Pomalý PC

[AndySue]

Pomalý start PC, pomalé načítání programů. WIN 7, hybridní disk HD+SSD, po ruční reinstalaci systému, pomalé otvírání sdílených složek v síti (přes 10 sekund).

Log z RSIT:


info.txt logfile of random's system information tool 1.10 2018-02-17 09:14:29

======MBR======

0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F850E0183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731CFE4E11750C807E00800F848A00B280EB845532E48A5600CD135DEB9E813EFE7D55AA756EFF7600E88D007517FAB0D1E664E88300B0DFE660E87C00B0FFE664E87500FBB800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C007409BB0700B40ECD10EBF2F4EBFD2BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000637B9A7D829901000000010100DE033F043F000000863901008019150507FEFFFF004001000050780100FEFFFF07FEFFFF0090790100C0F6720000000000000000000000000000000055AA

======Uninstall list======

. . .-->MsiExec.exe /I{DB52A2D0-CAA1-4ED1-B122-29E7EDDE187F}
. . .-->MsiExec.exe /X{06DA421D-EE23-487D-878F-F0AF97EF69AD}
64 Bit HP CIO Components Installer-->MsiExec.exe /I{0EBC740B-4363-489B-8C27-98CE0740BA19}
Adobe Acrobat Reader DC - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AC0F074E4100}
Adobe Flash Player 24 NPAPI-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_Plugin.exe -maintain plugin
Adobe Refresh Manager-->MsiExec.exe /I{AC76BA86-0804-1033-1959-001824261196}
Aplikace Intel® PROSet/Wireless-->"C:\ProgramData\Package Cache\{544ecb18-5d76-44bb-ac33-8d06719e39e7}\Setup.exe" /uninstall
Apple Mobile Device Support-->MsiExec.exe /I{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}
Apple Software Update-->MsiExec.exe /I{19589375-5C58-4AFA-842F-8B34744CCEAD}
Arduino-->"C:\Program Files (x86)\Arduino\uninstall.exe"
Avast Free Antivirus-->C:\Program Files\AVAST Software\Avast\Setup\Instup.exe /control_panel
Balíček ovladače systému Windows - FTDI CDM Driver Package - Bus/D2XX Driver (07/10/2015 2.12.06)-->C:\PROGRA~1\DIFX\C6AA632BE39BEA04\dpinst-amd64.exe /u C:\Windows\System32\DriverStore\FileRepository\ftdibus.inf_amd64_neutral_b81cf3639a0cfb75\ftdibus.inf
Balíček ovladače systému Windows - FTDI CDM Driver Package - VCP Driver (07/10/2015 2.12.06)-->C:\PROGRA~1\DIFX\C6AA632BE39BEA04\dpinst-amd64.exe /u C:\Windows\System32\DriverStore\FileRepository\ftdiport.inf_amd64_neutral_8922a19b275a3879\ftdiport.inf
Bonjour-->MsiExec.exe /X{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}
Canon LBP2900-->C:\Program Files\Canon\PrnUninstall\Canon LBP2900\CNAB4UND.EXE
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CompuGroup Medical - (PC DOKTOR / PC DENT)-->MsiExec.exe /X{81F07A4F-A47E-4E0F-A75D-D24BD09BB2D8}
CompuGroup Medical - CGM SERVER-->MsiExec.exe /X{8FE2C676-72E8-4024-9066-710FE32112E8}
CompuGroup Medical - Ecommunication-->MsiExec.exe /X{3850A53F-8A0E-45E1-9F11-D801237D3694}
CompuGroup Medical - Kniha objednávek-->MsiExec.exe /X{CF314AF7-682B-4C77-B164-6FB0080D2726}
CompuGroup Medical - MEDICAL NET-->MsiExec.exe /X{0726B7A2-A8F4-4BE1-A086-A93E9A5BA5BC}
ContiTech Suite 7.4-->"C:\Program Files (x86)\ContiTech Suite\uninst\unins000.exe"
Dassault Systemes Software VC11 Prerequisites x86-x64-->MsiExec.exe /X{C857169D-3F1A-4530-99A0-CAE966CE267E}
Dell SupportAssist-->C:\Program Files\Dell\SupportAssist\uninstaller.exe /arp
Dell SupportAssistAgent-->MsiExec.exe /X{8D7B279C-A661-465C-9658-F62FBD6A6B91}
Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Dell Update-->MsiExec.exe /I{632610E3-5B12-403C-9C93-EF533ED1C113}
Edgecam 2016 R2-->"C:\Program Files\Vero Software\Edgecam 2016 R2\unins000.exe"
Edgecam CADLinks 2016 R2-->"C:\Program Files\Common Files\Vero Software\2016.20\Edgecam CADLinks\unins000.exe"
Edgecam Live Job Reports 2016 R2-->"C:\Program Files\Vero Software\Edgecam Live Job Reports 2016 R2\unins000.exe"
eDrawings 2017 x64-->MsiExec.exe /I{F36E59AF-DC22-43D9-A469-93A6267D6BAA}
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.167\Installer\setup.exe" --uninstall --system-level --verbose-logging
Google Update Helper-->MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HSMWorks x64 2016 R2.40513-->"C:\Program Files\HSMWorks\unins000.exe"
iCloud-->MsiExec.exe /I{694E3E02-E14A-4BB2-A970-CF7F017FD5CC}
IDT Audio-->"C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -remove -removeonly
Intel DnX USB Driver version 1.0.0-->"C:\Program Files\Intel\xFSTK\DnXUSBDriver\unins000.exe"
Intel Edison Device USB driver-->C:\Program Files (x86)\Intel Edison Device USB driver\uninst.exe
Intel(R) Management Engine Components-->C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall
Intel(R) OpenCL CPU Runtime-->C:\Program Files (x86)\Intel\OpenCL SDK\1.5\Uninstall\setup.exe -uninstall
Intel(R) Processor Graphics-->C:\Program Files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe -uninstall
Intel(R) Rapid Start Technology-->C:\Program Files (x86)\Intel\irstrt\Uninstall\setup.exe -uninstall
Intel(R) Rapid Storage Technology-->"C:\ProgramData\Intel\Package Cache\{409CB30E-E457-4008-9B1A-ED1B9EA21140}\Setup.exe" -uninstall
Intel(R) Rapid Storage Technology-->MsiExec.exe /I{96714280-14E6-4DF7-BACD-F797C0F17C3D}
Intel(R) USB 3.0 eXtensible Host Controller Driver-->C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Uninstall\setup.exe -uninstall
Intel® Driver Update Utility-->"C:\ProgramData\Package Cache\{fe2eebd3-ee15-4538-bb19-b627e3f2a911}\Intel Driver Update Utility Installer.exe" /uninstall
Intel® PROSet/Wireless WiFi Software-->MsiExec.exe /I{11BD5062-5227-4A48-91AF-904B1802EEA8}
Intel® Trusted Connect Service Client-->MsiExec.exe /I{538B98C3-773F-4F20-9C66-802D104DCBE2}
IrfanView 64 (remove only)-->"C:\Program Files\IrfanView\iv_uninstall.exe"
iTunes-->MsiExec.exe /I{81C96689-EA5B-4B7D-A04F-16326EC51BC2}
LibreOffice 5.2 Help Pack (Czech)-->MsiExec.exe /I{828D5C85-F3A0-48D2-9B34-3D8A4422D8EA}
LibreOffice 5.2.1.2-->MsiExec.exe /I{30566BDB-4658-461F-AF23-09CF7E2BC1D1}
Microsoft .NET Framework 4.5.2-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\\Setup.exe /repair /x86 /x64
Microsoft .NET Framework 4.5.2-->MsiExec.exe /X{26784146-6E05-3FF9-9335-786C7C0FB5BE}
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90120000-00A4-0409-0000-0000000FF1CE}
Microsoft Report Viewer 2012 Runtime-->MsiExec.exe /I{C58378BC-0B7B-474E-855C-9D02E5E75D71}
Microsoft SQL Server 2012 Native Client -->MsiExec.exe /I{49D665A2-4C2A-476E-9AB8-FCC425F526FC}
Microsoft SQL Server 2014 Express LocalDB -->MsiExec.exe /I{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}
Microsoft System CLR Types for SQL Server 2012 (x64)-->MsiExec.exe /I{F1949145-EB64-4DE7-9D81-E6D27937146C}
Microsoft Visual Basic for Applications 7.1 (x64) English-->MsiExec.exe /I{90F60409-7000-11D3-8CFE-0150048383C9}
Microsoft Visual Basic for Applications 7.1 (x64)-->MsiExec.exe /I{90120064-0070-0000-0000-4000000FF1CE}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030-->"C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe" /uninstall
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030-->"C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe" /uninstall
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030-->MsiExec.exe /X{37B8F9C7-03FB-3253-8781-2517C99D7C00}
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030-->MsiExec.exe /X{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030-->MsiExec.exe /X{B175520C-86A2-35A7-8619-86DC379688B9}
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030-->MsiExec.exe /X{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501-->"C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe" /uninstall
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005-->"C:\ProgramData\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe" /uninstall
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005-->MsiExec.exe /X{929FBD26-9020-399B-9A7A-751D61F0B942}
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005-->MsiExec.exe /X{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005-->MsiExec.exe /X{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005-->MsiExec.exe /X{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215-->"C:\ProgramData\Package Cache\{e2803110-78b3-4664-a479-3611a381656a}\VC_redist.x86.exe" /uninstall
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215-->MsiExec.exe /X{69BCE4AC-9572-3271-A2FB-9423BDA36A43}
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215-->MsiExec.exe /X{BBF2AC74-720C-3CB3-8291-5E34039232FA}
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU-->C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU\install.exe
Microsoft Visual Studio 2005 Tools for Applications - ENU-->MsiExec.exe /X{D481EA96-2313-4A7C-98EE-710D1AF884AC}
Microsoft Visual Studio 2005 Tools for Applications - ENU-->MsiExec.exe /X{D481EA96-2313-4A7C-98EE-710D1AF884AC}
Monitor technologie Intel(R) Turbo Boost 2.0-->MsiExec.exe /X{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}
Mozilla Firefox 58.0.2 (x64 cs)-->"C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
Mozilla Thunderbird 45.8.0 (x86 cs)-->C:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe
NVIDIA Ovladače grafiky 331.65-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{57C70748-89B5-4CEC-9AD0-90970BFB2E0B}\NVI2.DLL",UninstallPackage Display.Driver
Part Modeler 2016 R2-->"C:\Program Files (x86)\Vero Software\Part Modeler 2016 R2\unins000.exe"
Podpora aplikací Apple (32bitová)-->MsiExec.exe /I{D4C80B0C-CF67-43A7-90C3-466853543B54}
Podpora aplikací Apple (64bitová)-->MsiExec.exe /I{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}
PrimoPDF -- brought to you by Nitro PDF Software-->"C:\Program Files (x86)\Nitro PDF\PrimoPDF\uninstaller.exe"
Quickset64-->MsiExec.exe /I{87CF757E-C1F1-4D22-865C-00C6950B5258}
Realtek Ethernet Controller Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Realtek USB 2.0 Reader Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{62BBB2F0-E220-4821-A564-730807D2C34D}\setup.exe" -runfromtemp -removeonly
SafeZone Stable 4.58.2552.909-->"C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" /uninstall
Sentinel System Driver Installer 7.5.8-->MsiExec.exe /I{75BC36E7-AC24-4F35-8AE0-B5885F887744}
Skype™ 7.40-->MsiExec.exe /X{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}
Solidlink 2016.30-->"C:\Program Files\Common Files\Vero Software\2016.30\Solidlink\unins001.exe"
SOLIDWORKS 2015 x64 Czech Resources-->MsiExec.exe /X{ACB7E95C-794E-4009-9B54-0C094F661EAB}
SOLIDWORKS 2015 x64 Edition SP05-->"C:\Windows\SolidWorks\IM_20150-40500-1100-100 (3)\sldim\sldIM.exe" /remove "C:\Windows\SolidWorks\IM_20150-40500-1100-100 (3)\sldim\sldIM_installed.xml"
SOLIDWORKS 2015 x64 Edition SP05-->MsiExec.exe /X{F8093877-4F2C-40ED-9BA7-2F9F48F5176F}
SOLIDWORKS 2016 x64 Czech Resources-->MsiExec.exe /X{BD37B53B-592C-41B4-BECA-D156E3D0B058}
SOLIDWORKS 2016 x64 Edition SP04-->"C:\Windows\SolidWorks\IM_20160-40400-1100-100\sldim\sldIM.exe" /remove "C:\Windows\SolidWorks\IM_20160-40400-1100-100\sldim\sldIM_installed.xml"
SOLIDWORKS 2016 x64 Edition SP04-->MsiExec.exe /X{768F3B65-1695-47B7-9002-B11400CB111D}
SOLIDWORKS Composer Player 2016 SP04 x64 Edition-->MsiExec.exe /I{8537E059-C18B-4DE6-AED6-CD9B90240C35}
SOLIDWORKS eDrawings 2016 x64 Edition SP04-->MsiExec.exe /I{B3DDA3FF-C213-42EA-808B-274C1E88EABD}
SOLIDWORKS Explorer 2015 SP05 x64 Edition-->MsiExec.exe /I{EACE15FF-59ED-4CBE-B1EB-616F4908745F}
SOLIDWORKS Explorer 2016 SP04 x64 Edition-->MsiExec.exe /I{41E08694-1890-4B39-9D1C-B9D27A1D67B3}
Total Commander 64-bit (Remove or Repair)-->C:\Program Files\totalcmd\tcunin64.exe
Vero Software CLS 2016.10-->MsiExec.exe /X{1CE6F900-3AEE-4096-A75E-26B20051485A}
WinRAR 5.40 (64-bit)-->C:\Program Files\WinRAR\uninstall.exe
WPTx64-->MsiExec.exe /I{0B2C58EB-67A2-225B-60B2-D1990E55DD33}

