Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-12-2016
Ran by ADMIN (06-12-2016 00:35:37)
Running from C:\Users\ADMIN\Dropbox\Install\forum-viry-cz
Windows 8.1 Pro (Update) (X64) (2014-02-09 12:39:11)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

ADMIN (S-1-5-21-1367650372-3115982969-2173390595-1001 - Administrator - Enabled) => C:\Users\ADMIN
Administrator (S-1-5-21-1367650372-3115982969-2173390595-500 - Administrator - Disabled)
Guest (S-1-5-21-1367650372-3115982969-2173390595-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@RISK 7.5 (HKLM-x32\...\{A09425A4-DB19-482F-A504-971D451A4799}) (Version: 7.5.01146.0 - Palisade Corporation)
ActivDriver x64 v5.9 (HKLM\...\{633EB44A-B19A-409E-8321-78B363553398}) (Version: 5.9.27 - Promethean)
ActivInspire Core Resources (CZE) v1 (HKLM-x32\...\{0D0C3C53-83FE-4A15-A42E-D24FF8FBDC61}) (Version: 1.6.3 - Promethean)
ActivInspire v1 (HKLM-x32\...\{D292E0F0-07D0-47B6-8B50-BCEBE67A17C4}) (Version: 1.8.64868 - Promethean)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
AIMP2 (HKLM-x32\...\AIMP2) (Version:  - AIMP DevTeam)
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.8.9046 - )
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.1.2.739 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
dBpoweramp (HKLM-x32\...\dBpoweramp) (Version: Release 15 - Illustrate)
dBpoweramp DSP Effects (HKLM-x32\...\dBpoweramp DSP Effects) (Version: Release 10 - Illustrate)
Dropbox (HKU\S-1-5-21-1367650372-3115982969-2173390595-1001\...\Dropbox) (Version: 15.4.22 - Dropbox, Inc.)
EditPlus 3 (64 bit) (HKLM\...\EditPlus 3) (Version:  - ES-Computing)
FlickrSync (HKU\S-1-5-21-1367650372-3115982969-2173390595-1001\...\617c5813362ad0ae) (Version: 0.9.1.0 - FlickrSync)
GnuWin32: Wget-1.11.4-1 (HKLM-x32\...\Wget-1.11.4-1_is1) (Version: 1.11.4-1 - GnuWin32)
Google Drive (HKLM-x32\...\{8696116E-F4C2-4C64-AD7E-FF365E244FA4}) (Version: 1.32.3889.0961 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.14) (Version: 9.14 - Artifex Software Inc.)
Greenshot 1.2.6.7 (HKLM\...\Greenshot_is1) (Version: 1.2.6.7 - Greenshot)
Chrome Remote Desktop Host (HKLM-x32\...\{D669DC52-B1A4-4933-878D-CB80F660D95D}) (Version: 55.0.2883.17 - Google Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4061 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
K-Lite Mega Codec Pack 11.5.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.5.5 - )
KMSpico v9.2.1 Beta (HKLM\...\KMSpico_is1) (Version: 9.2.1 Beta - )
Macro Recorder 5.7.4 (HKLM-x32\...\Macro Recorder_is1) (Version: 5.7.4 - Jitbit Software)
Malwarebytes Anti-Malware verze 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MCS783x Windows 8.x Drivers (HKLM-x32\...\InstallShield_{2BDD8E68-208B-45E0-BEE7-FB379FBA5D78}) (Version: 1.0.1.0 - ASIX Electronics Corporation)
MCS783x Windows 8.x Drivers (x32 Version: 1.0.1.0 - ASIX Electronics Corporation) Hidden
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.6965.2105 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1367650372-3115982969-2173390595-1001\...\OneDriveSetup.exe) (Version: 17.3.6517.0809 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 cs) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 cs)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6965.2105 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6965.2105 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6965.2105 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDFtk Server version 2.02 (HKLM-x32\...\{E3617D29-6D71-4B5C-B9E2-C927C705E317}_is1) (Version: 2.02 - PDF Labs)
R for Windows 3.2.2 (HKLM\...\R for Windows 3.2.2_is1) (Version: 3.2.2 - R Core Team)
Rajče průvodce verze 1.59.52.267 (HKLM-x32\...\rajce.net_is1) (Version:  - rajce.net)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.9200.29038 - Realtek Semiconductor Corp.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Secure Download Manager (HKLM-x32\...\{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2817430) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
SMART Common Files (HKLM-x32\...\{26A95DBF-A866-4838-A8C9-FA219FCBD22E}) (Version: 11.5.159.0 - SMART Technologies ULC)
SMART Czech Handwriting Resources (HKLM-x32\...\{65A75580-36A0-4490-8181-0967DD6C1464}) (Version: 15.1.10.0 - SMART Technologies ULC)
SMART Czech Language Pack (HKLM-x32\...\{BE4A93CE-63A3-4362-88E9-A7D8578F23BA}) (Version: 11.4.27.0 - SMART Technologies ULC)
SMART English (United Kingdom) Language Pack (HKLM-x32\...\{8264804E-B6EA-4069-82E8-B76C791C8819}) (Version: 11.4.27.0 - SMART Technologies ULC)
SMART Notebook (HKLM-x32\...\{5E112563-E291-4C20-849F-49CE3BAD73D1}) (Version: 15.1.772.0 - SMART Technologies ULC)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
SubtitleCreator (HKLM-x32\...\SubtitleCreator) (Version: V2.2 - Erik Vullings)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0405-0000-0000000FF1CE}_Office15.PROPLUS_{AED52533-C34E-47F3-B905-68662D338FA0}) (Version:  - Microsoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{CDA02BF0-BFBC-11E3-AFA0-F04DA23A5C58}) (Version: 13.0.290 - Sony)
VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version:  - )
