Kontrola logu Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: memphisto, Mods_senior, Security team

Uživatelský avatar
PARKR
Level 2.5
Level 2.5
Příspěvky: 362
Registrován: červenec 12
Bydliště: Severní Morava
Pohlaví: Muž

Kontrola logu

Příspěvekod PARKR » 25 bře 2019 19:16

Zdravím , chtěl bych požádat o kontrolu logu . Nejedná se o tento počítač a hodnoty v podpisu . Připadne mi , že HP podpora a jiné aplikace k tomu tam být nemusí a brzdí PC . No nechám to na odborníky .Děkuji



Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 19:11:35, on 25.03.2019
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.15063.0850)
CHROME: 72.0.3626.121

Boot mode: Normal

Running processes:
c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Users\Bronislav.P\Downloads\Hijack\HijackThis.exe
C:\Users\BRONIS~1.P\AppData\Local\Temp\nslD9EB.tmp\setuporig-HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HRTE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=HRTE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
O4 - HKLM\..\Run: [CLVirtualDrive] "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Bronislav.P\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Google Update] C:\Users\Bronislav.P\AppData\Local\Google\Update\1.3.33.23\GoogleUpdateCore.exe
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Služba %1!s! Update (avast) (avast) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall Service (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Služba %1!s! Update (avastm) (avastm) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: AvastWscReporter - AVAST Software - C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64_skl_kit127358.inf_amd64_2b94ab23909d4e28\IntelCpHeciSvc.exe
O23 - Service: Intel(R) Content Protection HDCP Service (cplspcon) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64_skl_kit127358.inf_amd64_2b94ab23909d4e28\IntelCpHDCPSvc.exe
O23 - Service: CxMonSvc - Conexant Systems, Inc - C:\WINDOWS\CxSvc\CxMonSvc.exe
O23 - Service: CxUtilSvc - Conexant Systems, Inc. - C:\WINDOWS\CxSvc\CxUtilSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Služba DigitalPersona Authentication Service (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: @oem77.inf,%fpCSEvtService_SvcDesc%;fpCSEvtSvc (fpCsEvtSvc) - Unknown owner - C:\WINDOWS\system32\fpCSEvtSvc.exe (file missing)
O23 - Service: HP Hotkey Service - HP - C:\Program Files (x86)\HP\HP Hotkey Support\HotkeyService.exe
O23 - Service: @oem79.inf,%hpservice_desc%;HP 3DDG Service (hp3ddgsrv) - Unknown owner - C:\WINDOWS\system32\HP3DDGService.exe (file missing)
O23 - Service: HP CASL Framework Service (hpqcaslwmiex) - HP - C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - HP - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - HP - C:\Program Files (x86)\HP\HP 3D DriveGuard\hpservice.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @oem24.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\WINDOWS\system32\ibtsiva (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64_skl_kit127358.inf_amd64_2b94ab23909d4e28\igfxCUIService.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe
O23 - Service: Intel(R) Security Assist - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
O23 - Service: Intel(R) TPM Provisioning Service - Intel(R) Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe
O23 - Service: Intel(R) WiDi Software Asset Manager (Intel(R) WiDi SAM) - Intel Corporation - C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe
O23 - Service: Intel(R) Audio Service (IntelAudioService) - Unknown owner - C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe (file missing)
O23 - Service: Intel(R) Security Assist Helper (isaHelperSvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: LAN/WLAN Switching Service (LanWlanSwitchingService) - HP - C:\Program Files (x86)\HP\HP Hotkey Support\LanWlanSwitchingService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @oem77.inf,%WBFService_SvcDesc%;Synaptics FP WBF Policy Service (valWBFPolicyService) - Unknown owner - C:\WINDOWS\system32\valWBFPolicyService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 12906 bytes

Notebook HP :
Nemáte oprávnění prohlížet přiložené soubory.


OS WIN 8 pro / MB MSI B150 PC MATE / CPU Intel Core i5-7400 /RAM Kingston 8GB DDR4 / GPU MSI RADEON RX 480 GAMING X 4G /
HDD Seagate BarraCuda 7200 SATA lll 1TB / SSD Kingston Now UV400 SATA III - 120GB / PSU CORSAIR CX Series 550W
-------------------------------------------------

Reklama
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 39526
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Kontrola logu

Příspěvekod jaro3 » 25 bře 2019 21:53

Podezření na nákazu není?

Zkusil bych tohle:
Stáhni si na svojí plochu StartupLite .exe by MalwareBytes

Tento program identifikuje a dává volbu k odstranění nepotřebných položek k vyprázdnění paměti.
Poklepej na ikonu StartupLite.exe (by MalwareBytes ) ke spuštění programu. Ve vistě a windows 7 spusť jako správce (pravým klik na ikonu a vyber-spustit jako správce).Vytvoří se list nepotřebných vstupů po spuštění. Nech všechny položky jako deaktivované a klikni na Continue . Restartuj PC.

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
http://www.geekstogo.com/forum/files/fi ... -oldtimer/
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode
http://www.bleepingcomputer.com/download/adwcleaner/
http://www.adlice.com/downloadprogress/

Ulož si ho na svojí plochu . Klikni na „Souhlasím“ k povrzení podmínek.
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Skenování“
Po skenu se objeví log , který se otevře. ( jinak je uložen systémovem disku jako C:\AdwCleaner [C?].txt ), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware na plochu , nainstaluj a spusť ho
-Pokud není program aktuální , klikni na možnost „Aktualizovat nyní“ či „Opravit nyní“.
- bude nalezena aktualizace a nainstaluje se.
- poté klikni na Spustit skenování
- po proběhnutí skenu se ti objeví hláška vpravo dole, tak klikni na Zobrazit zprávu a vyber Export a vyber Kopírovat do schránky a vlož sem celý log. Nebo klikni na „Textový soubor ( .txt)“ a log si ulož.
-jinak se log nachází v programu po kliknutí na „Zprávy“ , nebo je uložen zde: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs

- po té klikni na tlačítko Dokončit, a program zavři křížkem vpravo nahoře.
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
PARKR
Level 2.5
Level 2.5
Příspěvky: 362
Registrován: červenec 12
Bydliště: Severní Morava
Pohlaví: Muž

Re: Kontrola logu

Příspěvekod PARKR » 25 bře 2019 22:37

# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-03-21.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 03-25-2019
# Duration: 00:00:21
# OS: Windows 10 Home
# Scanned: 31923
# Detected: 4


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy C:\Users\Public\Documents\Downloaded Installers
PUP.Optional.SlimCleanerPlus C:\Users\Bronislav.P\AppData\Local\slimware utilities inc

***** [ Files ] *****

PUP.Optional.Legacy C:\Windows\System32\drivers\swdumon.sys

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Winlogon.Heuristic HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
OS WIN 8 pro / MB MSI B150 PC MATE / CPU Intel Core i5-7400 /RAM Kingston 8GB DDR4 / GPU MSI RADEON RX 480 GAMING X 4G /
HDD Seagate BarraCuda 7200 SATA lll 1TB / SSD Kingston Now UV400 SATA III - 120GB / PSU CORSAIR CX Series 550W
-------------------------------------------------

Uživatelský avatar
PARKR
Level 2.5
Level 2.5
Příspěvky: 362
Registrován: červenec 12
Bydliště: Severní Morava
Pohlaví: Muž

Re: Kontrola logu

Příspěvekod PARKR » 25 bře 2019 23:02

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 25.03.19
Čas skenování: 22:49
Logovací soubor: pc help.txt
Správce: Ano

-Informace o softwaru-
Verze: 3.0.5.1299
Verze komponentů:
Aktualizovat verzi balíku komponent:
Licence: Zkušební

-Systémová informace-
OS: Windows 10
CPU: x64
Systém souborů: NTFS
Uživatel: DESKTOP-VOAO29R\Bronislav.P

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Zrušeno
Skenované objekty: 0
(Nebyly zjištěny žádné škodlivé položky)
Uplynulý čas: 0 min, 19 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)
OS WIN 8 pro / MB MSI B150 PC MATE / CPU Intel Core i5-7400 /RAM Kingston 8GB DDR4 / GPU MSI RADEON RX 480 GAMING X 4G /
HDD Seagate BarraCuda 7200 SATA lll 1TB / SSD Kingston Now UV400 SATA III - 120GB / PSU CORSAIR CX Series 550W
-------------------------------------------------

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 39526
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Kontrola logu