======System event log======

Computer Name: SUCODell2-NTB
Event Code: 7036
Message: Stav služby Načítání obrázků (WIA) byl změněn na: Spuštěno
Record Number: 10852
Source Name: Service Control Manager
Time Written: 20161017075217.003829-000
Event Type: Informace
User:

Computer Name: SUCODell2-NTB
Event Code: 7036
Message: Stav služby Podpora rozhraní NetBIOS nad protokolem TCP/IP byl změněn na: Zastaveno
Record Number: 10851
Source Name: Service Control Manager
Time Written: 20161017075216.917824-000
Event Type: Informace
User:

Computer Name: SUCODell2-NTB
Event Code: 7042
Message: Službě Podpora rozhraní NetBIOS nad protokolem TCP/IP byl úspěšně odeslán ovládací prvek Zastaveno.

Byl zadán důvod: 0x40030011 [Operační systém: Připojení k síti (Plánováno)]

Komentář: Žádné
Record Number: 10850
Source Name: Service Control Manager
Time Written: 20161017075216.916824-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: SUCODell2-NTB
Event Code: 7036
Message: Stav služby Podpora rozhraní NetBIOS nad protokolem TCP/IP byl změněn na: Spuštěno
Record Number: 10849
Source Name: Service Control Manager
Time Written: 20161017075216.123779-000
Event Type: Informace
User:

Computer Name: SUCODell2-NTB
Event Code: 1014
Message: Překlad názvu isatap.RT-G32 nebyl v požadované době dokončen. Žádný z nakonfigurovaných serverů DNS neodpověděl.
Record Number: 10848
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20161017075209.530402-000
Event Type: Upozornění
User: NT AUTHORITY\NETWORK SERVICE

=====Application event log=====

Computer Name: SUCODell2-NTB
Event Code: 100
Message: C:\PROGRA~2\EASYPH~1.1VC\binaries\mysql\bin\eds-mysqld.exe: Normal shutdown


For more information, see Help and Support Center at http://www.mysql.com.
Record Number: 5695
Source Name: MySQL
Time Written: 20161019182102.000000-000
Event Type: Informace
User:

Computer Name: SUCODell2-NTB
Event Code: 4101
Message: Selhalo načtení automatické aktualizace kořenového certifikátu jiného výrobce z: <http://www.download.windowsupdate.com/m ... 6976AD.crt>. Došlo k chybě Daná operace se vrátila, protože vypršel časový limit.
.
Record Number: 5694
Source Name: Microsoft-Windows-CAPI2
Time Written: 20161019181720.761525-000
Event Type: Chyba
User:

Computer Name: SUCODell2-NTB
Event Code: 4101
Message: Selhalo načtení automatické aktualizace kořenového certifikátu jiného výrobce z: <http://www.download.windowsupdate.com/m ... 6976AD.crt>. Došlo k chybě Daná operace se vrátila, protože vypršel časový limit.
.
Record Number: 5693
Source Name: Microsoft-Windows-CAPI2
Time Written: 20161019181719.321443-000
Event Type: Chyba
User:

Computer Name: SUCODell2-NTB
Event Code: 4101
Message: Selhalo načtení automatické aktualizace kořenového certifikátu jiného výrobce z: <http://www.download.windowsupdate.com/m ... 6976AD.crt>. Došlo k chybě Daná operace se vrátila, protože vypršel časový limit.
.
Record Number: 5692
Source Name: Microsoft-Windows-CAPI2
Time Written: 20161019180921.621786-000
Event Type: Chyba
User:

Computer Name: SUCODell2-NTB
Event Code: 4101
Message: Selhalo načtení automatické aktualizace kořenového certifikátu jiného výrobce z: <http://www.download.windowsupdate.com/m ... 6976AD.crt>. Došlo k chybě Daná operace se vrátila, protože vypršel časový limit.
.
Record Number: 5691
Source Name: Microsoft-Windows-CAPI2
Time Written: 20161019180921.620786-000
Event Type: Chyba
User:

=====Security event log=====

Computer Name: SUCODell2-NTB
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 1793
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20160908115542.092724-000
Event Type: Úspěšný audit
User:

Computer Name: SUCODell2-NTB
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SUCODELL2-NTB$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Typ přihlášení: 5

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x2dc
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 1792
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20160908115542.092724-000
Event Type: Úspěšný audit
User:

Computer Name: SUCODell2-NTB
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 1791
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20160908115511.977001-000
Event Type: Úspěšný audit
User:

Computer Name: SUCODell2-NTB
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SUCODELL2-NTB$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Typ přihlášení: 5

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x2dc
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 1790
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20160908115511.977001-000
Event Type: Úspěšný audit
User:

Computer Name: SUCODell2-NTB
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 1789
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20160908115441.861279-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\EasyPHP-DevServer-14.1VC11\binaries\php\php_runningversion;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\1.5\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\1.5\bin\x64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=8
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=3a09
"windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log
"windows_tracing_flags"=3
"asl.log"=Destination=file

-----------------EOF-----------------

[AndySue]