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1367650372-3115982969-2173390595-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\ADMIN\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-1367650372-3115982969-2173390595-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1367650372-3115982969-2173390595-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1367650372-3115982969-2173390595-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1367650372-3115982969-2173390595-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1367650372-3115982969-2173390595-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1367650372-3115982969-2173390595-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1367650372-3115982969-2173390595-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1367650372-3115982969-2173390595-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1367650372-3115982969-2173390595-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1367650372-3115982969-2173390595-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1367650372-3115982969-2173390595-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1367650372-3115982969-2173390595-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1367650372-3115982969-2173390595-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C33977A-7D8F-496F-B434-352EB63B8080} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {0D402629-1273-4CED-A7DE-67843B74EB13} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-30] (Microsoft Corporation)
Task: {2D3DA9E4-4E94-40D3-91A2-3B82DAC45F10} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-30] (Microsoft Corporation)
Task: {2F4A50AF-7DDD-4102-825E-8DA195D036C9} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1367650372-3115982969-2173390595-1001Core => C:\Users\ADMIN\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-12] (Dropbox, Inc.)
Task: {3DE9E973-E9C1-4FFC-9595-013126CA4F45} - System32\Tasks\speedfan start 2 => C:\Program Files (x86)\SpeedFan\speedfan.exe [2015-02-20] (Almico Software (almico.com))
Task: {5E03D076-931F-4612-A814-2BF513E354A8} - System32\Tasks\Task Manager => cmd.exe /c start /min taskmgr.exe
Task: {76057A4A-3F18-4AC8-92B7-55A4B407EB9D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {777F931B-EA1D-486E-A5C9-6BD713C1AA66} - System32\Tasks\AdobeAAMUpdater-1.0-ENVY-ADMIN => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {904823C8-32CE-417A-BAAF-A8654AC43E33} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-12] (Adobe Systems Incorporated)
Task: {A480CDB8-0E0B-4764-9DC6-AB30D2536BFD} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {BA1D3553-06F0-4035-9C9D-276466200F48} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {BFF0299C-B72D-4FF7-AF9B-4404F74B0600} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-11-02] (Microsoft Corporation)
Task: {CE6A0AF6-D49C-4362-97FE-1FC34AD2060D} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1367650372-3115982969-2173390595-1001UA => C:\Users\ADMIN\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-12] (Dropbox, Inc.)
Task: {E3A0F11E-8C50-4CAC-9A0B-77F9F0237ADF} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-02-06] ()
Task: {E4796063-5EF8-4369-8CE8-F9CFF3A042DC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {E9C86DDB-385E-4599-AEB2-AD7674E85EAC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-10-13] (Microsoft Corporation)
Task: {F0BBE3C6-9885-4451-9828-3B1E7914CB69} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-11-02] (Microsoft Corporation)
Task: {F1F5667F-9E32-403D-8DA6-692B9DB2469C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {F67EA818-439E-443B-B0AB-AEDEF5563E63} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-11-02] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1367650372-3115982969-2173390595-1001Core.job => C:\Users\ADMIN\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1367650372-3115982969-2173390595-1001UA.job => C:\Users\ADMIN\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Spouštěč aplikací Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_gbchcmhmhahfdphkhkmpfmihenigjmpp\Bureau à distance Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gmail.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=pjkljhegncpnkpknbcohdijeoejaedia
ShortcutWithArgument: C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Spouštěč aplikací Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applications Chrome\2048.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=clgddkicplcbgjfobecebadodeggpghp
ShortcutWithArgument: C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applications Chrome\Vzdálená plocha Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\2048.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=clgddkicplcbgjfobecebadodeggpghp
ShortcutWithArgument: C:\Users\ADMIN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Bureau à distance Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\ADMIN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gmail.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=pjkljhegncpnkpknbcohdijeoejaedia