Příspěvekod jaro3 » 25 bře 2019 23:42

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce
klikni na „Skenování“ , po prohledání klikni na „ Čištění

Program provede opravu, po automatickém restartu klikni na „Log soubor“ a pak poklepej na odpovídají log, (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
https://downloads.malwarebytes.com/file/JRT-EOL
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.adlice.com/download/roguekil ... HlwZT14ODY
64bit.:
http://www.adlice.com/download/roguekil ... HlwZT14NjQ
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7,8,10 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“
- Program skenuje procesy PC. Po proskenování klikni na „Open Report “ , v okně pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
-pokud bude mít log více než 60.000 znaků , rozděl ho a vlož do více příspěvků

další odkazy:
http://www.adlice.com/download/roguekiller/
http://www.bleepingcomputer.com/download/roguekiller/
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
Diallix
Level 2
Level 2
Příspěvky: 166
Registrován: říjen 08
Pohlaví: Nespecifikováno

Re: Kontrola logu

Příspěvekod Diallix » 26 bře 2019 01:20

Po vykonani horeuvedenych postupov, prosim, urobte este nasledovne:


- Stiahnite nastroj FRST, 32/64 bitovy, podla vasho systemu odtialto: https://www.bleepingcomputer.com/downlo ... scan-tool/
- Ulozte program FRST na plochu.
- Spustite program FRST a v okne Whitelist oznacte chlieviky Registry, Services, Drivers, Processes, Internet a v okne Optional Scan oznacte Addition.txt.
- Pokracujte tlacidlom Scan.
- Zacne sken, ktory moze trvat istu chvilu.
- Po skene sem vlozte logy: FRST + ADDITION
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu:CyberSecurity UNIT
----
Bezpečnostná autorita fóra viry.cz Certifikát
----
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Uživatelský avatar
PARKR
Level 2.5
Level 2.5
Příspěvky: 362
Registrován: červenec 12
Bydliště: Severní Morava
Pohlaví: Muž

Re: Kontrola logu

Příspěvekod PARKR » 26 bře 2019 08:02

# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-03-21.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 03-26-2019
# Duration: 00:00:06
# OS: Windows 10 Home
# Cleaned: 4
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\Public\Documents\Downloaded Installers
Deleted C:\Users\Bronislav.P\AppData\Local\slimware utilities inc

***** [ Files ] *****

Deleted C:\Windows\System32\drivers\swdumon.sys

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1502 octets] - [25/03/2019 22:34:56]
AdwCleaner[S01].txt - [1563 octets] - [26/03/2019 07:38:27]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
OS WIN 8 pro / MB MSI B150 PC MATE / CPU Intel Core i5-7400 /RAM Kingston 8GB DDR4 / GPU MSI RADEON RX 480 GAMING X 4G /
HDD Seagate BarraCuda 7200 SATA lll 1TB / SSD Kingston Now UV400 SATA III - 120GB / PSU CORSAIR CX Series 550W
-------------------------------------------------

Uživatelský avatar
PARKR
Level 2.5
Level 2.5
Příspěvky: 362
Registrován: červenec 12
Bydliště: Severní Morava
Pohlaví: Muž

Re: Kontrola logu

Příspěvekod PARKR » 26 bře 2019 08:19

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by Bronislav.P (Administrator) on 26.03.2019 at 8:05:46,03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 1

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\SWDUMon (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.03.2019 at 8:10:47,29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
OS WIN 8 pro / MB MSI B150 PC MATE / CPU Intel Core i5-7400 /RAM Kingston 8GB DDR4 / GPU MSI RADEON RX 480 GAMING X 4G /
HDD Seagate BarraCuda 7200 SATA lll 1TB / SSD Kingston Now UV400 SATA III - 120GB / PSU CORSAIR CX Series 550W
-------------------------------------------------

Uživatelský avatar
PARKR
Level 2.5
Level 2.5
Příspěvky: 362
Registrován: červenec 12
Bydliště: Severní Morava
Pohlaví: Muž

Re: Kontrola logu

Příspěvekod PARKR » 26 bře 2019 08:51

RogueKiller Anti-Malware V13.1.8.0 (x64) [Mar 12 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.15063) 64 bits
Started in : Normal mode
User : Bronislav.P [Administrator]
Started from : C:\Users\TEMP\Downloads\RogueKiller_portable64.exe
Signatures : 20190304_123840, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2019/03/26 08:28:34 (Duration : 00:19:14)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Suspicious.Path (Potentially Malicious)] (Google Inc) C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-377485661-1175933967-1024712423-1001Core.job -- C:\Users\Bronislav.P\AppData\Local\Google\Update\GoogleUpdate.exe [/c] -> Found
[Suspicious.Path (Potentially Malicious)] (Google Inc) C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-377485661-1175933967-1024712423-1001UA.job -- C:\Users\Bronislav.P\AppData\Local\Google\Update\GoogleUpdate.exe [/ua /installsource scheduler] -> Found
[Suspicious.Path (Potentially Malicious)] (Google Inc) \GoogleUpdateTaskUserS-1-5-21-377485661-1175933967-1024712423-1001Core -- C:\Users\Bronislav.P\AppData\Local\Google\Update\GoogleUpdate.exe [/c] -> Found
[Suspicious.Path (Potentially Malicious)] (Google Inc) \GoogleUpdateTaskUserS-1-5-21-377485661-1175933967-1024712423-1001Core1d25a9d3736aeb4 -- C:\Users\Bronislav.P\AppData\Local\Google\Update\GoogleUpdate.exe [/c] -> Found
[Suspicious.Path (Potentially Malicious)] (Google Inc) \GoogleUpdateTaskUserS-1-5-21-377485661-1175933967-1024712423-1001UA -- C:\Users\Bronislav.P\AppData\Local\Google\Update\GoogleUpdate.exe [/ua /installsource scheduler] -> Found
[Suspicious.Path (Potentially Malicious)] (Google Inc) \GoogleUpdateTaskUserS-1-5-21-377485661-1175933967-1024712423-1001UA1d25a9d375979af -- C:\Users\Bronislav.P\AppData\Local\Google\Update\GoogleUpdate.exe [/ua /installsource scheduler] -> Found
[Keylog.Gen0 (Malicious)] (Conexant Systems LLC) \Microsoft\Windows\Conexant\MicTray -- "C:\Windows\System32\MicTray64.exe" -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> O87 - Firewall
[Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{401A2352-9E98-4D5D-A8DA-9C175B8B911D}C:\users\bronislav.p\appdata\local\google\chrome\application\chrome.exe -- v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\bronislav.p\appdata\local\google\chrome\application\chrome.exe|Name=chrome.exe|Desc=chrome.exe| -> Found
[Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{CC273BEB-25C8-42BA-8216-67C3786EAC24}C:\users\bronislav.p\appdata\local\google\chrome\application\chrome.exe -- v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\bronislav.p\appdata\local\google\chrome\application\chrome.exe|Name=chrome.exe|Desc=chrome.exe| -> Found
[Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{CA7942E2-D923-4F0C-BE28-BDBEC8D48238}C:\users\bronislav.p\appdata\local\google\chrome\application\chrome.exe -- (Google LLC) v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\bronislav.p\appdata\local\google\chrome\application\chrome.exe|Name=chrome.exe|Desc=chrome.exe|Defer=User| (C:\users\bronislav.p\appdata\local\google\chrome\application\chrome.exe) -> Found
[Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{51E31BC2-5B38-4146-B123-9A6DB9D2B218}C:\users\bronislav.p\appdata\local\google\chrome\application\chrome.exe -- (Google LLC) v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\bronislav.p\appdata\local\google\chrome\application\chrome.exe|Name=chrome.exe|Desc=chrome.exe|Defer=User| (C:\users\bronislav.p\appdata\local\google\chrome\application\chrome.exe) -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Keylog.Gen0 (Malicious)] (file) MicTray64.exe -- (Conexant Systems LLC) C:\Windows\System32\MicTray64.exe -> Found
[PUP.Slimware (Potentially Malicious)] (folder) Avast Driver Updater -- C:\Program Files (x86)\Avast Driver Updater -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
OS WIN 8 pro / MB MSI B150 PC MATE / CPU Intel Core i5-7400 /RAM Kingston 8GB DDR4 / GPU MSI RADEON RX 480 GAMING X 4G /
HDD Seagate BarraCuda 7200 SATA lll 1TB / SSD Kingston Now UV400 SATA III - 120GB / PSU CORSAIR CX Series 550W
-------------------------------------------------

