 11:40:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\browser-extension-data\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2016.09.26 08:31:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\browser-extension-data\stefanvandamme@stefanvd.net
[2017.06.11 11:50:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions
[2017.05.10 19:35:29 | 000,000,000 | ---D | M] (WOT) -- C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2017.06.01 13:23:58 | 000,352,827 | ---- | M] () (No name found) -- C:\Users\oem\AppData\Roaming\mozilla\firefox\profiles\y504fwoy.default\extensions\sp@avast.com.xpi
[2017.06.11 11:50:41 | 001,587,681 | ---- | M] () (No name found) -- C:\Users\oem\AppData\Roaming\mozilla\firefox\profiles\y504fwoy.default\extensions\stefanvandamme@stefanvd.net.xpi
[2017.06.01 13:23:58 | 000,694,121 | ---- | M] () (No name found) -- C:\Users\oem\AppData\Roaming\mozilla\firefox\profiles\y504fwoy.default\extensions\wrc@avast.com.xpi
[2017.06.08 18:16:48 | 001,059,016 | ---- | M] () (No name found) -- C:\Users\oem\AppData\Roaming\mozilla\firefox\profiles\y504fwoy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2017.07.01 16:41:16 | 000,009,974 | ---- | M] () (No name found) -- C:\Users\oem\AppData\Roaming\mozilla\firefox\profiles\y504fwoy.default\features\{067452c1-ff61-4625-b0cf-c89130e88eb0}\followonsearch@mozilla.com.xpi
[2017.07.01 16:41:17 | 000,044,954 | ---- | M] () (No name found) -- C:\Users\oem\AppData\Roaming\mozilla\firefox\profiles\y504fwoy.default\features\{067452c1-ff61-4625-b0cf-c89130e88eb0}\shield-recipe-client@mozilla.org.xpi
[2015.02.25 21:49:02 | 000,002,216 | ---- | M] () -- C:\Users\oem\AppData\Roaming\mozilla\firefox\profiles\y504fwoy.default\searchplugins\bing.xml
[2017.06.30 21:25:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2007.04.10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll
[2017.04.05 02:38:18 | 000,232,016 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll

hukuj
Level 1
Level 1
Příspěvky: 98
Registrován: září 10
Bydliště: Brno
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod hukuj » 10 črc 2017 20:18

Teď druhou půlku toho prvního:


O1 HOSTS File: ([2017.06.04 17:19:02 | 000,000,753 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft OneDrive for Business Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvLaunch.exe (AVAST Software)
O4:64bit: - HKLM..\Run: [ZAM] C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Copyright 2017.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Live! Central 3] C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [OneDrive] C:\Users\oem\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000012 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://files.creative.com/Web/softwareu ... PIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://files.creative.com/Web/softwareu ... /CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{fbbe13cc-a1be-44c5-8ebf-9bcdbd7e22a2}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mso-minsb.16 - No CLSID value found
O18:64bit: - Protocol\Handler\mso-minsb-roaming.16 - No CLSID value found
O18:64bit: - Protocol\Handler\osf.16 - No CLSID value found
O18:64bit: - Protocol\Handler\osf-roaming.16 - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-minsb.16 {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-minsb-roaming.16 {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\osf.16 {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\osf-roaming.16 {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\WINDOWS\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\WINDOWS\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\WINDOWS\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\WINDOWS\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\WINDOWS\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\WINDOWS\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\WINDOWS\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\WINDOWS\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\WINDOWS\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\WINDOWS\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\WINDOWS\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2017.07.10 19:40:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\oem\Desktop\OTL.exe
[2017.07.07 19:30:42 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Local\UNP
[2017.07.07 19:20:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\UNP
[2017.07.07 19:20:07 | 000,000,000 | ---D | C] -- C:\Program Files\UNP
[2017.06.30 20:42:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2017.06.21 09:30:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2017.06.21 08:16:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
[2017.06.15 17:48:16 | 000,000,000 | --SD | C] -- C:\WINDOWS\UpdateAssistantV2
[2017.06.15 17:48:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftwareDistribution
[2017.06.15 13:15:40 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.BlockedShutdown.dll
[2017.06.15 13:15:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.LockScreen.dll
[2017.06.15 13:15:39 | 005,686,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
[2017.06.15 13:15:39 | 002,997,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\win32kfull.sys
[2017.06.15 13:15:39 | 000,545,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\fontdrvhost.exe
[2017.06.15 13:15:39 | 000,315,744 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\atmfd.dll
[2017.06.15 13:15:38 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mssrch.dll
[2017.06.15 13:15:38 | 001,412,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\gdi32full.dll
[2017.06.15 13:15:38 | 001,221,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Audio.dll
[2017.06.15 13:15:38 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CoreMessaging.dll
[2017.06.15 13:15:37 | 002,643,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tquery.dll
[2017.06.15 13:15:37 | 000,780,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WWAHost.exe
[2017.06.15 13:15:37 | 000,709,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CPFilters.dll
[2017.06.15 13:15:37 | 000,368,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\puiobj.dll
[2017.06.15 13:15:36 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ExSMime.dll
[2017.06.15 13:15:36 | 000,037,376 | ---- | C] (Adobe Systems) -- C:\WINDOWS\SysWow64\atmlib.dll
[2017.06.15 13:15:35 | 001,021,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppxPackaging.dll
[2017.06.15 13:15:35 | 000,886,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\aadtb.dll
[2017.06.15 13:15:35 | 000,607,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\NetSetupEngine.dll
[2017.06.15 13:15:34 | 000,381,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBXHCI.SYS
[2017.06.15 13:15:34 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\NetSetupShim.dll
[2017.06.15 13:15:34 | 000,118,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppointmentActivation.dll
[2017.06.15 13:15:34 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UserDataTimeUtil.dll
[2017.06.15 13:15:33 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\certutil.exe
[2017.06.15 13:15:33 | 000,279,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\sdbus.sys
[2017.06.15 13:15:33 | 000,187,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dumpsd.sys
[2017.06.15 13:15:33 | 000,111,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\NetSetupApi.dll
[2017.06.15 13:15:33 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\BasicRender.sys
[2017.06.15 13:15:32 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\netcorehc.dll
[2017.06.15 13:15:32 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\hnetcfg.dll
[2017.06.15 13:15:32 | 000,232,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edputil.dll
[2017.06.15 13:15:32 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tcpipcfg.dll
[2017.06.15 13:15:32 | 000,100,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AuthBrokerUI.dll
[2017.06.15 13:15:31 | 000,857,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WWAHost.exe
[2017.06.15 13:15:31 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MusUpdateHandlers.dll
[2017.06.15 13:15:30 | 003,403,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tquery.dll
[2017.06.15 13:15:30 | 002,538,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssrch.dll
[2017.06.15 13:15:30 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuuhext.dll
[2017.06.15 13:15:29 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssprxy.dll
[2017.06.15 13:15:26 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Audio.dll
[2017.06.15 13:15:25 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UserDataTimeUtil.dll
[2017.06.15 13:15:25 | 000,038,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\OOBEUpdater.exe
[2017.06.15 13:15:24 | 000,857,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetSetupEngine.dll
[2017.06.15 13:15:23 | 002,213,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KernelBase.dll
[2017.06.15 13:15:23 | 001,131,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\localspl.dll
[2017.06.15 13:15:19 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\puiobj.dll
[2017.06.15 13:15:19 | 000,238,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MusNotification.exe
[2017.06.15 13:15:19 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpninprc.dll
[2017.06.15 13:15:18 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32spl.dll
[2017.06.15 13:15:18 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetSetupSvc.dll
[2017.06.15 13:15:18 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MusNotificationUx.exe
[2017.06.15 13:15:15 | 000,148,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetSetupApi.dll
[2017.06.15 13:15:13 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\musdialoghandlers.dll
[2017.06.15 13:15:02 | 000,441,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\netcorehc.dll
[2017.06.15 13:15:00 | 000,691,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieproxy.dll
[2017.06.15 13:15:00 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieproxy.dll
[2017.06.15 13:14:58 | 000,402,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms1.sys
[2017.06.15 13:14:57 | 007,783,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2017.06.15 13:14:57 | 000,822,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Chakradiag.dll
[2017.06.15 13:14:57 | 000,635,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript9diag.dll
[2017.06.15 13:14:56 | 006,042,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Chakra.dll
[2017.06.15 13:14:56 | 004,744,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2017.06.15 13:14:55 | 008,125,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakra.dll
[2017.06.15 13:14:55 | 001,513,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kbase.sys
[2017.06.15 13:14:53 | 002,475,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DWrite.dll
[2017.06.15 13:14:52 | 022,569,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\edgehtml.dll
[2017.06.15 13:14:49 | 000,418,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.BlockedShutdown.dll
[2017.06.15 13:14:48 | 018,364,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edgehtml.dll
[2017.06.15 13:14:45 | 001,121,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aadtb.dll
[2017.06.15 13:14:44 | 001,112,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppxPackaging.dll
[2017.06.15 13:14:44 | 000,975,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\HelpPane.exe
[2017.06.15 13:14:44 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cloudAP.dll
[2017.06.15 13:14:44 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetworkBindingEngineMigPlugin.dll
[2017.06.15 13:14:43 | 000,856,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\efscore.dll
[2017.06.15 13:14:43 | 000,351,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hnetcfg.dll
[2017.06.15 13:14:39 | 000,628,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fontdrvhost.exe
[2017.06.15 13:14:39 | 000,379,232 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysNative\atmfd.dll
[2017.06.15 13:14:38 | 001,566,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gdi32full.dll
[2017.06.15 13:14:38 | 000,886,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CPFilters.dll
[2017.06.15 13:14:37 | 003,615,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kfull.sys
[2017.06.15 13:14:37 | 001,600,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sppobjs.dll
[2017.06.15 13:14:36 | 001,490,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lsasrv.dll
[2017.06.15 13:14:35 | 007,217,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Data.Pdf.dll
[2017.06.15 13:14:35 | 000,764,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CoreMessaging.dll