==================== Loaded Modules (Whitelisted) ==============

2014-12-02 12:52 - 2014-12-02 12:52 - 00029184 _____ () C:\Windows\System32\ssm4mlm.dll
2016-10-13 09:13 - 2016-11-20 16:40 - 08919744 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2013-11-22 11:51 - 2013-11-22 11:51 - 00523152 _____ () C:\Program Files\Activ Software\ActivDriver\FlashExtension\flashbridge-wrapper-crossplatform.exe
2016-11-20 16:45 - 2016-11-08 22:03 - 02367080 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-20 16:45 - 2016-11-08 22:03 - 00107112 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll
2016-12-06 00:29 - 2016-12-06 00:27 - 01222144 _____ () C:\Users\ADMIN\Dropbox\Install\forum-viry-cz\RSITx64.exe
2016-12-06 00:21 - 2016-12-06 00:21 - 00098816 ____R () C:\Users\ADMIN\AppData\Local\Temp\_MEI36842\win32api.pyd
2016-12-06 00:21 - 2016-12-06 00:21 - 00110080 ____R () C:\Users\ADMIN\AppData\Local\Temp\_MEI36842\pywintypes27.dll
2016-12-06 00:21 - 2016-12-06 00:21 - 00364544 ____R () C:\Users\ADMIN\AppData\Local\Temp\_MEI36842\pythoncom27.dll
2016-12-06 00:21 - 2016-12-06 00:21 - 00320512 ____R () C:\Users\ADMIN\AppData\Local\Temp\_MEI36842\win32com.shell.shell.pyd
2016-12-06 00:21 - 2016-12-06 00:21 - 00914432 ____R () C:\Users\ADMIN\AppData\Local\Temp\_MEI36842\_hashlib.pyd
2016-12-06 00:21 - 2016-12-06 00:21 - 01176576 ____R () C:\Users\ADMIN\AppData\Local\Temp\_MEI36842\wx._core_.pyd
2016-12-06 00:21 - 2016-12-06 00:21 - 00806400 ____R () C:\Users\ADMIN\AppData\Local\Temp\_MEI36842\wx._gdi_.pyd
2016-12-06 00:21 - 2016-12-06 00:21 - 00816128 ____R () C:\Users\ADMIN\AppData\Local\Temp\_MEI36842\wx._windows_.pyd
2016-12-06 00:21 - 2016-12-06 00:21 - 01067008 ____R () C:\Users\ADMIN\AppData\Local\Temp\_MEI36842\wx._controls_.pyd
2016-12-06 00:21 - 2016-12-06 00:21 - 00733184 ____R () C:\Users\ADMIN\AppData\Local\Temp\_MEI36842\wx._misc_.pyd
2016-12-06 00:21 - 2016-12-06 00:21 - 00682496 ____R () C:\Users\ADMIN\AppData\Local\Temp\_MEI36842\pysqlite2._sqlite.pyd
2016-12-06 00:21 - 2016-12-06 00:21 - 00088064 ____R () C:\Users\ADMIN\AppData\Local\Temp\_MEI36842\_ctypes.pyd
2016-12-06 00:21 - 2016-12-06 00:21 - 00686080 ____R () C:\Users\ADMIN\AppData\Local\Temp\_MEI36842\unicodedata.pyd
2016-12-06 00:21 - 2016-12-06 00:21 - 00119808 ____R () C:\Users\ADMIN\AppData\Local\Temp\_MEI36842\win32file.pyd
2016-12-06 00:21 - 2016-12-06 00:21 - 00108544 ____R () C:\Users\ADMIN\AppData\Local\Temp\_MEI36842\win32security.pyd
2016-12-06 00:21 - 2016-12-06 00:21 - 00007168 ____R () C:\Users\ADMIN\AppData\Local\Temp\_MEI36842\hashobjs_ext.pyd
2016-12-06 00:21 - 2016-12-06 00:21 - 00017920 ____R () C:\Users\ADMIN\AppData\Local\Temp\_MEI36842\thumbnails_ext.pyd
2016-12-06 00:21 - 2016-12-06 00:21 - 00088064 ____R () C:\Users\ADMIN\AppData\Local\Temp\_MEI36842\usb_ext.pyd
2016-12-06 00:21 - 2016-12-06 00:21 - 00012800 ____R () C:\Users\ADMIN\AppData\Local\Temp\_MEI36842\common.time34.pyd
2016-12-06 00:21 - 2016-12-06 00:21 - 00018432 ____R () C:\Users\ADMIN\AppData\Local\Temp\_MEI36842\win32event.pyd
2016-12-06 00:21 - 2016-12-06 00:21 - 00167936 ____R () C:\Users\ADMIN\AppData\Local\Temp\_MEI36842\win32gui.pyd
2016-12-06 00:21 - 2016-12-06 00:21 - 00046080 ____R () C:\Users\ADMIN\AppData\Local\Temp\_MEI36842\_socket.pyd
2016-12-06 00:21 - 2016-12-06 00:21 - 01303552 ____R () C:\Users\ADMIN\AppData\Local\Temp\_MEI36842\_ssl.pyd
2016-12-06 00:21 - 2016-12-06 00:21 - 00128512 ____R () C:\Users\ADMIN\AppData\Local\Temp\_MEI36842\_elementtree.pyd
2016-12-06 00:21 - 2016-12-06 00:21 - 00127488 ____R () C:\Users\ADMIN\AppData\Local\Temp\_MEI36842\pyexpat.pyd
2016-12-06 00:21 - 2016-12-06 00:21 - 00038912 ____R () C:\Users\ADMIN\AppData\Local\Temp\_MEI36842\win32inet.pyd
2016-12-06 00:21 - 2016-12-06 00:21 - 00036864 ____R () C:\Users\ADMIN\AppData\Local\Temp\_MEI36842\_psutil_windows.pyd
2016-12-06 00:21 - 2016-12-06 00:21 - 00525208 ____R () C:\Users\ADMIN\AppData\Local\Temp\_MEI36842\windows._lib_cacheinvalidation.pyd
2016-12-06 00:21 - 2016-12-06 00:21 - 00011264 ____R () C:\Users\ADMIN\AppData\Local\Temp\_MEI36842\win32crypt.pyd
2016-12-06 00:21 - 2016-12-06 00:21 - 00123392 ____R () C:\Users\ADMIN\AppData\Local\Temp\_MEI36842\wx._wizard.pyd
2016-12-06 00:21 - 2016-12-06 00:21 - 00077312 ____R () C:\Users\ADMIN\AppData\Local\Temp\_MEI36842\wx._html2.pyd
2016-12-06 00:21 - 2016-12-06 00:21 - 00027648 ____R () C:\Users\ADMIN\AppData\Local\Temp\_MEI36842\_multiprocessing.pyd
2016-12-06 00:21 - 2016-12-06 00:21 - 00020480 ____R () C:\Users\ADMIN\AppData\Local\Temp\_MEI36842\_yappi.pyd
2016-12-06 00:21 - 2016-12-06 00:21 - 00035840 ____R () C:\Users\ADMIN\AppData\Local\Temp\_MEI36842\win32process.pyd
2016-12-06 00:21 - 2016-12-06 00:21 - 00078848 ____R () C:\Users\ADMIN\AppData\Local\Temp\_MEI36842\wx._animate.pyd
2016-12-06 00:21 - 2016-12-06 00:21 - 00024064 ____R () C:\Users\ADMIN\AppData\Local\Temp\_MEI36842\win32pipe.pyd
2016-12-06 00:21 - 2016-12-06 00:21 - 00010240 ____R () C:\Users\ADMIN\AppData\Local\Temp\_MEI36842\select.pyd
