Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Problém se zapínáním a vypínáním PC

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
valfhk
Návštěvník
Návštěvník
Příspěvky: 10
Registrován: 29 led 2019 08:07

Problém se zapínáním a vypínáním PC

#1 Příspěvek od valfhk »

Dobrý den,
po zapnutí i vypnutí PC musím PC restartovat, aby se zapnutí dokončilo a vypnutí dokončím jen po restartu na obrazovce přes ikonu vpravo dole, nehledě na to, že se obě tyto činnosti podstatně zpomalily.
Děkuji
valfhk
Addition i FRST soubor mně nejde poslat, umím udělat jen formát .txt,.docx a .xlsx a to vy nechcete, nevím si rady co s tím dál, jsem jen poučený laik, roč.42
Naposledy upravil(a) valfhk dne 29 led 2019 10:43, celkem upraveno 1 x.
Nahoru
Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:
Kontaktovat uživatele Diallix

Re: Problém se zapínáním a vypínáním PC

#2 Příspěvek od Diallix »

Dobry den.

:arrow: Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, klikni na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Nahoru
valfhk
Návštěvník
Návštěvník
Příspěvky: 10
Registrován: 29 led 2019 08:07

Re: Problém se zapínáním a vypínáním PC

#3 Příspěvek od valfhk »

Diallix píše:Dobry den.

:arrow: Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, klikni na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.

Dobrý den,
neumím ten log AdwCleaner poslat, je .txt
co s tím mám udělat, děkuji

Tak jsem to zkopíroval přímo do textu, jako příloha to nešlo


# -------------------------------
# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build: 12-18-2018
# Database: 2019-01-25.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-29-2019
# Duration: 00:00:24
# OS: Windows 7 Professional
# Cleaned: 36
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\Public\Documents\Downloaded Installers
Deleted C:\Users\PC\AppData\Local\Seznam.cz
Deleted C:\Users\PC\AppData\Local\slimware utilities inc

***** [ Files ] *****

Deleted C:\Users\PC\Downloads\DriverToolkitInstaller.exe
Deleted C:\Windows\System32\drivers\swdumon.sys
Deleted C:\Windows\Reimage.ini
Deleted C:\Windows\System32\roboot64.exe

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\Tasks\DRIVERTOOLKIT AUTORUN.job
Deleted C:\Windows\System32\Tasks\DRIVERTOOLKIT AUTORUN

***** [ Registry ] *****

Deleted HKCU\Software\csastats
Deleted HKCU\Software\distromatic
Deleted HKLM\Software\Wow6432Node\Classes\AppID\REI_AxControl.DLL
Deleted HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Deleted HKLM\Software\Wow6432Node\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Deleted HKLM\Software\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Deleted HKLM\Software\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted HKLM\Software\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted HKLM\Software\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted HKLM\Software\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Deleted HKLM\Software\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9E69090-4A2F-4D07-A661-3F41E87F2F2C}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DRIVERTOOLKIT AUTORUN
Deleted HKCU\Software\AppDataLow\Software\Mail.Ru
Deleted HKCU\Software\Mail.Ru
Deleted HKCU\Software\PRODUCTSETUP
Deleted HKCU\Software\Reimage
Deleted HKLM\Software\Reimage
Deleted HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Deleted HKLM\Software\Classes\REI_AxControl.ReiEngine.1
Deleted HKLM\Software\Classes\REI_AxControl.ReiEngine
Deleted HKCU\Software\Seznam.cz

***** [ Chromium (and derivatives) ] *****

Deleted Netpanel study

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [4211 octets] - [29/01/2019 11:28:34]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Naposledy upravil(a) valfhk dne 29 led 2019 11:57, celkem upraveno 1 x.
Nahoru
Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:
Kontaktovat uživatele Diallix

Re: Problém se zapínáním a vypínáním PC

#4 Příspěvek od Diallix »

Dajte "Citovat", a obsah logu skopirujte sem ako nove tema.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Nahoru
Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:
Kontaktovat uživatele Diallix

Re: Problém se zapínáním a vypínáním PC

#5 Příspěvek od Diallix »

Super, zvladol ste to :]]

Teraz preskenujte pocitac s FRST - navod tu: https://forum.viry.cz/viewtopic.php?f=24&t=132509, skopirujte FRST.log + Addition log sem.

Znova dajte "citovat" a obsah oboch logov skopirujte do novej odpovede :)
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Nahoru
valfhk
Návštěvník
Návštěvník
Příspěvky: 10
Registrován: 29 led 2019 08:07

Re: Problém se zapínáním a vypínáním PC

#6 Příspěvek od valfhk »

Diallix píše:Dobry den.

:arrow: Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, klikni na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2019
Ran by PC (administrator) on PC-PC (29-01-2019 12:00:54)
Running from C:\Users\PC\Downloads
Loaded Profiles: PC (Available Profiles: PC)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe
(Václav Šimandl) C:\Program Files (x86)\Diar 5\diar.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Malwarebytes) C:\Users\PC\Downloads\adwcleaner_7.2.6.0.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671792 2014-03-14] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261512 2019-01-16] (AVAST Software)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM-x32\...\Run: [NetSoftware] => C:\Program Files\NetSoftware\Starter.exe [230072 2018-08-29] (Gemius)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261512 2019-01-16] (AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1090154895-961626002-536426842-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
HKU\S-1-5-21-1090154895-961626002-536426842-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [53535080 2019-01-16] (Skype Technologies S.A.)
HKU\S-1-5-21-1090154895-961626002-536426842-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19645800 2019-01-10] (Piriform Software Ltd)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcod64.dll [175392 2012-09-21] (Logitech Inc.)
HKLM\...\Drivers32: [MSVideo] => C:\Windows\system32\vfwwdm32.dll [68096 2010-11-21] (Microsoft Corporation)
HKLM\...\Drivers32-x32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-09-21] (Logitech Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-14] (Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{10880D85-AAD9-4558-ABDC-2AB1552D831F}] -> C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe [2011-03-04] (Hewlett-Packard Company)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2018-11-10]
ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ExifLauncher2.lnk [2018-10-31]
ShortcutTarget: ExifLauncher2.lnk -> C:\Program Files (x86)\FinePixViewer\QuickDCF2.exe (FUJIFILM Corporation)
Startup: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Diář.lnk [2015-08-30]
ShortcutTarget: Diář.lnk -> C:\Program Files (x86)\Diar 5\diar.exe (Václav Šimandl)
Startup: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Firefox.lnk [2015-08-31]
ShortcutTarget: Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Startup: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainlendar.lnk [2015-08-30]
ShortcutTarget: Rainlendar.lnk -> C:\Program Files (x86)\Rainlendar\Rainlendar.exe (Rainy)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{BC49D598-4E24-4068-9E4B-7DFE0E8F36A8}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKU\S-1-5-21-1090154895-961626002-536426842-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-01-21] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Internet Panel -> {CE7C3CF0-4B15-11D1-ABED-709549C10000} -> C:\Program Files\NetSoftware\IEHelper.dll [2018-10-31] (Gemius)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-01-23] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: pyap63tl.default-1468318361093-1541051810144
FF ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\pyap63tl.default-1468318361093-1541051810144 [2019-01-29]
FF Homepage: Mozilla\Firefox\Profiles\pyap63tl.default-1468318361093-1541051810144 -> hxxps://www.seznam.cz/
FF Extension: (IBM Security Rapport) - C:\Users\PC\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\rapportext@trusteer.com.xpi [2019-01-17]
FF Extension: (Avast Online Security) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\pyap63tl.default-1468318361093-1541051810144\Extensions\wrc@avast.com.xpi [2019-01-29]
FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25] [Legacy]
FF HKLM\...\Firefox\Extensions: [jid1-r1tDuNiNb4SEww@jetpack] - C:\Program Files\AVAST Software\Avast\pam\FF => not found
FF HKLM-x32\...\Firefox\Extensions: [jid1-r1tDuNiNb4SEww@jetpack] - C:\Program Files\AVAST Software\Avast\pam\FF => not found
FF HKU\S-1-5-21-1090154895-961626002-536426842-1000\...\Firefox\Extensions: [gemgecko@gemius.com] - C:\Program Files\NetSoftware\gemgecko_ext.xpi
FF Extension: (Netpanel study) - C:\Program Files\NetSoftware\gemgecko_ext.xpi [2018-10-31]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_114.dll [2019-01-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-12-15] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_114.dll [2019-01-08] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-12-15] (Adobe Systems)