[2017.06.15 13:14:32 | 002,510,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetworkMobileSettings.dll
[2017.06.15 13:14:32 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.LockScreen.dll
[2017.06.15 13:14:30 | 001,100,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hvix64.exe
[2017.06.15 13:14:30 | 000,989,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hvax64.exe
[2017.06.15 13:14:29 | 001,564,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\appraiser.dll
[2017.06.15 13:14:29 | 001,214,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aeinv.dll
[2017.06.15 13:14:29 | 000,334,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\invagent.dll
[2017.06.15 13:14:29 | 000,233,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aepic.dll
[2017.06.15 13:14:28 | 000,544,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\devinv.dll
[2017.06.15 13:14:28 | 000,455,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\securekernel.exe
[2017.06.15 13:14:27 | 000,629,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\generaltel.dll
[2017.06.15 13:14:27 | 000,335,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dcntel.dll
[2017.06.15 13:14:27 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winsrv.dll
[2017.06.15 13:14:27 | 000,096,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CompatTelRunner.exe
[2017.06.15 13:14:26 | 000,489,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetSetupShim.dll
[2017.06.15 13:14:26 | 000,192,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\aepic.dll
[2017.06.15 13:14:26 | 000,045,056 | ---- | C] (Adobe Systems) -- C:\WINDOWS\SysNative\atmlib.dll
[2017.06.15 13:14:25 | 001,418,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\certutil.exe
[2017.06.15 13:14:25 | 000,509,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\storport.sys
[2017.06.15 13:14:25 | 000,136,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\acmigration.dll
[2017.06.15 13:14:25 | 000,034,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DeviceCensus.exe
[2017.06.15 13:14:24 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dpapisrv.dll
[2017.06.15 13:14:24 | 000,136,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ImplatSetup.dll
[2017.06.15 13:14:24 | 000,128,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\tm.sys
[2017.06.15 13:14:23 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AuthBrokerUI.dll
[2017.06.15 13:14:22 | 000,255,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\HNetCfgClient.dll
[2017.06.15 13:14:22 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\edputil.dll
[2017.06.15 13:14:22 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fdProxy.dll
[2017.06.11 22:24:47 | 000,000,000 | ---D | C] -- C:\FRST
[2017.06.11 19:20:43 | 000,000,000 | ---D | C] -- C:\Users\oem\Desktop\vrbice
[2016.08.21 13:12:35 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Program Files (x86)\hijackthis.exe
[1 C:\Users\oem\Desktop\*.tmp files -> C:\Users\oem\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2017.07.10 19:49:14 | 000,234,858 | ---- | M] () -- C:\WINDOWS\ZAM.krnl.trace
[2017.07.10 19:49:14 | 000,214,209 | ---- | M] () -- C:\WINDOWS\ZAM_Guard.krnl.trace
[2017.07.10 19:44:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\oem\Desktop\OTL.exe
[2017.07.10 08:23:53 | 1407,750,144 | -HS- | M] () -- C:\hiberfil.sys
[2017.07.10 08:23:51 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2017.07.09 23:45:03 | 000,000,309 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2017.07.09 14:49:25 | 000,158,888 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswstm.sys
[2017.07.09 14:41:04 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2017.07.03 12:23:56 | 005,430,888 | ---- | M] () -- C:\Users\oem\Desktop\03) Niña Pastori - Amores y Besos.mp3
[2017.07.03 12:23:36 | 003,811,063 | ---- | M] () -- C:\Users\oem\Desktop\Fandangos de huelva_95 castanuelas_Iberica.mp3
[2017.06.25 17:42:17 | 000,617,205 | ---- | M] () -- C:\Users\oem\Desktop\Sestava hormonální jógy.jpg
[2017.06.25 15:45:28 | 004,141,290 | ---- | M] () -- C:\Users\oem\Desktop\FS zkoušky září - říjen.jpg
[2017.06.25 15:44:09 | 004,605,539 | ---- | M] () -- C:\Users\oem\Desktop\FS zkoušky srpen - září.jpg
[2017.06.22 20:28:14 | 002,398,590 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2017.06.22 20:28:14 | 000,961,272 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2017.06.22 20:28:14 | 000,885,622 | ---- | M] () -- C:\WINDOWS\SysNative\perfh005.dat
[2017.06.22 20:28:14 | 000,299,550 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2017.06.22 20:28:14 | 000,233,134 | ---- | M] () -- C:\WINDOWS\SysNative\perfc005.dat
[2017.06.15 17:51:08 | 000,349,824 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2017.06.15 16:41:10 | 000,578,153 | ---- | M] () -- C:\Users\oem\Desktop\cz_artistry_special_care_collection_ll_final.pdf
[2017.06.15 12:21:07 | 000,061,304 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\lpsport.sys
[2017.06.12 11:57:54 | 000,000,423 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2017.06.11 15:37:52 | 003,352,278 | ---- | M] () -- C:\Users\oem\Desktop\03 Venta la Tonta (Alegrias).wma
[1 C:\Users\oem\Desktop\*.tmp files -> C:\Users\oem\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2017.07.07 19:30:41 | 000,001,414 | ---- | C] () -- C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aktualizace a nastavení ochrany osobních údajů.lnk
[2017.07.03 12:23:56 | 005,430,888 | ---- | C] () -- C:\Users\oem\Desktop\03) Niña Pastori - Amores y Besos.mp3
[2017.07.03 12:23:34 | 003,811,063 | ---- | C] () -- C:\Users\oem\Desktop\Fandangos de huelva_95 castanuelas_Iberica.mp3
[2017.06.25 15:45:24 | 004,141,290 | ---- | C] () -- C:\Users\oem\Desktop\FS zkoušky září - říjen.jpg
[2017.06.25 15:44:05 | 004,605,539 | ---- | C] () -- C:\Users\oem\Desktop\FS zkoušky srpen - září.jpg
[2017.06.22 16:10:49 | 000,617,205 | ---- | C] () -- C:\Users\oem\Desktop\Sestava hormonální jógy.jpg
[2017.06.15 16:41:10 | 000,578,153 | ---- | C] () -- C:\Users\oem\Desktop\cz_artistry_special_care_collection_ll_final.pdf
[2017.06.15 13:15:38 | 002,048,496 | ---- | C] () -- C:\WINDOWS\SysWow64\CoreUIComponents.dll
[2017.06.15 13:14:53 | 002,681,200 | ---- | C] () -- C:\WINDOWS\SysNative\CoreUIComponents.dll
[2017.06.15 12:21:08 | 000,061,304 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\lpsport.sys
[2017.06.11 15:37:51 | 003,352,278 | ---- | C] () -- C:\Users\oem\Desktop\03 Venta la Tonta (Alegrias).wma
[2017.06.04 17:40:27 | 000,024,064 | ---- | C] () -- C:\WINDOWS\zoek-delete.exe
[2017.05.10 20:45:49 | 000,265,728 | ---- | C] () -- C:\WINDOWS\SysWow64\Windows.Perception.Stub.dll
[2017.05.08 15:04:25 | 000,049,152 | ---- | C] () -- C:\WINDOWS\SysWow64\AVerIO.dll
[2017.05.08 15:04:25 | 000,003,456 | ---- | C] () -- C:\WINDOWS\SysWow64\AVerIO.sys
[2017.05.08 15:04:18 | 000,651,264 | ---- | C] () -- C:\WINDOWS\SysWow64\sptlib21.dll
[2017.05.08 15:04:18 | 000,462,848 | ---- | C] () -- C:\WINDOWS\SysWow64\sptlib12.dll
[2017.05.08 15:04:18 | 000,421,888 | ---- | C] () -- C:\WINDOWS\SysWow64\sptlib02.dll
[2017.05.08 15:04:18 | 000,311,296 | ---- | C] () -- C:\WINDOWS\SysWow64\sptlib01.dll
[2017.05.08 15:04:18 | 000,307,200 | ---- | C] () -- C:\WINDOWS\SysWow64\sptlib22.dll
[2017.05.08 15:04:18 | 000,307,200 | ---- | C] () -- C:\WINDOWS\SysWow64\sptlib03.dll
[2017.05.08 15:04:18 | 000,294,912 | ---- | C] () -- C:\WINDOWS\SysWow64\sptlib11.dll
[2017.03.15 19:20:23 | 000,019,968 | ---- | C] () -- C:\WINDOWS\SysWow64\GamePanelExternalHook.dll
[2016.10.02 12:46:36 | 001,451,720 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2016.10.02 12:43:18 | 000,000,423 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2016.10.02 12:43:18 | 000,000,034 | ---- | C] () -- C:\WINDOWS\SysWow64\BD2030.DAT
[2016.10.02 12:42:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2016.10.02 12:42:27 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2016.07.16 13:47:57 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2016.07.16 13:47:57 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2016.07.16 13:43:04 | 000,055,296 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2016.07.16 13:42:55 | 000,167,640 | ---- | C] () -- C:\WINDOWS\SysWow64\chs_singlechar_pinyin.dat
[2016.07.16 13:42:53 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2016.07.16 13:42:49 | 000,304,640 | ---- | C] () -- C:\WINDOWS\SysWow64\HrtfApo.dll
[2016.07.16 13:42:48 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2016.07.16 13:42:43 | 000,002,307 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2016.07.16 13:42:12 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2010.10.27 22:53:05 | 000,005,120 | ---- | C] () -- C:\Users\oem\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2017.05.06 10:35:55 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\windows.storage.dll -- [2017.04.28 02:40:18 | 007,220,184 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2017.04.28 02:46:03 | 005,722,320 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2016.07.16 13:42:31 | 000,977,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2016.07.16 13:42:56 | 000,779,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2016.07.16 13:42:31 | 000,518,656 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.12.08 16:42:30 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Ashampoo
[2014.11.27 00:53:11 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\AVAST Software
[2015.02.16 19:54:21 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Canneverbe Limited
[2013.09.11 15:44:34 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\capella-software
[2017.01.28 22:28:24 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Carambis
[2015.05.09 20:51:05 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\DAEMON Tools Lite
[2013.12.04 17:40:34 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\FileZilla
[2012.09.20 17:59:01 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Free Audio Editor
[2016.09.28 22:46:17 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\FreeBurner
[2014.12.22 14:13:55 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\IsolatedStorage
[2016.02.09 12:53:33 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\LockAP
[2010.10.24 21:53:31 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Opera
[2015.03.10 20:41:10 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Opera Software
[2010.10.08 19:50:11 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Thunderbird
[2010.10.17 17:07:38 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\TomTom
[2017.05.08 17:34:13 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\XnView

