Prosím o kontrolu logu

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

jakubpolo
Level 2.5
Level 2.5
Příspěvky: 258
Registrován: červen 10
Pohlaví: Muž
Stav:
Offline

Prosím o kontrolu logu

Příspěvekod jakubpolo » 30 zář 2017 09:55

Chtěl bych Vás požádat o kontrolu logu

- Poslední dobou se počítač pomalu vypíná, třeba několik minut.
- Občas se při práci krátce zcela zasekne. Pokud je to při práci s Office nebo v prohlížeci, tak se po nějaké době opět rozběhne. Pokud je to u nějaké PC hry, tak musím často restartovat.
- Dělo se mi to již dříve, ale už to bylo dlouho, co byl přeinstalován Windows, takže bylo přeinstalováno a pak to bylo v pořádku. Teď se to zase po nějaké době vrátilo.
- Do PC byla nainstalována aplikace, jejíž původ je údajně nejasný. Je možné, že se kvůli ní do PC dostalo něco, co nemělo.

Děkuji za Vaši pomoc
____________________________________________________
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 9:50:21, on 30.09.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.15063.0608)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\WINDOWS\SysWOW64\NOTEPAD.EXE
E:\Stažené\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: gupdate - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: gupdatem - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: PAExec - Power Admin LLC - C:\Windows\PAExec.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9999 bytes

Reklama
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 30 zář 2017 10:40

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
http://www.geekstogo.com/forum/files/fi ... -oldtimer/
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode
http://www.bleepingcomputer.com/download/adwcleaner/
http://www.adlice.com/downloadprogress/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Scan“
Po skenu klikni na „Logfile“ ,objeví se okno „Log Manager“ a pak poklepej na odpovídající log , který se otevře. ( jinak je uložen systémovem disku jako C:\AdwCleaner [C?].txt ), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
-Pokud není program aktuální , klikni na možnost „Aktualizovat nyní“ či „Opravit nyní“.
- bude nalezena aktualizace a nainstaluje se.
- poté klikni na Skenovat nyní
- po proběhnutí programu se ti objeví hláška vpravo dole, tak klikni na Uložit výsledky a vyber zkopírovat do schránky a vlož sem celý log. Nebo klikni na „Textový soubor ( .txt)“ a log si ulož.
-jinak se log nachází zde: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs

- po té klikni na tlačítko Dokončit, a program zavři křížkem vpravo nahoře.
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

jakubpolo
Level 2.5
Level 2.5
Příspěvky: 258
Registrován: červen 10
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod jakubpolo » 30 zář 2017 11:33

Děkuji za pomoc.

- ATF Cleaner jsem dle návodu nepoužil, využívám Google Chrome.

- TFC vyčistil něco přes 400 MB, pak jsem PC musel restartovat ručně. Podobně jako vypínání i restart probíhal nesmírně dlouho. Obrazovka ztmavne, PC běží, monitor bliká, jako když je zapnutý a přitom nedostává žádný signál. Zhruba po 5 - 10 minutách se PC restartuje. Což je tedy ten samý problém, akorát jsem netušil, že je i u restartu.

- AdwCleaner
# AdwCleaner 7.0.3.1 - Logfile created on Sat Sep 30 09:26:26 2017
# Updated on 2017/29/09 by Malwarebytes
# Database: 09-29-2017.1
# Running on Windows 10 Enterprise (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy, C:\Users\Public\Documents\Downloaded Installers
PUP.Optional.SlimCleanerPlus, C:\Users\PoLo\AppData\Local\slimware utilities inc
PUP.Optional.SlimCleanerPlus, C:\Users\PoLo\AppData\Local\SlimWare Utilities Inc


***** [ Files ] *****

PUP.Optional.Legacy, C:\Windows\SysNative\drivers\swdumon.sys


***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Conduit, [Key] - HKLM\SOFTWARE\Conduit
PUP.Optional.Conduit, [Key] - HKU\S-1-5-21-3229655998-2220489892-3251086895-1001\Software\Conduit
PUP.Optional.Conduit, [Key] - HKCU\Software\Conduit
PUP.Optional.SlimCleanerPlus, [Key] - HKLM\SOFTWARE\SlimWare Utilities Inc
PUP.Optional.SlimCleanerPlus, [Key] - HKU\S-1-5-21-3229655998-2220489892-3251086895-1001\Software\SlimWare Utilities Inc
PUP.Optional.SlimCleanerPlus, [Key] - HKCU\Software\SlimWare Utilities Inc


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

PUP.Optional.22ChromeEXT, Plugin found: ImTranslator: Translator, Dictionary, TTS -

/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271


*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

- Malwarebytes
http://www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 30.09.17
Čas skenování: 11:29
Logovací soubor: e4b8d104-a5c1-11e7-aaaf-50e549362fb3.json
Správce: Ano

-Informace o softwaru-
Verze: 3.2.2.2029
Verze komponentů: 1.0.207
Aktualizovat verzi balíku komponent: 1.0.2920
Licence: Bezplatný

-Systémová informace-
OS: Windows 10 (Build 15063.632)
CPU: x64
Systém souborů: NTFS
Uživatel: POLOPC\PoLo

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 358484
Zjištěné hrozby: 2
Hrozby umístěné do karantény: 0
(Nebyly zjištěny žádné škodlivé položky)
Uplynulý čas: 1 min, 2 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 1
PUP.Optional.DriverUpdate, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SWDUMon, Žádná uživatelská akce, [965], [337087],1.0.2920

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 1
PUP.Optional.DriverUpdate, C:\WINDOWS\SYSTEM32\DRIVERS\SWDUMON.SYS, Žádná uživatelská akce, [965], [337087],1.0.2920

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 01 říj 2017 09:37

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce
klikni na „Scan“, po prohledání klikni na „ Clean

Program provede opravu, po automatickém restartu klikni na „Log Manager“ a pak poklepej na odpovídají log, (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.


. spusť znovu Malwarebytes' Anti-Malware a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Sophos Virus Removal Tool je praktický softwarový nástroj, který by mohl odstranit infekce, které antivirový program nedetekuje .
Stáhněte si ho zde z některého odkazu:
http://www.majorgeeks.com/mg/get/sophos ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,2.html

Viry mohou zpomalit počítač, nebo se snaží ukrást vaše data, a ani nevíte , že je máte. Co potřebujete, je rychlý a snadný způsob, jak je najít a zbavit se jich, pokud již máte antivirový program v počítači nainstalován , můžete nainstalovat i nástroj Sophos Virus Removal , který identifikuje a vyčistí zbylé infekce, které mohl Váš antivirový program přehlédnout.
K použití Sophos Virus Removal Tool na něj poklepejte a stiskněte tlačítko „Start scanning“ . Pak bude Sophos Virus Removal Tool vyhledávat a odstraňovat viry, které najde. Může být vyžadován restart.


Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.adlice.com/download/roguekil ... HlwZT14ODY
64bit.:
http://www.adlice.com/download/roguekil ... HlwZT14NjQ
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7,8,10 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“
- Program skenuje procesy PC. Po proskenování klikni na „Open Report “ , v okně pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
-pokud bude mít log více než 60.000 znaků , rozděl ho a vlož do více příspěvků

další odkazy:
http://www.adlice.com/download/roguekiller/
http://www.bleepingcomputer.com/download/roguekiller/

Zadej si také téma do sekce "Problémy s HW".
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

jakubpolo
Level 2.5
Level 2.5
Příspěvky: 258
Registrován: červen 10
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod jakubpolo » 01 říj 2017 17:42

  • AdwCleaner
    # AdwCleaner 7.0.3.1 - Logfile created on Sun Oct 01 13:03:55 2017
    # Updated on 2017/29/09 by Malwarebytes
    # Running on Windows 10 Enterprise (X64)
    # Mode: clean
    # Support: https://www.malwarebytes.com/support

    ***** [ Services ] *****

    No malicious services deleted.

    ***** [ Folders ] *****

    Deleted: C:\Users\Public\Documents\Downloaded Installers
    Deleted: C:\Users\PoLo\AppData\Local\slimware utilities inc
    Deleted: C:\Users\PoLo\AppData\Local\SlimWare Utilities Inc


    ***** [ Files ] *****

    Deleted: C:\Windows\SysNative\drivers\swdumon.sys


    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks deleted.

    ***** [ Registry ] *****

    Deleted: [Key] - HKLM\SOFTWARE\Conduit
    Deleted: [Key] - HKU\S-1-5-21-3229655998-2220489892-3251086895-1001\Software\Conduit
    Deleted: [Key] - HKCU\Software\Conduit
    Deleted: [Key] - HKLM\SOFTWARE\SlimWare Utilities Inc
    Deleted: [Key] - HKU\S-1-5-21-3229655998-2220489892-3251086895-1001\Software\SlimWare Utilities Inc
    Deleted: [Key] - HKCU\Software\SlimWare Utilities Inc


    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries deleted.

    ***** [ Chromium (and derivatives) ] *****

    Plugin deleted: ImTranslator: Translator, Dictionary, TTS -


    *************************

    ::Tracing keys deleted
    ::Winsock settings cleared
    ::Additional Actions: 0



    *************************

    C:/AdwCleaner/AdwCleaner[S0].txt - [1832 B] - [2017/9/30 9:26:26]
    C:/AdwCleaner/AdwCleaner[S1].txt - [1899 B] - [2017/10/1 13:3:42]
    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

  • Junkware Removal Tool by Thisisu
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.1.4 (07.09.2017)
    Operating System: Windows 10 Enterprise x64
    Ran by PoLo (Administrator) on 01.10.2017 at 15:10:14,82
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 2

    Successfully deleted: C:\ProgramData\thunder network (Folder)
    Successfully deleted: C:\Users\Public\thunder network (Folder)



    Registry: 1

    Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\SWDUMon (Registry Key)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 01.10.2017 at 15:11:44,67
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Malwarebytes' Anti-Malware
    Program nic nenalezl i přesto, že předtím našel několik problémů. Nejspíš je odstranil některý z předchozích programů, protože já jsem nic jiného nedělal.

  • Sophos Virus Removal Tool
    Program našel jeden trojan, který byl odstraněn.

  • RogueKiller by Adlice Software
    RogueKiller V12.11.17.0 (x64) [Sep 25 2017] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : https://forum.adlice.com
    Webová stránka : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Operační systém : Windows 10 (10.0.15063) 64 bits version
    Spuštěno : Normální režim
    Uživatel : PoLo [Práva správce]
    Started from : C:\Users\PoLo\Desktop\RogueKiller_portable64.exe
    Mód : Prohledat -- Datum : 10/01/2017 17:12:11 (Duration : 00:20:47)

    ¤¤¤ Procesy : 0 ¤¤¤

    ¤¤¤ Registry : 0 ¤¤¤

    ¤¤¤ Úlohy : 0 ¤¤¤

    ¤¤¤ Soubory : 0 ¤¤¤

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Soubor HOSTS : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

    ¤¤¤ Webové prohlížeče : 0 ¤¤¤

    ¤¤¤ Kontrola MBR : ¤¤¤
    +++++ PhysicalDrive0: SAMSUNG HD103SJ ATA Device +++++
    --- User ---
    [MBR] ab1962a22e771857887ae5adbcb8fef9
    [BSP] d68ca5449e20e100e366ccde2f60a28b : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: KINGSTON SV300S37A240G ATA Device +++++
    --- User ---
    [MBR] f351b9e9cf7ff3bcddb34c2a9f4f51cc
    [BSP] d9b50be4a39777e04542e464aa6a40e9 : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1026048 | Size: 227585 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 467122176 | Size: 847 MB
    User = LL1 ... OK
    User = LL2 ... OK


Vypínání a restart stále probíhá se zpožděním, protože jsem s PC pracoval méně, tak nevím, jak jsou na tom drobné záseky během práce s PC. Dříve byl problém vyřešen přeinstalováním Windows, takže nevím, zda se jedná o problém HW. Možná jsem jen dostal znovu do PC něco, co dělalo problém i předtím.

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 02 říj 2017 09:22

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Vypni antivir i firewall.
Stáhni Zoek.exe
http://download.bleepingcomputer.com/smeenk/zoek.exe
klik nahoře vpravo na .rar-file a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
-pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log Zkopíruj sem celý obsah toho logu.
Pokud budou problémy , spusť zoek v nouz. režimu.


Stáhni si Zemana AntiMalware Free z tohoto odkazu:
https://www.zemana.com/Download/AntiMal ... .Setup.exe
a ulož si ho na plochu.
Poklepej na tento soubor na ploše a postupuj podle pokynů k instalaci programu.
Přijmi licenci k používání programu EULA , pokud se nabídne.
Pokud je k dispozici aktualizace programu , klepni na tlačítko „Update now“ ( aktualizovat nyní).
Můžeš si zatrhnout i vytvoření bodu obnovy:
Klikni na ozubené kolečko , poté na „Skenování“ a zatrhni „vytvářet body obnovy“.
Vrať se zpět ( klikni na domeček).
Zavři všechny otevřené soubory, složky a prohlížeče
Neměň žádné nastavení. Klikni na „Skenovat“.
Po skenu lze vidět , zda jsou nějaké nákazy. Klikni na „Další“. Nákazy budou přemístěny do karantény.
Když je skenování dokončeno, objeví se tisková zpráva , zkopíruj sem celý obsah té zprávy.
Jinak můžeš zprávy vidět , když klikneš vpravo nahoře na „ zprávy“.