FRST log + addition.txt přiložen:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12.02.2018
Ran by SUCODell2 (administrator) on SUCODELL2-NTB (17-02-2018 09:43:44)
Running from C:\Users\SUCODell2\Desktop
Loaded Profiles: SUCODell2 & UpdatusUser (Available Profiles: SUCODell2 & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(EasyPHP) C:\Program Files (x86)\EasyPHP-DevServer-14.1VC11\EasyPHP-DevServer-14.1VC11.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Petr Laštovička) C:\Program Files\hotkeyp\HotkeyP.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Vero Software Limited) C:\Program Files (x86)\Common Files\Vero Software\2016.10\CLS\cls.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\EasyPHP-DevServer-14.1VC11\binaries\mysql\bin\eds-mysqld.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Vero Software) C:\Program Files\Vero Software\Edgecam Live Job Reports 2016 R2\JobReports.WindowService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Flexera Software LLC) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
(Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(HCS GmbH) C:\CGMSERVER\bin\medical-net\MedConnect.ServiceManager\HCS.MedConnect.ServiceManager.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(CANON INC.) C:\Windows\System32\CNAB4RPD.EXE
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Vero Software) C:\Program Files\Vero Software\Edgecam Live Job Reports 2016 R2\JobReports.Manager.exe
(Microsoft) C:\CGMSERVER\bin\ebooking-1\cgm.ebooking-1.exe
(CompuGroup Medical Česká republika s.r.o.) C:\CGMSERVER\bin\ecommunication-1\cgm.ecommunication-1.exe
(CGM) C:\CGMSERVER\bin\core\cgm.servercore.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Oracle Corporation) C:\CGMSERVER\jre\bin\java.exe
(PostgreSQL Global Development Group) C:\CGMSERVER\bin\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\CGMSERVER\bin\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\CGMSERVER\bin\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\CGMSERVER\bin\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\CGMSERVER\bin\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\CGMSERVER\bin\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\CGMSERVER\bin\pgsql\bin\postgres.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(PostgreSQL Global Development Group) C:\CGMSERVER\bin\pgsql\bin\postgres.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Apache Software Foundation) C:\Program Files (x86)\EasyPHP-DevServer-14.1VC11\binaries\apache\bin\eds-httpd.exe
(Apache Software Foundation) C:\Program Files (x86)\EasyPHP-DevServer-14.1VC11\binaries\apache\bin\eds-httpd.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\nvapiw.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Ghisler Software GmbH) C:\Program Files\totalcmd\TOTALCMD64.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Jan Fiala) C:\Program Files (x86)\PSPad editor\PSPad.exe
(forum.viry.cz) C:\Users\SUCODell2\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [626552 2012-01-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-01-17] (IDT, Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [4367008 2012-01-08] (Dell Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2018-01-05] (AVAST Software)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3122203273-1665005067-2304910959-1000\...\Run: [EasyPHP] => C:\Program Files (x86)\EasyPHP-DevServer-14.1VC11\EasyPHP-DevServer-14.1VC11.exe [279552 2014-01-09] (EasyPHP)
HKU\S-1-5-21-3122203273-1665005067-2304910959-1000\...\Run: [HotkeyP] => C:\Program Files\hotkeyp\HotkeyP.exe [147456 2012-11-20] (Petr Laštovička)
HKU\S-1-5-21-3122203273-1665005067-2304910959-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-3122203273-1665005067-2304910959-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10257872 2018-01-09] (Piriform Ltd)
HKU\S-1-5-21-3122203273-1665005067-2304910959-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-10-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-10-23] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP2900 Status Window.lnk [2016-11-09]
ShortcutTarget: Canon LBP2900 Status Window.lnk -> C:\Windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE (CANON INC.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CLS 2016.10.lnk [2017-04-19]
ShortcutTarget: CLS 2016.10.lnk -> C:\Program Files (x86)\Common Files\Vero Software\2016.10\CLS\cls.exe (Vero Software Limited)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DB95013D-DAAF-43F5-A44B-C648ED00D3C6}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E8D6F910-A93D-4092-82CC-2C42A839EBF9}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3122203273-1665005067-2304910959-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://docs.google.com/document/d/1jm-JotoSccDNBHh9GeJ4pgndJjv6J21N7lr6JV5hhKE/edit
HKU\S-1-5-21-3122203273-1665005067-2304910959-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3122203273-1665005067-2304910959-1000 -> DefaultScope {3041C8EE-81C0-4166-906C-C6F989F4B1C7} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?}
SearchScopes: HKU\S-1-5-21-3122203273-1665005067-2304910959-1000 -> {3041C8EE-81C0-4166-906C-C6F989F4B1C7} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?}
SearchScopes: HKU\S-1-5-21-3122203273-1665005067-2304910959-1000 -> {E19B6DC4-C607-4A7A-84B8-8A2C487D5C2D} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-11-20] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-11-20] (AVAST Software)
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/CZ/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\SUCODell2\AppData\Roaming\Mozilla\Firefox\Profiles\iQsF42px.default [2018-02-17]
FF Homepage: Mozilla\Firefox\Profiles\iQsF42px.default -> www.seznam.cz
FF Session Restore: Mozilla\Firefox\Profiles\iQsF42px.default -> is enabled.
FF Extension: (20-20 3D Viewer - IKEA) - C:\Users\SUCODell2\AppData\Roaming\Mozilla\Firefox\Profiles\iQsF42px.default\Extensions\2020Player_IKEA@2020Technologies.com [2016-10-16] [Legacy]
FF Extension: (Avira Browser Safety) - C:\Users\SUCODell2\AppData\Roaming\Mozilla\Firefox\Profiles\iQsF42px.default\Extensions\abs@avira.com.xpi [2017-12-29]
FF Extension: (Český slovník pro kontrolu pravopisu) - C:\Users\SUCODell2\AppData\Roaming\Mozilla\Firefox\Profiles\iQsF42px.default\Extensions\cs@dictionaries.addons.mozilla.org [2016-09-07] [Legacy]
FF Extension: (Lazarus: Form Recovery) - C:\Users\SUCODell2\AppData\Roaming\Mozilla\Firefox\Profiles\iQsF42px.default\Extensions\lazarus@interclue.com.xpi [2016-04-28] [Legacy]
FF Extension: (Avast SafePrice) - C:\Users\SUCODell2\AppData\Roaming\Mozilla\Firefox\Profiles\iQsF42px.default\Extensions\sp@avast.com.xpi [2017-12-29]
FF Extension: (Avast Online Security) - C:\Users\SUCODell2\AppData\Roaming\Mozilla\Firefox\Profiles\iQsF42px.default\Extensions\wrc@avast.com.xpi [2017-10-29]
FF Extension: (Block site) - C:\Users\SUCODell2\AppData\Roaming\Mozilla\Firefox\Profiles\iQsF42px.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi [2017-12-29]
FF Extension: (Seznam pro Firefox - Email) - C:\Users\SUCODell2\AppData\Roaming\Mozilla\Firefox\Profiles\iQsF42px.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}.xpi [2017-10-29]
FF SearchPlugin: C:\Users\SUCODell2\AppData\Roaming\Mozilla\Firefox\Profiles\iQsF42px.default\searchplugins\bing-.xml [2016-05-13]
FF Plugin: 3ds.com/ComposerPlayerWebPlugin_x86_64 -> C:\PROGRA~1\SOLIDW~2\SOLIDW~3\Bin\NPCOMP~1.DLL [2016-07-14] (Dassault Systemes)
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-02-04] ()
FF Plugin-x32: 3ds.com/ComposerPlayerWebPlugin -> C:\PROGRA~1\SOLIDW~2\SOLIDW~3\Bin\x86\NPCOMP~1.DLL [2016-07-14] (Dassault Systemes)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-02-04] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR DefaultSearchURL: Default -> hxxps://search.avira.com/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Avira
CHR DefaultSuggestURL: Default -> hxxps://search.avira.com/suggestions?q={searchTerms}&li=ff&hl=en
CHR Profile: C:\Users\SUCODell2\AppData\Local\Google\Chrome\User Data\Default [2018-02-11]
CHR Extension: (Prezentace) - C:\Users\SUCODell2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-30]
CHR Extension: (Dokumenty) - C:\Users\SUCODell2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-30]
CHR Extension: (Disk Google) - C:\Users\SUCODell2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-21]
CHR Extension: (YouTube) - C:\Users\SUCODell2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-21]
CHR Extension: (Avast SafePrice) - C:\Users\SUCODell2\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-10-24]
CHR Extension: (Tabulky) - C:\Users\SUCODell2\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-30]
CHR Extension: (Avira Browser Safety) - C:\Users\SUCODell2\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-03-21]
CHR Extension: (Dokumenty Google offline) - C:\Users\SUCODell2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-21]
CHR Extension: (Avast Online Security) - C:\Users\SUCODell2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-01-30]
CHR Extension: (Avira SafeSearch Plus) - C:\Users\SUCODell2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2018-01-30]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\SUCODell2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-30]
CHR Extension: (Gmail) - C:\Users\SUCODell2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-21]
CHR Extension: (Chrome Media Router) - C:\Users\SUCODell2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-30]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2018-01-05] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2018-01-05] (AVAST Software)
R2 cgm.ebooking-1; C:\CGMSERVER\bin\ebooking-1\cgm.ebooking-1.exe [32864 2016-10-20] (Microsoft) [File not signed]
R2 cgm.ecommunication-1; C:\CGMSERVER\bin\ecommunication-1\cgm.ecommunication-1.exe [52320 2016-09-15] (CompuGroup Medical Česká republika s.r.o.) [File not signed]
R2 cgm.servercore; C:\CGMSERVER\bin\core\cgm.servercore.exe [54536 2016-04-20] (CGM)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208792 2017-12-14] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294608 2017-12-14] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217488 2017-12-14] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [232320 2017-11-21] (Dell Inc.)
R2 Edgecam Live Job Reports 2016 R2; C:\Program Files\Vero Software\Edgecam Live Job Reports 2016 R2\JobReports.WindowService.exe [30720 2016-04-26] (Vero Software) [File not signed]
S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
S3 HCS.MedConnect.Service; C:\CGMSERVER\bin\medical-net\MedConnect\HCS.MedConnect.Service.exe [48528 2015-02-11] (HCS GmbH) [File not signed]
R2 HCS.MEDCONNECT.SERVICEMANAGER; C:\CGMSERVER\bin\medical-net\MedConnect.ServiceManager\HCS.MedConnect.ServiceManager.exe [87952 2015-02-11] (HCS GmbH) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193536 2011-12-22] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-01-20] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-08-04] ()
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2014-11-17] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2014-11-17] (Hewlett-Packard) [File not signed]
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2016-09-09] (SolidWorks) [File not signed]
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [41432 2017-12-22] (Dell Inc.)
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-08-04] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [185096 2018-01-05] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321512 2018-01-05] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199448 2018-01-05] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343768 2018-01-05] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57696 2018-01-05] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [149344 2018-01-05] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2018-01-05] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-09-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146648 2018-01-11] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110336 2018-01-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84384 2018-01-05] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1025176 2018-01-05] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [457896 2018-01-11] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [204456 2018-01-05] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [358672 2018-01-05] (AVAST Software)
S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141624 2014-10-28] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1448248 2014-11-26] (Motorola Solutions, Inc.)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [41608 2017-12-14] (Dell Inc.)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [41208 2017-12-14] (Dell Computer Corporation)
S3 FTSER2K; C:\Windows\System32\drivers\ftser2k.sys [88752 2016-10-04] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-30] (Intel Corporation)
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2011-12-22] (Intel Corporation)
R3 isocusb; C:\Windows\System32\drivers\isocusb.sys [268288 2014-07-21] (Jungo Connectivity)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11534096 2015-05-04] (Intel Corporation)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [63568 2012-12-11] (SafeNet, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-17 09:43 - 2018-02-17 09:44 - 000024546 _____ C:\Users\SUCODell2\Desktop\FRST.txt
2018-02-17 09:41 - 2018-02-17 09:43 - 000000000 ____D C:\FRST
2018-02-17 09:15 - 2018-02-17 09:15 - 002405376 _____ (Farbar) C:\Users\SUCODell2\Desktop\FRST64.exe
2018-02-17 09:14 - 2018-02-17 09:14 - 000000000 ____D C:\rsit
2018-02-17 09:14 - 2018-02-17 09:14 - 000000000 ____D C:\Program Files\trend micro
2018-02-17 09:12 - 2018-02-17 09:12 - 001222144 _____ C:\Users\SUCODell2\Desktop\RSITx64.exe
2018-02-17 09:10 - 2018-02-17 09:10 - 000000000 ____D C:\Users\SUCODell2\Desktop\Viry.cz a odvirování
2018-02-17 08:51 - 2018-02-17 09:10 - 000112640 _____ (forum.viry.cz) C:\Users\SUCODell2\Desktop\FRSTLauncher.exe
2018-02-17 08:43 - 2018-02-17 08:43 - 000000000 ____D C:\Users\SUCODell2\AppData\LocalLow\PCDr
2018-02-16 19:40 - 2018-02-16 19:40 - 000000000 ____D C:\Users\SUCODell2\Desktop\16309024 Suchomel Plasty MiA5 All
2018-02-16 19:39 - 2018-02-16 19:39 - 001315363 _____ C:\Users\SUCODell2\Desktop\16309024 Suchomel Plasty MiA5 All.zip
2018-02-16 19:38 - 2018-02-16 19:38 - 000413926 _____ C:\Users\SUCODell2\Desktop\16309024 Suchomel Plasty MiA5 All.pdf
2018-02-16 19:27 - 2018-02-16 19:27 - 000000000 ____D C:\ProgramData\SWCUTemp
2018-02-16 09:58 - 2018-02-16 09:58 - 000001810 _____ C:\Users\SUCODell2\Desktop\HP-Z240-PS.lnk
2018-02-11 11:55 - 2018-02-16 19:05 - 000000000 ___RD C:\Users\SUCODell2\iCloudDrive
2018-02-11 11:55 - 2018-02-11 11:55 - 000003872 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-02-11 11:55 - 2018-02-11 11:55 - 000002808 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-02-11 11:55 - 2018-02-11 11:55 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-02-11 11:55 - 2018-02-11 11:55 - 000000000 ____D C:\Users\SUCODell2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud
2018-02-11 11:55 - 2018-02-11 11:55 - 000000000 ____D C:\Users\SUCODell2\AppData\Local\Apple Inc
2018-02-11 11:55 - 2018-02-11 11:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-02-11 11:55 - 2018-02-11 11:55 - 000000000 ____D C:\Program Files\CCleaner
2018-02-11 11:40 - 2018-02-11 11:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2018-02-11 11:40 - 2018-02-11 11:40 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2018-02-11 11:33 - 2018-02-11 11:34 - 155166520 _____ (Apple Inc.) C:\Users\SUCODell2\Downloads\iCloudSetup.exe
2018-02-07 07:56 - 2018-02-07 07:56 - 000010446 _____ C:\Users\SUCODell2\Desktop\Pracovní výkaz HPP Petr Sejk za Leden 2018.xlsx
2018-01-20 13:06 - 2018-01-20 13:06 - 000000000 ____D C:\Users\SUCODell2\Documents\4. Hodkovičky