========== Purity Check ==========



< End of report >

hukuj
Level 1
Level 1
Příspěvky: 98
Registrován: září 10
Bydliště: Brno
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod hukuj » 10 črc 2017 20:19

A nakonec ten druhý - Extras



OTL Extras logfile created on: 10.7.2017 19:47:44 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\oem\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.14393.0)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,75 Gb Total Physical Memory | 0,71 Gb Available Physical Memory | 40,69% Memory free
3,82 Gb Paging File | 1,90 Gb Available in Paging File | 49,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,22 Gb Total Space | 275,99 Gb Free Space | 59,32% Space Free | Partition Type: NTFS

Computer Name: OEM-PC | User Name: oem | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Powershell] -- powershell.exe -noexit -command Set-Location '%V' (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Powershell] -- powershell.exe -noexit -command Set-Location '%V' (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 4F 47 20 24 9F 1C D2 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]
"DontEnumerateCommonFilesUpgradeExe" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1409D97B-30ED-4514-9542-43E36D92D6DE}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{40098E58-32B9-44D4-A5C2-3A8D195BE772}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\avast software\szbrowser\3.55.2393.596_0\szbrowser.exe |
"{637D4CCB-1A0D-4202-A4C8-42939FC855B5}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\opera\46.0.2597.32\opera.exe |
"{A3ECFEC2-5B30-4625-9F18-CBE522D92444}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\root\office16\outlook.exe |
"{C3E1C0A8-783F-4780-A22E-C0EDB8646D5B}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\opera\45.0.2552.898\opera.exe |
"{DAC09DFF-B1FE-4541-9FAC-A776A8DBB684}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\avast software\szbrowser\3.55.2393.607\szbrowser.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{025DE41B-FDD3-4C44-9C5F-B00FE902183B}" = dir=out | name=@{microsoft.getstarted_5.10.1441.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.getstarted/resources/appstorename} |
"{04BC4970-35D1-418B-8DCC-3D8DD1D09038}" = dir=out | name=@{microsoft.windows.photos_2017.18062.12990.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{0AA97F82-F46C-41CA-9CEE-08A5B98F68ED}" = dir=in | name=microsoft sticky notes |
"{0AF831B5-B520-41FE-8F7E-7C9F657EF15B}" = dir=in | name=microsoft solitaire collection |
"{0B3C2F60-2C5A-419F-840B-0238692C1335}" = dir=in | name=onenote |
"{0B8AE13E-C777-4052-AA76-46FD7A9D8249}" = dir=out | name=@{microsoft.oneconnect_1.1607.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.oneconnect/oneconnect/appstorename} |
"{10A13830-0A2A-488A-A015-C73777892F6B}" = dir=out | name=@{microsoft.xboxgamecallableui_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} |
"{11FC3268-C05A-4DE2-8DC0-F301062CA6EA}" = dir=in | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{123A79F9-42A4-43C3-97FF-870535ABCB46}" = dir=out | name=xbox |
"{12429177-68E0-4B42-A387-3CB0F3055400}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{13FF1D37-DAB3-46DB-A263-5A36457A1180}" = dir=out | name=sway |
"{14F69125-8758-4750-895A-D997CC47EFBC}" = dir=in | name=@{microsoft.windows.photos_2017.18062.12990.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{1A18B495-24CE-471A-A6D9-0E7C98BFA3DC}" = dir=out | name=minecraft: windows 10 edition |
"{1CD537AD-6E3B-4AE4-8BDF-C09389B7D896}" = dir=out | name=@{microsoft.microsoftedge_38.14393.1066.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{1DF2F832-FDCD-4D0F-8FEF-287F23810117}" = dir=out | name=@{microsoft.windows.shellexperiencehost_10.0.14393.1358_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.shellexperiencehost/resources/pkgdisplayname} |
"{2012A138-9A34-4987-B78B-453FDAECB8B2}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{28146A6C-3781-4568-9F44-449AA6EB9549}" = dir=out | name=@{microsoft.commsphone_2.17.27003.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.commsphone/resources/appstorename} |
"{2EAEE00D-1261-485B-9136-5A25AE9D3587}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.8241.41125.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} |
"{2FA0644E-C13A-4752-B51E-55336807B6D8}" = dir=in | name=@{microsoft.oneconnect_1.1607.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.oneconnect/oneconnect/appstorename} |
"{2FB40D5B-2F0B-4CC7-BA67-45C1B3592EEF}" = dir=in | name=@{microsoft.microsoftofficehub_17.8312.7601.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} |
"{319AD613-94D0-4D3F-BF7D-D5593767D84C}" = dir=in | name=@{microsoft.windows.cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/packagedisplayname} |
"{31D9EF16-C4B0-4675-9BBA-700141C19346}" = dir=in | name=@{microsoft.messaging_3.19.1001.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.messaging/resources/appstorename} |
"{347B0221-E0E2-42A5-8565-92BB74E00C78}" = dir=out | name=@{microsoft.zunemusic_10.17042.14111.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{37BA23A6-B99D-4639-801C-C237A3201207}" = dir=in | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{3AD5B4EE-823D-4E87-B813-A3FD6CE5244A}" = dir=out | name=@{microsoft.windows.parentalcontrols_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} |
"{3B4687EB-105E-4FC5-88DD-C742133D66DE}" = dir=in | name=@{microsoft.bingweather_4.20.1102.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} |
"{3F08DA43-4421-4421-902D-EE73C2D2504D}" = dir=out | name=@{microsoft.people_10.2.1451.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.people/resources/appstorename} |
"{4128D873-19FC-4F2B-A509-9E89798E01DC}" = dir=in | name=@{microsoft.commsphone_2.17.27003.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.commsphone/resources/appstorename} |
"{4712992A-D042-4F3F-88A4-ABD7D9300841}" = dir=out | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{49391ADB-53F0-4764-820B-CDCC4A2A0602}" = dir=in | name=sway |
"{55EBD60A-D9D0-4040-AAA7-31BFC3C95726}" = dir=in | name=xbox |
"{5C6A186E-C1F3-4143-B5A1-04EDE34AD46A}" = dir=in | name=@{microsoft.microsoftedge_38.14393.1066.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{5D1C7326-1C51-43DB-8B18-333570D3FBA9}" = dir=in | name=@{microsoft.zunevideo_10.17054.14711.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{64A8E386-F919-4E9F-B3E3-3AD46E215BAD}" = dir=out | name=@{microsoft.storepurchaseapp_11705.1706.15001.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.storepurchaseapp/resources/displaytitle} |
"{6B616877-479B-47E7-A0AE-E86FF9DB0E58}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} |
"{6FB69297-1DE9-4495-BC33-35AC0A5B77F6}" = dir=out | name=@{microsoft.windowsstore_11705.1001.21.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{701EB0C3-CEF7-4120-A407-69AA9DF2D976}" = dir=out | name=@{microsoft.microsoftofficehub_17.8312.7601.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} |
"{7394CE84-D29A-4197-B3C9-25BB00516973}" = dir=in | name=@{microsoft.bingsports_4.21.1434.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/applicationtitlewithbranding} |
"{77F976F2-DD20-496F-80CD-05A097611495}" = dir=out | name=@{microsoft.bingnews_4.21.1434.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} |
"{78BF7F8C-3E48-4594-98B3-9158075825BC}" = dir=out | name=@{microsoft.bingweather_4.20.1102.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} |
"{7BB2C1AD-87A6-4BE3-B159-0610486F7C62}" = dir=out | name=@{microsoft.windowsphone_10.1609.2561.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphone/resources/appstorename} |
"{7BC051C0-6738-4E61-AC65-E3ADA80DAA31}" = dir=out | name=@{windows.contactsupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{839DD6BF-AF92-4EEC-9687-EEDBBD3C5B98}" = dir=out | name=@{microsoft.accountscontrol_10.0.14393.1358_neutral__cw5n1h2txyewy?ms-resource://microsoft.accountscontrol/resources/displayname} |
"{85F7DA4F-C50D-4957-B7D9-6F540F8BB081}" = dir=out | name=microsoft solitaire collection |
"{925D7A18-A5EC-4302-BC24-90359107F423}" = dir=out | name=@{microsoft.windowsfeedbackhub_1.1704.1603.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsfeedbackhub/resources/appstorename} |
"{92EF399F-636C-46B6-93F7-2FC339F8AB63}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9440E036-D181-4365-B759-FC6003AEE3B5}" = dir=out | name=twitter |
"{9A89B3E0-A51D-41D0-9CB8-232DCD693156}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{9BD0D030-6D03-4A9C-A497-F737DC9ABCE0}" = dir=in | name=@{microsoft.windowsfeedbackhub_1.1704.1603.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsfeedbackhub/resources/appstorename} |
"{A0FFA56B-E74D-423E-805A-37EFA6B606D6}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.8241.41125.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} |
"{A346B474-BACC-4B8B-B9C1-08EDD2DBF7EF}" = dir=out | name=@{microsoft.lockapp_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} |
"{A4CD0FCE-C3DB-4814-8D83-8FDDB617C9D4}" = dir=out | name=windows_ie_ac_001 |
"{AB7FA0B8-2FC6-4B7A-87E3-CB6C4EAA47E1}" = dir=out | name=microsoft sticky notes |
"{AD0248D7-BC69-4A23-A135-176A84D907FD}" = dir=out | name=candy crush soda saga |
"{AD194D74-D6F3-4909-9F8A-6CC321D0D916}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{AEAD9FF4-F4B0-4695-8F15-076C35625BDF}" = dir=out | name=@{microsoft.xboxidentityprovider_11.19.19003.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxidentityprovider/resources/displayname} |
"{AF5F63DF-B4C1-4D23-A451-EB0EB38610B9}" = dir=in | name=@{microsoft.windowsstore_11705.1001.21.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{AF6FEBB3-3610-47D7-864D-68D2CC5DE89E}" = dir=out | name=@{microsoft.connectivitystore_1.1604.4.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.connectivitystore/mswifiresources/appstorename} |
"{B491533E-E113-40B0-9782-88258C4D419A}" = dir=out | name=@{microsoft.windowsmaps_5.1705.1391.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsmaps/resources/appstorename} |
"{B5619FC0-4A2C-46E2-8337-BCA478754A58}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{B5DDA9D2-C83A-4933-9448-F52E1DBDCEF1}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{B7ACFF8E-C812-4A4F-A474-F5F55A580086}" = dir=out | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{BD59FCAF-C03F-4E36-8F0A-1AB2D1A73F04}" = dir=in | name=@{microsoft.zunemusic_10.17042.14111.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{C8587D5C-4503-4002-AB62-EF1021F978CC}" = dir=out | name=@{microsoft.bingfinance_4.21.1434.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/applicationtitlewithbranding} |
"{CA801A58-F1BC-42FA-9CA7-8FADB2C1CD0F}" = dir=out | name=@{microsoft.windows.apprep.chxapp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.apprep.chxapp/resources/displayname} |
"{CB6BDFC0-D517-4584-8A58-B08785CBA047}" = dir=in | name=@{windows.contactsupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{CF648693-B316-41AE-BBAD-CDCA9B215D2B}" = dir=out | name=@{microsoft.messaging_3.19.1001.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.messaging/resources/appstorename} |
"{D0ECF659-CC23-4362-8606-578F3850F0DA}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{D14ADD31-C881-4602-959B-DCD3D2593B78}" = dir=in | name=minecraft: windows 10 edition |
"{D3F78ED5-313C-4C9E-91D8-52F6ECC30E80}" = dir=out | name=onenote |
"{D76B494F-5B02-4DF4-AB97-3BE85BD8ECFB}" = dir=out | name=@{microsoft.windows.cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/packagedisplayname} |
"{DC492E6F-087F-4002-BFC2-CE1D9BA416DE}" = dir=in | name=@{microsoft.skypeapp_11.18.614.0_x64__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/skypevideo_productname} |
"{EBB2B51E-672D-4FD6-95C8-3D4B74A5ED03}" = dir=out | name=@{microsoft.skypeapp_11.18.614.0_x64__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/skypevideo_productname} |
"{EC4A9E52-63E7-443D-8FAF-CEB682C87A00}" = dir=in | name=@{microsoft.bingnews_4.21.1434.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} |
"{F02827D3-CFD3-4081-8DDF-A3FCFD2E8147}" = dir=out | name=@{microsoft.zunevideo_10.17054.14711.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{F076C412-B756-466F-A561-C409BA739EE6}" = dir=out | name=@{microsoft.3dbuilder_14.1.1302.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.3dbuilder/resources/appstorename} |
"{F14E81EB-E914-4B79-94B1-BEBB5FE2F163}" = dir=in | name=@{microsoft.bingfinance_4.21.1434.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/applicationtitlewithbranding} |
"{F1CA1836-B687-447C-A1B8-BE6DA7B3BDFA}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{F4EB9708-16FA-4C2F-82FA-A21C6EC567EF}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{F9B1EC4F-AE68-4675-9418-E154C14CFA42}" = dir=out | name=@{microsoft.appconnector_1.3.3.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.appconnector/resources/connectorstubtitle} |
"{FC3BCDEF-63C3-4BF7-B3E7-AADFEA7C2F56}" = dir=out | name=windowsdvdplayer |
"{FC5B1CFA-B346-4766-9718-D9ABCB3E877A}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{FCE813BE-612A-435A-85A1-55AD3CC71D16}" = dir=out | name=@{microsoft.bingsports_4.21.1434.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/applicationtitlewithbranding} |
"TCP Query User{7691528D-F936-4B3C-A834-FF76423AD927}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{17B1F439-01DE-488B-9FC5-97FA7BE7B9C6}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{25E80DAA-FD87-DCE5-202C-CC02F6673002}" = Microsoft DVD App Installation for Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe (x64)
"{26784146-6E05-3FF9-9335-786C7C0FB5BE}" = Microsoft .NET Framework 4.5.2
"{28A0318C-B98D-B6B1-64D1-4E4755A8E668}" = AMD Drag and Drop Transcoding
"{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1" = Malwarebytes verze 3.1.2.1733
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4DFCD818-036A-4229-A67D-CF17DC461D92}" = Windows 10 Update and Privacy Settings
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E3FABF5-C3B9-7F7E-4AAE-977D77D48C51}" = ATI Catalyst Install Manager
"{90160000-008F-0000-1000-0000000FF1CE}" = Office 16 Click-to-Run Licensing Component
"{90160000-00DD-0000-1000-0000000FF1CE}" = Office 16 Click-to-Run Extensibility Component 64-bit Registration
"{B93D47B2-0862-E2E6-8115-B5DAF7AE3C01}" = ccc-utility64
"{C48AF3CF-C632-3C19-838E-7DAB7283D46A}" = Microsoft .NET Framework 4.5.2 (CSY)
"CCleaner" = CCleaner
"O365HomePremRetail - cs-cz" = Microsoft Office 365 - cs-cz