Chrome:
=======
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default [2019-01-27]
CHR Extension: (Slides) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-18]
CHR Extension: (Docs) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-18]
CHR Extension: (Google Drive) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-30]
CHR Extension: (YouTube) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-30]
CHR Extension: (Google Search) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-30]
CHR Extension: (Sheets) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-18]
CHR Extension: (Google Docs Offline) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-06]
CHR Extension: (Avast Online Security) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-12-14]
CHR Extension: (Netpanel study) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\kegdldmohomdaelnepdpbkdhfemobdgl [2018-09-06]
CHR Extension: (Skype) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2018-09-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-09-06]
CHR Extension: (Gmail) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-31]
CHR Extension: (Chrome Media Router) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-14]
CHR HKU\S-1-5-21-1090154895-961626002-536426842-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1090154895-961626002-536426842-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kegdldmohomdaelnepdpbkdhfemobdgl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7834368 2019-01-16] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [357816 2019-01-16] (AVAST Software)
S4 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [344064 2009-04-09] (AVerMedia) [File not signed]
S4 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [405504 2008-12-10] () [File not signed]
R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [9874528 2019-01-17] (AVAST Software)
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-18] (Hewlett-Packard Co.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [296432 2014-04-09] (Intel Corporation)
S4 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [5264888 2018-12-26] (IBM Corp.)
S4 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-05-19] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37304 2019-01-16] (AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [203488 2019-01-16] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [223056 2019-01-16] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [196264 2019-01-16] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblog.sys [320888 2019-01-16] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [58160 2019-01-16] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [239808 2019-01-16] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46584 2019-01-16] (AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42488 2019-01-16] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [166792 2019-01-18] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111992 2019-01-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88144 2019-01-16] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1034056 2019-01-16] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [474648 2019-01-16] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [218056 2019-01-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380144 2019-01-16] (AVAST Software)
R3 AVerA706_x64; C:\Windows\System32\DRIVERS\AVerA706_x64.sys [1422080 2009-06-10] (AVerMedia TECHNOLOGIES, Inc.)
S3 AVerBDA3x_x64; C:\Windows\System32\DRIVERS\AVerBDA3x_x64.sys [1707904 2006-12-14] (AVerMedia TECHNOLOGIES, Inc.) [File not signed]
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [501256 2018-12-26] (IBM Corp.)
R1 RapportCerberus_1930247; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1930247.sys [1657968 2019-01-17] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [725192 2018-12-26] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [461768 2018-12-26] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [608840 2018-12-26] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [758168 2018-12-26] (IBM Corp.)
U1 aswbdisk; no ImagePath
S3 SWDUMon; system32\DRIVERS\SWDUMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-29 11:35 - 2019-01-29 11:35 - 000003739 _____ C:\Users\PC\Desktop\AdwCleaner[C00].txt
2019-01-29 11:27 - 2019-01-29 11:29 - 000000000 ____D C:\AdwCleaner
2019-01-29 11:26 - 2019-01-29 11:26 - 007320272 _____ (Malwarebytes) C:\Users\PC\Downloads\adwcleaner_7.2.6.0.exe
2019-01-29 09:38 - 2019-01-29 09:38 - 000024546 _____ C:\Users\PC\Desktop\FRST.xlsx
2019-01-29 09:37 - 2019-01-29 09:37 - 000023111 _____ C:\Users\PC\Desktop\Addition.xlsx
2019-01-28 21:56 - 2019-01-28 21:45 - 000058076 _____ C:\Users\PC\Desktop\FRST.txt
2019-01-28 21:55 - 2019-01-28 21:45 - 000040725 _____ C:\Users\PC\Desktop\Addition.txt
2019-01-28 21:44 - 2019-01-28 21:45 - 000040725 _____ C:\Users\PC\Downloads\Addition.txt
2019-01-28 21:43 - 2019-01-29 12:02 - 000020683 _____ C:\Users\PC\Downloads\FRST.txt
2019-01-28 21:37 - 2019-01-29 12:00 - 000000000 ____D C:\FRST
2019-01-28 21:34 - 2019-01-29 12:00 - 002428416 _____ (Farbar) C:\Users\PC\Downloads\FRST64.exe
2019-01-28 08:07 - 2019-01-28 08:16 - 000182750 _____ C:\Windows\ntbtlog.txt
2019-01-26 07:13 - 2019-01-26 07:13 - 000000000 _____ C:\Users\PC\AppData\Local\{E216DB40-404B-45DD-810C-ADBAB3F015A0}
2019-01-24 10:42 - 2019-01-24 10:42 - 002739200 _____ C:\Users\PC\Downloads\EU.pps
2019-01-19 07:31 - 2019-01-19 07:31 - 005054856 _____ C:\Windows\system32\FNTCACHE.DAT
2019-01-18 07:41 - 2019-01-18 07:41 - 065042816 _____ (Skype Technologies S.A.) C:\Users\PC\Downloads\Skype-8.37.0.98.exe
2019-01-17 07:26 - 2019-01-17 07:26 - 000000000 ____D C:\Users\Default\AppData\Roaming\Mozilla
2019-01-17 07:26 - 2019-01-17 07:26 - 000000000 ____D C:\Users\Default User\AppData\Roaming\Mozilla
2019-01-17 07:24 - 2019-01-17 07:24 - 000000000 ____D C:\Users\Default\AppData\Local\Trusteer
2019-01-17 07:24 - 2019-01-17 07:24 - 000000000 ____D C:\Users\Default User\AppData\Local\Trusteer
2019-01-16 11:53 - 2018-12-26 21:05 - 000608840 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys
2019-01-16 11:53 - 2018-12-26 21:05 - 000461768 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportHades64.sys
2019-01-16 11:51 - 2019-01-17 07:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ochrana koncového bodu Trusteer
2019-01-16 11:51 - 2019-01-16 11:51 - 000000000 ____D C:\Users\PC\AppData\Local\Trusteer
2019-01-16 11:51 - 2019-01-16 11:51 - 000000000 ____D C:\Program Files (x86)\Trusteer
2019-01-16 11:49 - 2019-01-16 11:49 - 000000000 ____D C:\ProgramData\Trusteer
2019-01-16 11:48 - 2019-01-16 11:48 - 000488952 _____ (IBM Corp.) C:\Users\PC\Downloads\RapportSetup.exe
2019-01-16 07:38 - 2019-01-16 07:38 - 000223056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-01-16 07:23 - 2019-01-16 07:22 - 000361352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-01-16 07:23 - 2019-01-16 07:22 - 000320888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblog.sys
2019-01-16 07:23 - 2019-01-16 07:22 - 000196264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-01-16 07:23 - 2019-01-16 07:22 - 000058160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-01-16 07:23 - 2019-01-16 07:22 - 000037304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2019-01-09 07:52 - 2018-12-29 00:42 - 000396888 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-01-09 07:52 - 2018-12-28 23:52 - 000348760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2019-01-09 07:52 - 2018-12-28 21:03 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-01-09 07:52 - 2018-12-28 21:02 - 005552360 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-01-09 07:52 - 2018-12-28 21:02 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2019-01-09 07:52 - 2018-12-28 21:02 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-01-09 07:52 - 2018-12-28 21:02 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-01-09 07:52 - 2018-12-28 21:02 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-01-09 07:52 - 2018-12-28 21:02 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-01-09 07:52 - 2018-12-28 21:01 - 001664360 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:51 - 004055272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2019-01-09 07:52 - 2018-12-28 20:51 - 003960552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2019-01-09 07:52 - 2018-12-28 20:50 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:34 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-01-09 07:52 - 2018-12-28 20:34 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-01-09 07:52 - 2018-12-28 20:34 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-01-09 07:52 - 2018-12-28 20:34 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-01-09 07:52 - 2018-12-28 20:31 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2019-01-09 07:52 - 2018-12-28 20:31 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-01-09 07:52 - 2018-12-28 20:31 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2019-01-09 07:52 - 2018-12-28 20:30 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2019-01-09 07:52 - 2018-12-28 20:28 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2019-01-09 07:52 - 2018-12-28 20:28 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-01-09 07:52 - 2018-12-28 20:28 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-01-09 07:52 - 2018-12-28 20:27 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-01-09 07:52 - 2018-12-28 20:27 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-01-09 07:52 - 2018-12-28 20:27 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-01-09 07:52 - 2018-12-28 20:27 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-01-09 07:52 - 2018-12-28 20:27 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2019-01-09 07:52 - 2018-12-28 20:27 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-01-09 07:52 - 2018-12-28 20:27 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2019-01-09 07:52 - 2018-12-28 20:27 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2019-01-09 07:52 - 2018-12-28 20:27 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2019-01-09 07:52 - 2018-12-28 20:27 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2019-01-09 07:52 - 2018-12-28 20:26 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2019-01-09 07:52 - 2018-12-28 20:26 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:26 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 20:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2019-01-09 07:52 - 2018-12-28 19:09 - 000419608 _____ C:\Windows\SysWOW64\locale.nls
2019-01-09 07:52 - 2018-12-28 19:09 - 000419608 _____ C:\Windows\system32\locale.nls