2016-12-06 00:21 - 2016-12-06 00:21 - 00025600 ____R () C:\Users\ADMIN\AppData\Local\Temp\_MEI36842\win32pdh.pyd
2016-12-06 00:21 - 2016-12-06 00:21 - 00017408 ____R () C:\Users\ADMIN\AppData\Local\Temp\_MEI36842\win32profile.pyd
2016-12-06 00:21 - 2016-12-06 00:21 - 00022528 ____R () C:\Users\ADMIN\AppData\Local\Temp\_MEI36842\win32ts.pyd
2016-08-23 21:47 - 2016-08-23 21:47 - 01383616 _____ () C:\Users\ADMIN\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-08-23 21:47 - 2016-08-23 21:47 - 00118976 _____ () C:\Users\ADMIN\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
2013-11-22 11:51 - 2013-11-22 11:51 - 00087392 _____ () C:\Program Files\Activ Software\ActivDriver\FlashExtension\activsdk2.dll
2013-11-22 11:51 - 2013-11-22 11:51 - 00341848 _____ () C:\Program Files\Activ Software\ActivDriver\FlashExtension\QtXml4.dll
2013-11-22 11:51 - 2013-11-22 11:51 - 07989592 _____ () C:\Program Files\Activ Software\ActivDriver\FlashExtension\QtGui4.dll
2013-11-22 11:51 - 2013-11-22 11:51 - 00691552 _____ () C:\Program Files\Activ Software\ActivDriver\FlashExtension\QtNetwork4.dll
2013-11-22 11:51 - 2013-11-22 11:51 - 02152792 _____ () C:\Program Files\Activ Software\ActivDriver\FlashExtension\QtCore4.dll
2013-11-22 11:51 - 2013-11-22 11:51 - 00388456 _____ () C:\Program Files\Activ Software\ActivDriver\FlashExtension\activsystem1.dll
2013-11-22 11:52 - 2013-11-22 11:52 - 00126296 _____ () C:\Program Files\Activ Software\ActivDriver\FlashExtension\plugins\imageformats\qjpeg4.dll
2013-11-22 11:52 - 2013-11-22 11:52 - 00190824 _____ () C:\Windows\libactivboardex.dll
2015-12-12 11:29 - 2016-10-29 00:50 - 00035792 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-12-04 13:30 - 2016-10-29 00:50 - 00145864 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-12-04 13:30 - 2016-10-29 00:51 - 00019408 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-12-04 13:30 - 2016-10-29 00:50 - 00116688 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-12 11:29 - 2016-10-29 00:50 - 00100296 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-12 11:29 - 2016-10-29 00:50 - 00018888 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-12 11:29 - 2016-11-28 15:17 - 00019760 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-12 11:29 - 2016-10-29 00:50 - 00694224 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-12-04 13:30 - 2016-11-28 15:16 - 00020816 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-12 11:29 - 2016-10-29 00:51 - 00123856 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-12-04 13:30 - 2016-11-28 15:16 - 01682760 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-12-04 13:30 - 2016-11-28 15:16 - 00020808 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-12 11:29 - 2016-10-29 00:53 - 00105928 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-08-08 21:00 - 2016-11-28 15:17 - 00021312 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2016-12-04 13:30 - 2016-11-28 15:16 - 00052024 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-12-04 13:30 - 2016-11-28 15:16 - 00038696 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-12-04 13:30 - 2016-10-29 00:50 - 00392144 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2016-12-04 13:30 - 2016-10-29 00:53 - 00020936 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-12 11:29 - 2016-10-29 00:53 - 00024528 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-12 11:29 - 2016-10-29 00:53 - 00116176 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-12 11:29 - 2016-11-28 15:17 - 00381752 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-12 11:29 - 2016-10-29 00:53 - 00124880 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-08-08 21:00 - 2016-11-28 15:17 - 00025424 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2015-12-12 11:29 - 2016-10-29 00:53 - 00024016 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-12 11:29 - 2016-10-29 00:53 - 00175560 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-12 11:29 - 2016-10-29 00:53 - 00030160 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-12 11:29 - 2016-10-29 00:53 - 00043472 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-12 11:29 - 2016-10-29 00:53 - 00048592 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\win32service.pyd
2015-12-12 11:29 - 2016-10-29 00:53 - 00057808 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2015-12-12 11:29 - 2016-10-29 00:53 - 00024016 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-12-04 13:30 - 2016-11-28 15:16 - 00246592 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2016-12-04 13:30 - 2016-11-28 15:16 - 00026456 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-08-08 21:00 - 2016-10-29 00:52 - 00241104 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\_jpegtran.pyd
2016-12-04 13:30 - 2016-11-28 15:16 - 00020280 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-12 11:29 - 2016-10-29 00:53 - 00028616 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\win32ts.pyd