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-17 09:06 - 2016-11-19 16:39 - 000000000 ____D C:\Users\SUCODell2\AppData\LocalLow\Mozilla
2018-02-17 09:04 - 2016-09-12 07:58 - 000000000 ____D C:\Users\SUCODell2\AppData\Roaming\Skype
2018-02-17 09:04 - 2016-09-07 20:49 - 000000000 ____D C:\ProgramData\PCDr
2018-02-17 08:53 - 2016-09-07 18:31 - 000000000 ____D C:\Users\SUCODell2\Documents\www
2018-02-17 08:45 - 2016-09-07 20:49 - 000003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2018-02-17 08:42 - 2016-09-22 09:56 - 000007641 _____ C:\Users\SUCODell2\AppData\Local\Resmon.ResmonCfg
2018-02-16 19:38 - 2009-07-14 05:45 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-16 19:38 - 2009-07-14 05:45 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-16 19:34 - 2016-09-07 16:27 - 000003338 _____ C:\Windows\System32\Tasks\Intel® Rapid Start Technology Manager
2018-02-16 19:24 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-16 19:23 - 2016-09-07 17:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-16 19:11 - 2016-11-18 18:24 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-02-16 16:25 - 2016-09-09 14:53 - 000000000 ____D C:\Users\SUCODell2\AppData\Local\TempAdresářZálohySW
2018-02-14 11:31 - 2016-09-07 20:09 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-02-14 11:30 - 2016-09-07 20:09 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-14 08:01 - 2017-03-21 12:48 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-11 19:12 - 2016-09-08 01:49 - 000669414 _____ C:\Windows\system32\perfh005.dat
2018-02-11 19:12 - 2016-09-08 01:49 - 000141540 _____ C:\Windows\system32\perfc005.dat
2018-02-11 19:12 - 2009-07-14 06:13 - 001585684 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-11 19:12 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-02-11 12:21 - 2016-11-15 14:03 - 000000000 ___DC C:\Users\SUCODell2\AppData\Local\MigWiz
2018-02-11 12:21 - 2016-09-18 10:50 - 000000000 ____D C:\Windows\Minidump
2018-02-11 12:21 - 2016-09-08 01:51 - 000000000 ____D C:\Windows\Panther
2018-02-11 11:59 - 2016-10-22 20:32 - 000000000 ____D C:\Users\SUCODell2\AppData\Roaming\Apple Computer
2018-02-11 11:55 - 2016-09-07 15:54 - 000000000 ____D C:\Users\SUCODell2
2018-02-11 11:54 - 2016-09-07 20:43 - 000000000 ____D C:\Users\SUCODell2\Documents\INSTALL
2018-02-11 11:52 - 2016-10-22 20:32 - 000000000 ____D C:\Users\SUCODell2\AppData\Local\Apple Computer
2018-02-11 11:40 - 2016-10-22 20:31 - 000002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2018-02-11 11:40 - 2016-10-22 20:30 - 000000000 ____D C:\Program Files\Common Files\Apple
2018-02-11 10:46 - 2018-01-07 11:41 - 000000000 ____D C:\Users\SUCODell2\Documents\3. Telefony
2018-02-01 08:17 - 2017-03-18 18:47 - 000004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update

==================== Files in the root of some directories =======

2017-04-15 21:18 - 2017-04-15 21:37 - 000006656 _____ () C:\Users\SUCODell2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-09-22 09:56 - 2018-02-17 08:42 - 000007641 _____ () C:\Users\SUCODell2\AppData\Local\Resmon.ResmonCfg
2016-09-30 09:13 - 2016-10-29 19:32 - 000000000 _____ () C:\Users\SUCODell2\AppData\Local\Temptable.xml
2016-09-07 16:22 - 2016-09-07 16:23 - 000002205 _____ () C:\Users\SUCODell2\AppData\Local\WiDiSetupLog.20160907.172239.txt

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\SUCODell2\Desktop" je 1745 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate
"C:\Users\SUCODell2\AppData\Roaming\Seznam.cz\szninstall.exe" -c [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop
"C:\Users\SUCODell2\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCloudDrive
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCloudPhotos
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCloudServices
"C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
"C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce
"C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

[AndySue]

# AdwCleaner 7.0.8.0 - Logfile created on Sat Feb 17 11:26:03 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 7 Home Premium (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\MimarSinan


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

Plugin deleted: Avira SafeSearch Plus -


*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [1142 B] - [2018/2/17 11:21:50]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

[Rudy]

Dejte nový log FRST.