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000405-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}" = Skype™ 7.38
"{5662D815-DB58-5082-315B-0326B37EB7CB}" = CCC Help English
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57BB4801-61C8-4E74-9672-2160728A461E}" = Google Earth Plug-in
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{69BCE4AC-9572-3271-A2FB-9423BDA36A43}" = Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C70FBE1-6451-4F49-B0C0-7E464E73DF9B}" = capella reader
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}" = TomTom HOME
"{7DED55EA-FB69-4101-AD5D-3D7F985E68A7}" = Free AVI Player
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8C65C65C-530F-B2DB-BBD7-AF554ABEBBA1}" = Catalyst Control Center Graphics Previews Common
"{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1" = Zemana AntiMalware
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90160000-008C-0000-0000-0000000FF1CE}" = Office 16 Click-to-Run Extensibility Component
"{90160000-008C-0405-0000-0000000FF1CE}" = Office 16 Click-to-Run Localization Component
"{91B33C97-91F8-FFB3-581B-BC952C901685}_is1" = Ashampoo Burning Studio FREE v.1.14.5
"{92C41B26-EBC5-41C5-8B6F-E3EF7E57FF16}" = AVerMedia Applications
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD36563-6744-4A36-924C-9E2A863DC1EF}" = OpenOffice.org 1.9.129
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-0804-1033-1959-001824225037}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1029-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC - Czech
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{BBF2AC74-720C-3CB3-8291-5E34039232FA}" = Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{D69D4AE5-717C-5E56-A56F-542EF5F6A84C}" = Catalyst Control Center Graphics Previews Vista
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DB837E02-82D0-3888-6DEC-D29587CCDC2F}" = ccc-core-static
"{e2803110-78b3-4664-a479-3611a381656a}" = Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
"{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1C88595-815F-44D3-BE90-84509DD428BE}" = Brother HL-2035
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F86B6849-38E0-7818-F21E-6DC637932076}" = Catalyst Control Center InstallProxy
"Adobe Flash Player NPAPI" = Adobe Flash Player 26 NPAPI
"Adobe Shockwave Player" = Adobe Shockwave Player 12.2
"Agfa ScanWise 1.70" = Agfa ScanWise 1.70
"Agfa ScanWise 2.00" = Agfa ScanWise 2.00
"AGFAnet Print Service" = AGFAnet Print Service
"Avast Antivirus" = Avast Free Antivirus
"BlazeDVD 6.0_is1" = BlazeDVD 6.0
"CDJUS_is1" = CODEXIS JUSTICE 5.23.1
"Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Advanced) 8.0.2
"Creative Live! Central 2" = Creative Live! Central 3
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"CrystalDiskInfo_is1" = CrystalDiskInfo 7.0.5
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"FileZilla Client" = FileZilla Client 3.7.3
"Free Audio Editor" = Free Audio Editor
"Free Easy Burner_is1" = Free Easy Burner V 5.1
"Google Chrome" = Google Chrome
"HaaliMkx" = Haali Media Splitter
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platforma Ovladače zařízení
"InstallShield_{92C41B26-EBC5-41C5-8B6F-E3EF7E57FF16}" = AVerMedia Applications
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"Mozilla Firefox 54.0.1 (x86 cs)" = Mozilla Firefox 54.0.1 (x86 cs)
"Mozilla Thunderbird 52.2.1 (x86 cs)" = Mozilla Thunderbird 52.2.1 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 12.17.1863" = Opera 12.17
"Opera 46.0.2597.32" = Opera Stable 46.0.2597.32
"SafeZone 3.55.2393.607" = SafeZone Stable 3.55.2393.607
"Secunia PSI" = Secunia PSI (3.0.0.10004)
"SysInfo" = Creative System Information
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player
"VueScan" = VueScan
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"XnView_is1" = XnView 1.97.8

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OneDriveSetup.exe" = Microsoft OneDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3.4.2017 16:54:40 | Computer Name = oem-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: Microsoft.Photos.exe, verze: 1.0.1703.13001,
časové razítko: 0x58c6eefb Název chybujícího modulu: windows.storage.dll, verze:
10.0.14393.953, časové razítko: 0x58ba5b45 Kód výjimky: 0xc0000005 Posun chyby: 0x0000000000156a18
ID
chybujícího procesu: 0x17b0 Čas spuštění chybující aplikace: 0x01d2acbc7d3c5251 Cesta
k chybující aplikaci: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
Cesta
k chybujícímu modulu: C:\WINDOWS\System32\windows.storage.dll ID zprávy: f0e58b71-7086-486c-813e-a7a64b5cce48
Úplný
název chybujícího balíčku: Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe
ID
aplikace související s chybujícím balíčkem: App

Error - 3.4.2017 16:54:49 | Computer Name = oem-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Aplikaci Microsoft.Windows.Photos_8wekyb3d8bbwe!App se nepovedlo aktivovat,
protože došlo k chybě: -2147023170. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error - 4.4.2017 11:33:33 | Computer Name = oem-PC | Source = DbxSvc | ID = 131392
Description = Failed to connect to the driver: (-2147024894) Systém nemůže nalézt
uvedený soubor.