Uživatelský avatar
PARKR
Level 2.5
Level 2.5
Příspěvky: 362
Registrován: červenec 12
Bydliště: Severní Morava
Pohlaví: Muž

Re: Kontrola logu

Příspěvekod PARKR » 26 bře 2019 09:02

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64_skl_kit127358.inf_amd64_2b94ab23909d4e28\igfxCUIService.exe
(HP Inc. -> HP) C:\Windows\System32\HP3DDGService.exe
(HP Inc. -> HP) C:\Program Files (x86)\HP\HP 3D DriveGuard\hpservice.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Trust Services -> Intel(R) Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems LLC -> Conexant Systems, Inc.) C:\Windows\CxSvc\CxUtilSvc.exe
(HP Inc. -> HP) C:\Program Files (x86)\HP\HP Hotkey Support\HotkeyService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64_skl_kit127358.inf_amd64_2b94ab23909d4e28\IntelCpHDCPSvc.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Windows Hardware Compatibility Publisher -> ) C:\Windows\System32\fpCSEvtSvc.exe
(DigitalPersona, Inc. -> DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(HP Inc. -> HP) C:\Program Files (x86)\HP\HP Hotkey Support\LanWlanSwitchingService.exe
(HP Inc. -> HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64_skl_kit127358.inf_amd64_2b94ab23909d4e28\IntelCpHeciSvc.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(DigitalPersona, Inc. -> DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpCardEngine.exe
(Hewlett-Packard -> HP) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google LLC -> Google Inc.) C:\Users\TEMP\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Users\TEMP\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Users\TEMP\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Users\TEMP\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Users\TEMP\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google) C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\SwReporter\39.195.200.3\software_reporter_tool.exe
(Google LLC -> Google) C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\SwReporter\39.195.200.3\software_reporter_tool.exe
(Google LLC -> Google) C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\SwReporter\39.195.200.3\software_reporter_tool.exe
(Google LLC -> Google) C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\SwReporter\39.195.200.3\software_reporter_tool.exe
(Google LLC -> Google Inc.) C:\Users\TEMP\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Users\TEMP\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Users\TEMP\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Users\TEMP\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Users\TEMP\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Users\TEMP\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Users\TEMP\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Users\TEMP\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Users\TEMP\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Users\TEMP\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Users\TEMP\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Users\TEMP\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Users\TEMP\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Users\TEMP\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [DeliveryAndStatusCheck] => C:\Program Files\HP\HP ePrint\HP.DeliveryAndStatus.Desktop.App.exe [301832 2015-11-11] (Hewlett-Packard -> HP)
HKLM\...\Run: [Intel(R) WiDi Receiver Updater] => C:\Program Files\Intel Corporation\Intel WiDi\WRU.exe [89600 2015-10-27] () [File not signed]
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322104 2016-03-08] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes Corporation -> Malwarebytes)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [110008 2015-08-05] (CyberLink Corp. -> CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [499640 2015-08-05] (CyberLink Corp. -> CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [260488 2019-03-25] (AVAST Software s.r.o. -> AVAST Software)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-377485661-1175933967-1024712423-1001\...\Run: [OneDrive] => C:\Users\TEMP\AppData\Local\Microsoft\OneDrive\OneDrive.exe [1507144 2019-03-26] (Microsoft Corporation -> Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-377485661-1175933967-1024712423-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22488952 2019-03-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-377485661-1175933967-1024712423-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\TEMP\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" <==== ATTENTION
HKU\S-1-5-21-377485661-1175933967-1024712423-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\TEMP\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" <==== ATTENTION
HKU\S-1-5-21-377485661-1175933967-1024712423-1001\...\RunOnce: [Uninstall 17.3.6816.0313\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TEMP\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64" <==== ATTENTION
HKU\S-1-5-21-377485661-1175933967-1024712423-1001\...\RunOnce: [Uninstall 17.3.6816.0313] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TEMP\AppData\Local\Microsoft\OneDrive\17.3.6816.0313" <==== ATTENTION
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> %SystemRoot%\inf\unregmp2.exe /ShowWMP
HKLM\Software\...\Winlogon\GPExtensions: [{8D90E7E9-6F48-4e24-85E0-596C8E6C4639}] -> c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCmsGPOClient.dll [2015-09-28] (DigitalPersona, Inc. -> DigitalPersona, Inc.)
Lsa: [Notification Packages] DPPassFilter scecli
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 172.16.32.3 172.16.32.6 192.168.1.1
Tcpip\..\Interfaces\{5497677b-333e-4fb0-a28e-7a41593a6520}: [DhcpNameServer] 172.16.32.3 172.16.32.6 192.168.1.1
Tcpip\..\Interfaces\{e6f197b9-d316-41f4-b012-6b99f929aa8b}: [DhcpNameServer] 172.16.32.3

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HRTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HRTE
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [dpmaxz_ng@jetpack] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome
FF Extension: (HP Client Security Manager) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome [2016-03-17] [Legacy] [not signed]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] (Foxit Corporation -> )
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] (Foxit Corporation -> )
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\components\npChromeDPAgent.dll [2015-09-28] (DigitalPersona, Inc. -> DigitalPersona, Inc.)

Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default [2019-03-26]
CHR Extension: (Prezentace) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-03-26]
CHR Extension: (Dokumenty) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-03-26]
CHR Extension: (Disk Google) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-03-26]
CHR Extension: (YouTube) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-03-26]
CHR Extension: (Tabulky) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-03-26]
CHR Extension: (Dokumenty Google offline) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-03-26]
CHR Extension: (HP Client Security Manager) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncffjdbbodifgldkcbhmiiljfcnbgjab [2019-03-26]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-03-26]
CHR Extension: (Gmail) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-03-26]
CHR Extension: (Chrome Media Router) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-26]
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome.crx [2015-09-28]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6570352 2019-03-25] (AVAST Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-06] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [360440 2019-03-25] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [371824 2019-03-25] (AVAST Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-06] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-03-25] (AVAST Software s.r.o. -> AVAST Software)
S2 CxMonSvc; C:\WINDOWS\CxSvc\CxMonSvc.exe [42832 2018-08-14] (Conexant Systems LLC -> Conexant Systems, Inc)
R2 CxUtilSvc; C:\WINDOWS\CxSvc\CxUtilSvc.exe [149616 2018-07-25] (Conexant Systems LLC -> Conexant Systems, Inc.)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [502232 2015-09-28] (DigitalPersona, Inc. -> DigitalPersona, Inc.)
R2 fpCsEvtSvc; C:\WINDOWS\system32\fpCSEvtSvc.exe [22528 2017-08-09] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 HP Hotkey Service; C:\Program Files (x86)\HP\HP Hotkey Support\HotkeyService.exe [965952 2017-07-17] (HP Inc. -> HP)
R2 hp3ddgsrv; C:\WINDOWS\system32\HP3DDGService.exe [130072 2017-09-22] (HP Inc. -> HP)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1077752 2016-09-28] (HP Inc. -> HP)
R2 hpsrv; C:\Program Files (x86)\HP\HP 3D DriveGuard\hpservice.exe [28192 2017-11-20] (HP Inc. -> HP)
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18488 2016-03-08] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [541896 2018-05-15] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe [743728 2017-11-16] (Intel(R) Trust Services -> Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe [720184 2017-11-16] (Intel(R) Trust Services -> Intel(R) Corporation)
S3 Intel(R) WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-09-18] (Intel(R) Software Asset Manager -> Intel Corporation)
S2 IntelAudioService; C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe [160856 2019-01-16] (Intel(R) Smart Sound Technology -> Intel)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [205968 2017-12-03] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 LanWlanSwitchingService; C:\Program Files (x86)\HP\HP Hotkey Support\LanWlanSwitchingService.exe [593728 2017-07-17] (HP Inc. -> HP)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes Corporation -> Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [310880 2018-09-05] (Intel Corporation -> )
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255640 2019-01-02] (Synaptics Incorporated -> Synaptics Incorporated)
R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [82944 2017-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342240 2018-06-08] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102792 2018-06-08] (Microsoft Corporation -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4059744 2018-09-05] (Intel Corporation -> Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [52648 2017-09-22] (HP Inc. -> HP)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [205608 2019-03-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [254408 2019-03-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [196304 2019-03-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblog.sys [320904 2019-03-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [58168 2019-03-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-03-25] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42496 2019-03-25] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [169104 2019-03-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswNetSec; C:\WINDOWS\System32\drivers\aswNetSec.sys [518784 2019-03-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [112520 2019-03-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [88152 2019-03-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1034640 2019-03-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [476256 2019-03-25] (AVAST Software s.r.o. -> AVAST Software)
S2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [220632 2019-03-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380160 2019-03-25] (AVAST Software s.r.o. -> AVAST Software)
R3 CnxtHdAudService; C:\WINDOWS\system32\drivers\CHDRT64ISST.sys [2298224 2019-01-16] (Conexant Systems LLC -> Conexant Systems Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2016-12-14] (Malwarebytes Corporation -> )
S3 hidemi; C:\WINDOWS\System32\drivers\hidemi.sys [29024 2015-07-06] (Microchip Technology Inc. -> Microchip)
R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [38816 2017-09-22] (HP Inc. -> HP)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136728 2018-05-15] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176064 2019-03-25] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [102856 2019-03-26] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2019-03-26] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [250816 2019-03-26] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2019-03-26] (Malwarebytes Corporation -> Malwarebytes)
S3 mchpemi; C:\WINDOWS\System32\drivers\mchpemi.sys [37728 2015-07-06] (Microchip Technology Inc. -> Microchip)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [8714872 2018-09-26] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R0 PinFile; C:\WINDOWS\System32\DRIVERS\PinFile.sys [56864 2015-11-15] (WinMagic Inc. -> WinMagic Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1024384 2019-01-16] (Realtek Semiconductor Corp. -> Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [782304 2017-06-08] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [419296 2017-06-08] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R0 SDDisk2K; C:\WINDOWS\System32\DRIVERS\SDDisk2K.sys [232480 2015-11-15] (WinMagic Inc. -> WinMagic Inc.)
R0 SDDToki; C:\WINDOWS\System32\DRIVERS\SDDToki.sys [138272 2015-11-15] (WinMagic Inc. -> WinMagic Inc.)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-08-04] (Synaptics Incorporated -> Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [33960 2015-08-04] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SNP2UVCW10; C:\WINDOWS\system32\DRIVERS\snUVCg2.sys [2528352 2017-08-07] (Sonix Technology CO., LTD -> Sonix Tech. Co., Ltd.)
S3 SynRMIHID; C:\WINDOWS\System32\drivers\SynRMIHID.sys [48296 2015-08-04] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30368 2017-06-21] (HP Inc. -> HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-26 08:56 - 2019-03-26 08:58 - 000025284 _____ C:\Users\TEMP\Downloads\FRST.txt
2019-03-26 08:55 - 2019-03-26 08:56 - 000000000 ____D C:\FRST
2019-03-26 08:54 - 2019-03-26 08:54 - 002434048 _____ (Farbar) C:\Users\TEMP\Downloads\FRST64.exe
2019-03-26 08:26 - 2019-03-26 08:54 - 000000000 ____D C:\ProgramData\RogueKiller
2019-03-26 08:24 - 2019-03-26 08:24 - 033776696 _____ C:\Users\TEMP\Downloads\RogueKiller_portable64.exe
2019-03-26 08:17 - 2019-03-26 08:17 - 000002447 _____ C:\Users\TEMP\Desktop\Google Chrome.lnk
2019-03-26 08:10 - 2019-03-26 08:10 - 000000639 _____ C:\Users\TEMP\Desktop\JRT.txt