Vlož nový log z HJT + informuj o problémech
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

jakubpolo
Level 2.5
Level 2.5
Příspěvky: 258
Registrován: červen 10
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod jakubpolo » 02 říj 2017 13:04

  • aswMBR
    Program způsobil 3x modrou smrt se smutným smajlíkem. Podařilo se mi vyfotit, v čem byl dle Windows problém a přikládám obrázek.

  • Zoek
    Zoek.exe v5.0.0.1 Updated 27-09-2015
    Tool run by PoLo on 02.10.2017 at 12:36:56,34.
    Microsoft Windows 10 Enterprise 10.0.15063 x64
    Running in: Normal Mode No Internet Access Detected
    Launched: C:\Users\PoLo\Desktop\zoek.exe [Scan all users] [Script inserted]

    ==== System Restore Info ======================

    02.10.2017 12:38:07 Zoek.exe System Restore Point Created Successfully.

    ==== Reset Hosts File ======================

    # Copyright (c) 1993-2006 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    # 102.54.94.97 rhino.acme.com # source server
    # 38.25.63.10 x.acme.com # x client host

    127.0.0.1 localhost

    ==== Empty Folders Check ======================

    C:\PROGRA~2\Origin Games deleted successfully
    C:\PROGRA~3\Comms deleted successfully
    C:\PROGRA~3\SoftwareDistribution deleted successfully
    C:\Users\PoLo\AppData\Local\ActiveSync deleted successfully
    C:\Users\PoLo\AppData\Local\CrashDumps deleted successfully
    C:\Users\PoLo\AppData\Local\DBG deleted successfully
    C:\Users\PoLo\AppData\Local\PeerDistRepub deleted successfully
    C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully
    C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
    C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully

    ==== Deleting CLSID Registry Keys ======================


    ==== Deleting CLSID Registry Values ======================


    ==== Deleting Services ======================


    ==== Deleting Files \ Folders ======================

    C:\PROGRA~2\Origin Games not found
    C:\PROGRA~3\Package Cache deleted
    C:\windows\SysNative\GroupPolicy\Machine deleted
    C:\windows\SysNative\GroupPolicy\User deleted

    ==== Chromium Look ======================


    OneTab - PoLo\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall
    Checker Plus for Gmail™ - PoLo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj
    Chrome Media Router - PoLo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

    ==== Set IE to Default ======================

    Old Values:
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

    New Values:
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

    ==== All HKCU SearchScopes ======================

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
    "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
    {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
    {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

    ==== Reset Google Chrome ======================

    C:\Users\PoLo\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
    C:\Users\PoLo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
    C:\Users\PoLo\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
    C:\Users\PoLo\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

    ==== Empty IE Cache ======================

    C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Users\PoLo\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
    C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
    C:\Users\PoLo\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
    C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

    ==== Empty FireFox Cache ======================

    No FireFox Profiles found

    ==== Empty Chrome Cache ======================

    C:\Users\PoLo\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

    ==== Empty All Flash Cache ======================

    No Flash Cache Found

    ==== Empty All Java Cache ======================

    No Java Cache Found

    ==== C:\zoek_backup content ======================

    C:\zoek_backup (files=37 folders=45 44241804 bytes)

    ==== Empty Temp Folders ======================

    C:\WINDOWS\Temp will be emptied at reboot

    ==== After Reboot ======================

    ==== Empty Temp Folders ======================

    C:\WINDOWS\Temp successfully emptied
    C:\Users\PoLo\AppData\Local\Temp successfully emptied

    ==== Empty Recycle Bin ======================

    C:\$RECYCLE.BIN successfully emptied

    ==== EOF on 02.10.2017 at 12:52:02,61 ======================

  • Zemana AntiMalware
    Nebylo nic zjištěno.

  • HijackThis
    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 12:58:26, on 02.10.2017
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v11.0 (11.00.15063.0608)


    Boot mode: Normal

    Running processes:
    C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
    C:\Users\PoLo\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll
    O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
    O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
    O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
    O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
    O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
    O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
    O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
    O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
    O23 - Service: gupdate - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: gupdatem - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
    O23 - Service: PAExec - Power Admin LLC - C:\Windows\PAExec.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: ZAM Controller Service (ZAMSvc) - Copyright 2017. - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe

    --
    End of file - 10280 bytes
Přílohy
IMG_20171002_123335.gif
Modrá smrt

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 02 říj 2017 18:49

Stáhni si Memtest:

Políčko , ve kterém je napsáno:
All unused RAM -ponech , jak je.
-dej Start , nech nejméně 2h běžet , pokud bude po 2h stále 0 errors , jsou v pořádku.
V případě vyšších kapacit RAM je třeba Memtest spustit několikrát , pro 2GB ( jednotlivá největší kapacita RAM) 2x , pro 4GB 3x , pro 8Gb 4x ap.

Ještě zkontrolovat HDD na chyby ,popř. zkusit jeho defragmentaci ..

poklepej na Memtest , pak znovu a znovu , do políček všech Memtestů napiš 2048 , pak dej u všech Memtestů "Start".

Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.

Stáhni si a nainstaluj WhoCrashed
otevři ho a klikni na Analyze.
Program vytvoří zprávu , zkopíruj celou a vlož prosím sem.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

jakubpolo
Level 2.5
Level 2.5
Příspěvky: 258
Registrován: červen 10
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod jakubpolo » 03 říj 2017 16:00

Mám dva disky, jeden SSD, na kterém běží systém a jsou nainstalovány všechny aplikace a jeden klasický, který slouží jako úložiště.

  • Memtest
    Spustil jsem na 2,5 hodiny 6x Memtest a nebyla zjištěna žádná závada.

  • CrystalDiskInfo
    ----------------------------------------------------------------------------
    CrystalDiskInfo 7.1.0 (C) 2008-2016 hiyohiyo
    Crystal Dew World : http://crystalmark.info/
    ----------------------------------------------------------------------------

    OS : Windows 10 Enterprise [10.0 Build 15063] (x64)
    Date : 2017/10/03 15:57:20

    -- Controller Map ----------------------------------------------------------
    + ATA Channel 0 (0) [ATA]
    - KINGSTON SV300S37A240G ATA Device
    - ATA Channel 1 (1) [ATA]
    + PCI Standardní dvoukanálový řadič IDE [ATA]
    - ATA Channel 0 (0)
    - ATA Channel 1 (1)
    + PCI Standardní dvoukanálový řadič IDE [ATA]
    + ATA Channel 0 (0)
    - TSSTcorp CDDVDW SH-222AB ATA Device
    + ATA Channel 1 (1)
    - SAMSUNG HD103SJ ATA Device
    - Řadič prostorů úložišť [SCSI]

    -- Disk List ---------------------------------------------------------------
    (1) SAMSUNG HD103SJ : 1000,2 GB [0/1/0, pd1]
    (2) KINGSTON SV300S37A240G : 240,0 GB [1/2/0, pd1] - sf

    ----------------------------------------------------------------------------
    (1) SAMSUNG HD103SJ
    ----------------------------------------------------------------------------
    Model : SAMSUNG HD103SJ
    Firmware : 1AJ10001
    Serial Number : S246J9FB806685
    Disk Size : 1000,2 GB (8,4/137,4/1000,2/1000,2)
    Buffer Size : 32767 KB
    Queue Depth : 32
    # of Sectors : 1953525168
    Rotation Rate : 7200 RPM
    Interface : Serial ATA
    Major Version : ATA8-ACS
    Minor Version : ATA8-ACS version 6
    Transfer Mode : ---- | SATA/300
    Power On Hours : 17503 hod.
    Power On Count : 3759 krát
    Temperature : 28 C (82 F)
    Health Status : Dobrý
    Features : S.M.A.R.T., APM, AAM, 48bit LBA, NCQ
    APM Level : 0000h [OFF]
    AAM Level : FE00h [OFF]
    Drive Letter : E:

    -- S.M.A.R.T. --------------------------------------------------------------
    ID Cur Wor Thr RawValues(6) Attribute Name
    01 100 100 _51 000000000047 Počet chyb čtení
    02 252 252 __0 000000000000 Průchodnost disku
    03 _70 _69 _25 000000002404 Čas na roztočení ploten
    04 _94 _94 __0 000000001994 Počet spuštění/zastavení
    05 252 252 _10 000000000000 Počet přemapovaných sektorů
    07 252 252 _51 000000000000 Počet chybných hledání
    08 252 252 _15 000000000000 Čas potřebný na vyhledání
    09 100 100 __0 00000000445F Hodin v činnosti
    0A 252 252 _51 000000000000 Počet opakovaných pokusů o roztočení ploten
    0B 252 252 __0 000000000000 Počet pokusů o překalibrování
    0C _97 _97 __0 000000000EAF Počet cyklů zapnutí zařízení
    BF 100 100 __0 000000000009 Počet udalostí zaznamenaných otřesovým senzorem
    C0 252 252 __0 000000000000 Počet vypnutí disku
    C2 _64 _57 __0 002B000B001C Teplota
    C3 100 100 __0 000000000000 Počet oprav chybného čtení
    C4 252 252 __0 000000000000 Počet udalostí s číslem realokování sektorů
    C5 252 252 __0 000000000000 Počet podezřelých sektorů
    C6 252 252 __0 000000000000 Počet neopravitelných sektorů
    C7 100 100 __0 000000000005 Počet chyb v kontrolním součtu UltraDMA
    C8 100 100 __0 000000000244 Počet chyb při zápisu sektorů
    DF 252 252 __0 000000000000 Zatížení budiče magnetických hlav způsobené opakovanými úkony
    E1 100 100 __0 0000000019A1 Počet cyklů načítání/vymazání

    -- IDENTIFY_DEVICE ---------------------------------------------------------
    0 1 2 3 4 5 6 7 8 9
    000: 0040 3FFF C837 0010 0000 0000 003F 0000 0000 0000
    010: 5332 3436 4A39 4642 3830 3636 3835 2020 2020 2020
    020: 0000 FFFF 0004 3141 4A31 3030 3031 5341 4D53 554E
    030: 4720 4844 3130 3353 4A20 2020 2020 2020 2020 2020
    040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
    050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0110
    060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
    070: 0000 0000 0000 0000 0000 001F 1706 0000 004C 0040
    080: 01FF 0028 746B 7F69 4123 7469 BC41 4123 407F 004B
    090: 004B 0000 FFFE 0000 FE00 0000 0000 0000 0000 0000
    100: 6DB0 7470 0000 0000 0000 0000 4000 0000 5002 4E92
    110: 05FB BAE1 0000 0000 0000 0000 0000 0000 0000 401C
    120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 0000
    130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
    140: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
    150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
    160: 0000 0000 0000 0000 0000 0000 0000 0000 0002 0000
    170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
    180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
    190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
    200: 0000 0000 0000 0000 0000 0000 003F 0000 0000 0000
    210: 0000 0000 0000 0000 0000 0000 0000 1C20 0000 0000
    220: 0000 0000 101F 0000 0000 0000 0000 0000 0000 0000
    230: 0000 0000 0000 0000 0001 0400 0000 0000 0000 0000
    240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
    250: 0000 0000 0000 0000 0000 9BA5

    -- SMART_READ_DATA ---------------------------------------------------------
    +0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
    000: 10 00 01 2F 00 64 64 47 00 00 00 00 00 00 02 26
    010: 00 FC FC 00 00 00 00 00 00 00 03 23 00 46 45 04
    020: 24 00 00 00 00 00 04 32 00 5E 5E 94 19 00 00 00
    030: 00 00 05 33 00 FC FC 00 00 00 00 00 00 00 07 2E
    040: 00 FC FC 00 00 00 00 00 00 00 08 24 00 FC FC 00
    050: 00 00 00 00 00 00 09 32 00 64 64 5F 44 00 00 00
    060: 00 00 0A 32 00 FC FC 00 00 00 00 00 00 00 0B 32
    070: 00 FC FC 00 00 00 00 00 00 00 0C 32 00 61 61 AF
    080: 0E 00 00 00 00 00 BF 22 00 64 64 09 00 00 00 00
    090: 00 00 C0 22 00 FC FC 00 00 00 00 00 00 00 C2 02
    0A0: 00 40 39 1C 00 0B 00 2B 00 00 C3 3A 00 64 64 00
    0B0: 00 00 00 00 00 00 C4 32 00 FC FC 00 00 00 00 00
    0C0: 00 00 C5 32 00 FC FC 00 00 00 00 00 00 00 C6 30
    0D0: 00 FC FC 00 00 00 00 00 00 00 C7 36 00 64 64 05
    0E0: 00 00 00 00 00 00 C8 2A 00 64 64 44 02 00 00 00
    0F0: 00 00 DF 32 00 FC FC 00 00 00 00 00 00 00 E1 32
    100: 00 64 64 A1 19 00 00 00 00 00 00 00 00 00 00 00
    110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    160: 00 00 00 00 00 00 00 00 00 00 00 00 90 24 00 5B
    170: 03 00 01 00 02 9C 00 00 00 00 00 00 00 00 00 00
    180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08