2016-02-18 20:40 - 2016-11-28 15:17 - 00020800 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-18 20:40 - 2016-11-28 15:17 - 00019776 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-02-18 20:40 - 2016-11-28 15:17 - 00020800 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2015-12-12 11:29 - 2016-11-28 15:17 - 00023376 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-12 11:29 - 2016-10-29 00:53 - 00350152 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-02-18 20:40 - 2016-11-28 15:17 - 00022352 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-12-04 13:30 - 2016-11-28 15:16 - 00024392 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-12-04 13:30 - 2016-10-29 00:49 - 00036296 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\librsync.dll
2016-12-04 13:30 - 2016-11-28 15:16 - 00084280 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-12-04 13:30 - 2016-11-28 15:16 - 01826096 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-12 11:29 - 2016-10-29 00:51 - 00083912 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\sip.pyd
2016-12-04 13:30 - 2016-11-28 15:16 - 00531248 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-12-04 13:30 - 2016-11-28 15:17 - 03928880 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-12-04 13:30 - 2016-11-28 15:16 - 01972528 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-12-04 13:30 - 2016-11-28 15:16 - 00133424 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-12-04 13:30 - 2016-11-28 15:16 - 00224056 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-12-04 13:30 - 2016-11-28 15:16 - 00207672 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-08-08 21:00 - 2016-11-28 15:17 - 00020288 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\winffi.user32._winffi_user32.pyd
2016-12-04 13:30 - 2016-10-29 00:56 - 00017864 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\libEGL.dll
2016-12-04 13:30 - 2016-10-29 00:56 - 01631184 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2016-12-04 13:30 - 2016-11-28 15:16 - 00042808 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2016-12-04 13:30 - 2016-11-28 15:16 - 00168760 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2016-12-04 13:30 - 2016-11-28 15:16 - 00357680 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-12-12 11:29 - 2016-10-29 00:53 - 00060880 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\win32print.pyd
2016-08-08 21:00 - 2016-11-28 15:17 - 00024904 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-12-04 13:30 - 2016-11-28 15:16 - 00546096 _____ () C:\Users\ADMIN\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\ADMIN\Dropbox\Documents2\ADMIN-Documents\1440p-canvas2560x1440.ini:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\ADMIN\Dropbox\Documents2\ADMIN-Documents\96. oddíl Šipka - Pokřik (8x).docx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\ADMIN\Dropbox\Documents2\ADMIN-Documents\96. oddíl Šipka - Pokřik (8x).pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\ADMIN\Dropbox\Documents2\ADMIN-Documents\Custom Office Templates:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\ADMIN\Dropbox\Documents2\ADMIN-Documents\dp-db-rosie-chat.docx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\ADMIN\Dropbox\Documents2\ADMIN-Documents\google-mobile-report:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\ADMIN\Dropbox\Documents2\ADMIN-Documents\kap6.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\ADMIN\Dropbox\Documents2\ADMIN-Documents\makro:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\ADMIN\Dropbox\Documents2\ADMIN-Documents\OFX Presets:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\ADMIN\Dropbox\Documents2\ADMIN-Documents\reklamace-notebooku.docx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\ADMIN\Dropbox\Documents2\ADMIN-Documents\reklamace-notebooku.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\ADMIN\Dropbox\Documents2\ADMIN-Documents\rest:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\ADMIN\Dropbox\Documents2\ADMIN-Documents\SMART ART - desicion making processs.docx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\ADMIN\Dropbox\Documents2\ADMIN-Documents\Soubory aplikace Outlook:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\ADMIN\Dropbox\Documents2\ADMIN-Documents\Vlastní šablony Office:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1367650372-3115982969-2173390595-1001\...\sharepoint.com -> hxxps://cscportal-files.sharepoint.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2016-06-27 23:22 - 00001117 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1                   bandicam.com
127.0.0.1                   ssl.bandisoft.com
127.0.0.1                   activate.adobe.com
127.0.0.1                   practivate.adobe.com
127.0.0.1                   lmlicenses.wip4.adobe.com
127.0.0.1                   lm.licenses.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1367650372-3115982969-2173390595-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows Photo Viewer\Tapeta programu Windows Prohlížeč fotografií.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "KeePass.lnk"