2019-01-09 07:52 - 2018-12-28 01:01 - 025738240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-01-09 07:52 - 2018-12-28 00:50 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-01-09 07:52 - 2018-12-28 00:50 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-01-09 07:52 - 2018-12-28 00:38 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-01-09 07:52 - 2018-12-28 00:37 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-01-09 07:52 - 2018-12-28 00:36 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-01-09 07:52 - 2018-12-28 00:36 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2019-01-09 07:52 - 2018-12-28 00:36 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2019-01-09 07:52 - 2018-12-28 00:36 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-01-09 07:52 - 2018-12-28 00:31 - 005778944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-01-09 07:52 - 2018-12-28 00:29 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-01-09 07:52 - 2018-12-28 00:28 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-01-09 07:52 - 2018-12-28 00:26 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-01-09 07:52 - 2018-12-28 00:25 - 020279808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-01-09 07:52 - 2018-12-28 00:25 - 000790016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-01-09 07:52 - 2018-12-28 00:25 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-01-09 07:52 - 2018-12-28 00:25 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-01-09 07:52 - 2018-12-28 00:24 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-01-09 07:52 - 2018-12-28 00:17 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2019-01-09 07:52 - 2018-12-28 00:17 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-01-09 07:52 - 2018-12-28 00:14 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2019-01-09 07:52 - 2018-12-28 00:07 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2019-01-09 07:52 - 2018-12-28 00:07 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-01-09 07:52 - 2018-12-28 00:06 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-01-09 07:52 - 2018-12-28 00:05 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-01-09 07:52 - 2018-12-28 00:05 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2019-01-09 07:52 - 2018-12-28 00:04 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2019-01-09 07:52 - 2018-12-28 00:04 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2019-01-09 07:52 - 2018-12-28 00:03 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2019-01-09 07:52 - 2018-12-28 00:03 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-01-09 07:52 - 2018-12-28 00:03 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2019-01-09 07:52 - 2018-12-28 00:02 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-01-09 07:52 - 2018-12-28 00:01 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-01-09 07:52 - 2018-12-27 23:59 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-01-09 07:52 - 2018-12-27 23:59 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2019-01-09 07:52 - 2018-12-27 23:58 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2019-01-09 07:52 - 2018-12-27 23:56 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2019-01-09 07:52 - 2018-12-27 23:55 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-01-09 07:52 - 2018-12-27 23:55 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2019-01-09 07:52 - 2018-12-27 23:55 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2019-01-09 07:52 - 2018-12-27 23:50 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-01-09 07:52 - 2018-12-27 23:48 - 015284224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-01-09 07:52 - 2018-12-27 23:48 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-01-09 07:52 - 2018-12-27 23:48 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-01-09 07:52 - 2018-12-27 23:47 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2019-01-09 07:52 - 2018-12-27 23:46 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2019-01-09 07:52 - 2018-12-27 23:45 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-01-09 07:52 - 2018-12-27 23:43 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2019-01-09 07:52 - 2018-12-27 23:42 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2019-01-09 07:52 - 2018-12-27 23:42 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2019-01-09 07:52 - 2018-12-27 23:39 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2019-01-09 07:52 - 2018-12-27 23:39 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2019-01-09 07:52 - 2018-12-27 23:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2019-01-09 07:52 - 2018-12-27 23:36 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2019-01-09 07:52 - 2018-12-27 23:33 - 004860416 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-01-09 07:52 - 2018-12-27 23:33 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-01-09 07:52 - 2018-12-27 23:31 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2019-01-09 07:52 - 2018-12-27 23:29 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-01-09 07:52 - 2018-12-27 23:29 - 002060288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2019-01-09 07:52 - 2018-12-27 23:29 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-01-09 07:52 - 2018-12-27 23:28 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2019-01-09 07:52 - 2018-12-27 23:22 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-01-09 07:52 - 2018-12-27 23:11 - 004386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-01-09 07:52 - 2018-12-27 23:11 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-01-09 07:52 - 2018-12-27 23:07 - 001329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-01-09 07:52 - 2018-12-27 23:06 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2019-01-09 07:52 - 2018-12-08 04:08 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2019-01-09 07:52 - 2018-12-08 04:08 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
2019-01-09 07:52 - 2018-12-08 04:08 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\ndptsp.tsp
2019-01-09 07:52 - 2018-12-08 04:08 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
2019-01-09 07:52 - 2018-12-08 04:08 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2019-01-09 07:52 - 2018-12-08 04:08 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2019-01-09 07:52 - 2018-12-08 03:56 - 000081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2019-01-09 07:52 - 2018-12-08 03:56 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
2019-01-09 07:52 - 2018-12-08 03:56 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ndptsp.tsp
2019-01-09 07:52 - 2018-12-08 03:47 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2019-01-09 07:52 - 2018-12-08 03:47 - 000058368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2019-01-09 07:52 - 2018-12-08 03:47 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
2019-01-09 07:52 - 2018-12-08 03:41 - 000038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
2019-01-09 07:52 - 2018-12-08 03:41 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
2019-01-09 07:52 - 2018-12-08 03:41 - 000022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
2019-01-09 07:52 - 2018-12-07 16:33 - 000352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-29 11:36 - 2016-11-18 07:09 - 000000000 ____D C:\Users\PC\AppData\LocalLow\Mozilla
2019-01-29 11:36 - 2009-07-14 05:45 - 000032672 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-01-29 11:36 - 2009-07-14 05:45 - 000032672 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-01-29 11:30 - 2015-09-07 13:59 - 000000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2019-01-29 11:30 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-01-29 07:40 - 2018-11-10 07:48 - 000004194 _____ C:\Windows\System32\Tasks\Avast Cleanup Update
2019-01-28 08:16 - 2015-08-31 10:43 - 000000000 ____D C:\Users\PC\AppData\Local\ElevatedDiagnostics
2019-01-26 07:27 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2019-01-26 07:08 - 2015-08-29 12:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-01-25 20:04 - 2015-08-30 16:51 - 000001169 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2019-01-25 20:04 - 2015-08-30 16:51 - 000001157 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2019-01-25 20:03 - 2017-10-31 22:40 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-01-25 20:03 - 2017-10-05 21:14 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-01-25 20:03 - 2017-03-17 21:22 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2019-01-25 20:02 - 2015-08-30 16:42 - 000001026 _____ C:\Users\Public\Desktop\VLC media player.lnk
2019-01-24 10:41 - 2018-06-09 17:55 - 000003152 _____ C:\Windows\System32\Tasks\{1431348C-DE15-4520-81AD-297852AE5EF4}
2019-01-24 10:41 - 2018-03-14 07:37 - 000004516 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-01-24 10:41 - 2017-10-05 21:14 - 000002778 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2019-01-24 10:41 - 2017-10-05 21:01 - 000002934 _____ C:\Windows\System32\Tasks\{0720D2C2-9B50-45AC-B551-A96364B8853A}
2019-01-24 10:41 - 2016-01-19 16:57 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2019-01-24 10:41 - 2015-09-14 18:52 - 000004396 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2019-01-24 10:41 - 2015-08-29 12:18 - 000003386 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-01-24 10:41 - 2015-08-29 12:18 - 000003258 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-01-23 18:08 - 2011-04-12 09:45 - 000000000 ___RD C:\Users\Public\Recorded TV
2019-01-20 20:43 - 2016-02-21 09:58 - 000276992 ___SH C:\Users\PC\Thumbs.db
2019-01-18 22:49 - 2018-07-11 06:32 - 000004478 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2019-01-18 22:32 - 2018-11-16 19:36 - 001010720 _____ (Slimware Utilities Holdings, Inc.) C:\Users\PC\Downloads\avastdriverupdater.exe
2019-01-18 15:24 - 2016-01-19 16:57 - 000166792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-01-18 07:42 - 2018-07-31 06:39 - 000001266 _____ C:\Users\Public\Desktop\Skype.lnk
2019-01-18 07:42 - 2018-07-31 06:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-01-17 22:21 - 2018-11-07 15:41 - 000000000 ____D C:\Users\PC\AppData\Roaming\Stellarium
2019-01-16 07:24 - 2017-03-02 06:39 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2019-01-16 07:22 - 2018-10-23 06:37 - 000042488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-01-16 07:22 - 2017-12-22 17:40 - 000239808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2019-01-16 07:22 - 2017-11-16 09:47 - 000203488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-01-16 07:22 - 2016-01-19 16:57 - 001034056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-01-16 07:22 - 2016-01-19 16:57 - 000474648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-01-16 07:22 - 2016-01-19 16:57 - 000380144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-01-16 07:22 - 2016-01-19 16:57 - 000218056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-01-16 07:22 - 2016-01-19 16:57 - 000111992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-01-16 07:22 - 2016-01-19 16:57 - 000088144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-01-16 07:22 - 2016-01-19 16:57 - 000046584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2019-01-16 07:19 - 2016-06-18 17:32 - 000000000 ____D C:\Users\PC\AppData\Local\AVAST Software
2019-01-12 07:38 - 2016-11-17 22:14 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-01-10 09:22 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\rescache
2019-01-10 07:26 - 2011-04-12 09:34 - 000670334 _____ C:\Windows\system32\perfh005.dat
2019-01-10 07:26 - 2011-04-12 09:34 - 000141946 _____ C:\Windows\system32\perfc005.dat
2019-01-10 07:26 - 2009-07-14 06:13 - 001583226 _____ C:\Windows\system32\PerfStringBackup.INI
2019-01-09 22:36 - 2015-08-28 17:11 - 001561672 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2019-01-09 22:34 - 2016-08-12 06:51 - 000000000 ____D C:\Windows\system32\MRT
2019-01-09 22:32 - 2016-08-12 06:51 - 132790320 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-01-08 20:03 - 2015-09-14 18:52 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-01-08 20:03 - 2015-09-14 18:52 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-01-08 20:03 - 2015-09-14 18:52 - 000000000 ____D C:\Windows\system32\Macromed
2019-01-08 20:03 - 2015-08-30 14:32 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-01-04 14:07 - 2015-08-30 16:46 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2019-01-26 07:13 - 2019-01-26 07:13 - 000000000 _____ () C:\Users\PC\AppData\Local\{E216DB40-404B-45DD-810C-ADBAB3F015A0}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-01-23 08:15