    -- SMART_READ_THRESHOLD ----------------------------------------------------
    +0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
    000: 10 00 01 33 00 00 00 00 00 00 00 00 00 00 02 00
    010: 00 00 00 00 00 00 00 00 00 00 03 19 00 00 00 00
    020: 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00
    030: 00 00 05 0A 00 00 00 00 00 00 00 00 00 00 07 33
    040: 00 00 00 00 00 00 00 00 00 00 08 0F 00 00 00 00
    050: 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00 00
    060: 00 00 0A 33 00 00 00 00 00 00 00 00 00 00 0B 00
    070: 00 00 00 00 00 00 00 00 00 00 0C 00 00 00 00 00
    080: 00 00 00 00 00 00 BF 00 00 00 00 00 00 00 00 00
    090: 00 00 C0 00 00 00 00 00 00 00 00 00 00 00 C2 00
    0A0: 00 00 00 00 00 00 00 00 00 00 C3 00 00 00 00 00
    0B0: 00 00 00 00 00 00 C4 00 00 00 00 00 00 00 00 00
    0C0: 00 00 C5 00 00 00 00 00 00 00 00 00 00 00 C6 00
    0D0: 00 00 00 00 00 00 00 00 00 00 C7 00 00 00 00 00
    0E0: 00 00 00 00 00 00 C8 00 00 00 00 00 00 00 00 00
    0F0: 00 00 DF 00 00 00 00 00 00 00 00 00 00 00 E1 00
    100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3B

    ----------------------------------------------------------------------------
    (2) KINGSTON SV300S37A240G
    ----------------------------------------------------------------------------
    Model : KINGSTON SV300S37A240G
    Firmware : 583ABBF0
    Serial Number : 50026B774A046960
    Disk Size : 240,0 GB (8,4/137,4/240,0/240,0)
    Buffer Size : Neznámy údaj
    Queue Depth : 32
    # of Sectors : 468862128
    Rotation Rate : ---- (SSD)
    Interface : Serial ATA
    Major Version : ATA8-ACS
    Minor Version : ACS-2 Revision 3
    Transfer Mode : SATA/600 | SATA/600
    Power On Hours : 8608 hod.
    Power On Count : 2174 krát
    Host Reads : 9689 GB
    Host Writes : 9706 GB
    Temperature : 31 C (87 F)
    Health Status : Dobrý (96 %)
    Features : S.M.A.R.T., APM, 48bit LBA, NCQ, TRIM
    APM Level : 00FEh [ON]
    AAM Level : ----
    Drive Letter : C:

    -- S.M.A.R.T. --------------------------------------------------------------
    ID Cur Wor Thr Raw Values (7) Attribute Name
    01 _95 _95 _50 0000000D7D972B Raw Read Error Rate
    05 100 100 __3 00000000000000 Retired Block Count
    09 _91 _91 __0 0DE2F6000021A0 Power-on Hours
    0C _98 _98 __0 0000000000087E Power Cycle Count
    AB 100 100 __0 00000000000000 Program Fail Count
    AC 100 100 __0 00000000000000 Erase Fail Count
    AE __0 __0 __0 00000000000053 Unexpected Power Loss Count
    B1 __0 __0 __0 00000000000001 Wear Range Delta
    B5 100 100 __0 00000000000000 Program Fail Count
    B6 100 100 __0 00000000000000 Erase Fail Count
    BB 100 100 __0 00000000000000 Reported Uncorrectable Errors
    BD _31 _38 __0 00000B0026001F Specifický pro výrobce
    C2 _31 _38 __0 00000B0026001F Temperature
    C3 120 120 __0 0000000D7D972B On-the-Fly ECC Uncorrectable Error Count
    C4 100 100 __3 00000000000000 Reallocation Event Count
    C9 120 120 __0 0000000D7D972B Uncorrectable Soft Read Error Rate
    CC 120 120 __0 0000000D7D972B Soft ECC Correction Rate
    E6 100 100 __0 00000000000064 Life Curve Status
    E7 _96 _96 _10 00000000000001 SSD Life Left
    E9 __0 __0 __0 00000000003558 Specifický pro výrobce
    EA __0 __0 __0 000000000025EA Specifický pro výrobce
    F1 __0 __0 __0 000000000025EA Lifetime Writes from Host
    F2 __0 __0 __0 000000000025D9 Lifetime Reads from Host

    -- IDENTIFY_DEVICE ---------------------------------------------------------
    0 1 2 3 4 5 6 7 8 9
    000: 0C5A 3FFF 738C 0010 0000 0000 003F 0000 0000 0000
    010: 3530 3032 3642 3737 3441 3034 3639 3630 2020 2020
    020: 0000 0000 0004 3538 3341 4242 4630 4B49 4E47 5354
    030: 4F4E 2053 5633 3030 5333 3741 3234 3047 2020 2020
    040: 2020 2020 2020 2020 2020 2020 2020 8001 4000 2F00
    050: 4001 0200 0200 0007 3FFF 0010 003F FC10 00FB 0101
    060: FFFF 0FFF 0000 0407 0003 0078 0078 0078 0078 0F08
    070: 0000 0000 0000 0000 0000 001F 950E 0006 004C 0040
    080: 01FC 0110 742B 7569 6163 7429 B449 6163 007F 0001
    090: 0001 00FE FFFE 0000 0000 0000 0000 0000 0000 0000
    100: 44B0 1BF2 0000 0000 0000 0001 4000 0000 5002 6B77
    110: 4A04 6960 0000 0000 0000 0000 0000 0000 0000 405A
    120: 4018 0000 0000 0000 0000 0000 0000 0000 0029 0000
    130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
    140: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
    150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
    160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0001
    170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
    180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
    190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
    200: 0000 0000 0000 0000 0000 0000 0025 0000 0000 4000
    210: 0000 0000 0100 0000 0000 0000 0000 0001 0000 0000
    220: 0000 0000 103F 0000 0000 0000 0000 0000 0000 0000
    230: 44B0 1BF2 0000 0000 0002 0400 0000 0000 0000 0000
    240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
    250: 0000 0000 0000 0000 0000 05A5

    -- SMART_READ_DATA ---------------------------------------------------------
    +0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
    000: 0A 00 01 32 00 5F 5F 2B 97 7D 0D 00 00 00 05 33
    010: 00 64 64 00 00 00 00 00 00 00 09 32 00 5B 5B A0
    020: 21 00 00 F6 E2 0D 0C 32 00 62 62 7E 08 00 00 00
    030: 00 00 AB 0A 00 64 64 00 00 00 00 00 00 00 AC 32
    040: 00 64 64 00 00 00 00 00 00 00 AE 30 00 00 00 53
    050: 00 00 00 00 00 00 B1 00 00 00 00 01 00 00 00 00
    060: 00 00 B5 0A 00 64 64 00 00 00 00 00 00 00 B6 32
    070: 00 64 64 00 00 00 00 00 00 00 BB 12 00 64 64 00
    080: 00 00 00 00 00 00 BD 00 00 1F 26 1F 00 26 00 0B
    090: 00 00 C2 22 00 1F 26 1F 00 26 00 0B 00 00 C3 1C
    0A0: 00 78 78 2B 97 7D 0D 00 00 00 C4 33 00 64 64 00
    0B0: 00 00 00 00 00 00 C9 1C 00 78 78 2B 97 7D 0D 00
    0C0: 00 00 CC 1C 00 78 78 2B 97 7D 0D 00 00 00 E6 13
    0D0: 00 64 64 64 00 00 00 00 00 00 E7 13 00 60 60 01
    0E0: 00 00 00 00 00 00 E9 32 00 00 00 58 35 00 00 00
    0F0: 00 00 EA 32 00 00 00 EA 25 00 00 00 00 00 F1 32
    100: 00 00 00 EA 25 00 00 00 00 00 F2 32 00 00 00 D9
    110: 25 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    160: 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 7D
    170: 03 00 01 00 01 30 02 00 00 00 00 00 00 00 00 00
    180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21

    -- SMART_READ_THRESHOLD ----------------------------------------------------
    +0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
    000: 0A 00 01 32 00 00 00 00 00 00 00 00 00 00 05 03
    010: 00 00 00 00 00 00 00 00 00 00 09 00 00 00 00 00
    020: 00 00 00 00 00 00 0C 00 00 00 00 00 00 00 00 00
    030: 00 00 AB 00 00 00 00 00 00 00 00 00 00 00 AC 00
    040: 00 00 00 00 00 00 00 00 00 00 AE 00 00 00 00 00
    050: 00 00 00 00 00 00 B1 00 00 00 00 00 00 00 00 00
    060: 00 00 B5 00 00 00 00 00 00 00 00 00 00 00 B6 00
    070: 00 00 00 00 00 00 00 00 00 00 BB 00 00 00 00 00
    080: 00 00 00 00 00 00 BD 00 00 00 00 00 00 00 00 00
    090: 00 00 C2 00 00 00 00 00 00 00 00 00 00 00 C3 00
    0A0: 00 00 00 00 00 00 00 00 00 00 C4 03 00 00 00 00
    0B0: 00 00 00 00 00 00 C9 00 00 00 00 00 00 00 00 00
    0C0: 00 00 CC 00 00 00 00 00 00 00 00 00 00 00 E6 00
    0D0: 00 00 00 00 00 00 00 00 00 00 E7 0A 00 00 00 00
    0E0: 00 00 00 00 00 00 E9 00 00 00 00 00 00 00 00 00
    0F0: 00 00 EA 00 00 00 00 00 00 00 00 00 00 00 F1 00
    100: 00 00 00 00 00 00 00 00 00 00 F2 00 00 00 00 00
    110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9F

  • WhoCrashed
    System Information (local)
    --------------------------------------------------------------------------------

    Computer name: POLOPC
    Windows version: Windows 10 , 10.0, build: 15063
    Windows dir: C:\WINDOWS
    Hardware: GA-870A-USB3, Gigabyte Technology Co., Ltd.
    CPU: AuthenticAMD AMD Phenom(tm) II X4 955 Processor AMD586, level: 16
    4 logical processors, active mask: 15
    RAM: 12882333696 bytes total




    --------------------------------------------------------------------------------
    Crash Dump Analysis
    --------------------------------------------------------------------------------

    Crash dump directory: C:\WINDOWS\Minidump

    Crash dumps are enabled on your computer.

    On Mon 02.10.2017 12:33:29 your computer crashed
    crash dump file: C:\WINDOWS\Minidump\100217-6359-01.dmp
    This was probably caused by the following module: aswmbr.sys (0xFFFFF801DA7295AE)
    Bugcheck code: 0xD1 (0xFFFFF801DD851010, 0xFF, 0x0, 0xFFFFF801DA7295AE)
    Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL
    Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.
    This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
    A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: aswmbr.sys .
    Google query: aswmbr.sys DRIVER_IRQL_NOT_LESS_OR_EQUAL



    On Mon 02.10.2017 12:33:29 your computer crashed
    crash dump file: C:\WINDOWS\memory.dmp
    This was probably caused by the following module: aswmbr.sys (aswMBR+0x95AE)
    Bugcheck code: 0xD1 (0xFFFFF801DD851010, 0xFF, 0x0, 0xFFFFF801DA7295AE)
    Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL
    Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.
    This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
    A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: aswmbr.sys .
    Google query: aswmbr.sys DRIVER_IRQL_NOT_LESS_OR_EQUAL



    On Mon 02.10.2017 12:32:16 your computer crashed
    crash dump file: C:\WINDOWS\Minidump\100217-7343-01.dmp
    This was probably caused by the following module: aswmbr.sys (0xFFFFF802F1CA95AE)
    Bugcheck code: 0xD1 (0xFFFFF802F1A51010, 0xFF, 0x0, 0xFFFFF802F1CA95AE)
    Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL
    Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.
    This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
    A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: aswmbr.sys .
    Google query: aswmbr.sys DRIVER_IRQL_NOT_LESS_OR_EQUAL



    On Mon 02.10.2017 12:30:48 your computer crashed
    crash dump file: C:\WINDOWS\Minidump\100217-19046-01.dmp
    This was probably caused by the following module: aswmbr.sys (0xFFFFF80A31D895AE)
    Bugcheck code: 0xD1 (0xFFFFE280EB08E010, 0xFF, 0x0, 0xFFFFF80A31D895AE)
    Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL
    Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.
    This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
    A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: aswmbr.sys .
    Google query: aswmbr.sys DRIVER_IRQL_NOT_LESS_OR_EQUAL

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 03 říj 2017 18:30

Ještě jednou CDI.