HKLM\...\StartupApproved\Run: => "ActivManager"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [TCP Query User{DADE1DA4-6B44-4FE8-A5A9-7E7AE6F954DE}C:\pro\skypeportable\app\skype\phone\skype.exe] => C:\pro\skypeportable\app\skype\phone\skype.exe
FirewallRules: [UDP Query User{D901B5E6-09AD-4CF5-9D00-EDCB0557F446}C:\pro\skypeportable\app\skype\phone\skype.exe] => C:\pro\skypeportable\app\skype\phone\skype.exe
FirewallRules: [TCP Query User{ADE83EA8-227D-4715-B69E-F3A51C8D1559}C:\pro\utorrentportable\app\utorrent\utorrent.exe] => C:\pro\utorrentportable\app\utorrent\utorrent.exe
FirewallRules: [UDP Query User{9A7BD7BF-F680-46BE-B7ED-76B511354E74}C:\pro\utorrentportable\app\utorrent\utorrent.exe] => C:\pro\utorrentportable\app\utorrent\utorrent.exe
FirewallRules: [{F88F4AA2-F4C3-4F82-AAC3-C44A818B35D3}] => C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{5A78B17D-856F-4621-BBAD-B082A0AC14F0}] => C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{1452C519-7853-41F1-A5EE-5DA6CCA5CC67}] => C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{12A8ADA5-2408-4C46-B87D-FF65631F26F1}] => C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{EFC24BF8-ABA8-4867-B764-6B93D2349526}] => C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{DEC3219D-4857-44EE-B5F8-81763D37711A}] => C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{D5F14DA3-2265-490C-A0F8-7BAF8450DD7C}] => C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{B73A400B-97A7-4485-9864-AC8C5CAC06C2}] => C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{5369750D-AFF6-4360-9C74-55DF75540E34}] => C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{E6DACBBB-9CF4-4783-A879-A227B3BC6004}] => C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [TCP Query User{CCF3AE55-8DCB-4638-9977-862039288545}C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{9FEE31C7-F7F1-44A2-9C96-A16978A4A1B8}C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{35D0FE1C-EC22-4EB1-AE1D-810F6C69A8B7}C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{B8855942-5AF2-44A0-BD59-6CFE526003C3}C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{F9A6EFC0-ABF0-43E4-8003-5F1DEBB5E18A}C:\pro\totalcommanderportable\app\totalcommander\totalcmd.exe] => C:\pro\totalcommanderportable\app\totalcommander\totalcmd.exe
FirewallRules: [UDP Query User{12FF37BB-2BE4-45F3-9F52-5BDF42FA3AF9}C:\pro\totalcommanderportable\app\totalcommander\totalcmd.exe] => C:\pro\totalcommanderportable\app\totalcommander\totalcmd.exe
FirewallRules: [TCP Query User{B7321D6E-6B8B-4B10-BDF1-75A178A99264}C:\pro\totalcmd\totalcmd.exe] => C:\pro\totalcmd\totalcmd.exe
FirewallRules: [UDP Query User{53CA3048-ABA0-46BC-AF1D-6117F6A977AA}C:\pro\totalcmd\totalcmd.exe] => C:\pro\totalcmd\totalcmd.exe
FirewallRules: [TCP Query User{8606DFBA-B346-4CDD-AD84-FDC5E60ABB72}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{6F1DF6E5-F4F6-407D-B864-9D88608B9613}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{D005DF06-CD69-4192-8AE3-04090D93CA05}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5FBD5FD7-8947-49E5-BCA2-05A663540653}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7B309974-B352-4475-AB74-1397827DB70F}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{2D34A2AB-DD26-49A4-BBAF-B3FA02F22A25}C:\pro\firefoxportable\app\firefox\firefox.exe] => C:\pro\firefoxportable\app\firefox\firefox.exe
FirewallRules: [UDP Query User{8C76EADA-C203-423A-A224-882E86BFAF36}C:\pro\firefoxportable\app\firefox\firefox.exe] => C:\pro\firefoxportable\app\firefox\firefox.exe
FirewallRules: [TCP Query User{B4964663-630E-4F46-8E3E-DE4023C3E594}C:\pro\vlcportable\app\vlc\vlc.exe] => C:\pro\vlcportable\app\vlc\vlc.exe
FirewallRules: [UDP Query User{BD354599-C96E-4879-B605-EB81EB61FDFC}C:\pro\vlcportable\app\vlc\vlc.exe] => C:\pro\vlcportable\app\vlc\vlc.exe
FirewallRules: [{E1669B4B-E375-4D2B-A434-A887CEAE2EDA}] => C:\PRO\uTorrentPortable\App\uTorrent\uTorrent.exe
FirewallRules: [{3E0C5B47-CAA0-4C8E-86A4-B17494F100DA}] => C:\PRO\uTorrentPortable\App\uTorrent\uTorrent.exe
FirewallRules: [{166DD728-DD80-4307-A1E6-676F2D707297}] => C:\Program Files (x86)\SMART Technologies15\Education Software\Notebook.exe
FirewallRules: [{F91B4C5D-5841-4EFB-A244-BB58EA038D56}] => C:\Program Files (x86)\SMART Technologies15\Education Software\Notebook.exe
FirewallRules: [{7929F6EE-528B-48D1-ABD4-F17DF5A13514}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{FF1E2E24-6C55-4AFD-A980-C2C9BD96A8FA}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{8FA82024-3F96-449F-A72F-1BF8710EFC90}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{8B5F46D8-A214-47C7-97D8-A1F94D1880A3}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{8AD49087-34B1-40C5-9F5F-24D6CD234B0D}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{641B4F0C-7470-4631-A247-399F9868AB3C}] => C:\Program Files (x86)\Google\Chrome Remote Desktop\55.0.2883.17\remoting_host.exe
FirewallRules: [{A632C2E2-3423-478C-BCD1-16E1C89E2F68}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