Error - 4.4.2017 11:34:38 | Computer Name = oem-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: Explorer.EXE, verze: 10.0.14393.953, časové
razítko: 0x58ba5aa4 Název chybujícího modulu: windows.immersiveshell.serviceprovider.dll,
verze: 10.0.14393.0, časové razítko: 0x57899873 Kód výjimky: 0x80270233 Posun chyby:
0x0000000000033c25 ID chybujícího procesu: 0xfe0 Čas spuštění chybující aplikace:
0x01d2ad58d73d9fb6 Cesta k chybující aplikaci: C:\WINDOWS\Explorer.EXE Cesta k chybujícímu
modulu: C:\Windows\System32\windows.immersiveshell.serviceprovider.dll ID zprávy:
6846c0b7-8dc7-4a2a-88ee-4e8c9e738885 Úplný název chybujícího balíčku: ID aplikace
související s chybujícím balíčkem:

Error - 4.4.2017 12:17:58 | Computer Name = oem-PC | Source = Perflib | ID = 1008
Description =

Error - 4.4.2017 12:33:33 | Computer Name = oem-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: Microsoft.Photos.exe, verze: 1.0.1703.13001,
časové razítko: 0x58c6eefb Název chybujícího modulu: windows.storage.dll, verze:
10.0.14393.953, časové razítko: 0x58ba5b45 Kód výjimky: 0xc0000005 Posun chyby: 0x00000000001563b7
ID
chybujícího procesu: 0x6cc Čas spuštění chybující aplikace: 0x01d2ad6130f7e4a1 Cesta
k chybující aplikaci: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
Cesta
k chybujícímu modulu: C:\WINDOWS\System32\windows.storage.dll ID zprávy: 1c640968-d810-4c38-aef8-4ea7b8e6e9bc
Úplný
název chybujícího balíčku: Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe
ID
aplikace související s chybujícím balíčkem: App

Error - 4.4.2017 12:33:36 | Computer Name = oem-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Aplikaci Microsoft.Windows.Photos_8wekyb3d8bbwe!App se nepovedlo aktivovat,
protože došlo k chybě: -2147023170. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error - 6.4.2017 2:08:35 | Computer Name = oem-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1508
Description = Systém Windows nemohl načíst registr. Tento problém je často způsoben
nedostatkem paměti nebo nedostatečnými zabezpečovacími právy. PODROBNOSTI – Proces
nemá přístup k souboru, neboť jej právě využívá jiný proces. pro: C:\Users\DefaultAppPool\ntuser.dat

Error - 6.4.2017 2:08:35 | Computer Name = oem-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1502
Description = Systém Windows nemůže načíst místně uložený profil. Možné příčiny
této chyby zahrnují nedostatečná zabezpečovací práva nebo poškozený místní profil.
PODROBNOSTI – Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.


Error - 6.4.2017 2:08:36 | Computer Name = oem-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1515
Description = Systém Windows zálohoval profil tohoto uživatele. Systém se automaticky
pokusí použít zazálohovaný profil při příštím přihlášení uživatele.

Error - 6.4.2017 2:08:36 | Computer Name = oem-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1511
Description = Systém Windows nemůže nalézt místní profil. Budete přihlášeni pomocí
dočasného profilu. Změny profilu budou při vašem odhlášení ztraceny.

[ AVer AutoUpdate Events ]
Error - 5.11.2016 17:50:08 | Computer Name = oem-PC | Source = AVerUpdate Server | ID = 0
Description =

Error - 5.11.2016 17:50:30 | Computer Name = oem-PC | Source = AVerUpdate Server | ID = 0
Description =

Error - 5.11.2016 17:50:52 | Computer Name = oem-PC | Source = AVerUpdate Server | ID = 0
Description =

Error - 5.11.2016 17:51:14 | Computer Name = oem-PC | Source = AVerUpdate Server | ID = 0
Description =

Error - 5.11.2016 17:51:36 | Computer Name = oem-PC | Source = AVerUpdate Server | ID = 0
Description =

Error - 5.11.2016 17:51:58 | Computer Name = oem-PC | Source = AVerUpdate Server | ID = 0
Description =

Error - 5.11.2016 17:52:20 | Computer Name = oem-PC | Source = AVerUpdate Server | ID = 0
Description =

Error - 5.11.2016 17:52:42 | Computer Name = oem-PC | Source = AVerUpdate Server | ID = 0
Description =

Error - 5.11.2016 17:53:04 | Computer Name = oem-PC | Source = AVerUpdate Server | ID = 0
Description =

Error - 5.11.2016 17:53:26 | Computer Name = oem-PC | Source = AVerUpdate Server | ID = 0
Description =

[ System Events ]
Error - 4.7.2017 2:50:31 | Computer Name = oem-PC | Source = DCOM | ID = 10016
Description =

Error - 7.7.2017 13:08:48 | Computer Name = oem-PC | Source = DCOM | ID = 10016
Description =

Error - 7.7.2017 13:20:08 | Computer Name = oem-PC | Source = Service Control Manager | ID = 7023
Description = Služba Zjišťování interaktivních služeb byla ukončena s následující
chybou: %%1

Error - 7.7.2017 13:20:09 | Computer Name = oem-PC | Source = Service Control Manager | ID = 7023
Description = Služba Zjišťování interaktivních služeb byla ukončena s následující
chybou: %%1

Error - 8.7.2017 6:06:36 | Computer Name = oem-PC | Source = DCOM | ID = 10016
Description =

Error - 9.7.2017 6:57:18 | Computer Name = oem-PC | Source = DCOM | ID = 10016
Description =

Error - 9.7.2017 8:41:09 | Computer Name = oem-PC | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (14:07:48, ?09.?07.?2017) bylo neočekávané.

Error - 9.7.2017 8:41:11 | Computer Name = oem-PC | Source = Service Control Manager | ID = 7001
Description = Služba NetTcpActivator závisí na službě NetTcpPortSharing, která neuspěla
při spuštění v důsledku následující chyby: %%1058

Error - 9.7.2017 8:41:42 | Computer Name = oem-PC | Source = DCOM | ID = 10016
Description =

Error - 10.7.2017 2:28:19 | Computer Name = oem-PC | Source = DCOM | ID = 10016
Description =


< End of report >

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 36689
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 10 črc 2017 21:14