BSOD se týká pouze aswMBR , program může mít nějakou chybu..

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

jakubpolo
Level 2.5
Level 2.5
Příspěvky: 258
Registrován: červen 10
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod jakubpolo » 05 říj 2017 07:42

Testy jsem provedl ihned po zapnutí PC, pokud je to nějak důležité

  • CrystalDiskInfo
    ----------------------------------------------------------------------------
    CrystalDiskInfo 7.1.0 (C) 2008-2016 hiyohiyo
    Crystal Dew World : http://crystalmark.info/
    ----------------------------------------------------------------------------

    OS : Windows 10 Enterprise [10.0 Build 15063] (x64)
    Date : 2017/10/05 7:36:11

    -- Controller Map ----------------------------------------------------------
    + ATA Channel 0 (0) [ATA]
    - KINGSTON SV300S37A240G ATA Device
    - ATA Channel 1 (1) [ATA]
    + PCI Standardní dvoukanálový řadič IDE [ATA]
    - ATA Channel 0 (0)
    - ATA Channel 1 (1)
    + PCI Standardní dvoukanálový řadič IDE [ATA]
    + ATA Channel 0 (0)
    - TSSTcorp CDDVDW SH-222AB ATA Device
    + ATA Channel 1 (1)
    - SAMSUNG HD103SJ ATA Device
    - Řadič prostorů úložišť [SCSI]

    -- Disk List ---------------------------------------------------------------
    (1) SAMSUNG HD103SJ : 1000,2 GB [0/1/0, pd1]
    (2) KINGSTON SV300S37A240G : 240,0 GB [1/2/0, pd1] - sf

    ----------------------------------------------------------------------------
    (1) SAMSUNG HD103SJ
    ----------------------------------------------------------------------------
    Model : SAMSUNG HD103SJ
    Firmware : 1AJ10001
    Serial Number : S246J9FB806685
    Disk Size : 1000,2 GB (8,4/137,4/1000,2/1000,2)
    Buffer Size : 32767 KB
    Queue Depth : 32
    # of Sectors : 1953525168
    Rotation Rate : 7200 RPM
    Interface : Serial ATA
    Major Version : ATA8-ACS
    Minor Version : ATA8-ACS version 6
    Transfer Mode : ---- | SATA/300
    Power On Hours : 17504 hod.
    Power On Count : 3760 krát
    Temperature : 19 C (66 F)
    Health Status : Dobrý
    Features : S.M.A.R.T., APM, AAM, 48bit LBA, NCQ
    APM Level : 0000h [OFF]
    AAM Level : FE00h [OFF]
    Drive Letter : E:

    -- S.M.A.R.T. --------------------------------------------------------------
    ID Cur Wor Thr RawValues(6) Attribute Name
    01 100 100 _51 000000000047 Počet chyb čtení
    02 252 252 __0 000000000000 Průchodnost disku
    03 _70 _69 _25 00000000239A Čas na roztočení ploten
    04 _94 _94 __0 000000001996 Počet spuštění/zastavení
    05 252 252 _10 000000000000 Počet přemapovaných sektorů
    07 252 252 _51 000000000000 Počet chybných hledání
    08 252 252 _15 000000000000 Čas potřebný na vyhledání
    09 100 100 __0 000000004460 Hodin v činnosti
    0A 252 252 _51 000000000000 Počet opakovaných pokusů o roztočení ploten
    0B 252 252 __0 000000000000 Počet pokusů o překalibrování
    0C _97 _97 __0 000000000EB0 Počet cyklů zapnutí zařízení
    BF 100 100 __0 000000000009 Počet udalostí zaznamenaných otřesovým senzorem
    C0 252 252 __0 000000000000 Počet vypnutí disku
    C2 _64 _57 __0 002B000B0013 Teplota
    C3 100 100 __0 000000000000 Počet oprav chybného čtení
    C4 252 252 __0 000000000000 Počet udalostí s číslem realokování sektorů
    C5 252 252 __0 000000000000 Počet podezřelých sektorů
    C6 252 252 __0 000000000000 Počet neopravitelných sektorů
    C7 100 100 __0 000000000005 Počet chyb v kontrolním součtu UltraDMA
    C8 100 100 __0 000000000244 Počet chyb při zápisu sektorů
    DF 252 252 __0 000000000000 Zatížení budiče magnetických hlav způsobené opakovanými úkony
    E1 100 100 __0 0000000019A3 Počet cyklů načítání/vymazání

    -- IDENTIFY_DEVICE ---------------------------------------------------------
    0 1 2 3 4 5 6 7 8 9
    000: 0040 3FFF C837 0010 0000 0000 003F 0000 0000 0000
    010: 5332 3436 4A39 4642 3830 3636 3835 2020 2020 2020
    020: 0000 FFFF 0004 3141 4A31 3030 3031 5341 4D53 554E
    030: 4720 4844 3130 3353 4A20 2020 2020 2020 2020 2020
    040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
    050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0110
    060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
    070: 0000 0000 0000 0000 0000 001F 1706 0000 004C 0040
    080: 01FF 0028 746B 7F69 4123 7469 BC41 4123 407F 004B
    090: 004B 0000 FFFE 0000 FE00 0000 0000 0000 0000 0000
    100: 6DB0 7470 0000 0000 0000 0000 4000 0000 5002 4E92
    110: 05FB BAE1 0000 0000 0000 0000 0000 0000 0000 401C
    120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 0000
    130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
    140: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
    150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
    160: 0000 0000 0000 0000 0000 0000 0000 0000 0002 0000
    170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
    180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
    190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
    200: 0000 0000 0000 0000 0000 0000 003F 0000 0000 0000
    210: 0000 0000 0000 0000 0000 0000 0000 1C20 0000 0000
    220: 0000 0000 101F 0000 0000 0000 0000 0000 0000 0000
    230: 0000 0000 0000 0000 0001 0400 0000 0000 0000 0000
    240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
    250: 0000 0000 0000 0000 0000 9BA5

    -- SMART_READ_DATA ---------------------------------------------------------
    +0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
    000: 10 00 01 2F 00 64 64 47 00 00 00 00 00 00 02 26
    010: 00 FC FC 00 00 00 00 00 00 00 03 23 00 46 45 9A
    020: 23 00 00 00 00 00 04 32 00 5E 5E 96 19 00 00 00
    030: 00 00 05 33 00 FC FC 00 00 00 00 00 00 00 07 2E
    040: 00 FC FC 00 00 00 00 00 00 00 08 24 00 FC FC 00
    050: 00 00 00 00 00 00 09 32 00 64 64 60 44 00 00 00
    060: 00 00 0A 32 00 FC FC 00 00 00 00 00 00 00 0B 32
    070: 00 FC FC 00 00 00 00 00 00 00 0C 32 00 61 61 B0
    080: 0E 00 00 00 00 00 BF 22 00 64 64 09 00 00 00 00
    090: 00 00 C0 22 00 FC FC 00 00 00 00 00 00 00 C2 02
    0A0: 00 40 39 13 00 0B 00 2B 00 00 C3 3A 00 64 64 00
    0B0: 00 00 00 00 00 00 C4 32 00 FC FC 00 00 00 00 00
    0C0: 00 00 C5 32 00 FC FC 00 00 00 00 00 00 00 C6 30
    0D0: 00 FC FC 00 00 00 00 00 00 00 C7 36 00 64 64 05
    0E0: 00 00 00 00 00 00 C8 2A 00 64 64 44 02 00 00 00
    0F0: 00 00 DF 32 00 FC FC 00 00 00 00 00 00 00 E1 32
    100: 00 64 64 A3 19 00 00 00 00 00 00 00 00 00 00 00
    110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    160: 00 00 00 00 00 00 00 00 00 00 00 00 90 24 00 5B
    170: 03 00 01 00 02 9C 00 00 00 00 00 00 00 00 00 00
    180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 76

    -- SMART_READ_THRESHOLD ----------------------------------------------------
    +0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
    000: 10 00 01 33 00 00 00 00 00 00 00 00 00 00 02 00
    010: 00 00 00 00 00 00 00 00 00 00 03 19 00 00 00 00
    020: 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00
    030: 00 00 05 0A 00 00 00 00 00 00 00 00 00 00 07 33
    040: 00 00 00 00 00 00 00 00 00 00 08 0F 00 00 00 00
    050: 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00 00
    060: 00 00 0A 33 00 00 00 00 00 00 00 00 00 00 0B 00
    070: 00 00 00 00 00 00 00 00 00 00 0C 00 00 00 00 00
    080: 00 00 00 00 00 00 BF 00 00 00 00 00 00 00 00 00
    090: 00 00 C0 00 00 00 00 00 00 00 00 00 00 00 C2 00
    0A0: 00 00 00 00 00 00 00 00 00 00 C3 00 00 00 00 00
    0B0: 00 00 00 00 00 00 C4 00 00 00 00 00 00 00 00 00
    0C0: 00 00 C5 00 00 00 00 00 00 00 00 00 00 00 C6 00
    0D0: 00 00 00 00 00 00 00 00 00 00 C7 00 00 00 00 00
    0E0: 00 00 00 00 00 00 C8 00 00 00 00 00 00 00 00 00
    0F0: 00 00 DF 00 00 00 00 00 00 00 00 00 00 00 E1 00
    100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3B

    ----------------------------------------------------------------------------
    (2) KINGSTON SV300S37A240G
    ----------------------------------------------------------------------------
    Model : KINGSTON SV300S37A240G
    Firmware : 583ABBF0
    Serial Number : 50026B774A046960
    Disk Size : 240,0 GB (8,4/137,4/240,0/240,0)
    Buffer Size : Neznámy údaj
    Queue Depth : 32
    # of Sectors : 468862128
    Rotation Rate : ---- (SSD)
    Interface : Serial ATA
    Major Version : ATA8-ACS
    Minor Version : ACS-2 Revision 3
    Transfer Mode : SATA/600 | SATA/600
    Power On Hours : 8609 hod.
    Power On Count : 2175 krát
    Host Reads : 9691 GB
    Host Writes : 9707 GB
    Temperature : 21 C (69 F)
    Health Status : Dobrý (96 %)
    Features : S.M.A.R.T., APM, 48bit LBA, NCQ, TRIM
    APM Level : 00FEh [ON]
    AAM Level : ----
    Drive Letter : C:

    -- S.M.A.R.T. --------------------------------------------------------------
    ID Cur Wor Thr Raw Values (7) Attribute Name
    01 120 120 _50 00000000000000 Raw Read Error Rate
    05 100 100 __3 00000000000000 Retired Block Count
    09 _91 _91 __0 149BA0000021A1 Power-on Hours
    0C _98 _98 __0 0000000000087F Power Cycle Count
    AB 100 100 __0 00000000000000 Program Fail Count
    AC 100 100 __0 00000000000000 Erase Fail Count
    AE __0 __0 __0 00000000000053 Unexpected Power Loss Count
    B1 __0 __0 __0 00000000000001 Wear Range Delta
    B5 100 100 __0 00000000000000 Program Fail Count
    B6 100 100 __0 00000000000000 Erase Fail Count
    BB 100 100 __0 00000000000000 Reported Uncorrectable Errors
    BD _21 _38 __0 00000B00260015 Specifický pro výrobce
    C2 _21 _38 __0 00000B00260015 Temperature
    C3 120 120 __0 00000000000000 On-the-Fly ECC Uncorrectable Error Count
    C4 100 100 __3 00000000000000 Reallocation Event Count
    C9 120 120 __0 00000000000000 Uncorrectable Soft Read Error Rate
    CC 120 120 __0 00000000000000 Soft ECC Correction Rate
    E6 100 100 __0 00000000000064 Life Curve Status
    E7 _96 _96 _10 00000000000001 SSD Life Left
    E9 __0 __0 __0 0000000000355A Specifický pro výrobce
    EA __0 __0 __0 000000000025EB Specifický pro výrobce
    F1 __0 __0 __0 000000000025EB Lifetime Writes from Host
    F2 __0 __0 __0 000000000025DB Lifetime Reads from Host