2019-03-26 08:05 - 2019-03-26 08:05 - 000000000 ____D C:\Users\TEMP\AppData\Local\OneDrive
2019-03-26 08:04 - 2019-03-26 08:04 - 001790024 _____ (Malwarebytes) C:\Users\TEMP\Downloads\JRT.exe
2019-03-26 08:00 - 2019-03-26 08:00 - 007316688 _____ (Malwarebytes) C:\Users\TEMP\Downloads\AdwCleaner.exe
2019-03-26 07:57 - 2019-03-26 07:57 - 000000000 ____D C:\Users\TEMP\AppData\Roaming\AVAST Software
2019-03-26 07:57 - 2019-03-26 07:57 - 000000000 ____D C:\Users\TEMP\AppData\Local\CEF
2019-03-26 07:51 - 2019-03-26 08:25 - 000000000 ____D C:\Users\TEMP\AppData\Local\Google
2019-03-26 07:51 - 2019-03-26 08:17 - 000002484 _____ C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-03-26 07:50 - 2019-03-26 07:58 - 000002391 _____ C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-03-26 07:50 - 2019-03-26 07:58 - 000000000 ___RD C:\Users\TEMP\OneDrive
2019-03-26 07:50 - 2019-03-26 07:50 - 000000000 ____D C:\Users\TEMP\Downloads\chrome
2019-03-26 07:49 - 2019-03-26 07:49 - 000000000 ____D C:\Users\TEMP\AppData\Local\CrashDumps
2019-03-26 07:48 - 2019-03-26 07:48 - 000000000 ____D C:\Users\TEMP\AppData\Local\DBG
2019-03-26 07:47 - 2019-03-26 07:47 - 000001671 _____ C:\Users\TEMP\Desktop\Nový textový dokument.txt
2019-03-26 07:46 - 2019-03-26 07:46 - 000000000 ____D C:\Users\TEMP\AppData\Local\Conexant
2019-03-26 07:45 - 2019-03-26 07:45 - 000000000 ____D C:\Users\TEMP\AppData\Local\Power2Go8
2019-03-26 07:44 - 2019-03-26 07:44 - 000000000 ____D C:\Users\TEMP\AppData\Local\MicrosoftEdge
2019-03-26 07:42 - 2019-03-26 07:48 - 000000000 ____D C:\Users\TEMP\AppData\Roaming\Hewlett-Packard
2019-03-26 07:42 - 2019-03-26 07:46 - 000000000 ____D C:\Users\TEMP\AppData\Local\Packages
2019-03-26 07:42 - 2019-03-26 07:43 - 000000000 ____D C:\Users\TEMP\AppData\Local\Intel
2019-03-26 07:42 - 2019-03-26 07:42 - 000000020 ___SH C:\Users\TEMP\ntuser.ini
2019-03-26 07:42 - 2019-03-26 07:42 - 000000000 _SHDL C:\Users\TEMP\Šablony
2019-03-26 07:42 - 2019-03-26 07:42 - 000000000 _SHDL C:\Users\TEMP\Soubory cookie
2019-03-26 07:42 - 2019-03-26 07:42 - 000000000 _SHDL C:\Users\TEMP\Poslední
2019-03-26 07:42 - 2019-03-26 07:42 - 000000000 _SHDL C:\Users\TEMP\Okolní tiskárny
2019-03-26 07:42 - 2019-03-26 07:42 - 000000000 _SHDL C:\Users\TEMP\Okolní síť
2019-03-26 07:42 - 2019-03-26 07:42 - 000000000 _SHDL C:\Users\TEMP\Nabídka Start
2019-03-26 07:42 - 2019-03-26 07:42 - 000000000 _SHDL C:\Users\TEMP\Dokumenty
2019-03-26 07:42 - 2019-03-26 07:42 - 000000000 _SHDL C:\Users\TEMP\Documents\Obrázky
2019-03-26 07:42 - 2019-03-26 07:42 - 000000000 _SHDL C:\Users\TEMP\Documents\Hudba
2019-03-26 07:42 - 2019-03-26 07:42 - 000000000 _SHDL C:\Users\TEMP\Documents\Filmy
2019-03-26 07:42 - 2019-03-26 07:42 - 000000000 _SHDL C:\Users\TEMP\Data aplikací
2019-03-26 07:42 - 2019-03-26 07:42 - 000000000 _SHDL C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2019-03-26 07:42 - 2019-03-26 07:42 - 000000000 _SHDL C:\Users\TEMP\AppData\Local\Data aplikací
2019-03-26 07:42 - 2019-03-26 07:42 - 000000000 ____D C:\Users\TEMP\AppData\Roaming\Intel
2019-03-26 07:42 - 2019-03-26 07:42 - 000000000 ____D C:\Users\TEMP\AppData\Roaming\hpqLog
2019-03-26 07:42 - 2019-03-26 07:42 - 000000000 ____D C:\Users\TEMP\AppData\Roaming\Adobe
2019-03-26 07:42 - 2019-03-26 07:42 - 000000000 ____D C:\Users\TEMP\AppData\Local\VirtualStore
2019-03-26 07:42 - 2019-03-26 07:42 - 000000000 ____D C:\Users\TEMP\AppData\Local\TileDataLayer
2019-03-26 07:42 - 2019-03-26 07:42 - 000000000 ____D C:\Users\TEMP\AppData\Local\ConnectedDevicesPlatform
2019-03-26 07:42 - 2017-01-04 18:28 - 000000000 ____D C:\Users\TEMP\AppData\Roaming\Intel Corporation
2019-03-26 07:42 - 2016-12-16 09:48 - 000000000 ____D C:\Users\TEMP\Documents\hp.system.package.metadata
2019-03-26 07:42 - 2016-12-16 09:48 - 000000000 ____D C:\Users\TEMP\Documents\hp.applications.package.appdata
2019-03-26 07:41 - 2019-03-26 07:50 - 000000000 ____D C:\Users\TEMP
2019-03-25 23:02 - 2019-03-25 23:02 - 000001448 _____ C:\Users\Bronislav.P\Desktop\pc help.txt
2019-03-25 22:49 - 2019-03-26 07:47 - 000091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-03-25 22:49 - 2019-03-26 07:42 - 000102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-03-25 22:49 - 2019-03-26 07:41 - 000250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2019-03-25 22:49 - 2019-03-26 07:41 - 000043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-03-25 22:49 - 2019-03-25 22:49 - 000176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2019-03-25 22:48 - 2019-03-25 22:48 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-03-25 22:48 - 2019-03-25 22:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-03-25 22:48 - 2019-03-25 22:48 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-03-25 22:48 - 2019-03-25 22:48 - 000000000 ____D C:\Program Files\Malwarebytes
2019-03-25 22:48 - 2016-12-14 12:55 - 000077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2019-03-25 22:47 - 2019-03-25 22:47 - 065917568 _____ ( ) C:\Users\Bronislav.P\Desktop\mb3-setup-consumer-3.0.5.1299.exe
2019-03-25 22:34 - 2019-03-26 07:39 - 000000000 ____D C:\AdwCleaner
2019-03-25 22:26 - 2019-03-25 22:26 - 007316688 _____ (Malwarebytes) C:\Users\Bronislav.P\Desktop\AdwCleaner.exe
2019-03-25 22:24 - 2019-03-25 22:24 - 000448512 _____ (OldTimer Tools) C:\Users\Bronislav.P\Desktop\TFC.exe
2019-03-25 22:16 - 2019-03-25 22:16 - 000050688 _____ (Atribune.org) C:\Users\Bronislav.P\Desktop\ATF-Cleaner.exe
2019-03-25 22:12 - 2019-03-25 22:12 - 000204496 _____ (Malwarebytes) C:\Users\Bronislav.P\Desktop\startuplite-setup-1.07.exe
2019-03-25 19:25 - 2019-03-25 22:06 - 000000000 ____D C:\Program Files (x86)\Avast Driver Updater
2019-03-25 19:07 - 2019-03-25 19:07 - 000000000 ____D C:\ProgramData\FastStone
2019-03-25 18:57 - 2019-03-26 07:22 - 000000000 ____D C:\Users\Bronislav.P\Downloads\Hijack
2019-03-25 18:29 - 2019-03-25 18:29 - 000000000 ____D C:\Users\Bronislav.P\AppData\Roaming\AVAST Software
2019-03-25 18:27 - 2019-03-25 18:27 - 000002167 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Premier.lnk
2019-03-25 18:27 - 2019-03-25 18:27 - 000002155 _____ C:\Users\Public\Desktop\Avast Premier.lnk
2019-03-25 18:25 - 2019-03-25 18:25 - 000003990 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2019-03-25 18:24 - 2019-03-25 18:23 - 000476256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2019-03-25 18:24 - 2019-03-25 18:23 - 000380160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2019-03-25 18:24 - 2019-03-25 18:23 - 000220632 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2019-03-25 18:24 - 2019-03-25 18:22 - 001034640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2019-03-25 18:24 - 2019-03-25 18:22 - 000205608 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2019-03-25 18:24 - 2019-03-25 18:22 - 000169104 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2019-03-25 18:24 - 2019-03-25 18:22 - 000112520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2019-03-25 18:24 - 2019-03-25 18:22 - 000088152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2019-03-25 18:24 - 2019-03-25 18:22 - 000042496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2019-03-25 18:24 - 2019-03-25 18:22 - 000015488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2019-03-25 18:24 - 2019-03-25 18:21 - 000518784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetSec.sys
2019-03-25 18:24 - 2019-03-25 18:21 - 000320904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswblog.sys
2019-03-25 18:24 - 2019-03-25 18:21 - 000254408 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2019-03-25 18:24 - 2019-03-25 18:21 - 000196304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2019-03-25 18:24 - 2019-03-25 18:21 - 000058168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2019-03-25 18:23 - 2019-03-25 18:22 - 000362888 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2019-03-25 18:21 - 2019-03-25 18:21 - 000000000 ____D C:\Program Files\AVAST Software
2019-03-25 18:18 - 2019-03-25 18:19 - 000000000 ____D C:\Users\Bronislav.P\Downloads\avast premier