[AndySue]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.02.2018
Ran by SUCODell2 (administrator) on SUCODELL2-NTB (17-02-2018 13:16:22)
Running from C:\Users\SUCODell2\Desktop
Loaded Profiles: SUCODell2 & UpdatusUser (Available Profiles: SUCODell2 & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(EasyPHP) C:\Program Files (x86)\EasyPHP-DevServer-14.1VC11\EasyPHP-DevServer-14.1VC11.exe
(Petr Laštovička) C:\Program Files\hotkeyp\HotkeyP.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Vero Software Limited) C:\Program Files (x86)\Common Files\Vero Software\2016.10\CLS\cls.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\EasyPHP-DevServer-14.1VC11\binaries\mysql\bin\eds-mysqld.exe
(CANON INC.) C:\Windows\System32\CNAB4RPD.EXE
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Vero Software) C:\Program Files\Vero Software\Edgecam Live Job Reports 2016 R2\JobReports.WindowService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Flexera Software LLC) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
(Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
(Apache Software Foundation) C:\Program Files (x86)\EasyPHP-DevServer-14.1VC11\binaries\apache\bin\eds-httpd.exe
(Apache Software Foundation) C:\Program Files (x86)\EasyPHP-DevServer-14.1VC11\binaries\apache\bin\eds-httpd.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(HCS GmbH) C:\CGMSERVER\bin\medical-net\MedConnect.ServiceManager\HCS.MedConnect.ServiceManager.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Vero Software) C:\Program Files\Vero Software\Edgecam Live Job Reports 2016 R2\JobReports.Manager.exe
(Microsoft) C:\CGMSERVER\bin\ebooking-1\cgm.ebooking-1.exe
(CompuGroup Medical Česká republika s.r.o.) C:\CGMSERVER\bin\ecommunication-1\cgm.ecommunication-1.exe
(CGM) C:\CGMSERVER\bin\core\cgm.servercore.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Oracle Corporation) C:\CGMSERVER\jre\bin\java.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(PostgreSQL Global Development Group) C:\CGMSERVER\bin\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\CGMSERVER\bin\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\CGMSERVER\bin\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\CGMSERVER\bin\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\CGMSERVER\bin\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\CGMSERVER\bin\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\CGMSERVER\bin\pgsql\bin\postgres.exe
(PostgreSQL Global Development Group) C:\CGMSERVER\bin\pgsql\bin\postgres.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Ghisler Software GmbH) C:\Program Files\totalcmd\TOTALCMD64.EXE
(Jan Fiala) C:\Program Files (x86)\PSPad editor\PSPad.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\nvapiw.exe
(Irfan Skiljan) C:\Program Files\IrfanView\i_view64.exe
(forum.viry.cz) C:\Users\SUCODell2\Desktop\FRST-OlderVersion\FRSTLauncher.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [626552 2012-01-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-01-17] (IDT, Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [4367008 2012-01-08] (Dell Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2018-01-05] (AVAST Software)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3122203273-1665005067-2304910959-1000\...\Run: [EasyPHP] => C:\Program Files (x86)\EasyPHP-DevServer-14.1VC11\EasyPHP-DevServer-14.1VC11.exe [279552 2014-01-09] (EasyPHP)
HKU\S-1-5-21-3122203273-1665005067-2304910959-1000\...\Run: [HotkeyP] => C:\Program Files\hotkeyp\HotkeyP.exe [147456 2012-11-20] (Petr Laštovička)
HKU\S-1-5-21-3122203273-1665005067-2304910959-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-3122203273-1665005067-2304910959-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10257872 2018-01-09] (Piriform Ltd)
HKU\S-1-5-21-3122203273-1665005067-2304910959-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-10-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-10-23] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP2900 Status Window.lnk [2016-11-09]
ShortcutTarget: Canon LBP2900 Status Window.lnk -> C:\Windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE (CANON INC.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CLS 2016.10.lnk [2017-04-19]
ShortcutTarget: CLS 2016.10.lnk -> C:\Program Files (x86)\Common Files\Vero Software\2016.10\CLS\cls.exe (Vero Software Limited)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DB95013D-DAAF-43F5-A44B-C648ED00D3C6}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E8D6F910-A93D-4092-82CC-2C42A839EBF9}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3122203273-1665005067-2304910959-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://docs.google.com/document/d/1jm-JotoSccDNBHh9GeJ4pgndJjv6J21N7lr6JV5hhKE/edit
HKU\S-1-5-21-3122203273-1665005067-2304910959-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3122203273-1665005067-2304910959-1000 -> DefaultScope {3041C8EE-81C0-4166-906C-C6F989F4B1C7} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?}
SearchScopes: HKU\S-1-5-21-3122203273-1665005067-2304910959-1000 -> {3041C8EE-81C0-4166-906C-C6F989F4B1C7} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?}
SearchScopes: HKU\S-1-5-21-3122203273-1665005067-2304910959-1000 -> {E19B6DC4-C607-4A7A-84B8-8A2C487D5C2D} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-11-20] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-11-20] (AVAST Software)
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/CZ/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\SUCODell2\AppData\Roaming\Mozilla\Firefox\Profiles\iQsF42px.default [2018-02-17]
FF Homepage: Mozilla\Firefox\Profiles\iQsF42px.default -> www.seznam.cz
FF Session Restore: Mozilla\Firefox\Profiles\iQsF42px.default -> is enabled.
FF Extension: (20-20 3D Viewer - IKEA) - C:\Users\SUCODell2\AppData\Roaming\Mozilla\Firefox\Profiles\iQsF42px.default\Extensions\2020Player_IKEA@2020Technologies.com [2016-10-16] [Legacy]
FF Extension: (Avira Browser Safety) - C:\Users\SUCODell2\AppData\Roaming\Mozilla\Firefox\Profiles\iQsF42px.default\Extensions\abs@avira.com.xpi [2017-12-29]
FF Extension: (Český slovník pro kontrolu pravopisu) - C:\Users\SUCODell2\AppData\Roaming\Mozilla\Firefox\Profiles\iQsF42px.default\Extensions\cs@dictionaries.addons.mozilla.org [2016-09-07] [Legacy]
FF Extension: (Lazarus: Form Recovery) - C:\Users\SUCODell2\AppData\Roaming\Mozilla\Firefox\Profiles\iQsF42px.default\Extensions\lazarus@interclue.com.xpi [2016-04-28] [Legacy]
FF Extension: (Avast SafePrice) - C:\Users\SUCODell2\AppData\Roaming\Mozilla\Firefox\Profiles\iQsF42px.default\Extensions\sp@avast.com.xpi [2017-12-29]
FF Extension: (Avast Online Security) - C:\Users\SUCODell2\AppData\Roaming\Mozilla\Firefox\Profiles\iQsF42px.default\Extensions\wrc@avast.com.xpi [2017-10-29]
FF Extension: (Block site) - C:\Users\SUCODell2\AppData\Roaming\Mozilla\Firefox\Profiles\iQsF42px.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi [2017-12-29]
FF Extension: (Seznam pro Firefox - Email) - C:\Users\SUCODell2\AppData\Roaming\Mozilla\Firefox\Profiles\iQsF42px.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}.xpi [2017-10-29]
FF SearchPlugin: C:\Users\SUCODell2\AppData\Roaming\Mozilla\Firefox\Profiles\iQsF42px.default\searchplugins\bing-.xml [2016-05-13]
FF Plugin: 3ds.com/ComposerPlayerWebPlugin_x86_64 -> C:\PROGRA~1\SOLIDW~2\SOLIDW~3\Bin\NPCOMP~1.DLL [2016-07-14] (Dassault Systemes)
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-02-04] ()
FF Plugin-x32: 3ds.com/ComposerPlayerWebPlugin -> C:\PROGRA~1\SOLIDW~2\SOLIDW~3\Bin\x86\NPCOMP~1.DLL [2016-07-14] (Dassault Systemes)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-02-04] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR Profile: C:\Users\SUCODell2\AppData\Local\Google\Chrome\User Data\Default [2018-02-17]
CHR Extension: (Prezentace) - C:\Users\SUCODell2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-30]
CHR Extension: (Dokumenty) - C:\Users\SUCODell2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-30]