    -- IDENTIFY_DEVICE ---------------------------------------------------------
    0 1 2 3 4 5 6 7 8 9
    000: 0C5A 3FFF 738C 0010 0000 0000 003F 0000 0000 0000
    010: 3530 3032 3642 3737 3441 3034 3639 3630 2020 2020
    020: 0000 0000 0004 3538 3341 4242 4630 4B49 4E47 5354
    030: 4F4E 2053 5633 3030 5333 3741 3234 3047 2020 2020
    040: 2020 2020 2020 2020 2020 2020 2020 8001 4000 2F00
    050: 4001 0200 0200 0007 3FFF 0010 003F FC10 00FB 0101
    060: FFFF 0FFF 0000 0407 0003 0078 0078 0078 0078 0F08
    070: 0000 0000 0000 0000 0000 001F 950E 0006 004C 0040
    080: 01FC 0110 742B 7569 6163 7429 B449 6163 007F 0001
    090: 0001 00FE FFFE 0000 0000 0000 0000 0000 0000 0000
    100: 44B0 1BF2 0000 0000 0000 0001 4000 0000 5002 6B77
    110: 4A04 6960 0000 0000 0000 0000 0000 0000 0000 405A
    120: 4018 0000 0000 0000 0000 0000 0000 0000 0029 0000
    130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
    140: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
    150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
    160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0001
    170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
    180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
    190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
    200: 0000 0000 0000 0000 0000 0000 0025 0000 0000 4000
    210: 0000 0000 0100 0000 0000 0000 0000 0001 0000 0000
    220: 0000 0000 103F 0000 0000 0000 0000 0000 0000 0000
    230: 44B0 1BF2 0000 0000 0002 0400 0000 0000 0000 0000
    240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
    250: 0000 0000 0000 0000 0000 05A5

    -- SMART_READ_DATA ---------------------------------------------------------
    +0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
    000: 0A 00 01 32 00 78 78 00 00 00 00 00 00 00 05 33
    010: 00 64 64 00 00 00 00 00 00 00 09 32 00 5B 5B A1
    020: 21 00 00 A0 9B 14 0C 32 00 62 62 7F 08 00 00 00
    030: 00 00 AB 0A 00 64 64 00 00 00 00 00 00 00 AC 32
    040: 00 64 64 00 00 00 00 00 00 00 AE 30 00 00 00 53
    050: 00 00 00 00 00 00 B1 00 00 00 00 01 00 00 00 00
    060: 00 00 B5 0A 00 64 64 00 00 00 00 00 00 00 B6 32
    070: 00 64 64 00 00 00 00 00 00 00 BB 12 00 64 64 00
    080: 00 00 00 00 00 00 BD 00 00 15 26 15 00 26 00 0B
    090: 00 00 C2 22 00 15 26 15 00 26 00 0B 00 00 C3 1C
    0A0: 00 78 78 00 00 00 00 00 00 00 C4 33 00 64 64 00
    0B0: 00 00 00 00 00 00 C9 1C 00 78 78 00 00 00 00 00
    0C0: 00 00 CC 1C 00 78 78 00 00 00 00 00 00 00 E6 13
    0D0: 00 64 64 64 00 00 00 00 00 00 E7 13 00 60 60 01
    0E0: 00 00 00 00 00 00 E9 32 00 00 00 5A 35 00 00 00
    0F0: 00 00 EA 32 00 00 00 EB 25 00 00 00 00 00 F1 32
    100: 00 00 00 EB 25 00 00 00 00 00 F2 32 00 00 00 DB
    110: 25 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7D
    170: 03 00 01 00 01 30 02 00 00 00 00 00 00 00 00 00
    180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D7

    -- SMART_READ_THRESHOLD ----------------------------------------------------
    +0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
    000: 0A 00 01 32 00 00 00 00 00 00 00 00 00 00 05 03
    010: 00 00 00 00 00 00 00 00 00 00 09 00 00 00 00 00
    020: 00 00 00 00 00 00 0C 00 00 00 00 00 00 00 00 00
    030: 00 00 AB 00 00 00 00 00 00 00 00 00 00 00 AC 00
    040: 00 00 00 00 00 00 00 00 00 00 AE 00 00 00 00 00
    050: 00 00 00 00 00 00 B1 00 00 00 00 00 00 00 00 00
    060: 00 00 B5 00 00 00 00 00 00 00 00 00 00 00 B6 00
    070: 00 00 00 00 00 00 00 00 00 00 BB 00 00 00 00 00
    080: 00 00 00 00 00 00 BD 00 00 00 00 00 00 00 00 00
    090: 00 00 C2 00 00 00 00 00 00 00 00 00 00 00 C3 00
    0A0: 00 00 00 00 00 00 00 00 00 00 C4 03 00 00 00 00
    0B0: 00 00 00 00 00 00 C9 00 00 00 00 00 00 00 00 00
    0C0: 00 00 CC 00 00 00 00 00 00 00 00 00 00 00 E6 00
    0D0: 00 00 00 00 00 00 00 00 00 00 E7 0A 00 00 00 00
    0E0: 00 00 00 00 00 00 E9 00 00 00 00 00 00 00 00 00
    0F0: 00 00 EA 00 00 00 00 00 00 00 00 00 00 00 F1 00
    100: 00 00 00 00 00 00 00 00 00 00 F2 00 00 00 00 00
    110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9F

  • FRST Addition
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-10-2017 01
    Ran by PoLo (05-10-2017 07:38:31)
    Running from C:\Users\PoLo\Desktop
    Windows 10 Enterprise Version 1703 (X64) (2017-08-12 12:00:07)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3229655998-2220489892-3251086895-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-3229655998-2220489892-3251086895-503 - Limited - Disabled)
    Guest (S-1-5-21-3229655998-2220489892-3251086895-501 - Limited - Disabled)
    PoLo (S-1-5-21-3229655998-2220489892-3251086895-1001 - Administrator - Enabled) => C:\Users\PoLo

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
    Aktualizace NVIDIA 28.0.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 28.0.0.0 - NVIDIA Corporation) Hidden
    Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 385.69 - NVIDIA Corporation) Hidden
    Banished (HKLM\...\Steam App 242920) (Version: - Shining Rock Software LLC)
    BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.71.1081 - AB Team, d.o.o.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.34 - Piriform)
    CPUCores :: Maximize Your FPS (HKLM\...\Steam App 384300) (Version: - Tim Sullivan)
    CrystalDiskInfo 7.1.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.1.0 - Crystal Dew World)
    Dota 2 (HKLM\...\Steam App 570) (Version: - Valve)
    Endless Legend (HKLM\...\Steam App 289130) (Version: - AMPLITUDE Studios)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
    Hearts of Iron IV (HKLM\...\Steam App 394360) (Version: - Paradox Development Studio)
    Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
    Malwarebytes verze 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
    Microsoft Office 365 ProPlus - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.8201.2193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
    Mount & Blade: Warband (HKLM\...\Steam App 48700) (Version: - TaleWorlds Entertainment)
    Northgard (HKLM\...\Steam App 466560) (Version: - Shiro Games)
    NVIDIA GeForce Experience 3.9.0.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.9.0.97 - NVIDIA Corporation)
    NVIDIA Ovladač HD audia 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
    NVIDIA Ovladače grafiky 385.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 385.69 - NVIDIA Corporation)
    NVIDIA Systémový software PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
    Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.8201.2193 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.8201.2193 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
    Ovládací panel NVIDIA 385.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 385.69 - NVIDIA Corporation) Hidden
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8034 - Realtek Semiconductor Corp.)
    SeaTools for Windows 1.4.0.5 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.5 - Seagate Technology)
    Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
    Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    Stellaris (HKLM\...\Steam App 281990) (Version: - Paradox Development Studio)
    TeXworks 0.6.2 (HKLM-x32\...\{41DA4817-4D2A-4D83-AD02-6A2D95DC8DCB}_is1) (Version: - TeX Users Group)
    The SIMS 4 v.1.33.38.1020 (HKLM-x32\...\The SIMS 4_is1) (Version: - )
    The Witcher 3: Wild Hunt (HKLM\...\Steam App 292030) (Version: - CD PROJEKT RED)
    Total War: ROME II - Emperor Edition (HKLM\...\Steam App 214950) (Version: - Creative Assembly)
    Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
    WhoCrashed 5.54 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
    Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
    Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-10-02] ()
    ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
    ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-09-16] (NVIDIA Corporation)
    ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-10-02] ()
    ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {14EB0248-3412-4C1D-ACC9-B01F0982D248} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
    Task: {189076FA-8F94-4BA3-BD65-88671CF1855C} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-09-19] (NVIDIA Corporation)
    Task: {20A0C1EC-E941-4CEF-83B5-0A41BA16128B} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-09-19] (NVIDIA Corporation)
    Task: {214870E2-CE35-4BEC-82AB-0C738DB7EF52} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-07] (Piriform Ltd)
    Task: {3F4FA785-5C81-4DAE-93C3-D3B3A52249AE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
    Task: {856F880A-2CFF-4B6D-A50A-7BE1CC673D45} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-09-19] (Microsoft Corporation)
    Task: {86EE55C2-8D6D-4323-B8E0-BC6EE3127C6B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-19] ()
    Task: {9024C307-2BAE-4CA7-8483-706642BD1D73} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-06] (Google Inc.)
    Task: {9E20E7B8-1E22-4362-A15B-CFBB993AB175} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-09-19] (NVIDIA Corporation)
    Task: {A4D589CD-8934-4110-AB69-C84772C096B3} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-09-19] (NVIDIA Corporation)
    Task: {A9443EAE-0197-4D98-9C85-1D68427B8021} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-09-19] (NVIDIA Corporation)
    Task: {A955F8D4-F5F0-4D32-A2A1-F7564B684CF5} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-09-19] (NVIDIA Corporation)
    Task: {CB230720-2632-4031-BFDF-079AB5453373} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-09-19] (Microsoft Corporation)
    Task: {CC6E1787-0296-4DAD-A0EE-C1F5CF1A42E6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-06] (Google Inc.)
    Task: {D694E73E-0449-475B-9CBE-A647C3342604} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-09-19] (NVIDIA Corporation)
    Task: {E712F9B7-F508-4903-B5F2-AF0C1B38AA7F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
    Task: {E80C719F-39B8-49B5-967E-03DF483559D7} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-19] ()
    Task: {F0596FC5-95B7-4784-BE49-C69D34AE5256} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-09-19] (Microsoft Corporation)
    Task: {FE6AB677-0C6E-4194-B44C-CBB3E825A730} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-09-19] (NVIDIA Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    Shortcut: C:\Users\PoLo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeX Live 2017\Uninstall TeX Live.lnk -> C:\texlive\2017\tlpkg\installer\uninst.bat (No File)

    ==================== Loaded Modules (Whitelisted) ==============

    2017-08-07 22:46 - 2017-09-19 09:23 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
    2017-09-25 09:36 - 2017-09-16 19:34 - 000133752 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2017-03-18 22:58 - 2017-03-18 22:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
    2017-10-02 12:54 - 2017-10-02 12:54 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
    2017-03-18 22:59 - 2017-03-20 07:01 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2017-08-06 21:29 - 2017-06-12 10:00 - 000180904 _____ () c:\program files (x86)\ostotosoft\drivertalent\ldrvsvc.dll
    2017-08-06 21:29 - 2017-06-12 10:00 - 000254824 _____ () c:\program files (x86)\ostotosoft\drivertalent\updater\checkupdate.dll
    2017-08-06 21:29 - 2017-06-12 10:00 - 000172200 _____ () c:\program files (x86)\ostotosoft\drivertalent\substat.dll
    2017-08-06 21:29 - 2017-06-12 10:00 - 000174760 _____ () c:\program files (x86)\ostotosoft\drivertalent\DtlPlug.dll
    2017-08-07 22:46 - 2017-09-19 09:23 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-10-30 09:24 - 2017-10-02 12:38 - 000000753 _____ C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3229655998-2220489892-3251086895-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\PoLo\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{ce56f4c7-3292-47ed-8f07-9f78813aabcc}.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{93B56455-BD09-4F14-94FA-5767CBCBB410}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{25869A0F-70D8-4B26-B865-63FB7EC1C7C3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{77920673-40D6-4B4C-97CE-A897EC80DAF2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    FirewallRules: [{7B849F88-5532-4BCE-B32F-99B0FB33FD47}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    FirewallRules: [{C85EA9F6-58A6-45C4-9CAE-9F934A2F9431}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stellaris\stellaris.exe
    FirewallRules: [{591E2BE8-A47E-4A80-BE5B-5493097BAD47}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stellaris\stellaris.exe
    FirewallRules: [{C16117C0-CA3D-4B76-B210-7EB3E28F246F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Northgard\Northgard.exe
    FirewallRules: [{35147DC5-9ABD-4430-AD00-9A9605D0694A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Northgard\Northgard.exe
    FirewallRules: [{26589C6E-ED0F-4049-AF4E-0D2CA8D0909F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{D6AFC4D1-7156-4352-BC16-4091740983A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{7DC36739-35A0-4F7D-A51C-67254DD96ADB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Endless Legend\EndlessLegend.exe
    FirewallRules: [{23E085AA-A9C4-4E0E-9D03-778DC01CAB88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Endless Legend\EndlessLegend.exe
    FirewallRules: [{E4914E8A-D5DB-445F-9AC8-67BDFAE30B36}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{DA2E7FB5-6288-4FB8-9B4E-354077677C21}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{17482531-4B50-41AB-B351-9DA174D090EA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{C430D12A-F001-4165-BAE6-8F89D06BD758}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{C7DC6AFC-12AC-482F-855A-B65DE935CF93}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
    FirewallRules: [{6AF0786C-1777-49B1-B06B-F43B2C615353}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
    FirewallRules: [{040D4017-E8FA-4C7E-BCAF-B47E889D99C4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
    FirewallRules: [{11B245EF-6F74-46C3-8363-FC199DE07BAF}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
    FirewallRules: [TCP Query User{ED4B32A2-A873-4191-A807-1CD122F6C559}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe
    FirewallRules: [UDP Query User{298BAF71-ABA3-42D5-9C03-75248EAA41AF}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe
    FirewallRules: [{82431A5A-8B59-4A92-8C28-1AF820E529DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Banished\Application-steam-x64.exe
    FirewallRules: [{1BCA41E6-FA5F-4A98-8A4A-04E95CBE8B0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Banished\Application-steam-x64.exe
    FirewallRules: [{E8271E12-4C13-414D-8D50-1F7C1629474F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
    FirewallRules: [{71EB845C-B7B0-4B3E-ADFE-0FC3AE536DDD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
    FirewallRules: [TCP Query User{AC875DF3-CE18-40E6-B0EE-5665A4702301}C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe
    FirewallRules: [UDP Query User{C5F83D94-4197-48B1-8095-114DFFB80314}C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe
    FirewallRules: [{D9481E5D-80A6-482D-8410-3040995E50E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CPUCores\cpucores.exe
    FirewallRules: [{CC9E091D-DFAB-4703-AB66-5899B5C3C52E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CPUCores\cpucores.exe
    FirewallRules: [{FC474843-CC24-4A3A-9EB4-8D26F27818D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hearts of Iron IV\hoi4.exe
    FirewallRules: [{95889ADC-AA80-4CC9-BB0C-E25C1E1C8923}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hearts of Iron IV\hoi4.exe
    FirewallRules: [{AC9ADFB3-EFDE-4EB8-A35E-58346AB164DC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    FirewallRules: [{C12FF127-51D7-4BDC-8DFD-FBCB4880DE8A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    FirewallRules: [{95913B11-B91E-473D-8212-3060FCB6F9CE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{ED0F004D-5F27-484F-9CE4-F1CC9F8986B2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{9133F597-15E7-4D8F-AC70-53E172A6493A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
    FirewallRules: [{FF77A5D0-5211-4E38-9558-301D3F84EA80}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
    FirewallRules: [{D4AEEF45-B08E-468C-A1CB-8E92152B7F8E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{59E63271-6EB2-4CA9-BBCD-6D2FF0942EFA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
    FirewallRules: [{16064DF6-C783-4199-808A-851206B58903}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
    FirewallRules: [{0E146BB7-8D34-4BFF-B16F-FB8EB501A745}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
    FirewallRules: [{84E05066-D73D-495F-81DD-8FD27C02707A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    FirewallRules: [{7C1AB598-BD49-4842-BA95-D9928461336F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    25-09-2017 09:39:56 Windows Update
    01-10-2017 15:10:15 JRT Pre-Junkware Removal
    02-10-2017 22:02:07 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (10/03/2017 03:49:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: POLOPC)
    Description: Aplikaci Microsoft.Windows.Photos_8wekyb3d8bbwe!App se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