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-26 08:51 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-03-26 08:49 - 2017-03-18 22:03 - 000000000 ___HD C:\Program Files\WindowsApps
2019-03-26 08:48 - 2017-09-30 17:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-03-26 07:58 - 2017-09-30 17:33 - 000003388 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-377485661-1175933967-1024712423-1001
2019-03-26 07:50 - 2019-01-26 17:24 - 000003364 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{252DE0C7-9A71-46AA-9BF6-CBDA81E905B5}
2019-03-26 07:50 - 2018-02-22 14:22 - 000003194 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-03-26 07:50 - 2017-09-30 17:33 - 000003692 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-377485661-1175933967-1024712423-1001UA
2019-03-26 07:50 - 2017-09-30 17:33 - 000003616 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-377485661-1175933967-1024712423-1001UA1d25a9d375979af
2019-03-26 07:50 - 2017-09-30 17:33 - 000003424 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-377485661-1175933967-1024712423-1001Core
2019-03-26 07:50 - 2017-09-30 17:33 - 000003348 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-377485661-1175933967-1024712423-1001Core1d25a9d3736aeb4
2019-03-26 07:50 - 2017-09-30 17:33 - 000003042 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2019-03-26 07:50 - 2017-09-30 17:33 - 000003040 _____ C:\WINDOWS\System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec
2019-03-26 07:50 - 2017-09-30 17:33 - 000002674 _____ C:\WINDOWS\System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon
2019-03-26 07:50 - 2017-09-30 17:33 - 000002218 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-03-26 07:50 - 2017-09-30 17:33 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2019-03-26 07:50 - 2016-12-06 13:36 - 000001018 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-377485661-1175933967-1024712423-1001UA.job
2019-03-26 07:50 - 2016-12-06 13:36 - 000000966 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-377485661-1175933967-1024712423-1001Core.job
2019-03-26 07:43 - 2015-07-16 15:00 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-03-26 07:42 - 2016-12-06 13:25 - 000000000 __SHD C:\Users\Bronislav.P\IntelGraphicsProfiles
2019-03-26 07:41 - 2017-09-30 17:05 - 000286080 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-03-26 07:40 - 2017-09-30 17:33 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-03-26 07:40 - 2017-09-30 17:14 - 000000000 ____D C:\ProgramData\Synaptics
2019-03-26 07:40 - 2017-03-18 12:40 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2019-03-26 07:20 - 2018-04-06 14:31 - 000000000 ____D C:\Users\Bronislav.P\AppData\Local\AVAST Software
2019-03-25 23:13 - 2018-09-14 17:55 - 000000000 ____D C:\Users\Bronislav.P\AppData\Local\CrashDumps
2019-03-25 22:43 - 2017-09-22 09:33 - 000000000 ___DC C:\WINDOWS\Panther
2019-03-25 19:29 - 2017-09-30 17:15 - 000000000 ____D C:\Users\Bronislav.P
2019-03-25 18:23 - 2017-03-18 22:03 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-03-25 18:20 - 2016-12-06 14:07 - 000000000 ____D C:\ProgramData\AVAST Software
2019-03-25 18:07 - 2016-12-06 13:31 - 000592616 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2019-03-25 17:46 - 2017-03-18 22:01 - 000000000 ____D C:\WINDOWS\INF
2019-03-20 18:38 - 2017-09-30 11:36 - 000000000 ____D C:\Program Files\rempl
2019-03-20 18:36 - 2018-03-07 10:41 - 000000000 ____D C:\Windows10Upgrade
2019-03-17 15:34 - 2018-04-12 17:55 - 000000000 ___HD C:\$WINDOWS.~BT
2019-03-17 10:44 - 2016-12-06 13:30 - 000002412 _____ C:\Users\Bronislav.P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-03-17 10:44 - 2016-12-06 13:30 - 000000000 ___RD C:\Users\Bronislav.P\OneDrive
2019-03-17 10:40 - 2016-12-06 13:37 - 000002535 _____ C:\Users\Bronislav.P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-03-17 10:37 - 2016-12-06 14:27 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-03-13 19:56 - 2017-10-27 15:02 - 000000000 ____D C:\Users\Bronislav.P\AppData\Local\ElevatedDiagnostics
2019-03-13 19:08 - 2016-12-06 15:40 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-03-13 19:02 - 2016-12-06 13:25 - 000000000 ____D C:\Users\Bronislav.P\AppData\Local\Packages
2019-03-13 18:51 - 2016-12-06 15:40 - 127411920 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-03-01 12:48 - 2018-04-16 15:02 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-03-01 12:47 - 2018-03-07 11:44 - 000000000 ____D C:\Users\Bronislav.P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-03-01 12:47 - 2018-03-07 11:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-03-01 12:47 - 2018-03-07 11:44 - 000000000 ____D C:\Program Files\WinRAR
2019-03-01 12:47 - 2016-12-06 14:27 - 000000000 ____D C:\Program Files\CCleaner
2019-03-01 12:24 - 2017-09-30 17:15 - 003730502 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-03-01 12:24 - 2017-03-20 05:43 - 001724704 _____ C:\WINDOWS\system32\perfh005.dat
2019-03-01 12:24 - 2017-03-20 05:43 - 000453992 _____ C:\WINDOWS\system32\perfc005.dat