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2019
Ran by PC (29-01-2019 12:02:58)
Running from C:\Users\PC\Downloads
Windows 7 Professional Service Pack 1 (X64) (2015-08-28 15:43:50)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1090154895-961626002-536426842-500 - Administrator - Disabled)
Guest (S-1-5-21-1090154895-961626002-536426842-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1090154895-961626002-536426842-1002 - Limited - Enabled)
PC (S-1-5-21-1090154895-961626002-536426842-1000 - Administrator - Enabled) => C:\Users\PC

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.114 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Avast Cleanup Premium (HKLM-x32\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 18.3.6507 - AVAST Software)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.1.2360 - AVAST Software)
AVerMedia A16D PCI Hybrid DVB-T 3.6.64.6 (HKLM-x32\...\AVerMedia A16D PCI Hybrid DVB-T) (Version: 3.6.64.6 - AVerMedia TECHNOLOGIES, Inc.)
AVerMedia Media Center Plug-ins 2.0.8.0 (HKLM-x32\...\AVerMedia Media Center Plug-ins) (Version: 2.0.8.0 - AVerMedia TECHNOLOGIES, Inc.)
AVerTV (HKLM-x32\...\{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}) (Version: 6.0.18 - AVerMedia Technologies, Inc.) Hidden
AVerTV (HKLM-x32\...\InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}) (Version: 6.0.18 - AVerMedia Technologies, Inc.)
BufferChm (HKLM-x32\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.327.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.52 - Piriform)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 130.0.0.0 - Hewlett-Packard) Hidden
Diář 5.5 (HKLM-x32\...\Diář 5_is1) (Version: - Václav Šimandl)
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
FastStone Image Viewer 6.2 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.2 - FastStone Soft)
FinePixViewer Resource (HKLM-x32\...\{B44529FF-501E-47CD-A06D-223C161BE058}) (Version: 1.2 - FUJIFILM Corporation)
FinePixViewer Ver.5.5 (HKLM-x32\...\{24ED4D80-8294-11D5-96CD-0040266301AD}) (Version: 5.5 - FUJIFILM Corporation)
FinePixViewer YTUPL (HKLM-x32\...\{65EB09A3-993B-401E-8936-C9708CBFAB26}) (Version: 1.0 - FUJIFILM Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{63FF21C9-A810-464F-B60A-3111747B1A6D}) (Version: 130.0.367.000 - Hewlett-Packard) Hidden
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Scanjet G3010 (HKLM\...\{3B3FA519-42F3-4534-B867-960481329CFC}) (Version: 13.0 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
hpg3010 (HKLM-x32\...\{11B47315-4D03-4684-AA7F-E962524C738E}) (Version: 14.0.0.0 - Název společnosti:) Hidden
HPPhotosmartEssential (HKLM-x32\...\{D79113E7-274C-470B-BD46-01B10219DF6A}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{C43326F5-F135-4551-8270-7F7ABA0462E1}) (Version: 130.0.367.000 - Hewlett-Packard) Hidden
Charity Engine (HKLM-x32\...\{7309D717-F38D-436D-9537-066AA0AC7639}) (Version: 7.0.80 - Charity Engine)
ICQ (verze 10.0.12156) (HKU\S-1-5-21-1090154895-961626002-536426842-1000\...\icq.desktop) (Version: 10.0.12156 - ICQ)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3540 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
IrfanView 4.52 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.52 - Irfan Skiljan)
LightScribe System Software (HKLM-x32\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Microsoft .NET Framework 4.7.2 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 64.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 64.0.2 (x64 cs)) (Version: 64.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.4.0 - Mozilla)
Mozilla Thunderbird 60.4.0 (x86 cs) (HKLM-x32\...\Mozilla Thunderbird 60.4.0 (x86 cs)) (Version: 60.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 8.0.0.8463 - MyHeritage.com)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (HKLM\...\{90150000-001F-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (HKLM\...\{90150000-001F-041B-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nero BurningROM 2015 (HKLM-x32\...\{4377D888-F543-4AA9-ABFF-B3CA44FEC6AF}) (Version: 16.0.02200 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG)
Nero Prerequisite Installer 7.0 (HKLM-x32\...\{20A619F0-E309-4434-A7ED-C270759803AA}) (Version: 19.0.00000 - Nero AG)
NetSoftware (HKLM-x32\...\NetSoftware) (Version: - Gemius SA.)
Noční obloha 1.5 (HKLM-x32\...\Noční obloha_is1) (Version: - )
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Ochrana koncového bodu Trusteer (HKLM-x32\...\Rapport_msi) (Version: 3.5.1930.243 - Trusteer)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.239 - Google, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Prerequisite installer (HKLM-x32\...\{799AFA36-4EA5-4323-8689-74C06645A26B}) (Version: 16.0.0003 - Nero AG) Hidden
Prerequisite installer (HKLM-x32\...\{AD240F1A-3102-492E-B657-17969A9D5E9A}) (Version: 19.0.0003 - Nero AG) Hidden
Rainlendar (remove only) (HKLM-x32\...\Rainlendar) (Version: - )
Rapport (HKLM-x32\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1930.243 - Trusteer) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.82.317.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7200 - Realtek Semiconductor Corp.)
Scan (HKLM-x32\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Seznam prohlížeč (HKU\S-1-5-21-1090154895-961626002-536426842-1000\...\Seznam Browser) (Version: 4.5.2 - Seznam.cz a.s.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype verze 8.37 (HKLM-x32\...\Skype_is1) (Version: 8.37 - Skype Technologies S.A.)
SolutionCenter (HKLM-x32\...\{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}) (Version: 130.0.369.000 - Hewlett-Packard) Hidden
Stellarium 0.18.2 (HKLM-x32\...\Stellarium_is1) (Version: 0.18.2 - Stellarium team)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 8.51 - Ghisler Software GmbH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.6 - VideoLAN)
WebReg (HKLM-x32\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.128.017 - Hewlett-Packard) Hidden
Zálohování dat programu Diář 1.0 (HKLM-x32\...\{8DB57826-2EAB-47E7-9E18-355ADD75BDC4}_is1) (Version: - Václav Šimandl)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1090154895-961626002-536426842-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-16] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-16] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-16] (AVAST Software)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-16] (AVAST Software)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2014-03-31] (Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\Windows\system32\igfxOSP.dll [2014-03-31] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-16] (AVAST Software)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {13721D34-5621-43BA-BA15-0156FCF05D15} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2019-01-10] (Piriform Software Ltd)
Task: {3B55D31C-93AD-4F75-92A0-59FE623A01A4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {3B8CF842-6C53-406A-852A-58AB81BCA38A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2019-01-10] (Piriform Ltd)
Task: {4D381451-C007-490B-92E6-BBEABFBFB8EF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {5DF9C4EF-45EA-4356-96BE-4729AA1EE1D6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {5E07F053-484D-46BD-8F2E-76CBE2EA2933} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [2019-01-17] (AVAST Software)
Task: {6318BEDB-4982-49C3-9BAE-602656B0E5DB} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2019-01-17] (AVAST Software)
Task: {6615DA92-5498-49C8-9F4B-0DB2DA29A8F4} - System32\Tasks\Avast Cleanup Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [2019-01-17] (AVAST Software)
Task: {695A9826-404B-45D4-92D1-2D22A377FD6A} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_114_Plugin.exe [2019-01-08] (Adobe Systems Incorporated)
Task: {6EFCC251-02C5-4706-893B-9A68E933451C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2019-01-08] (Adobe Systems Incorporated)
Task: {715CADC8-98D9-471A-AE4B-845A7B55D7A7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {7DF0AA32-131A-42E5-B618-8A39F796F144} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2019-01-16] (AVAST Software)
Task: {BDC353BB-36EA-4235-B72E-6276EEDCB6F9} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {BE0571FC-8807-4AF1-9ADA-60F06E96AB1A} - System32\Tasks\{0720D2C2-9B50-45AC-B551-A96364B8853A} => C:\Program Files\CCleaner\CCleaner64.exe [2019-01-10] (Piriform Software Ltd)
Task: {D116E6F4-CA12-4DCA-9A12-F64A445776AC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {D7AF22A8-9874-4FB9-A63D-57E6190FB25E} - System32\Tasks\{1431348C-DE15-4520-81AD-297852AE5EF4} => C:\Windows\system32\pcalua.exe -a C:\zaloha\Disk_D\SEZNAM_POST\irfanview_lang_czech.exe -d C:\zaloha\Disk_D\SEZNAM_POST
Task: {E2BB02FB-F2A9-46C1-97AB-D46A823FDE98} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2014-07-21] (Nero AG)
Task: {E551F04B-8688-426A-8E37-9CE159EF44A1} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":
WMI:subscription\__EventFilter->BVTFilter:
WMI:subscription\CommandLineEventConsumer->BVTConsumer:

Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ\icq.com.lnk -> hxxp://www.icq.com

==================== Loaded Modules (Whitelisted) ==============

2019-01-16 07:22 - 2019-01-16 07:22 - 000667016 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2019-01-16 07:22 - 2019-01-16 07:22 - 000550792 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2019-01-16 07:22 - 2019-01-16 07:22 - 001175944 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2019-01-16 07:22 - 2019-01-16 07:22 - 001967496 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2019-01-29 11:33 - 2019-01-29 11:33 - 006946448 _____ () C:\Program Files\AVAST Software\Avast\defs\19012900\algo64.dll
2019-01-16 07:22 - 2019-01-16 07:23 - 093695912 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-07-31 06:39 - 2019-01-16 23:33 - 001837672 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
2018-12-13 07:23 - 2019-01-16 23:33 - 002388832 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\skypert.dll
2018-12-13 07:23 - 2019-01-16 23:33 - 000097840 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node
2018-12-13 07:23 - 2019-01-16 23:33 - 000219696 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\electron-ssid\build\Release\electron-ssid.node
2018-12-13 07:23 - 2019-01-16 23:33 - 000081768 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\desktop-idle\build\Release\desktopIdle.node
2018-02-21 08:18 - 2016-09-12 14:53 - 048936448 _____ () C:\Program Files (x86)\AVAST Software\Avast Cleanup\libcef.dll
2015-06-02 14:51 - 2015-06-02 14:51 - 000545792 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2018-07-31 06:39 - 2019-01-16 23:33 - 002901504 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
2018-07-31 06:39 - 2019-01-16 23:33 - 000015360 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
2018-12-13 07:23 - 2019-01-16 23:33 - 000405056 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\@paulcbetts\spellchecker\build\Release\spellchecker.node
2018-12-13 07:23 - 2019-01-16 23:33 - 000138816 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
2018-12-13 07:23 - 2019-01-16 23:34 - 003239784 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\Processing.NDI.Lib.x86.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2019-01-04 11:54 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT
HKU\S-1-5-21-1090154895-961626002-536426842-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\PC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVer HID Receiver.lnk => C:\Windows\pss\AVer HID Receiver.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVerQuick.lnk => C:\Windows\pss\AVerQuick.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SkypeSetupFull 7.41.exe => C:\Windows\pss\SkypeSetupFull 7.41.exe.Startup
MSCONFIG\startupfolder: C:^Users^PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Vesmír na dlani.lnk => C:\Windows\pss\Vesmír na dlani.lnk.Startup
MSCONFIG\startupreg: boincmgr => "C:\Program Files (x86)\BOINC\charityengine.exe" /a /s
MSCONFIG\startupreg: boinctray => "C:\Program Files (x86)\BOINC\boinctray.exe"
MSCONFIG\startupreg: Family Tree Builder Update => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe
MSCONFIG\startupreg: Skype for Desktop => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe (Microsoft Corporation)
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe (Microsoft Corporation)
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe (Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Corporation)
FirewallRules: [{5B3D8416-D48A-4992-9339-5D501C3C39B0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{68089FC1-1583-469E-8AEB-02BC709B8D7B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{017DB7C3-0DBB-4C93-9D00-A964DE7333A8}] => (Allow) C:\Program Files (x86)\Nero\Nero 2015\Nero Burning ROM\StartNBR.exe (Nero AG)
FirewallRules: [{8087B035-BA0F-485B-A781-A67415F6B3C6}] => (Allow) C:\Program Files (x86)\Nero\Nero 2015\Nero Burning ROM\nero.exe (Nero AG)
FirewallRules: [{74629FD2-FACE-43E4-9BF8-44A28F1244E5}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CS6 (64 Bit)\LogTransport2.exe No File
FirewallRules: [{972B68E1-9343-4144-B581-41AE60063E49}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe No File
FirewallRules: [{C9164856-A9F4-41A7-957C-FD7A18F3BDCC}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CS6 (64 Bit)\sniffer_gpu.exe No File
FirewallRules: [{F000FB73-1228-4A5C-84C8-B53EE1C400C1}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation)
FirewallRules: [{107FA9B8-DF6D-4CC0-8968-BB495D9CE182}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation)
FirewallRules: [{B26D1D29-F7AB-4363-9D2B-274371828B75}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation)
FirewallRules: [{289498B6-98F3-4470-AB90-89D63E1C94E0}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation)
FirewallRules: [{F5691003-7348-4389-BE26-CB06CE4F348A}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe No File
FirewallRules: [{F0958B4D-CBE4-45DF-8FBC-2524B96F97A9}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe No File
FirewallRules: [{14422E6C-0916-48C0-BC93-E385B9DED02C}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe ()
FirewallRules: [{DC685A96-1679-4942-AD8E-23CD1AFA9C4B}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe ()
FirewallRules: [{5E77D304-EA78-45B4-9793-9F8CD7561BA3}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe ()
FirewallRules: [{ED4BA458-5994-4249-9EA6-C4EF4FA16F6E}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe ()
FirewallRules: [{0AAEA07D-C669-43B8-A9D5-C5AF3A35732A}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe ()
FirewallRules: [{EDFD0F1F-E64B-47F0-9DA6-C317627670DC}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe ()
FirewallRules: [{813E0F3F-8EE6-446F-9C72-3C41E7C515E2}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe ()
FirewallRules: [{7FE6F72D-D1FE-4F3C-B58F-B7A04858B785}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe ()
FirewallRules: [{2FA8A877-7DE7-4A8D-8304-BC1663B40763}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe (Hewlett-Packard)
FirewallRules: [{DAF6F2E3-295E-4649-948D-DB3F64193616}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe ()
FirewallRules: [{06348AC5-3631-4FC2-9A45-387ECCB1CB12}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe (Hewlett-Packard)
FirewallRules: [{A00350D1-E298-4B39-8D37-128F5C95DC26}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe (Hewlett-Packard Development Co. L.P.)
FirewallRules: [{67917FB4-F750-465D-92DB-FCA665627C17}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe (Hewlett-Packard Development Co. L.P.)
FirewallRules: [{FEFD45AE-C149-48D7-BF70-BB6F56F082CB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe (Hewlett-Packard Development Co. L.P.)
FirewallRules: [{1437E6DA-530E-40AC-8DAF-B374377D2641}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe (Hewlett-Packard Development Co. L.P.)
FirewallRules: [{F4A62A9B-AE91-47E1-B6EB-A22354C45589}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe (Hewlett-Packard Co.)
FirewallRules: [{082A2929-6A45-4AD9-A32F-1B0ED121CDCD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard)
FirewallRules: [{97C30302-3BED-4DED-B521-2CEEF7A10AD0}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe (Hewlett-Packard)
FirewallRules: [{2601592F-D4CF-45B4-8B06-A0A82E3D455D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{805E4285-D131-4218-A7BE-C8B78E85AC4E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [TCP Query User{8D0F8430-4616-4662-8D69-CBD4AD5EC228}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [UDP Query User{E71F68B7-CDE1-4B6F-8679-9E81F0AE6190}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [TCP Query User{C5299746-75F7-40CB-84AE-BFED3613BBD5}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [UDP Query User{F48BC37D-9394-4661-8E58-F8CC328710E3}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [{CA807D74-FEEC-4635-9BEA-EEC81565F254}] => (Allow) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe (AVAST Software)
FirewallRules: [{95E72D8A-9267-481C-819A-412EA50A704D}] => (Allow) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe (AVAST Software)
FirewallRules: [{C48E005C-DF9B-41D5-AA76-A5947F8B9F80}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{94F32C8E-D7B9-47C3-A9B5-45D9E0AC7FFB}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{555A5F05-8854-45BF-940A-49E441B8F4E1}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Technologies S.A.)
FirewallRules: [{B61E4823-0265-464C-8AEE-6E9B07ECA0BB}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Technologies S.A.)
FirewallRules: [{1666D38D-0BEA-4960-B72E-377B7EA3DCBF}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software)
FirewallRules: [{75A21B03-56EA-4D3C-A44A-9312004FC5AC}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software)
FirewallRules: [{685CDBDD-4286-4FF8-850D-438617C3810F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
FirewallRules: [{74812312-2732-4FC0-8762-961B1BE43932}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software)
FirewallRules: [{C1FB93BA-CAFC-4356-80D5-15A6160E288E}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software)
FirewallRules: [{5DF2DDD5-34CB-4ED6-B64B-42944E295FB6}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Technologies S.A.)
FirewallRules: [{36B10031-D6CE-44CC-A899-E561BB40EBB0}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Technologies S.A.)
FirewallRules: [{894DDF5B-339C-44B7-A26D-444F67E4BFA8}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{CC704D18-662E-482C-A37D-8854965EB7B9}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)