    Error: (10/03/2017 03:39:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: POLOPC)
    Description: Aplikaci Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App se nepovedlo aktivovat, protože došlo k chybě: -2147023170. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

    Error: (10/03/2017 03:25:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: POLOPC)
    Description: Aplikaci Microsoft.Windows.Photos_8wekyb3d8bbwe!App se nepovedlo aktivovat, protože došlo k chybě: -2144927142. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

    Error: (10/03/2017 03:23:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: POLOPC)
    Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927142. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

    Error: (10/03/2017 03:18:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: POLOPC)
    Description: Balíček Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe+App se ukončil, protože jeho pozastavování trvalo moc dlouho.

    Error: (10/03/2017 02:38:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: POLOPC)
    Description: Aplikaci Microsoft.Windows.Photos_8wekyb3d8bbwe!App se nepovedlo aktivovat, protože došlo k chybě: -2144927142. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

    Error: (10/03/2017 02:24:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: POLOPC)
    Description: Aplikaci Microsoft.Windows.Photos_8wekyb3d8bbwe!App se nepovedlo aktivovat, protože došlo k chybě: -2144927142. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

    Error: (10/03/2017 02:06:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: POLOPC)
    Description: Aplikaci Microsoft.Windows.Photos_8wekyb3d8bbwe!App se nepovedlo aktivovat, protože došlo k chybě: -2144927142. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

    Error: (10/03/2017 02:02:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: POLOPC)
    Description: Balíček Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe+App se ukončil, protože jeho pozastavování trvalo moc dlouho.

    Error: (09/30/2017 06:59:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: POLOPC)
    Description: Aplikaci windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel se nepovedlo aktivovat, protože došlo k chybě: -2147023170. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.


    System errors:
    =============
    Error: (10/03/2017 05:03:51 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
    Description: 5

    Error: (10/03/2017 03:52:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    a APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

    Error: (10/03/2017 03:49:08 PM) (Source: DCOM) (EventID: 10010) (User: POLOPC)
    Description: Server Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca se v daném časovém limitu neregistroval u služby DCOM.

    Error: (10/03/2017 03:25:58 PM) (Source: DCOM) (EventID: 10010) (User: POLOPC)
    Description: Server Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca se v daném časovém limitu neregistroval u služby DCOM.

    Error: (10/03/2017 02:06:17 PM) (Source: DCOM) (EventID: 10010) (User: POLOPC)
    Description: Server Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca se v daném časovém limitu neregistroval u služby DCOM.

    Error: (10/02/2017 10:49:00 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
    Description: 5

    Error: (10/02/2017 01:06:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    a APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

    Error: (10/02/2017 12:51:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Služba CldFlt neuspěla při spuštění v důsledku následující chyby:
    Požadavek není podporován.

    Error: (10/02/2017 12:45:34 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

    Error: (10/02/2017 12:45:34 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.


    ==================== Memory info ===========================

    Processor: AMD Phenom(tm) II X4 955 Processor
    Percentage of memory in use: 13%
    Total physical RAM: 12285.55 MB
    Available physical RAM: 10614.41 MB
    Total Virtual: 15045.07 MB
    Available Virtual: 13242.21 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:222.25 GB) (Free:41.23 GB) NTFS
    Drive e: (Úložiště) (Fixed) (Total:931.51 GB) (Free:480.12 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0DEFF7E6)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: F8077635)
    Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=222.3 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=847 MB) - (Type=27)

    ==================== End of Addition.txt ============================

jakubpolo
Level 2.5
Level 2.5
Příspěvky: 258
Registrován: červen 10
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod jakubpolo » 05 říj 2017 07:46

  • FRST (1. část)
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-10-2017 01
    Ran by PoLo (administrator) on POLOPC (05-10-2017 07:37:52)
    Running from C:\Users\PoLo\Desktop
    Loaded Profiles: PoLo (Available Profiles: PoLo)
    Platform: Windows 10 Enterprise Version 1703 (X64) Language: Čeština (Česká republika)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16781824 2000-01-01] (Realtek Semiconductor)
    HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{2ca63a66-89a2-442c-b713-6206cd9f2846}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    SearchScopes: HKU\S-1-5-21-3229655998-2220489892-3251086895-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-09-19] (Microsoft Corporation)
    BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-09-19] (Microsoft Corporation)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-09-19] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-06] (Oracle Corporation)
    BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-19] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-06] (Oracle Corporation)
    Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-19] (Microsoft Corporation)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-09-19] (Microsoft Corporation)
    Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-19] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-09-19] (Microsoft Corporation)
    Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-19] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-09-19] (Microsoft Corporation)
    Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-19] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-09-19] (Microsoft Corporation)