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-03-20 20:08

==================== End of FRST.txt ============================
OS WIN 8 pro / MB MSI B150 PC MATE / CPU Intel Core i5-7400 /RAM Kingston 8GB DDR4 / GPU MSI RADEON RX 480 GAMING X 4G /
HDD Seagate BarraCuda 7200 SATA lll 1TB / SSD Kingston Now UV400 SATA III - 120GB / PSU CORSAIR CX Series 550W
-------------------------------------------------

Uživatelský avatar
PARKR
Level 2.5
Level 2.5
Příspěvky: 362
Registrován: červenec 12
Bydliště: Severní Morava
Pohlaví: Muž

Re: Kontrola logu

Příspěvekod PARKR » 26 bře 2019 09:03

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by Bronislav.P (26-03-2019 08:58:57)
Running from C:\Users\TEMP\Downloads
Windows 10 Home Version 1703 15063.1418 (X64) (2017-09-30 16:44:33)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-377485661-1175933967-1024712423-500 - Administrator - Disabled)
Bronislav.P (S-1-5-21-377485661-1175933967-1024712423-1001 - Administrator - Enabled) => C:\Users\TEMP
DefaultAccount (S-1-5-21-377485661-1175933967-1024712423-503 - Limited - Disabled)
Guest (S-1-5-21-377485661-1175933967-1024712423-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Disabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Aplikace Intel® PROSet/Wireless (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
Avast Premier (HKLM-x32\...\Avast Antivirus) (Version: 19.3.2369 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.136.333 - AVAST Software) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.55 - Piriform)
Conexant ISST Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 9.0.215.0 - Conexant)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.5605 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.5613 - CyberLink Corp.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
FastStone Capture 8.8 (HKLM-x32\...\FastStone Capture) (Version: 8.8 - FastStone Soft)
Foxit PhantomPDF (HKLM-x32\...\{5CFE00C7-06D8-426A-8370-2962A40DAE1C}) (Version: 6.0.23.427 - Foxit Corporation)
Google Chrome (HKU\S-1-5-21-377485661-1175933967-1024712423-1001\...\Google Chrome) (Version: 72.0.3626.81 - Google Inc.)
HP 3D DriveGuard (HKLM-x32\...\{D3D0E6C5-4B65-4088-A5A9-A7DF27DB5D1A}) (Version: 6.0.45.1 - HP)
HP Client Security Manager (HKLM\...\HPProtectTools) (Version: 8.3.17.2041 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP)
HP Drive Encryption (HKLM\...\HPDriveEncryption) (Version: 8.6.23.46 - HP)
HP ePrint SW (HKLM-x32\...\{88970959-baf7-4864-a39a-69a58e8ae5cf}) (Version: 5.0.18701 - HP)
HP ESU for Microsoft Windows 10 (HKLM-x32\...\{94D0EB60-8B2F-4A80-BA74-3D312434415F}) (Version: 11.2.2 - HP)
HP Hotkey Support (HKLM-x32\...\{963F09EA-0B0A-4CFC-B04F-AD9B6614794C}) (Version: 6.2.39.1 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8293.5264 - Hewlett-Packard)
HP SoftPaq Download Manager (HKLM-x32\...\{f41e84dd-bf67-4276-a972-df8f69ff28b6}) (Version: 4.0.0.0 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{83421C73-4679-40F0-B590-20846CB893E0}) (Version: 9.0.1 - HP)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.7.50.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{D7D5F438-26EF-45AB-AB89-C476FBCF8584}) (Version: 12.10.49.21 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{BCF8F914-F91D-4DC5-A9E3-655B444CBFFD}) (Version: 1.2.6.1 - Hewlett-Packard Company)
HP Universal Camera Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1114.26 - Sonix)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{099DAD2B-56C5-4919-9F82-418C2A018CAE}) (Version: 1.1.18.1 - HP)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1067 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.5018 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.7.1051 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{66129f84-d3f0-4884-ac54-369ae6fc2cf6}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel(R) WiDi (HKLM\...\{6C02A234-7A14-4737-9D89-B0C47A64F94E}) (Version: 6.0.52.0 - Intel Corporation)
Intel(R) WiDi Software Asset Manager (HKLM-x32\...\{AC8973AF-7F4C-40F4-BFE1-C02FE95ED2C2}) (Version: 3.2.1184 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000060-0200-1029-84C8-B8D95FA3C8C3}) (Version: 20.60.0 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{314d4c01-f54b-4125-a71f-1e2722c29050}) (Version: 10.1.1.40 - Intel(R) Corporation) Hidden
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Malwarebytes verze 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-377485661-1175933967-1024712423-1001\...\OneDriveSetup.exe) (Version: 19.012.0121.0011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Mozilla Firefox 62.0 (x64 cs) (HKLM\...\Mozilla Firefox 62.0 (x64 cs)) (Version: 62.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2 - Mozilla)
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22617 - Microsoft Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.148 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.26.328.2018 - Realtek)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.69 - Synaptics Incorporated)
Synaptics WBF Fingerprint Reader (HKLM\...\{608E0775-D27A-4C97-A8E4-67AC517F72F7}) (Version: 4.5.315.0 - Synaptics)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{FBA3961B-D1DF-493C-BC1F-E67D3B832895}) (Version: 2.56.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{EC4F72E8-52FE-454E-B70F-DBE5C0FA44C5}) (Version: 1.20.0.0 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-377485661-1175933967-1024712423-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-03-25] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-03-25] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-03-25] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-08-05] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2014-10-23] (Foxit Corporation -> Foxit Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-08-05] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-03-25] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64_skl_kit127358.inf_amd64_2b94ab23909d4e28\igfxDTCM.dll [2019-01-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-03-25] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0249C93B-33E8-4B1F-A671-0C2CD821F3D1} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {10B93741-BBD0-450F-AA71-400D1EFCF563} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe (HP Inc. -> HP Inc.)
Task: {10D4C867-7321-432F-89A0-2DB452B61AAA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-377485661-1175933967-1024712423-1001UA1d25a9d375979af => C:\Users\Bronislav.P\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {1BC55067-7FA2-4118-B583-698C1A0AE2F2} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe (Intel(R) Software -> Intel Corporation)
Task: {1D0EB245-F948-4128-8A88-9AE445A9B198} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.)
Task: {229C90CA-B263-47EB-9E1A-DF065D2A38DE} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {2DF5CD88-57BB-4F36-A799-F664FF40CF10} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe (HP Inc. -> HP Inc.)
Task: {4B652BA8-D4D7-46F9-B34D-A0C8E429075A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-377485661-1175933967-1024712423-1001UA => C:\Users\Bronislav.P\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {560D7C64-0E22-413B-B9E3-5C65F7B2D596} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-377485661-1175933967-1024712423-1001Core => C:\Users\Bronislav.P\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {5710F0E5-2CE7-4386-9768-04F3ACEC3C46} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-377485661-1175933967-1024712423-1001Core1d25a9d3736aeb4 => C:\Users\Bronislav.P\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {5B806322-6EDE-4284-9F06-EA461A9446B2} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {5CA2F41F-572B-4885-A7E3-5E0DC560E3C2} - System32\Tasks\Microsoft\Windows\Conexant\MicTray => C:\Windows\System32\MicTray64.exe (Conexant Systems LLC -> Conexant)
Task: {62A66DFE-C230-494E-BC74-690C3091FDD5} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {642AB2F6-B81A-4089-8BEB-7C29954E4570} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe (HP Inc. -> HP Inc.)
Task: {68DE3D85-E502-410E-BFEF-93E1ADA1D930} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe (HP Inc. -> HP Inc.)
Task: {7041BDD6-E607-43D0-9C02-C841D9E50CAC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.)
Task: {729CB43B-A425-4E59-8814-3F97E33D32CC} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {72C23F6D-0896-4F81-8E19-B8B0C70C6462} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {768A6C64-222B-4A66-80DD-EE0192D29780} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {7C196E5C-C556-426E-858B-62B954DF3780} - System32\Tasks\HP\HP Hotkey Support\Start QLBController Process => C:\Program Files (x86)\HP\HP Hotkey Support\QLBController.exe (HP Inc. -> HP)
Task: {983295FD-4E54-4187-8D26-62BF6DDD7E4E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe (HP Inc. -> HP Inc.)
Task: {CC7950E6-4F53-4B4D-A473-22A9FA041BE5} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {D372FF7E-ED64-4ED7-BC70-BC591E301EC1} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {D793ABD7-E4DA-4F54-8C12-68736606A5DA} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {DAC8F84E-6A24-45B7-B62D-B90B7C7BC17E} - System32\Tasks\Microsoft\Windows\Conexant\SA3 => C:\Program Files\CONEXANT\SA3\HP-NB-AIO\SACpl.exe (Conexant Systems, Inc. -> Conexant Systems, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-377485661-1175933967-1024712423-1001Core.job => C:\Users\Bronislav.P\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-377485661-1175933967-1024712423-1001UA.job => C:\Users\Bronislav.P\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2019-03-25 22:48 - 2016-12-14 13:14 - 001606656 _____ (Igor Pavlov) [File not signed] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\7z.dll
2015-05-19 17:11 - 2015-05-19 17:11 - 000335872 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
2019-03-25 22:48 - 2016-12-08 10:20 - 002572800 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2019-03-25 22:48 - 2016-12-08 10:18 - 002497536 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2019-03-25 22:48 - 2016-12-08 10:14 - 004480512 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2019-03-25 22:48 - 2016-12-08 10:11 - 005017600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2019-03-25 22:48 - 2016-12-08 10:10 - 000669184 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2019-03-25 22:48 - 2016-12-12 10:15 - 004679168 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-03-25 22:48 - 2016-12-08 10:15 - 000966656 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-03-25 22:48 - 2016-12-08 10:15 - 000038912 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qdds.dll
2019-03-25 22:48 - 2016-12-08 10:15 - 000024576 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qgif.dll
2019-03-25 22:48 - 2016-12-08 10:15 - 000030720 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qicns.dll
2019-03-25 22:48 - 2016-12-08 10:15 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-03-25 22:48 - 2016-12-08 10:15 - 000243200 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qjpeg.dll
2019-03-25 22:48 - 2016-12-08 10:15 - 000019456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2019-03-25 22:48 - 2016-12-08 10:15 - 000251904 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-03-25 22:48 - 2016-12-08 10:15 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qtga.dll
2019-03-25 22:48 - 2016-12-08 10:15 - 000313344 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qtiff.dll
2019-03-25 22:48 - 2016-12-08 10:15 - 000017920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qwbmp.dll
2019-03-25 22:48 - 2016-12-08 10:16 - 000324608 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qwebp.dll
2019-03-25 22:48 - 2016-12-08 10:21 - 000013312 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-03-25 22:48 - 2016-12-08 10:25 - 000070144 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-03-25 22:48 - 2016-12-08 10:27 - 000697856 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-03-25 22:48 - 2016-12-08 10:21 - 000013312 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-03-25 22:48 - 2016-12-08 10:27 - 000095744 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\scenegraph\softwarecontext.dll
2019-03-25 22:48 - 2016-12-08 10:15 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\iconengines\qsvgicon.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 12:04 - 2019-01-04 11:11 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-377485661-1175933967-1024712423-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 172.16.32.3 - 172.16.32.6
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "AvastUI.exe"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{CA7942E2-D923-4F0C-BE28-BDBEC8D48238}C:\users\bronislav.p\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\bronislav.p\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [TCP Query User{51E31BC2-5B38-4146-B123-9A6DB9D2B218}C:\users\bronislav.p\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\bronislav.p\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [UDP Query User{401A2352-9E98-4D5D-A8DA-9C175B8B911D}C:\users\bronislav.p\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\bronislav.p\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [TCP Query User{CC273BEB-25C8-42BA-8216-67C3786EAC24}C:\users\bronislav.p\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\bronislav.p\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{0D20A2F1-0CB6-4E23-A5A2-B447E133498C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{503FEC01-87AA-455D-9AC3-391F7CB21B19}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8C76F5B4-4878-4B29-873F-C70017BAEA0D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{AF364451-811C-4954-9D0F-E4A80B3284BE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{12FB1B5E-32CB-4565-8BC1-92F1D9CA7453}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{EAD36FF7-50EF-4F93-86F2-5BD22FB43380}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink Corp. -> CyberLink)
FirewallRules: [{380591D2-1BE1-4AC2-8702-05715ACD5127}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{6BBD9E17-5870-4FF9-BA42-58612100DC3C}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{33F7269A-F9FC-4D4B-ABC8-D5F8E7A21CFE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{068C627D-AD61-4949-94A1-1D9FD12DD5D1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E4F3B30E-DB4B-4B99-B410-C9C1C1BB27C2}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{25A4485A-30DB-44C9-8B15-C4058229260A}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{E8FD91B6-B115-4D4D-A1CC-732E61F94F76}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [{99F23A1F-A8B9-4B14-A49B-3F8EC551B890}] => (Allow) C:\Users\TEMP\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

13-03-2019 18:49:39 Windows Update
17-03-2019 11:51:24 Windows Update
20-03-2019 18:37:08 Windows Update
25-03-2019 17:56:55 Windows Update
26-03-2019 08:05:53 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/26/2019 08:05:53 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny ConvertStringSidToSid(S-1-5-21-377485661-1175933967-1024712423-1001.bak) došlo k neočekávané chybě. hr= 0x80070539, Struktura ID zabezpečení není platná.
.