22-11-2016 16:37:32 Windows Update
29-11-2016 16:37:43 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/05/2016 07:35:25 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (12/04/2016 01:41:37 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (12/01/2016 06:51:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante RiskOutOfProcessServer.exe, version : 7.0.0.0, horodatage : 0x557f0fef
Nom du module défaillant : ntdll.dll, version : 6.3.9600.18233, horodatage : 0x56bb4e1d
Code d’exception : 0xc0000005
Décalage d’erreur : 0x00040d72
ID du processus défaillant : 0x13b8
Heure de début de l’application défaillante : 0x01d24bf85badae3c
Chemin d’accès de l’application défaillante : C:\Program Files (x86)\Palisade\RISK7\RiskOutOfProcessServer.exe
Chemin d’accès du module défaillant: C:\Windows\SYSTEM32\ntdll.dll
ID de rapport : cc263697-b7ee-11e6-832a-28924a19be73
Nom complet du package défaillant : 
ID de l’application relative au package défaillant :

Error: (12/01/2016 01:35:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante RiskOutOfProcessServer.exe, version : 7.0.0.0, horodatage : 0x557f0fef
Nom du module défaillant : ntdll.dll, version : 6.3.9600.18233, horodatage : 0x56bb4e1d
Code d’exception : 0xc0000005
Décalage d’erreur : 0x00040d72
ID du processus défaillant : 0x13ec
Heure de début de l’application défaillante : 0x01d24af5cf1af532
Chemin d’accès de l’application défaillante : C:\Program Files (x86)\Palisade\RISK7\RiskOutOfProcessServer.exe
Chemin d’accès du module défaillant: C:\Windows\SYSTEM32\ntdll.dll
ID de rapport : 9cef795b-b7c2-11e6-832a-28924a19be73
Nom complet du package défaillant : 
ID de l’application relative au package défaillant :