    FireFox:
    ========
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-19] (Microsoft Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-06] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-06] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-19] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-09-19] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-06] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-06] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxp://www.google.cz/","hxxps://www.google.cz/"
    CHR Session Restore: Default -> is enabled.
    CHR Profile: C:\Users\PoLo\AppData\Local\Google\Chrome\User Data\Default [2017-10-05]
    CHR Extension: (Prezentace Google) - C:\Users\PoLo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-02]
    CHR Extension: (Dokumenty Google) - C:\Users\PoLo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-02]
    CHR Extension: (Disk Google) - C:\Users\PoLo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-02]
    CHR Extension: (YouTube) - C:\Users\PoLo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-02]
    CHR Extension: (OneTab) - C:\Users\PoLo\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2017-10-02]
    CHR Extension: (Gmail Offline) - C:\Users\PoLo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2017-10-02]
    CHR Extension: (Tabulky Google) - C:\Users\PoLo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-02]
    CHR Extension: (Dokumenty Google offline) - C:\Users\PoLo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-02]
    CHR Extension: (AdBlock) - C:\Users\PoLo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-10-02]
    CHR Extension: (Chrono Download Manager) - C:\Users\PoLo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mciiogijehkdemklbdcbfkefimifhecn [2017-10-02]
    CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\PoLo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-02]
    CHR Extension: (ImTranslator: Překladač, Slovník, Hlas) - C:\Users\PoLo\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2017-10-02]
    CHR Extension: (Checker Plus for Gmail™) - C:\Users\PoLo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2017-10-02]
    CHR Extension: (Gmail) - C:\Users\PoLo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-02]
    CHR Extension: (Chrome Media Router) - C:\Users\PoLo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-02]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4122824 2017-09-08] (Microsoft Corporation)
    R2 LDrvSvc; C:\Program Files (x86)\OSTotoSoft\DriverTalent\LDrvSvc.dll [180904 2017-06-12] ()
    S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
    R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-09-19] (NVIDIA Corporation)
    S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-09-19] (NVIDIA Corporation)
    R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-09-16] (NVIDIA Corporation)
    R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-09-19] (NVIDIA Corporation)
    S3 PAExec; C:\Windows\PAExec.exe [189112 2017-08-07] (Power Admin LLC)
    S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-11] (Microsoft Corporation)
    R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 bcmfn; C:\WINDOWS\System32\drivers\bcmfn.sys [9728 2015-10-30] (Windows (R) Win 7 DDK provider) [File not signed]
    R3 IT9135BDA; C:\WINDOWS\System32\Drivers\IT9135BDA.sys [113280 2010-02-03] (ITE )
    R1 MpKsl60cb83ab; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F2DD1E32-CF92-4004-8888-DA3CD6658C4B}\MpKsl60cb83ab.sys [58120 2017-10-03] (Microsoft Corporation)
    R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_63f40b686fe9309f\nvlddmkm.sys [15619320 2017-09-18] (NVIDIA Corporation)
    S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-09-19] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-08-18] (NVIDIA Corporation)
    R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-09-16] (NVIDIA Corporation)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2000-01-01] (Realtek )
    S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
    S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
    R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-10-02] (Zemana Ltd.)
    R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-10-02] (Zemana Ltd.)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-10-05 07:37 - 2017-10-05 07:38 - 000013349 _____ C:\Users\PoLo\Desktop\FRST.txt
    2017-10-05 07:37 - 2017-10-05 07:37 - 002399744 _____ (Farbar) C:\Users\PoLo\Desktop\FRST64.exe
    2017-10-05 07:37 - 2017-10-05 07:37 - 000000000 ____D C:\FRST
    2017-10-05 07:36 - 2017-10-05 07:36 - 000016152 _____ C:\Users\PoLo\Desktop\cdi.txt
    2017-10-03 15:55 - 2017-10-03 15:55 - 000000887 _____ C:\Users\PoLo\Desktop\WhoCrashed.lnk
    2017-10-03 15:55 - 2017-10-03 15:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
    2017-10-03 15:55 - 2017-10-03 15:55 - 000000000 ____D C:\Program Files\WhoCrashed
    2017-10-03 15:54 - 2017-10-03 15:54 - 000001273 _____ C:\Users\PoLo\Desktop\CrystalDiskInfo.lnk
    2017-10-03 15:54 - 2017-10-03 15:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
    2017-10-03 15:54 - 2017-10-03 15:54 - 000000000 ____D C:\Program Files (x86)\CrystalDiskInfo
    2017-10-03 13:21 - 2017-09-29 20:33 - 000040960 _____ () C:\Users\PoLo\Desktop\memtest.exe
    2017-10-02 22:02 - 2017-10-02 22:02 - 000001478 _____ C:\Users\Public\Desktop\SeaTools for Windows.lnk
    2017-10-02 22:02 - 2017-10-02 22:02 - 000000000 ____D C:\ProgramData\Package Cache
    2017-10-02 22:02 - 2017-10-02 22:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
    2017-10-02 22:02 - 2017-10-02 22:02 - 000000000 ____D C:\Program Files (x86)\Seagate
    2017-10-02 15:31 - 2017-10-02 15:31 - 000000000 ____D C:\Users\PoLo\AppData\Local\PeerDistRepub
    2017-10-02 12:57 - 2017-09-30 09:46 - 000388608 _____ (Trend Micro Inc.) C:\Users\PoLo\Desktop\HijackThis.exe
    2017-10-02 12:54 - 2017-10-05 07:37 - 000270103 _____ C:\WINDOWS\ZAM.krnl.trace
    2017-10-02 12:54 - 2017-10-05 07:37 - 000267762 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
    2017-10-02 12:54 - 2017-10-02 12:54 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
    2017-10-02 12:54 - 2017-10-02 12:54 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
    2017-10-02 12:54 - 2017-10-02 12:54 - 000001221 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
    2017-10-02 12:54 - 2017-10-02 12:54 - 000000000 ____D C:\Users\PoLo\AppData\Local\Zemana
    2017-10-02 12:54 - 2017-10-02 12:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
    2017-10-02 12:54 - 2017-10-02 12:54 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
    2017-10-02 12:47 - 2017-10-02 12:36 - 000024064 _____ C:\WINDOWS\zoek-delete.exe
    2017-10-02 12:36 - 2017-10-02 12:45 - 000000000 ____D C:\zoek_backup
    2017-10-02 12:35 - 2017-10-02 12:36 - 001309184 _____ C:\Users\PoLo\Desktop\zoek.exe
    2017-10-02 12:35 - 2017-10-02 12:35 - 000582212 _____ C:\WINDOWS\Minidump\100217-6359-01.dmp
    2017-10-02 12:32 - 2017-10-02 12:32 - 000569876 _____ C:\WINDOWS\Minidump\100217-7343-01.dmp
    2017-10-02 12:31 - 2017-10-02 12:35 - 640544902 _____ C:\WINDOWS\MEMORY.DMP
    2017-10-02 12:31 - 2017-10-02 12:35 - 000000000 ____D C:\WINDOWS\Minidump
    2017-10-02 12:31 - 2017-10-02 12:31 - 000587364 _____ C:\WINDOWS\Minidump\100217-19046-01.dmp
    2017-10-02 12:30 - 2017-10-02 12:30 - 005200384 _____ (AVAST Software) C:\Users\PoLo\Desktop\aswmbr.exe
    2017-10-01 17:12 - 2017-10-01 17:12 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2017-10-01 17:11 - 2017-10-01 17:51 - 000000000 ____D C:\ProgramData\RogueKiller
    2017-10-01 17:11 - 2017-10-01 17:11 - 026704968 _____ C:\Users\PoLo\Desktop\RogueKiller_portable64.exe
    2017-10-01 15:21 - 2017-10-01 15:21 - 000000000 ____D C:\ProgramData\Sophos
    2017-10-01 15:20 - 2017-10-01 15:20 - 000002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
    2017-10-01 15:20 - 2017-10-01 15:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
    2017-10-01 15:20 - 2017-10-01 15:20 - 000000000 ____D C:\Program Files (x86)\Sophos
    2017-10-01 15:09 - 2017-10-01 15:09 - 001790024 _____ (Malwarebytes) C:\Users\PoLo\Desktop\JRT.exe
    2017-09-30 11:28 - 2017-09-30 11:28 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2017-09-30 11:28 - 2017-09-30 11:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-09-30 11:28 - 2017-09-30 11:28 - 000000000 ____D C:\ProgramData\Malwarebytes
    2017-09-30 11:28 - 2017-09-30 11:28 - 000000000 ____D C:\Program Files\Malwarebytes
    2017-09-30 11:28 - 2017-09-27 09:37 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
    2017-09-30 11:25 - 2017-10-01 15:03 - 000000000 ____D C:\AdwCleaner
    2017-09-30 11:24 - 2017-09-30 11:24 - 008250832 _____ (Malwarebytes) C:\Users\PoLo\Desktop\adwcleaner_7.0.3.1.exe
    2017-09-27 21:58 - 2017-09-27 21:58 - 000012794 _____ C:\Users\PoLo\Desktop\job.xlsx
    2017-09-26 20:20 - 2017-09-26 20:20 - 000000000 ____D C:\Users\PoLo\AppData\Roaming\NVIDIA
    2017-09-25 20:54 - 2017-09-19 01:20 - 001065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2017-09-25 20:54 - 2017-09-19 01:20 - 000900376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2017-09-25 20:54 - 2017-09-19 01:18 - 000965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
    2017-09-25 20:54 - 2017-09-19 01:17 - 001395664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2017-09-25 20:54 - 2017-09-19 01:17 - 001186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2017-09-25 20:54 - 2017-09-19 01:17 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2017-09-25 20:54 - 2017-09-19 01:17 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2017-09-25 20:54 - 2017-09-19 01:17 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
    2017-09-25 20:54 - 2017-09-19 01:11 - 001018272 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
    2017-09-25 20:54 - 2017-09-19 01:09 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
    2017-09-25 20:54 - 2017-09-19 00:26 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
    2017-09-25 20:54 - 2017-09-19 00:25 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
    2017-09-25 20:54 - 2017-09-19 00:23 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
    2017-09-25 20:54 - 2017-09-19 00:20 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
    2017-09-25 20:54 - 2017-09-19 00:20 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
    2017-09-25 20:54 - 2017-09-19 00:18 - 001398784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
    2017-09-25 20:54 - 2017-09-19 00:15 - 000648704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
    2017-09-25 09:36 - 2017-09-25 09:36 - 000000000 ____D C:\Program Files (x86)\VulkanRT
    2017-09-25 09:36 - 2017-09-16 21:27 - 000512960 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
    2017-09-25 09:36 - 2017-09-16 21:27 - 000418936 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
    2017-09-25 09:36 - 2017-09-16 19:54 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
    2017-09-25 09:36 - 2017-09-16 19:34 - 006463424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
    2017-09-25 09:36 - 2017-09-16 19:34 - 002478528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
    2017-09-25 09:36 - 2017-09-16 19:34 - 001762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
    2017-09-25 09:36 - 2017-09-16 19:34 - 000548472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
    2017-09-25 09:36 - 2017-09-16 19:34 - 000392312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
    2017-09-25 09:36 - 2017-09-16 19:34 - 000082040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
    2017-09-25 09:36 - 2017-09-16 19:34 - 000069752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
    2017-09-25 09:36 - 2017-09-15 17:03 - 008248071 _____ C:\WINDOWS\system32\nvcoproc.bin
    2017-09-25 09:36 - 2017-07-20 19:21 - 000905504 _____ C:\WINDOWS\system32\vulkan-1.dll
    2017-09-25 09:36 - 2017-07-20 19:21 - 000776992 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
    2017-09-25 09:36 - 2017-07-20 19:21 - 000578848 _____ C:\WINDOWS\system32\vulkaninfo.exe
    2017-09-25 09:36 - 2017-07-20 19:21 - 000477472 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
    2017-09-25 09:33 - 2017-09-16 21:27 - 040240064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
    2017-09-25 09:33 - 2017-09-16 21:27 - 035925440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
    2017-09-25 09:33 - 2017-09-16 21:27 - 035314112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
    2017-09-25 09:33 - 2017-09-16 21:27 - 029020096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
    2017-09-25 09:33 - 2017-09-16 21:27 - 023132720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
    2017-09-25 09:33 - 2017-09-16 21:27 - 018849784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
    2017-09-25 09:33 - 2017-09-16 21:27 - 013782904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
    2017-09-25 09:33 - 2017-09-16 21:27 - 012241792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
    2017-09-25 09:33 - 2017-09-16 21:27 - 011692856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
    2017-09-25 09:33 - 2017-09-16 21:27 - 010087504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
    2017-09-25 09:33 - 2017-09-16 21:27 - 004210544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
    2017-09-25 09:33 - 2017-09-16 21:27 - 004145088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
    2017-09-25 09:33 - 2017-09-16 21:27 - 003712024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
    2017-09-25 09:33 - 2017-09-16 21:27 - 003575744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
    2017-09-25 09:33 - 2017-09-16 21:27 - 001988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438569.dll
    2017-09-25 09:33 - 2017-09-16 21:27 - 001615448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
    2017-09-25 09:33 - 2017-09-16 21:27 - 001606592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438569.dll
    2017-09-25 09:33 - 2017-09-16 21:27 - 001067968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
    2017-09-25 09:33 - 2017-09-16 21:27 - 001005176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
    2017-09-25 09:33 - 2017-09-16 21:27 - 000972920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
    2017-09-25 09:33 - 2017-09-16 21:27 - 000924280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
    2017-09-25 09:33 - 2017-09-16 21:27 - 000690504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
    2017-09-25 09:33 - 2017-09-16 21:27 - 000578056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
    2017-09-25 09:33 - 2017-09-16 21:27 - 000218712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
    2017-09-25 09:33 - 2017-09-16 21:27 - 000057976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
    2017-09-25 09:33 - 2017-09-16 21:27 - 000046443 _____ C:\WINDOWS\system32\nvinfo.pb
    2017-09-25 09:33 - 2017-09-16 21:27 - 000045976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
    2017-09-25 09:33 - 2017-09-16 21:27 - 000000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
    2017-09-25 09:33 - 2017-09-16 21:27 - 000000669 _____ C:\WINDOWS\system32\nv-vk64.json
    2017-09-19 09:11 - 2017-09-19 09:11 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
    2017-09-18 11:35 - 2017-09-21 13:03 - 000000095 _____ C:\Users\PoLo\Desktop\neobux.txt
    2017-09-17 17:54 - 2017-09-17 17:54 - 000001175 _____ C:\Users\PoLo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\(64)The SIMS 4.lnk
    2017-09-17 10:38 - 2017-09-17 10:38 - 001887560 _____ C:\Users\PoLo\Desktop\Jiří KŘUPKA Miloslava KAŠPAROVÁ Renáta MÁCHOVÁ.pdf
    2017-09-16 20:14 - 2017-09-16 20:38 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
    2017-09-16 19:30 - 2017-09-16 19:30 - 000000000 ____D C:\Games
    2017-09-16 19:29 - 2017-09-16 20:41 - 000000000 ____D C:\Users\PoLo\AppData\Local\Microsoft Windows
    2017-09-16 17:02 - 2017-09-16 17:22 - 000000000 ____D C:\ProgramData\Origin
    2017-09-16 17:02 - 2017-09-16 17:02 - 000000000 ____D C:\Users\PoLo\AppData\Roaming\Origin
    2017-09-16 17:02 - 2017-09-16 17:02 - 000000000 ____D C:\Users\PoLo\AppData\Local\Origin
    2017-09-14 16:45 - 2017-09-14 16:45 - 000000000 ____D C:\Users\PoLo\Desktop\Gogola
    2017-09-14 16:16 - 2017-09-05 07:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
    2017-09-14 16:16 - 2017-09-05 07:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2017-09-14 16:16 - 2017-09-05 07:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
    2017-09-14 16:16 - 2017-09-05 07:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
    2017-09-14 16:16 - 2017-09-05 07:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
    2017-09-14 16:16 - 2017-09-05 07:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
    2017-09-14 16:16 - 2017-09-05 07:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
    2017-09-14 16:16 - 2017-09-05 07:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
    2017-09-14 16:16 - 2017-09-05 07:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2017-09-14 16:16 - 2017-09-05 07:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
    2017-09-14 16:16 - 2017-09-05 07:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
    2017-09-14 16:16 - 2017-09-05 07:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2017-09-14 16:16 - 2017-09-05 07:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
    2017-09-14 16:16 - 2017-09-05 07:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
    2017-09-14 16:16 - 2017-09-05 07:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
    2017-09-14 16:16 - 2017-09-05 07:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2017-09-14 16:16 - 2017-09-05 07:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
    2017-09-14 16:16 - 2017-09-05 07:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2017-09-14 16:16 - 2017-09-05 07:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
    2017-09-14 16:16 - 2017-09-05 07:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
    2017-09-14 16:16 - 2017-09-05 06:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2017-09-14 16:16 - 2017-09-05 06:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
    2017-09-14 16:16 - 2017-09-05 06:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
    2017-09-14 16:16 - 2017-09-05 06:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
    2017-09-14 16:16 - 2017-09-05 06:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2017-09-14 16:16 - 2017-09-05 06:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2017-09-14 16:16 - 2017-09-05 06:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
    2017-09-14 16:16 - 2017-09-05 06:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2017-09-14 16:16 - 2017-09-05 06:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
    2017-09-14 16:16 - 2017-09-05 06:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
    2017-09-14 16:16 - 2017-09-05 06:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
    2017-09-14 16:16 - 2017-09-05 06:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
    2017-09-14 16:16 - 2017-09-05 06:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
    2017-09-14 16:16 - 2017-09-05 06:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
    2017-09-14 16:16 - 2017-09-05 06:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
    2017-09-14 16:16 - 2017-09-05 06:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