CHR Extension: (Disk Google) - C:\Users\SUCODell2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-21]
CHR Extension: (YouTube) - C:\Users\SUCODell2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-21]
CHR Extension: (Avast SafePrice) - C:\Users\SUCODell2\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-10-24]
CHR Extension: (Tabulky) - C:\Users\SUCODell2\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-30]
CHR Extension: (Avira Browser Safety) - C:\Users\SUCODell2\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-03-21]
CHR Extension: (Dokumenty Google offline) - C:\Users\SUCODell2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-21]
CHR Extension: (Avast Online Security) - C:\Users\SUCODell2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-01-30]
CHR Extension: (No Name) - C:\Users\SUCODell2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2018-01-30]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\SUCODell2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-30]
CHR Extension: (Gmail) - C:\Users\SUCODell2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-21]
CHR Extension: (Chrome Media Router) - C:\Users\SUCODell2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-30]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2018-01-05] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2018-01-05] (AVAST Software)
R2 cgm.ebooking-1; C:\CGMSERVER\bin\ebooking-1\cgm.ebooking-1.exe [32864 2016-10-20] (Microsoft) [File not signed]
R2 cgm.ecommunication-1; C:\CGMSERVER\bin\ecommunication-1\cgm.ecommunication-1.exe [52320 2016-09-15] (CompuGroup Medical Česká republika s.r.o.) [File not signed]
R2 cgm.servercore; C:\CGMSERVER\bin\core\cgm.servercore.exe [54536 2016-04-20] (CGM)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208792 2017-12-14] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294608 2017-12-14] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217488 2017-12-14] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [232320 2017-11-21] (Dell Inc.)
R2 Edgecam Live Job Reports 2016 R2; C:\Program Files\Vero Software\Edgecam Live Job Reports 2016 R2\JobReports.WindowService.exe [30720 2016-04-26] (Vero Software) [File not signed]
S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
S3 HCS.MedConnect.Service; C:\CGMSERVER\bin\medical-net\MedConnect\HCS.MedConnect.Service.exe [48528 2015-02-11] (HCS GmbH) [File not signed]
R2 HCS.MEDCONNECT.SERVICEMANAGER; C:\CGMSERVER\bin\medical-net\MedConnect.ServiceManager\HCS.MedConnect.ServiceManager.exe [87952 2015-02-11] (HCS GmbH) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193536 2011-12-22] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-01-20] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-08-04] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2014-11-17] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2014-11-17] (Hewlett-Packard) [File not signed]
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2016-09-09] (SolidWorks) [File not signed]
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [41432 2017-12-22] (Dell Inc.)
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-08-04] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [185096 2018-01-05] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321512 2018-01-05] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199448 2018-01-05] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343768 2018-01-05] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57696 2018-01-05] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [149344 2018-01-05] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2018-01-05] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-09-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146648 2018-01-11] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110336 2018-01-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84384 2018-01-05] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1025176 2018-01-05] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [457896 2018-01-11] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [204456 2018-01-05] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [358672 2018-01-05] (AVAST Software)
S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141624 2014-10-28] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1448248 2014-11-26] (Motorola Solutions, Inc.)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [41608 2017-12-14] (Dell Inc.)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [41208 2017-12-14] (Dell Computer Corporation)
S3 FTSER2K; C:\Windows\System32\drivers\ftser2k.sys [88752 2016-10-04] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-30] (Intel Corporation)
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2011-12-22] (Intel Corporation)
R3 isocusb; C:\Windows\System32\drivers\isocusb.sys [268288 2014-07-21] (Jungo Connectivity)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11534096 2015-05-04] (Intel Corporation)
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; c:\program files\dell\supportassist\pcdsrvc_x64.pkms [25584 2017-09-12] (PC-Doctor, Inc.)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [63568 2012-12-11] (SafeNet, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-17 13:16 - 2018-02-17 13:16 - 000000000 ____D C:\Users\SUCODell2\Desktop\FRST-OlderVersion
2018-02-17 12:32 - 2018-02-17 12:32 - 000000000 ____D C:\ProgramData\SWCUTemp
2018-02-17 12:20 - 2018-02-17 12:26 - 000000000 ____D C:\AdwCleaner
2018-02-17 09:46 - 2018-02-17 09:46 - 000007188 _____ C:\Users\SUCODell2\Desktop\Addition 2018-02-17.rar
2018-02-17 09:43 - 2018-02-17 13:17 - 000024376 _____ C:\Users\SUCODell2\Desktop\FRST.txt
2018-02-17 09:41 - 2018-02-17 09:43 - 000000000 ____D C:\FRST
2018-02-17 09:15 - 2018-02-17 13:16 - 002403840 _____ (Farbar) C:\Users\SUCODell2\Desktop\FRST64.exe
2018-02-17 09:14 - 2018-02-17 09:14 - 000000000 ____D C:\rsit
2018-02-17 09:14 - 2018-02-17 09:14 - 000000000 ____D C:\Program Files\trend micro
2018-02-17 09:12 - 2018-02-17 09:12 - 001222144 _____ C:\Users\SUCODell2\Desktop\RSITx64.exe
2018-02-17 09:10 - 2018-02-17 12:20 - 000000000 ____D C:\Users\SUCODell2\Desktop\Viry.cz a odvirování
2018-02-17 08:43 - 2018-02-17 08:43 - 000000000 ____D C:\Users\SUCODell2\AppData\LocalLow\PCDr
2018-02-16 19:40 - 2018-02-16 19:40 - 000000000 ____D C:\Users\SUCODell2\Desktop\16309024 Suchomel Plasty MiA5 All
2018-02-16 19:39 - 2018-02-16 19:39 - 001315363 _____ C:\Users\SUCODell2\Desktop\16309024 Suchomel Plasty MiA5 All.zip
2018-02-16 19:38 - 2018-02-16 19:38 - 000413926 _____ C:\Users\SUCODell2\Desktop\16309024 Suchomel Plasty MiA5 All.pdf
2018-02-16 09:58 - 2018-02-16 09:58 - 000001810 _____ C:\Users\SUCODell2\Desktop\HP-Z240-PS.lnk
2018-02-11 11:55 - 2018-02-16 19:05 - 000000000 ___RD C:\Users\SUCODell2\iCloudDrive
2018-02-11 11:55 - 2018-02-11 11:55 - 000003872 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-02-11 11:55 - 2018-02-11 11:55 - 000002808 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-02-11 11:55 - 2018-02-11 11:55 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-02-11 11:55 - 2018-02-11 11:55 - 000000000 ____D C:\Users\SUCODell2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud
2018-02-11 11:55 - 2018-02-11 11:55 - 000000000 ____D C:\Users\SUCODell2\AppData\Local\Apple Inc
2018-02-11 11:55 - 2018-02-11 11:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-02-11 11:55 - 2018-02-11 11:55 - 000000000 ____D C:\Program Files\CCleaner
2018-02-11 11:40 - 2018-02-11 11:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2018-02-11 11:40 - 2018-02-11 11:40 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2018-02-11 11:33 - 2018-02-11 11:34 - 155166520 _____ (Apple Inc.) C:\Users\SUCODell2\Downloads\iCloudSetup.exe
2018-02-07 07:56 - 2018-02-07 07:56 - 000010446 _____ C:\Users\SUCODell2\Desktop\Pracovní výkaz HPP Petr Sejk za Leden 2018.xlsx
2018-01-20 13:06 - 2018-01-20 13:06 - 000000000 ____D C:\Users\SUCODell2\Documents\4. Hodkovičky