Operace:
Událost OnIdentify
Shromažďování dat modulu pro zápis

Kontext:
Kontext spuštění: Shadow Copy Optimization Writer
ID třídy modulu pro zápis: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Název modulu pro zápis: Shadow Copy Optimization Writer
ID instance modulu pro zápis: {3feed339-1969-42f9-8e23-50d7fd4c6561}

Error: (03/26/2019 07:58:39 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 11) (User: DESKTOP-VOAO29R)
Description: Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy234

Error: (03/26/2019 07:48:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: MicrosoftEdgeCP.exe, verze: 11.0.15063.674, časové razítko: 0x59cdf479
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000604
Posun chyby: 0x0000000000000000
ID chybujícího procesu: 0x2548
Čas spuštění chybující aplikace: 0x01d4e39fe370ed9b
Cesta k chybující aplikaci: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 5eae57b0-3b3c-4410-9ef9-e88e68698c5e
Úplný název chybujícího balíčku: Microsoft.MicrosoftEdge_40.15063.674.0_neutral__8wekyb3d8bbwe
ID aplikace související s chybujícím balíčkem: ContentProcess

Error: (03/26/2019 07:46:34 AM) (Source: HP Active Health) (EventID: 88) (User: )
Description: -- SECURITY WARNING -- ActiveHealthProperties.ini has been tampered with, resetting it

Error: (03/26/2019 07:46:34 AM) (Source: HP Active Health) (EventID: 88) (User: )
Description: -- SECURITY WARNING -- ActiveHealthState.ini has been tampered with, resetting it

Error: (03/26/2019 07:46:34 AM) (Source: HP Active Health) (EventID: 80) (User: )
Description: -- SECURITY WARNING -- Unable to deserialize super secret file hashes. Will assume evil is afoot - all Validate() calls will return DOESNT_MATCH
at HP.ActiveHealth.Commons.Security.HashStore.LoadHashesFromFile()

Error: (03/26/2019 07:42:04 AM) (Source: CertEnroll) (EventID: 87) (User: NT AUTHORITY)
Description: Registrace certifikátu SCEP pro WORKGROUP\DESKTOP-VOAO29R$ přes https://IFX-KeyId-97e5d1cd8b0497c04b465 ... s/Aik/scep se nepovedla:

SubmitDone
GetCACertChain: OK
HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Tue, 26 Mar 2019 06:41:59 GMT
Pragma: no-cache
Content-Length: 5954
Content-Type: application/x-x509-ca-ra-cert
Expires: -1
x-ms-request-id: d26e81f9-87c7-4de5-9eba-eb920b95d3c2
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff

Metoda: POST(4250ms)
Fáze: SubmitDone
Chybná žádost (400) 0x80190190 (-2145844848 HTTP_E_STATUS_BAD_REQUEST)

Error: (03/26/2019 07:41:58 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: DESKTOP-VOAO29R)
Description: Systém Windows nemůže nalézt místní profil. Budete přihlášeni pomocí dočasného profilu. Změny profilu budou při vašem odhlášení ztraceny.


System errors:
=============
Error: (03/26/2019 08:51:27 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d01): 9NBLGGH6J6VK-828B5831.HiddenCityMysteryofShadows.

Error: (03/26/2019 08:51:21 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d01): 9NBLGGH5Q1ZL-WinZipComputing.WinZipUniversal.

Error: (03/26/2019 08:51:21 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d01): 9NBLGGH1Z8G6-Microsoft.NET.Native.Framework.1.2.

Error: (03/26/2019 08:51:18 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d01): 9NBLGGH1HX9G-Microsoft.NET.Native.Runtime.1.1.

Error: (03/26/2019 08:48:49 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d01): 9NBLGGH4VZW5-89006A2E.AutodeskSketchBook.

Error: (03/26/2019 08:45:15 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-VOAO29R)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
a APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
uživateli DESKTOP-VOAO29R\Bronislav.P (SID: S-1-5-21-377485661-1175933967-1024712423-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy – SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/26/2019 08:17:09 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d01): 9WZDNCRFJ3Q8-CAF9E577.Plex.

Error: (03/26/2019 08:17:09 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d01): 9NBLGGH5L7B7-Microsoft.NET.Native.Framework.1.3.


Windows Defender:
===================================
Date: 2018-09-05 12:34:38.712
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {141D6987-87A0-42C5-9946-D5A86FDDBB51}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2018-08-28 19:30:13.619
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {0DBD4020-3570-49A1-9D6F-F40EA336D17A}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2018-08-19 07:37:25.475
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {03F00BDB-5A8F-4396-A8E0-8B9EAED6B793}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-03-25 18:33:24.975
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Systém kontroly sítě
Kód chyby: 0x8007045b
Popis chyby: Probíhá vypnutí systému.
Důvod: Antimalwarová ochrana přestala z neznámých důvodů fungovat. V některých případech lze tento problém vyřešit restartováním služby.

Date: 2019-03-25 18:33:24.975
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Monitorování chování
Kód chyby: 0x8007045b
Popis chyby: Probíhá vypnutí systému.
Důvod: Antimalwarová ochrana přestala z neznámých důvodů fungovat. V některých případech lze tento problém vyřešit restartováním služby.

Date: 2019-03-25 18:33:24.975
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007045b
Popis chyby: Probíhá vypnutí systému.
Důvod: Antimalwarová ochrana přestala z neznámých důvodů fungovat. V některých případech lze tento problém vyřešit restartováním služby.

Date: 2019-03-25 18:27:52.706
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Systém kontroly sítě
Kód chyby: 0x80070006
Popis chyby: Neplatný popisovač.
Důvod: Ovladač filtru byl úspěšně restartován.

Date: 2019-03-25 18:27:37.652
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Systém kontroly sítě
Kód chyby: 0x80070006
Popis chyby: Neplatný popisovač.
Důvod: Neočekávaně bylo zrušeno zavedení ovladače filtru.

CodeIntegrity:
===================================

Date: 2019-03-26 07:56:00.192
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-03-26 07:55:59.697
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-03-26 07:48:53.382
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-03-26 07:48:16.577
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-03-26 07:48:15.746
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-03-26 07:48:15.288
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-03-26 07:44:40.214
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-03-26 07:44:26.418
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-6100U CPU @ 2.30GHz
Percentage of memory in use: 81%
Total physical RAM: 3992.59 MB
Available physical RAM: 757.95 MB
Total Virtual: 4696.59 MB
Available Virtual: 888.21 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:912.27 GB) (Free:835.12 GB) NTFS
Drive d: (Recovery Image) (Fixed) (Total:15.06 GB) (Free:1.93 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.99 GB) FAT32

\\?\Volume{0fe74d3b-d0b8-4ab6-8e3e-e029f1bde5ba}\ () (Fixed) (Total:1.7 GB) (Free:1.02 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================
OS WIN 8 pro / MB MSI B150 PC MATE / CPU Intel Core i5-7400 /RAM Kingston 8GB DDR4 / GPU MSI RADEON RX 480 GAMING X 4G /
HDD Seagate BarraCuda 7200 SATA lll 1TB / SSD Kingston Now UV400 SATA III - 120GB / PSU CORSAIR CX Series 550W
-------------------------------------------------

Uživatelský avatar
Diallix
Level 2
Level 2
Příspěvky: 166
Registrován: říjen 08
Pohlaví: Nespecifikováno

Re: Kontrola logu

Příspěvekod Diallix » 26 bře 2019 09:44

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {4B652BA8-D4D7-46F9-B34D-A0C8E429075A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-377485661-1175933967-1024712423-1001UA => C:\Users\Bronislav.P\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {560D7C64-0E22-413B-B9E3-5C65F7B2D596} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-377485661-1175933967-1024712423-1001Core => C:\Users\Bronislav.P\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {5710F0E5-2CE7-4386-9768-04F3ACEC3C46} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-377485661-1175933967-1024712423-1001Core1d25a9d3736aeb4 => C:\Users\Bronislav.P\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-377485661-1175933967-1024712423-1001Core.job => C:\Users\Bronislav.P\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-377485661-1175933967-1024712423-1001UA.job => C:\Users\Bronislav.P\AppData\Local\Google\Update\GoogleUpdate.exe
HKLM-x32\...\Run: [] => [X]
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-377485661-1175933967-1024712423-1001\...\Run: [OneDrive] => C:\Users\TEMP\AppData\Local\Microsoft\OneDrive\OneDrive.exe [1507144 2019-03-26] (Microsoft Corporation -> Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-377485661-1175933967-1024712423-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\TEMP\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" <==== ATTENTION
HKU\S-1-5-21-377485661-1175933967-1024712423-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q
HKU\S-1-5-21-377485661-1175933967-1024712423-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\TEMP\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" <==== ATTENTION
HKU\S-1-5-21-377485661-1175933967-1024712423-1001\...\RunOnce: [Uninstall 17.3.6816.0313\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TEMP\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64" <==== ATTENTION
HKU\S-1-5-21-377485661-1175933967-1024712423-1001\...\RunOnce: [Uninstall 17.3.6816.0313] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TEMP\AppData\Local\Microsoft\OneDrive\17.3.6816.0313" <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HRTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HRTE
2019-03-26 07:50 - 2016-12-06 13:36 - 000001018 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-377485661-1175933967-1024712423-1001UA.job
2019-03-26 07:50 - 2016-12-06 13:36 - 000000966 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-377485661-1175933967-1024712423-1001Core.job

EmptyTemp:



Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu:CyberSecurity UNIT
----
Bezpečnostná autorita fóra viry.cz Certifikát
----
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: CommonCrawl [Bot] a 0 hostů