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE05
IE - HKCU\..\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20170206
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:54.0.1
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll File not found
[2014.07.23 21:03:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oem\AppData\Roaming\mozilla\Extensions
[2010.10.08 19:50:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oem\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.10.17 17:07:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oem\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2017.05.26 11:40:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\browser-extension-data
[2017.05.26 11:40:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\browser-extension-data\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2016.09.26 08:31:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\browser-extension-data\stefanvandamme@stefanvd.net
[2017.06.11 11:50:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions
[2017.06.01 13:23:58 | 000,352,827 | ---- | M] () (No name found) -- C:\Users\oem\AppData\Roaming\mozilla\firefox\profiles\y504fwoy.default\extensions\sp@avast.com.xpi
[2017.06.11 11:50:41 | 001,587,681 | ---- | M] () (No name found) -- C:\Users\oem\AppData\Roaming\mozilla\firefox\profiles\y504fwoy.default\extensions\stefanvandamme@stefanvd.net.xpi
[2017.06.01 13:23:58 | 000,694,121 | ---- | M] () (No name found) -- C:\Users\oem\AppData\Roaming\mozilla\firefox\profiles\y504fwoy.default\extensions\wrc@avast.com.xpi
[2017.06.08 18:16:48 | 001,059,016 | ---- | M] () (No name found) -- C:\Users\oem\AppData\Roaming\mozilla\firefox\profiles\y504fwoy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2017.07.01 16:41:16 | 000,009,974 | ---- | M] () (No name found) -- C:\Users\oem\AppData\Roaming\mozilla\firefox\profiles\y504fwoy.default\features\{067452c1-ff61-4625-b0cf-c89130e88eb0}\followonsearch@mozilla.com.xpi
[2017.07.01 16:41:17 | 000,044,954 | ---- | M] () (No name found) -- C:\Users\oem\AppData\Roaming\mozilla\firefox\profiles\y504fwoy.default\features\{067452c1-ff61-4625-b0cf-c89130e88eb0}\shield-recipe-client@mozilla.org.xpi
[2017.06.30 21:25:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-minsb.16 - No CLSID value found
O18:64bit: - Protocol\Handler\mso-minsb-roaming.16 - No CLSID value found
O18:64bit: - Protocol\Handler\osf.16 - No CLSID value found
O18:64bit: - Protocol\Handler\osf-roaming.16 - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2017.05.06 10:35:55 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\windows.storage.dll -- [2017.04.28 02:40:18 | 007,220,184 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2017.04.28 02:46:03 | 005,722,320 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2016.07.16 13:42:31 | 000,977,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2016.07.16 13:42:56 | 000,779,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2016.07.16 13:42:31 | 000,518,656 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

:Files
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\System32\dllcache\*.tmp
C:\WINDOWS\system32\SET*.tmp
C:\WINDOWS\system32\DUMP*.tmp
c:\windows\Tasks\*.job /s
C:\*.tmp
C:\WINDOWS\System32\drivers\*.tmp
C:\Program Files\*.tmp
C:\Documents and Settings\All Users\Data aplikací\*.tmp
C:\Windows\SysNative\drivers\*.tmp
C:\Windows\SysWow64\drivers\*.tmp
C:\Program Files (x86)\*.tmp
C:\Windows\SysWow64\*.tmp
C:\Windows\SysNative\*.tmp
C:\Program Files (x86)\*.tmp
C:\Users\oem\Desktop\*.tmp

:Reg
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

000000001481 Čas na roztočení ploten
znovu CDI.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

hukuj
Level 1
Level 1
Příspěvky: 98
Registrován: září 10
Bydliště: Brno
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod hukuj » 19 črc 2017 16:18

Zdravím po dovolené. Vkládám obsah dnešního logu z OTL - opravu jsem provedl podle instrukcí.

A za něj vkládám výsledek z aktuálního CDI. Chápu dobře, že ten "čas na rotzočení ploten" je stále špatně? A že zatím neznáme jiné řešení než výměnu HDD?



All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named firefox.exe was found!
Service SkypeUpdate stopped successfully!
Service SkypeUpdate deleted successfully!
C:\Program Files (x86)\Skype\Updater\Updater.exe moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}\ not found.
Prefs.js: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20170206 removed from extensions.enabledAddons
Prefs.js: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:54.0.1 removed from extensions.enabledAddons
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
C:\Users\oem\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Extensions\home2@tomtom.com folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Extensions folder moved successfully.
Folder C:\Users\oem\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}\ not found.
Folder C:\Users\oem\AppData\Roaming\mozilla\Extensions\home2@tomtom.com\ not found.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\browser-extension-data\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\browser-extension-data\stefanvandamme@stefanvd.net folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\browser-extension-data folder moved successfully.
Folder C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\browser-extension-data\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\ not found.
Folder C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\browser-extension-data\stefanvandamme@stefanvd.net\ not found.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\skin\rtp folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\skin\include folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\skin\fusion\accessible\28_28 folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\skin\fusion\accessible\24_24 folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\skin\fusion\accessible\16_16\plain folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\skin\fusion\accessible\16_16 folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\skin\fusion\accessible folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\skin\fusion\32_32 folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\skin\fusion\28_28 folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\skin\fusion\24_24 folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\skin\fusion\16_16\plain folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\skin\fusion\16_16 folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\skin\fusion folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\skin\fonts\Open Sans folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\skin\fonts folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\skin\c\accessible folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\skin\c folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\skin\b\ws folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\skin\b\welcometips folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\skin\b\accessible folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\skin\b folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\skin folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\META-INF folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\locale\zh-TW folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\locale\zh-CN folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\locale\uk-UA folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\locale\tr-TR folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\locale\sv-SE folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\locale\ru-RU folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\locale\pt-BR folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\locale\pl-PL folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\locale\ko-KR folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\locale\ja-JP folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\locale\it-IT folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\locale\hi-IN folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\locale\fr-FR folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\locale\fi-FI folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\locale\es-ES folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\locale\en-US folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\locale\de-DE folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\locale\cs-CZ folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\locale folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\content\settings_page\js folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\content\settings_page\css folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\content\settings_page folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\content\rw folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\content\modules folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\content\libs folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\content\injections folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\content folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} folder moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\Firefox\Profiles\y504fwoy.default\extensions folder moved successfully.
File C:\Users\oem\AppData\Roaming\mozilla\firefox\profiles\y504fwoy.default\extensions\sp@avast.com.xpi not found.
File C:\Users\oem\AppData\Roaming\mozilla\firefox\profiles\y504fwoy.default\extensions\stefanvandamme@stefanvd.net.xpi not found.
File C:\Users\oem\AppData\Roaming\mozilla\firefox\profiles\y504fwoy.default\extensions\wrc@avast.com.xpi not found.
File C:\Users\oem\AppData\Roaming\mozilla\firefox\profiles\y504fwoy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi not found.
C:\Users\oem\AppData\Roaming\mozilla\firefox\profiles\y504fwoy.default\features\{067452c1-ff61-4625-b0cf-c89130e88eb0}\followonsearch@mozilla.com.xpi moved successfully.
C:\Users\oem\AppData\Roaming\mozilla\firefox\profiles\y504fwoy.default\features\{067452c1-ff61-4625-b0cf-c89130e88eb0}\shield-recipe-client@mozilla.org.xpi moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\http\0x00000001\ deleted successfully.
File Protocol\Handler\http\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\http\oledb\ deleted successfully.
File Protocol\Handler\http\oledb - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\https\0x00000001\ deleted successfully.
File Protocol\Handler\https\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\https\oledb\ deleted successfully.
File Protocol\Handler\https\oledb - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\0x00000001\ not found.
File Protocol\Handler\ipp\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
File Protocol\Handler\msdaipp\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
File Protocol\Handler\msdaipp\oledb - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-minsb.16\ deleted successfully.
File Protocol\Handler\mso-minsb.16 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-minsb-roaming.16\ deleted successfully.
File Protocol\Handler\mso-minsb-roaming.16 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\osf.16\ deleted successfully.
File Protocol\Handler\osf.16 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\osf-roaming.16\ deleted successfully.
File Protocol\Handler\osf-roaming.16 - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\WINDOWS\assembly\Desktop.ini moved successfully.
File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
========== FILES ==========
File\Folder C:\WINDOWS\System32\*.tmp not found.
File\Folder C:\WINDOWS\*.tmp not found.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\System32\dllcache\*.tmp not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
File\Folder C:\WINDOWS\system32\DUMP*.tmp not found.
File\Folder c:\windows\Tasks\*.job not found.
File\Folder C:\*.tmp not found.
File\Folder C:\WINDOWS\System32\drivers\*.tmp not found.
File\Folder C:\Program Files\*.tmp not found.
File\Folder C:\Documents and Settings\All Users\Data aplikací\*.tmp not found.
File\Folder C:\Windows\SysNative\drivers\*.tmp not found.
File\Folder C:\Windows\SysWow64\drivers\*.tmp not found.
File\Folder C:\Program Files (x86)\*.tmp not found.
File\Folder C:\Windows\SysWow64\*.tmp not found.
File\Folder C:\Windows\SysNative\*.tmp not found.
File\Folder C:\Program Files (x86)\*.tmp not found.
C:\Users\oem\Desktop\~WRL0001.tmp moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default.migrated