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-17 13:16 - 2016-09-12 07:58 - 000000000 ____D C:\Users\SUCODell2\AppData\Roaming\Skype
2018-02-17 12:41 - 2009-07-14 05:45 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-17 12:41 - 2009-07-14 05:45 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-17 12:36 - 2016-09-07 16:27 - 000003338 _____ C:\Windows\System32\Tasks\Intel® Rapid Start Technology Manager
2018-02-17 12:29 - 2016-11-19 16:39 - 000000000 ____D C:\Users\SUCODell2\AppData\LocalLow\Mozilla
2018-02-17 12:28 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-17 10:38 - 2016-09-07 20:49 - 000003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2018-02-17 09:04 - 2016-09-07 20:49 - 000000000 ____D C:\ProgramData\PCDr
2018-02-17 08:53 - 2016-09-07 18:31 - 000000000 ____D C:\Users\SUCODell2\Documents\www
2018-02-17 08:42 - 2016-09-22 09:56 - 000007641 _____ C:\Users\SUCODell2\AppData\Local\Resmon.ResmonCfg
2018-02-16 19:23 - 2016-09-07 17:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-16 19:11 - 2016-11-18 18:24 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-02-16 16:25 - 2016-09-09 14:53 - 000000000 ____D C:\Users\SUCODell2\AppData\Local\TempAdresářZálohySW
2018-02-14 11:31 - 2016-09-07 20:09 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-02-14 11:30 - 2016-09-07 20:09 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-14 08:01 - 2017-03-21 12:48 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-11 19:12 - 2016-09-08 01:49 - 000669414 _____ C:\Windows\system32\perfh005.dat
2018-02-11 19:12 - 2016-09-08 01:49 - 000141540 _____ C:\Windows\system32\perfc005.dat
2018-02-11 19:12 - 2009-07-14 06:13 - 001585684 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-11 19:12 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-02-11 12:21 - 2016-11-15 14:03 - 000000000 ___DC C:\Users\SUCODell2\AppData\Local\MigWiz
2018-02-11 12:21 - 2016-09-18 10:50 - 000000000 ____D C:\Windows\Minidump
2018-02-11 12:21 - 2016-09-08 01:51 - 000000000 ____D C:\Windows\Panther
2018-02-11 11:59 - 2016-10-22 20:32 - 000000000 ____D C:\Users\SUCODell2\AppData\Roaming\Apple Computer
2018-02-11 11:55 - 2016-09-07 15:54 - 000000000 ____D C:\Users\SUCODell2
2018-02-11 11:54 - 2016-09-07 20:43 - 000000000 ____D C:\Users\SUCODell2\Documents\INSTALL
2018-02-11 11:52 - 2016-10-22 20:32 - 000000000 ____D C:\Users\SUCODell2\AppData\Local\Apple Computer
2018-02-11 11:40 - 2016-10-22 20:31 - 000002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2018-02-11 11:40 - 2016-10-22 20:30 - 000000000 ____D C:\Program Files\Common Files\Apple
2018-02-11 10:46 - 2018-01-07 11:41 - 000000000 ____D C:\Users\SUCODell2\Documents\3. Telefony
2018-02-01 08:17 - 2017-03-18 18:47 - 000004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update