Error: (12/01/2016 12:06:56 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (11/30/2016 11:36:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante EXCEL.EXE, version : 16.0.6965.2105, horodatage : 0x58163fb9
Nom du module défaillant : KERNELBASE.dll, version : 6.3.9600.18202, horodatage : 0x569e72bb
Code d’exception : 0xe0000003
Décalage d’erreur : 0x00015b68
ID du processus défaillant : 0x974
Heure de début de l’application défaillante : 0x01d24a56a431f8c5
Chemin d’accès de l’application défaillante : C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
Chemin d’accès du module défaillant: C:\Windows\SYSTEM32\KERNELBASE.dll
ID de rapport : e8f8aeb1-b6e8-11e6-832a-28924a19be73
Nom complet du package défaillant : 
ID de l’application relative au package défaillant :

Error: (11/30/2016 11:15:03 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (11/29/2016 12:21:23 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (11/28/2016 03:31:41 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (11/27/2016 05:43:22 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0


System errors:
=============
Error: (12/06/2016 12:21:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service Service KMSELDI s’est terminé de façon inattendue pour la 1ème fois.

Error: (12/06/2016 12:20:53 AM) (Source: BTHUSB) (EventID: 30) (User: )
Description: La carte locale ne prend pas en charge un état de contrôleur Low Energy important. Le masque d’état pris en charge requis au minimum est 0x1f7fffff ; 0x1f3fffff a été reçu. La fonctionnalité Low Energy sera désactivée.

Error: (12/06/2016 12:20:31 AM) (Source: DCOM) (EventID: 10010) (User: ENVY)
Description: Le serveur {9BA05972-F6A8-11CF-A442-00A0C90A8F39} ne s’est pas enregistré sur DCOM avant la fin du temps imparti.

Error: (12/06/2016 12:20:31 AM) (Source: DCOM) (EventID: 10010) (User: ENVY)
Description: Le serveur {9BA05972-F6A8-11CF-A442-00A0C90A8F39} ne s’est pas enregistré sur DCOM avant la fin du temps imparti.

Error: (11/22/2016 04:40:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service Service KMSELDI s’est terminé de façon inattendue pour la 1ème fois.

Error: (11/22/2016 04:40:43 PM) (Source: BTHUSB) (EventID: 30) (User: )
Description: La carte locale ne prend pas en charge un état de contrôleur Low Energy important. Le masque d’état pris en charge requis au minimum est 0x1f7fffff ; 0x1f3fffff a été reçu. La fonctionnalité Low Energy sera désactivée.

Error: (11/22/2016 04:40:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Le service Instalační služba modulů systému Windows s’est arrêté avec l’erreur : 
%%16389

Error: (11/22/2016 04:33:56 PM) (Source: BTHUSB) (EventID: 30) (User: )
Description: La carte locale ne prend pas en charge un état de contrôleur Low Energy important. Le masque d’état pris en charge requis au minimum est 0x1f7fffff ; 0x1f3fffff a été reçu. La fonctionnalité Low Energy sera désactivée.

Error: (11/22/2016 04:30:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service Service KMSELDI s’est terminé de façon inattendue pour la 1ème fois.

Error: (11/22/2016 04:30:25 PM) (Source: BTHUSB) (EventID: 30) (User: )
Description: La carte locale ne prend pas en charge un état de contrôleur Low Energy important. Le masque d’état pris en charge requis au minimum est 0x1f7fffff ; 0x1f3fffff a été reçu. La fonctionnalité Low Energy sera désactivée.


CodeIntegrity:
===================================
  Date: 2016-10-25 23:54:57.995
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-22 07:44:58.460
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-17 18:06:22.800
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-17 18:06:21.540
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-17 18:06:20.338
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-17 18:06:19.617
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-17 07:37:18.408
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-17 07:37:17.256
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-17 07:37:10.265
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-17 07:37:09.683
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 60%
Total physical RAM: 3998.35 MB
Available physical RAM: 1568.86 MB
Total Virtual: 7998.35 MB
Available Virtual: 5136.13 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:118.9 GB) (Free:18.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: BBEC312D)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=118.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================