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: oem
->Temp folder emptied: 175616590 bytes
->Temporary Internet Files folder emptied: 13093263 bytes
->FireFox cache emptied: 373423124 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 785 bytes

User: Public

User: user

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 156539251 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 4683889054 bytes

Total Files Cleaned = 5 152,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 07192017_152635

Files\Folders moved on Reboot...
C:\Users\oem\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\AvLock.txt scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\SafeZone Installer\safezone_installer_20170712144342.log scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\SafeZone Installer\safezone_installer_20170712144344.log scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\SafeZone Installer\safezone_installer_20170712144400.log scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\avast_ash2\Mozilla Firefox\download.ini scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\APPX.37vr2e1jsf5vks0akk6vs8xcd.tmp not found!
File\Folder C:\WINDOWS\temp\APPX.3gciww9cch8rr7piz5sxuzswf.tmp not found!
File\Folder C:\WINDOWS\temp\APPX.3the0ymxi68vlxhjq0x99of3c.tmp not found!
File\Folder C:\WINDOWS\temp\APPX.aekm_84bedoj0yuqd6h6v3wh.tmp not found!
File\Folder C:\WINDOWS\temp\APPX.a_f1y776n2vj5wm7dx4tz5hwf.tmp not found!
File\Folder C:\WINDOWS\temp\APPX.g7y9o8a3fxs4wj7tmwevdy73d.tmp not found!
File\Folder C:\WINDOWS\temp\APPX.hpdbomv5bpt002en4goyrxv_d.tmp not found!
File\Folder C:\WINDOWS\temp\APPX.l7a3cpo45nisderkhirwydhrg.tmp not found!
File\Folder C:\WINDOWS\temp\APPX.l8djeghru14bkar02ueblb8yf.tmp not found!
File\Folder C:\WINDOWS\temp\APPX.llt_qx8c0f8ez2iqwtfs8yjo.tmp not found!
File\Folder C:\WINDOWS\temp\APPX.ln27f8q6n13xmud0g2talyyuc.tmp not found!
File\Folder C:\WINDOWS\temp\APPX.m37vl253qdc81wtc9wn0pff6f.tmp not found!
File\Folder C:\WINDOWS\temp\APPX.n9k78y3hy_n7duhhm6w6t6yuc.tmp not found!
File\Folder C:\WINDOWS\temp\APPX.ncc9_iwko8c1f82jj9qmjp3rg.tmp not found!
File\Folder C:\WINDOWS\temp\APPX.ob51wqx_tzds9v8ijuo0979ad.tmp not found!
File\Folder C:\WINDOWS\temp\APPX.pxcwx0oq9jyqebtweaowg2fph.tmp not found!
File\Folder C:\WINDOWS\temp\APPX.q2q5lrtz9sranheyvcg8gzp1f.tmp not found!
File\Folder C:\WINDOWS\temp\APPX.qj_lt_6kf_jjxzo33d26l0x2h.tmp not found!
File\Folder C:\WINDOWS\temp\APPX.qsfomngh8u0kegnakgii5j13c.tmp not found!
File\Folder C:\WINDOWS\temp\APPX.rg2xmyu5e83p3130ogaie48af.tmp not found!
File\Folder C:\WINDOWS\temp\APPX.sapp6pd54flky29mr6af6k5ff.tmp not found!
File\Folder C:\WINDOWS\temp\APPX.tvhklvalha1_5oldudvpv9a6d.tmp not found!
File\Folder C:\WINDOWS\temp\APPX.w8buj7cteba9f733ez_mfhu9c.tmp not found!
File\Folder C:\WINDOWS\temp\APPX.zu7b7ueb8hk12wol_xux0mrrd.tmp not found!
C:\WINDOWS\temp\OEM-PC-20170716-0936.log moved successfully.
File\Folder C:\WINDOWS\temp\officeclicktorun.exe_streamserver(201707160936071748).log not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




__________________________________________________________________________________________________________




CrystalDiskInfo 7.0.5 (C) 2008-2016 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 10 [10.0 Build 14393] (x64)
Date : 2017/07/19 16:09:25

-- Controller Map ----------------------------------------------------------
+ PCI Standardní dvoukanálový řadič IDE [ATA]
- ATA Channel 0 (0)
- ATA Channel 1 (1)
+ PCI Standardní dvoukanálový řadič IDE [ATA]
+ ATA Channel 0 (0)
- TSSTcorp CDDVDW SH-224DB ATA Device
- SAMSUNG HD502HJ ATA Device
- ATA Channel 1 (1)
- Řadič prostorů úložišť [SCSI]

-- Disk List ---------------------------------------------------------------
(1) SAMSUNG HD502HJ : 500,1 GB [0/0/0, pd1]

----------------------------------------------------------------------------
(1) SAMSUNG HD502HJ
----------------------------------------------------------------------------
Model : SAMSUNG HD502HJ
Firmware : 1AJ10001
Serial Number : S20BJ9BZ827083
Disk Size : 500,1 GB (8,4/137,4/500,1/500,1)
Buffer Size : 16384 KB
Queue Depth : 32
# of Sectors : 976773168
Rotation Rate : 7200 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 6
Transfer Mode : ---- | SATA/300
Power On Hours : 30213 hod.
Power On Count : 4521 krát
Temperature : 36 C (96 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, AAM, 48bit LBA, NCQ
APM Level : 0000h [OFF]
AAM Level : FE00h [OFF]
Drive Letter : C:

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 100 _51 000000000001 Počet chyb čtení
02 252 252 __0 000000000000 Průchodnost disku
03 _83 _82 _25 0000000014F0 Čas na roztočení ploten
04 _96 _96 __0 0000000011B7 Počet spuštění/zastavení
05 252 252 _10 000000000000 Počet přemapovaných sektorů
07 252 252 _51 000000000000 Počet chybných hledání
08 252 252 _15 000000000000 Čas potřebný na vyhledání
09 100 100 __0 000000007605 Hodin v činnosti
0A 252 252 _51 000000000000 Počet opakovaných pokusů o roztočení ploten
0B 252 252 __0 000000000000 Počet pokusů o překalibrování
0C _96 _96 __0 0000000011A9 Počet cyklů zapnutí zařízení
BF 252 252 __0 000000000000 Počet udalostí zaznamenaných otřesovým senzorem
C0 252 252 __0 000000000000 Počet vypnutí disku
C2 _64 _56 __0 002C00130024 Teplota
C3 100 100 __0 000000000000 Počet oprav chybného čtení
C4 252 252 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 252 252 __0 000000000000 Počet podezřelých sektorů
C6 252 252 __0 000000000000 Počet neopravitelných sektorů
C7 100 100 __0 000000000003 Počet chyb v kontrolním součtu UltraDMA
C8 100 100 __0 000000000001 Počet chyb při zápisu sektorů
DF 252 252 __0 000000000000 Zatížení budiče magnetických hlav způsobené opakovanými úkony
E1 100 100 __0 0000000011B9 Počet cyklů načítání/vymazání

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0040 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 5332 3042 4A39 425A 3832 3730 3833 2020 2020 2020
020: 0000 8000 0050 3141 4A31 3030 3031 5341 4D53 554E
030: 4720 4844 3530 3248 4A20 2020 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 1706 0000 004C 0040
080: 01FF 0028 746B 7F69 4123 7469 BC41 4123 407F 0026
090: 0026 0000 FFFE 0000 FE00 0000 0000 0000 0000 0000
100: 6030 3A38 0000 0000 0000 0000 4000 0000 5002 4E92
110: 0330 A451 0000 0000 0000 0000 0000 0000 0000 401C

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 36689
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 19 črc 2017 19:18

Spusť OTL a klikni na Vyčisti.

000000001481 Čas na roztočení ploten
0000000014F0 Čas na roztočení ploten
údaj se mění , něco s motorkem tam bude.
Co problémy?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: CommonCrawl [Bot] a 1 host