==================== Files in the root of some directories =======

2017-04-15 21:18 - 2017-04-15 21:37 - 000006656 _____ () C:\Users\SUCODell2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-09-22 09:56 - 2018-02-17 08:42 - 000007641 _____ () C:\Users\SUCODell2\AppData\Local\Resmon.ResmonCfg
2016-09-30 09:13 - 2016-10-29 19:32 - 000000000 _____ () C:\Users\SUCODell2\AppData\Local\Temptable.xml
2016-09-07 16:22 - 2016-09-07 16:23 - 000002205 _____ () C:\Users\SUCODell2\AppData\Local\WiDiSetupLog.20160907.172239.txt

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\SUCODell2\Desktop" je 1755 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate
"C:\Users\SUCODell2\AppData\Roaming\Seznam.cz\szninstall.exe" -c [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop
"C:\Users\SUCODell2\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCloudDrive
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCloudPhotos
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCloudServices
"C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
"C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce
"C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Users\SUCODell2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini


EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Z logu:

Velikost slozky "C:\Users\SUCODell2\Desktop" je 1755 MB.

To je příliš mnoho a může to způsobovat zpomalení startu systému. Vytvořte v C:\Users\SUCODell2 novou složku, do níž přesuňte všechna data z plochy (kromě zástupců). Na plochu si pak dejte zástupce té složky pro snazší přístup.

[AndySue]

Fix result of Farbar Recovery Scan Tool (x64) Version: 17.02.2018
Ran by SUCODell2 (17-02-2018 21:16:45) Run:1
Running from C:\Users\SUCODell2\Desktop
Loaded Profiles: SUCODell2 & UpdatusUser (Available Profiles: SUCODell2 & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Users\SUCODell2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini


EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
C:\Users\SUCODell2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 3685421 B
Java, Flash, Steam htmlcache => 723 B
Windows/system/drivers => 2018832 B
Edge => 0 B
Chrome => 136552 B
Firefox => 415791814 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66356 B
systemprofile32 => 66228 B
LocalService => 0 B
NetworkService => 0 B
SUCODell2 => 58618856 B
UpdatusUser => 66228 B

RecycleBin => 373125748 B
EmptyTemp: => 822.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:17:14 ====

[Rudy]

Smazáno. Nastala nějaká změna?

[AndySue]

Zatím si nejsem jist. Dám vědět po delší době.

[Rudy]

OK. Nechám to tu zatím otevřené.

[AndySue]

Zdá se, že odvirování příliš nepomohlo.

Moje tipy, co by mohlo být špatně:
a) nekorektně přeinstalovaný systém s hybridním diskem
b) nekompletní driverová výbava
b) počítání cizích bitcoinů?

Další symptomy:
a) byl problém s otevíráním síťové složky (ostatní PC v síti ji otevřou během sekundy, tento během 10 sekund).

[Rudy]

OK. Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.