    2017-09-14 16:16 - 2017-09-05 06:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
    2017-09-14 16:16 - 2017-09-05 06:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
    2017-09-14 16:16 - 2017-09-05 06:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
    2017-09-14 16:16 - 2017-09-05 06:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
    2017-09-14 16:16 - 2017-09-05 06:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
    2017-09-14 16:16 - 2017-09-05 06:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2017-09-14 16:16 - 2017-09-05 06:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2017-09-14 16:16 - 2017-09-05 06:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2017-09-14 16:16 - 2017-09-05 06:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
    2017-09-14 16:16 - 2017-09-05 06:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
    2017-09-14 16:16 - 2017-09-05 06:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
    2017-09-14 16:16 - 2017-09-05 06:39 - 001517472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
    2017-09-14 16:16 - 2017-09-05 06:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
    2017-09-14 16:16 - 2017-09-05 06:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
    2017-09-14 16:16 - 2017-09-05 06:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
    2017-09-14 16:16 - 2017-09-05 06:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
    2017-09-14 16:16 - 2017-09-05 06:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
    2017-09-14 16:16 - 2017-09-05 06:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2017-09-14 16:16 - 2017-09-05 06:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
    2017-09-14 16:16 - 2017-09-05 06:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
    2017-09-14 16:16 - 2017-09-05 06:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
    2017-09-14 16:16 - 2017-09-05 06:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2017-09-14 16:16 - 2017-09-05 06:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
    2017-09-14 16:16 - 2017-09-05 06:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
    2017-09-14 16:16 - 2017-09-05 06:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
    2017-09-14 16:16 - 2017-09-05 06:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
    2017-09-14 16:16 - 2017-09-05 06:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
    2017-09-14 16:16 - 2017-09-05 06:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
    2017-09-14 16:16 - 2017-09-05 06:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2017-09-14 16:16 - 2017-09-05 06:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2017-09-14 16:16 - 2017-09-05 06:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
    2017-09-14 16:16 - 2017-09-05 06:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
    2017-09-14 16:16 - 2017-09-05 06:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
    2017-09-14 16:16 - 2017-09-05 06:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2017-09-14 16:16 - 2017-09-05 06:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
    2017-09-14 16:16 - 2017-09-05 06:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
    2017-09-14 16:16 - 2017-09-05 06:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
    2017-09-14 16:16 - 2017-09-05 06:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
    2017-09-14 16:16 - 2017-09-05 06:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
    2017-09-14 16:16 - 2017-09-05 06:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
    2017-09-14 16:16 - 2017-09-05 06:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
    2017-09-14 16:16 - 2017-09-05 06:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2017-09-14 16:16 - 2017-09-05 06:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
    2017-09-14 16:16 - 2017-09-05 06:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
    2017-09-14 16:16 - 2017-09-05 06:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
    2017-09-14 16:16 - 2017-09-05 06:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
    2017-09-14 16:16 - 2017-09-05 06:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
    2017-09-14 16:16 - 2017-09-05 06:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
    2017-09-14 16:16 - 2017-09-05 06:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
    2017-09-14 16:16 - 2017-09-05 06:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
    2017-09-14 16:16 - 2017-09-05 06:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
    2017-09-14 16:16 - 2017-09-05 06:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
    2017-09-14 16:16 - 2017-09-05 06:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
    2017-09-14 16:16 - 2017-09-05 06:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2017-09-14 16:16 - 2017-09-05 06:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
    2017-09-14 16:16 - 2017-09-05 06:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
    2017-09-14 16:16 - 2017-09-05 06:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
    2017-09-14 16:16 - 2017-09-05 06:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
    2017-09-14 16:16 - 2017-09-05 06:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
    2017-09-14 16:16 - 2017-09-05 06:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
    2017-09-14 16:16 - 2017-09-05 06:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
    2017-09-14 16:16 - 2017-09-05 06:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
    2017-09-14 16:16 - 2017-09-05 06:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
    2017-09-14 16:16 - 2017-09-05 06:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
    2017-09-14 16:16 - 2017-09-05 06:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
    2017-09-14 16:16 - 2017-09-05 06:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
    2017-09-14 16:16 - 2017-09-05 06:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
    2017-09-14 16:16 - 2017-09-05 06:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
    2017-09-14 16:16 - 2017-09-05 06:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
    2017-09-14 16:16 - 2017-09-05 06:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
    2017-09-14 16:16 - 2017-09-05 06:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2017-09-14 16:16 - 2017-09-05 06:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
    2017-09-14 16:16 - 2017-09-05 06:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
    2017-09-14 16:16 - 2017-09-05 06:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
    2017-09-14 16:16 - 2017-09-05 06:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
    2017-09-14 16:16 - 2017-09-05 06:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2017-09-14 16:16 - 2017-09-05 06:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
    2017-09-14 16:16 - 2017-09-05 06:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
    2017-09-14 16:16 - 2017-09-05 06:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
    2017-09-14 16:16 - 2017-09-05 06:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
    2017-09-14 16:16 - 2017-09-05 06:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
    2017-09-14 16:16 - 2017-09-05 06:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2017-09-14 16:16 - 2017-09-05 06:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
    2017-09-14 16:16 - 2017-09-05 06:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2017-09-14 16:16 - 2017-09-05 06:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
    2017-09-14 16:16 - 2017-09-05 06:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
    2017-09-14 16:16 - 2017-09-05 06:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
    2017-09-14 16:16 - 2017-09-05 06:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
    2017-09-14 16:16 - 2017-09-05 06:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2017-09-14 16:16 - 2017-09-05 06:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
    2017-09-14 16:16 - 2017-09-05 06:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2017-09-14 16:16 - 2017-09-05 06:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
    2017-09-14 16:16 - 2017-09-05 06:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
    2017-09-14 16:16 - 2017-09-05 06:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2017-09-14 16:16 - 2017-09-05 06:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
    2017-09-14 16:16 - 2017-09-05 06:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
    2017-09-14 16:16 - 2017-09-05 06:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
    2017-09-14 16:16 - 2017-09-05 06:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
    2017-09-14 16:16 - 2017-09-05 06:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2017-09-14 16:16 - 2017-09-05 06:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2017-09-14 16:16 - 2017-09-05 06:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2017-09-14 16:16 - 2017-09-05 06:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
    2017-09-14 16:16 - 2017-09-05 06:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
    2017-09-14 16:16 - 2017-09-05 06:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2017-09-14 16:16 - 2017-09-05 06:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2017-09-14 16:16 - 2017-09-05 06:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
    2017-09-14 16:16 - 2017-09-05 06:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
    2017-09-14 16:16 - 2017-09-05 06:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
    2017-09-14 16:16 - 2017-09-05 06:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2017-09-14 16:16 - 2017-09-05 06:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
    2017-09-14 16:16 - 2017-09-05 06:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2017-09-14 16:16 - 2017-09-05 06:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
    2017-09-14 16:16 - 2017-09-05 06:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
    2017-09-14 16:16 - 2017-09-05 06:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
    2017-09-14 16:16 - 2017-09-05 06:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
    2017-09-14 16:16 - 2017-09-05 06:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
    2017-09-14 16:16 - 2017-09-05 06:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
    2017-09-14 16:16 - 2017-09-05 06:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
    2017-09-14 16:15 - 2017-09-05 07:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
    2017-09-14 16:15 - 2017-09-05 07:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2017-09-14 16:15 - 2017-09-05 07:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2017-09-14 16:15 - 2017-09-05 07:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
    2017-09-14 16:15 - 2017-09-05 07:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2017-09-14 16:15 - 2017-09-05 07:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2017-09-14 16:15 - 2017-09-05 07:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
    2017-09-14 16:15 - 2017-09-05 07:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
    2017-09-14 16:15 - 2017-09-05 07:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
    2017-09-14 16:15 - 2017-09-05 07:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
    2017-09-14 16:15 - 2017-09-05 07:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
    2017-09-14 16:15 - 2017-09-05 07:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2017-09-14 16:15 - 2017-09-05 07:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2017-09-14 16:15 - 2017-09-05 07:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2017-09-14 16:15 - 2017-09-05 07:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
    2017-09-14 16:15 - 2017-09-05 07:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
    2017-09-14 16:15 - 2017-09-05 07:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2017-09-14 16:15 - 2017-09-05 07:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
    2017-09-14 16:15 - 2017-09-05 07:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
    2017-09-14 16:15 - 2017-09-05 07:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2017-09-14 16:15 - 2017-09-05 07:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
    2017-09-14 16:15 - 2017-09-05 07:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
    2017-09-14 16:15 - 2017-09-05 07:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
    2017-09-14 16:15 - 2017-09-05 07:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
    2017-09-14 16:15 - 2017-09-05 07:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
    2017-09-14 16:15 - 2017-09-05 07:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
    2017-09-14 16:15 - 2017-09-05 07:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
    2017-09-14 16:15 - 2017-09-05 07:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
    2017-09-14 16:15 - 2017-09-05 07:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
    2017-09-14 16:15 - 2017-09-05 07:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
    2017-09-14 16:15 - 2017-09-05 07:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
    2017-09-14 16:15 - 2017-09-05 07:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
    2017-09-14 16:15 - 2017-09-05 07:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
    2017-09-14 16:15 - 2017-09-05 07:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
    2017-09-14 16:15 - 2017-09-05 07:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2017-09-14 16:15 - 2017-09-05 07:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2017-09-14 16:15 - 2017-09-05 07:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
    2017-09-14 16:15 - 2017-09-05 07:13 - 000078240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncAppvPublishingServer.exe
    2017-09-14 16:15 - 2017-09-05 07:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
    2017-09-14 16:15 - 2017-09-05 07:12 - 002229152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
    2017-09-14 16:15 - 2017-09-05 07:12 - 001854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
    2017-09-14 16:15 - 2017-09-05 07:12 - 001693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
    2017-09-14 16:15 - 2017-09-05 07:12 - 001462688 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
    2017-09-14 16:15 - 2017-09-05 07:12 - 000855456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
    2017-09-14 16:15 - 2017-09-05 07:12 - 000849824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
    2017-09-14 16:15 - 2017-09-05 07:12 - 000844704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
    2017-09-14 16:15 - 2017-09-05 07:12 - 000774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
    2017-09-14 16:15 - 2017-09-05 07:12 - 000699808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
    2017-09-14 16:15 - 2017-09-05 07:12 - 000674720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
    2017-09-14 16:15 - 2017-09-05 07:12 - 000406944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
    2017-09-14 16:15 - 2017-09-05 07:12 - 000235424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
    2017-09-14 16:15 - 2017-09-05 07:12 - 000203680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
    2017-09-14 16:15 - 2017-09-05 06:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2017-09-14 16:15 - 2017-09-05 06:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2017-09-14 16:15 - 2017-09-05 06:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
    2017-09-14 16:15 - 2017-09-05 06:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
    2017-09-14 16:15 - 2017-09-05 06:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
    2017-09-14 16:15 - 2017-09-05 06:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
    2017-09-14 16:15 - 2017-09-05 06:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2017-09-14 16:15 - 2017-09-05 06:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
    2017-09-14 16:15 - 2017-09-05 06:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
    2017-09-14 16:15 - 2017-09-05 06:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
    2017-09-14 16:15 - 2017-09-05 06:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
    2017-09-14 16:15 - 2017-09-05 06:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
    2017-09-14 16:15 - 2017-09-05 06:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2017-09-14 16:15 - 2017-09-05 06:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
    2017-09-14 16:15 - 2017-09-05 06:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2017-09-14 16:15 - 2017-09-05 06:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
    2017-09-14 16:15 - 2017-09-05 06:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
    2017-09-14 16:15 - 2017-09-05 06:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
    2017-09-14 16:15 - 2017-09-05 06:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
    2017-09-14 16:15 - 2017-09-05 06:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
    2017-09-14 16:15 - 2017-09-05 06:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
    2017-09-14 16:15 - 2017-09-05 06:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
    2017-09-14 16:15 - 2017-09-05 06:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
    2017-09-14 16:15 - 2017-09-05 06:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
    2017-09-14 16:15 - 2017-09-05 06:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
    2017-09-14 16:15 - 2017-09-05 06:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
    2017-09-14 16:15 - 2017-09-05 06:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
    2017-09-14 16:15 - 2017-09-05 06:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
    2017-09-14 16:15 - 2017-09-05 06:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
    2017-09-14 16:15 - 2017-09-05 06:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
    2017-09-14 16:15 - 2017-09-05 06:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
    2017-09-14 16:15 - 2017-09-05 06:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
    2017-09-14 16:15 - 2017-09-05 06:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
    2017-09-14 16:15 - 2017-09-05 06:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
    2017-09-14 16:15 - 2017-09-05 06:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
    2017-09-14 16:15 - 2017-09-05 06:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
    2017-09-14 16:15 - 2017-09-05 06:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
    2017-09-14 16:15 - 2017-09-05 06:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
    2017-09-14 16:15 - 2017-09-05 06:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
    2017-09-14 16:15 - 2017-09-05 06:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
    2017-09-14 16:15 - 2017-09-05 06:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
    2017-09-14 16:15 - 2017-09-05 06:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
    2017-09-14 16:15 - 2017-09-05 06:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
    2017-09-14 16:15 - 2017-09-05 06:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
    2017-09-14 16:15 - 2017-09-05 06:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
    2017-09-14 16:15 - 2017-09-05 06:22 - 000556032 _____ (Microsoft Corporation)


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 6 hostů