==================== Restore Points =========================

21-01-2019 21:27:33 Windows Update
25-01-2019 07:12:13 Windows Update
28-01-2019 08:46:55 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/29/2019 11:32:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/29/2019 07:34:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/29/2019 07:28:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/28/2019 08:37:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/28/2019 08:19:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/28/2019 08:09:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/28/2019 07:58:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/28/2019 07:54:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (01/29/2019 11:29:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba přijímače aplikace Windows Media Center byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (01/29/2019 11:29:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Avast Cleanup Premium byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 5000 milisekund: Restartovat službu.

Error: (01/29/2019 11:29:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (01/29/2019 11:29:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Presentation Foundation Font Cache 3.0.0.0 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (01/29/2019 11:29:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) HD Graphics Control Panel Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/29/2019 07:32:34 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (7:31:18, ‎29.‎1.‎2019) bylo neočekávané.

Error: (01/29/2019 07:27:18 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (22:38:47, ‎28.‎1.‎2019) bylo neočekávané.

Error: (01/28/2019 10:38:47 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (22:37:38, ‎28.‎1.‎2019) bylo neočekávané.


CodeIntegrity:
===================================

Date: 2016-09-09 07:32:46.969
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vpcvmm.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-09-09 07:32:42.055
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-09-09 07:32:41.852
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-09-08 09:11:22.698
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vpcvmm.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-09-08 09:11:03.651
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-09-08 09:11:03.557
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-09-08 06:44:48.591
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vpcvmm.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-09-08 06:44:41.634
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 43%
Total physical RAM: 8092.21 MB
Available physical RAM: 4600.02 MB
Total Virtual: 16182.56 MB
Available Virtual: 12621.43 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:718.78 GB) NTFS

\\?\Volume{7ca8f6cb-4dcb-11e5-af59-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: C5ADC093)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
Nahoru
Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:
Kontaktovat uživatele Diallix

Re: Problém se zapínáním a vypínáním PC

#7 Příspěvek od Diallix »

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

CloseProcesses:

C:\Program Files\KMSpico

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
FF HKLM\...\Firefox\Extensions: [jid1-r1tDuNiNb4SEww@jetpack] - C:\Program Files\AVAST Software\Avast\pam\FF => not found
FF HKLM-x32\...\Firefox\Extensions: [jid1-r1tDuNiNb4SEww@jetpack] - C:\Program Files\AVAST Software\Avast\pam\FF => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
U1 aswbdisk; no ImagePath
S3 SWDUMon; system32\DRIVERS\SWDUMon.sys [X]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {13721D34-5621-43BA-BA15-0156FCF05D15} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2019-01-10] (Piriform Software Ltd)
Task: {3B55D31C-93AD-4F75-92A0-59FE623A01A4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {715CADC8-98D9-471A-AE4B-845A7B55D7A7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D7AF22A8-9874-4FB9-A63D-57E6190FB25E} - System32\Tasks\{1431348C-DE15-4520-81AD-297852AE5EF4} => C:\Windows\system32\pcalua.exe -a C:\zaloha\Disk_D\SEZNAM_POST\irfanview_lang_czech.exe -d C:\zaloha\Disk_D\SEZNAM_POST
Task: {E2BB02FB-F2A9-46C1-97AB-D46A823FDE98} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2014-07-21] (Nero AG)
Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ\icq.com.lnk -> hxxp://www.icq.com
FirewallRules: [{74629FD2-FACE-43E4-9BF8-44A28F1244E5}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CS6 (64 Bit)\LogTransport2.exe No File
FirewallRules: [{972B68E1-9343-4144-B581-41AE60063E49}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe No File
FirewallRules: [{C9164856-A9F4-41A7-957C-FD7A18F3BDCC}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CS6 (64 Bit)\sniffer_gpu.exe No File
FirewallRules: [{F5691003-7348-4389-BE26-CB06CE4F348A}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe No File
FirewallRules: [{F0958B4D-CBE4-45DF-8FBC-2524B96F97A9}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe No File
FirewallRules: [{14422E6C-0916-48C0-BC93-E385B9DED02C}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe ()
FirewallRules: [{DC685A96-1679-4942-AD8E-23CD1AFA9C4B}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe ()
FirewallRules: [{5E77D304-EA78-45B4-9793-9F8CD7561BA3}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe ()
FirewallRules: [{ED4BA458-5994-4249-9EA6-C4EF4FA16F6E}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe ()
FirewallRules: [{0AAEA07D-C669-43B8-A9D5-C5AF3A35732A}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe ()
FirewallRules: [{EDFD0F1F-E64B-47F0-9DA6-C317627670DC}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe ()
FirewallRules: [{813E0F3F-8EE6-446F-9C72-3C41E7C515E2}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe ()
FirewallRules: [{7FE6F72D-D1FE-4F3C-B58F-B7A04858B785}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe ()
FirewallRules: [TCP Query User{8D0F8430-4616-4662-8D69-CBD4AD5EC228}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [UDP Query User{E71F68B7-CDE1-4B6F-8679-9E81F0AE6190}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [TCP Query User{C5299746-75F7-40CB-84AE-BFED3613BBD5}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [UDP Query User{F48BC37D-9394-4661-8E58-F8CC328710E3}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
S4 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Nahoru
valfhk
Návštěvník
Návštěvník
Příspěvky: 10
Registrován: 29 led 2019 08:07

Re: Problém se zapínáním a vypínáním PC

#8 Příspěvek od valfhk »

Diallix píše:Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

CloseProcesses:

C:\Program Files\KMSpico

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
FF HKLM\...\Firefox\Extensions: [jid1-r1tDuNiNb4SEww@jetpack] - C:\Program Files\AVAST Software\Avast\pam\FF => not found
FF HKLM-x32\...\Firefox\Extensions: [jid1-r1tDuNiNb4SEww@jetpack] - C:\Program Files\AVAST Software\Avast\pam\FF => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
U1 aswbdisk; no ImagePath
S3 SWDUMon; system32\DRIVERS\SWDUMon.sys [X]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {13721D34-5621-43BA-BA15-0156FCF05D15} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2019-01-10] (Piriform Software Ltd)
Task: {3B55D31C-93AD-4F75-92A0-59FE623A01A4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {715CADC8-98D9-471A-AE4B-845A7B55D7A7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D7AF22A8-9874-4FB9-A63D-57E6190FB25E} - System32\Tasks\{1431348C-DE15-4520-81AD-297852AE5EF4} => C:\Windows\system32\pcalua.exe -a C:\zaloha\Disk_D\SEZNAM_POST\irfanview_lang_czech.exe -d C:\zaloha\Disk_D\SEZNAM_POST
Task: {E2BB02FB-F2A9-46C1-97AB-D46A823FDE98} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2014-07-21] (Nero AG)
Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ\icq.com.lnk -> hxxp://www.icq.com
FirewallRules: [{74629FD2-FACE-43E4-9BF8-44A28F1244E5}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CS6 (64 Bit)\LogTransport2.exe No File
FirewallRules: [{972B68E1-9343-4144-B581-41AE60063E49}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe No File
FirewallRules: [{C9164856-A9F4-41A7-957C-FD7A18F3BDCC}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CS6 (64 Bit)\sniffer_gpu.exe No File
FirewallRules: [{F5691003-7348-4389-BE26-CB06CE4F348A}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe No File
FirewallRules: [{F0958B4D-CBE4-45DF-8FBC-2524B96F97A9}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe No File
FirewallRules: [{14422E6C-0916-48C0-BC93-E385B9DED02C}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe ()
FirewallRules: [{DC685A96-1679-4942-AD8E-23CD1AFA9C4B}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe ()
FirewallRules: [{5E77D304-EA78-45B4-9793-9F8CD7561BA3}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe ()
FirewallRules: [{ED4BA458-5994-4249-9EA6-C4EF4FA16F6E}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe ()
FirewallRules: [{0AAEA07D-C669-43B8-A9D5-C5AF3A35732A}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe ()
FirewallRules: [{EDFD0F1F-E64B-47F0-9DA6-C317627670DC}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe ()
FirewallRules: [{813E0F3F-8EE6-446F-9C72-3C41E7C515E2}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe ()
FirewallRules: [{7FE6F72D-D1FE-4F3C-B58F-B7A04858B785}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe ()
FirewallRules: [TCP Query User{8D0F8430-4616-4662-8D69-CBD4AD5EC228}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [UDP Query User{E71F68B7-CDE1-4B6F-8679-9E81F0AE6190}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [TCP Query User{C5299746-75F7-40CB-84AE-BFED3613BBD5}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [UDP Query User{F48BC37D-9394-4661-8E58-F8CC328710E3}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
S4 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Dobrý den,
tak tohle asi nebudu umět, fixlist.txt mám, ale jak ho uložit(přímo do FRST ???) a kam s ním a jak to spustit, to nevím, prosím trošku po lopatě.
Děkuji
Nahoru
valfhk
Návštěvník
Návštěvník
Příspěvky: 10
Registrován: 29 led 2019 08:07

Re: Problém se zapínáním a vypínáním PC

#9 Příspěvek od valfhk »

Jinak zapínání PC se zlepšilo, vypínání zůstalo problematické
valfhk píše:
Diallix píše:Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

CloseProcesses:

C:\Program Files\KMSpico

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
FF HKLM\...\Firefox\Extensions: [jid1-r1tDuNiNb4SEww@jetpack] - C:\Program Files\AVAST Software\Avast\pam\FF => not found
FF HKLM-x32\...\Firefox\Extensions: [jid1-r1tDuNiNb4SEww@jetpack] - C:\Program Files\AVAST Software\Avast\pam\FF => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
U1 aswbdisk; no ImagePath
S3 SWDUMon; system32\DRIVERS\SWDUMon.sys [X]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {13721D34-5621-43BA-BA15-0156FCF05D15} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2019-01-10] (Piriform Software Ltd)
Task: {3B55D31C-93AD-4F75-92A0-59FE623A01A4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {715CADC8-98D9-471A-AE4B-845A7B55D7A7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D7AF22A8-9874-4FB9-A63D-57E6190FB25E} - System32\Tasks\{1431348C-DE15-4520-81AD-297852AE5EF4} => C:\Windows\system32\pcalua.exe -a C:\zaloha\Disk_D\SEZNAM_POST\irfanview_lang_czech.exe -d C:\zaloha\Disk_D\SEZNAM_POST
Task: {E2BB02FB-F2A9-46C1-97AB-D46A823FDE98} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2014-07-21] (Nero AG)
Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ\icq.com.lnk -> hxxp://www.icq.com
FirewallRules: [{74629FD2-FACE-43E4-9BF8-44A28F1244E5}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CS6 (64 Bit)\LogTransport2.exe No File
FirewallRules: [{972B68E1-9343-4144-B581-41AE60063E49}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe No File
FirewallRules: [{C9164856-A9F4-41A7-957C-FD7A18F3BDCC}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CS6 (64 Bit)\sniffer_gpu.exe No File
FirewallRules: [{F5691003-7348-4389-BE26-CB06CE4F348A}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe No File
FirewallRules: [{F0958B4D-CBE4-45DF-8FBC-2524B96F97A9}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe No File
FirewallRules: [{14422E6C-0916-48C0-BC93-E385B9DED02C}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe ()
FirewallRules: [{DC685A96-1679-4942-AD8E-23CD1AFA9C4B}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe ()
FirewallRules: [{5E77D304-EA78-45B4-9793-9F8CD7561BA3}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe ()
FirewallRules: [{ED4BA458-5994-4249-9EA6-C4EF4FA16F6E}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe ()
FirewallRules: [{0AAEA07D-C669-43B8-A9D5-C5AF3A35732A}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe ()
FirewallRules: [{EDFD0F1F-E64B-47F0-9DA6-C317627670DC}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe ()
FirewallRules: [{813E0F3F-8EE6-446F-9C72-3C41E7C515E2}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe ()
FirewallRules: [{7FE6F72D-D1FE-4F3C-B58F-B7A04858B785}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe ()
FirewallRules: [TCP Query User{8D0F8430-4616-4662-8D69-CBD4AD5EC228}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [UDP Query User{E71F68B7-CDE1-4B6F-8679-9E81F0AE6190}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [TCP Query User{C5299746-75F7-40CB-84AE-BFED3613BBD5}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [UDP Query User{F48BC37D-9394-4661-8E58-F8CC328710E3}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
S4 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Dobrý den,
tak tohle asi nebudu umět, fixlist.txt mám, ale jak ho uložit(přímo do FRST ???) a kam s ním a jak to spustit, to nevím, prosím trošku po lopatě.
Děkuji
Nahoru
valfhk
Návštěvník
Návštěvník
Příspěvky: 10
Registrován: 29 led 2019 08:07

Re: Problém se zapínáním a vypínáním PC

#10 Příspěvek od valfhk »

Tak už jsem pochopil,ale mám problém, fixlist mám asi špatně uložený, FRST ho nemůže najít, ukládal jsem to na Plochu
nejde spustit Fix, fixlist asi špatně uložený, je to se mnou těžké
valfhk píše:Jinak zapínání PC se zlepšilo, vypínání zůstalo problematické
valfhk píše:
Diallix píše:Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

CloseProcesses:

C:\Program Files\KMSpico

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
FF HKLM\...\Firefox\Extensions: [jid1-r1tDuNiNb4SEww@jetpack] - C:\Program Files\AVAST Software\Avast\pam\FF => not found
FF HKLM-x32\...\Firefox\Extensions: [jid1-r1tDuNiNb4SEww@jetpack] - C:\Program Files\AVAST Software\Avast\pam\FF => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
U1 aswbdisk; no ImagePath
S3 SWDUMon; system32\DRIVERS\SWDUMon.sys [X]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {13721D34-5621-43BA-BA15-0156FCF05D15} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2019-01-10] (Piriform Software Ltd)
Task: {3B55D31C-93AD-4F75-92A0-59FE623A01A4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {715CADC8-98D9-471A-AE4B-845A7B55D7A7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D7AF22A8-9874-4FB9-A63D-57E6190FB25E} - System32\Tasks\{1431348C-DE15-4520-81AD-297852AE5EF4} => C:\Windows\system32\pcalua.exe -a C:\zaloha\Disk_D\SEZNAM_POST\irfanview_lang_czech.exe -d C:\zaloha\Disk_D\SEZNAM_POST
Task: {E2BB02FB-F2A9-46C1-97AB-D46A823FDE98} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2014-07-21] (Nero AG)
Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ\icq.com.lnk -> hxxp://www.icq.com
FirewallRules: [{74629FD2-FACE-43E4-9BF8-44A28F1244E5}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CS6 (64 Bit)\LogTransport2.exe No File
FirewallRules: [{972B68E1-9343-4144-B581-41AE60063E49}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe No File
FirewallRules: [{C9164856-A9F4-41A7-957C-FD7A18F3BDCC}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CS6 (64 Bit)\sniffer_gpu.exe No File
FirewallRules: [{F5691003-7348-4389-BE26-CB06CE4F348A}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe No File
FirewallRules: [{F0958B4D-CBE4-45DF-8FBC-2524B96F97A9}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe No File
FirewallRules: [{14422E6C-0916-48C0-BC93-E385B9DED02C}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe ()
FirewallRules: [{DC685A96-1679-4942-AD8E-23CD1AFA9C4B}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe ()
FirewallRules: [{5E77D304-EA78-45B4-9793-9F8CD7561BA3}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe ()
FirewallRules: [{ED4BA458-5994-4249-9EA6-C4EF4FA16F6E}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe ()
FirewallRules: [{0AAEA07D-C669-43B8-A9D5-C5AF3A35732A}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe ()
FirewallRules: [{EDFD0F1F-E64B-47F0-9DA6-C317627670DC}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe ()
FirewallRules: [{813E0F3F-8EE6-446F-9C72-3C41E7C515E2}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe ()
FirewallRules: [{7FE6F72D-D1FE-4F3C-B58F-B7A04858B785}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe ()
FirewallRules: [TCP Query User{8D0F8430-4616-4662-8D69-CBD4AD5EC228}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [UDP Query User{E71F68B7-CDE1-4B6F-8679-9E81F0AE6190}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [TCP Query User{C5299746-75F7-40CB-84AE-BFED3613BBD5}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [UDP Query User{F48BC37D-9394-4661-8E58-F8CC328710E3}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
S4 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Dobrý den,
tak tohle asi nebudu umět, fixlist.txt mám, ale jak ho uložit(přímo do FRST ???) a kam s ním a jak to spustit, to nevím, prosím trošku po lopatě.

už jsem pochopil, ale FRST nemůže fixlist najít, mám to asi špatně uložené, ukládal jsem to na plochu
Děkuji
Naposledy upravil(a) valfhk dne 30 led 2019 08:47, celkem upraveno 1 x.
Nahoru
Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:
Kontaktovat uživatele Diallix

Re: Problém se zapínáním a vypínáním PC

#11 Příspěvek od Diallix »

Na plochu ulozt aj FRTS,
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Nahoru
valfhk
Návštěvník
Návštěvník
Příspěvky: 10
Registrován: 29 led 2019 08:07

Re: Problém se zapínáním a vypínáním PC

#12 Příspěvek od valfhk »

nedaří se mně to, FRST nemůže ten fixlist najít
Nahoru
Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:
Kontaktovat uživatele Diallix

Re: Problém se zapínáním a vypínáním PC

#13 Příspěvek od Diallix »

Mate nastroj FRST ulozeny na ploche a zaroven aj fixlog.txt ?
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Nahoru
valfhk
Návštěvník
Návštěvník
Příspěvky: 10
Registrován: 29 led 2019 08:07

Re: Problém se zapínáním a vypínáním PC

#14 Příspěvek od valfhk »

Pro jistotu posílám ještě jednou, nevím,jestli to správně odešlo.

Fix result of Farbar Recovery Scan Tool (x64) Version: 30.01.2019
Ran by PC (30-01-2019 17:44:17) Run:1
Running from C:\Users\PC\Downloads
Loaded Profiles: PC (Available Profiles: PC)
Boot Mode: Normal
==============================================

fixlist content:
*****************
K�d:
CloseProcesses:

C:\Program Files\KMSpico

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
FF HKLM\...\Firefox\Extensions: [jid1-r1tDuNiNb4SEww@jetpack] - C:\Program Files\AVAST Software\Avast\pam\FF => not found
FF HKLM-x32\...\Firefox\Extensions: [jid1-r1tDuNiNb4SEww@jetpack] - C:\Program Files\AVAST Software\Avast\pam\FF => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
U1 aswbdisk; no ImagePath
S3 SWDUMon; system32\DRIVERS\SWDUMon.sys [X]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {13721D34-5621-43BA-BA15-0156FCF05D15} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2019-01-10] (Piriform Software Ltd)
Task: {3B55D31C-93AD-4F75-92A0-59FE623A01A4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {715CADC8-98D9-471A-AE4B-845A7B55D7A7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D7AF22A8-9874-4FB9-A63D-57E6190FB25E} - System32\Tasks\{1431348C-DE15-4520-81AD-297852AE5EF4} => C:\Windows\system32\pcalua.exe -a C:\zaloha\Disk_D\SEZNAM_POST\irfanview_lang_czech.exe -d C:\zaloha\Disk_D\SEZNAM_POST
Task: {E2BB02FB-F2A9-46C1-97AB-D46A823FDE98} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2014-07-21] (Nero AG)
Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ\icq.com.lnk -> hxxp://www.icq.com
FirewallRules: [{74629FD2-FACE-43E4-9BF8-44A28F1244E5}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CS6 (64 Bit)\LogTransport2.exe No File
FirewallRules: [{972B68E1-9343-4144-B581-41AE60063E49}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe No File
FirewallRules: [{C9164856-A9F4-41A7-957C-FD7A18F3BDCC}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CS6 (64 Bit)\sniffer_gpu.exe No File
FirewallRules: [{F5691003-7348-4389-BE26-CB06CE4F348A}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe No File
FirewallRules: [{F0958B4D-CBE4-45DF-8FBC-2524B96F97A9}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe No File
FirewallRules: [{14422E6C-0916-48C0-BC93-E385B9DED02C}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe ()
FirewallRules: [{DC685A96-1679-4942-AD8E-23CD1AFA9C4B}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe ()
FirewallRules: [{5E77D304-EA78-45B4-9793-9F8CD7561BA3}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe ()
FirewallRules: [{ED4BA458-5994-4249-9EA6-C4EF4FA16F6E}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe ()
FirewallRules: [{0AAEA07D-C669-43B8-A9D5-C5AF3A35732A}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe ()
FirewallRules: [{EDFD0F1F-E64B-47F0-9DA6-C317627670DC}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe ()
FirewallRules: [{813E0F3F-8EE6-446F-9C72-3C41E7C515E2}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe ()
FirewallRules: [{7FE6F72D-D1FE-4F3C-B58F-B7A04858B785}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe ()
FirewallRules: [TCP Query User{8D0F8430-4616-4662-8D69-CBD4AD5EC228}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [UDP Query User{E71F68B7-CDE1-4B6F-8679-9E81F0AE6190}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [TCP Query User{C5299746-75F7-40CB-84AE-BFED3613BBD5}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [UDP Query User{F48BC37D-9394-4661-8E58-F8CC328710E3}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
S4 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
*****************

K�d: => Error: No automatic fix found for this entry.
Processes closed successfully.
C:\Program Files\KMSpico => moved successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKLM\Software\Mozilla\Firefox\Extensions\\jid1-r1tDuNiNb4SEww@jetpack" => removed successfully
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\jid1-r1tDuNiNb4SEww@jetpack" => removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => removed successfully
HKLM\System\CurrentControlSet\Services\aswbdisk => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\SWDUMon => removed successfully
SWDUMon => service removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{13721D34-5621-43BA-BA15-0156FCF05D15}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13721D34-5621-43BA-BA15-0156FCF05D15}" => removed successfully
C:\Windows\System32\Tasks\CCleanerSkipUAC => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3B55D31C-93AD-4F75-92A0-59FE623A01A4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B55D31C-93AD-4F75-92A0-59FE623A01A4}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{715CADC8-98D9-471A-AE4B-845A7B55D7A7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{715CADC8-98D9-471A-AE4B-845A7B55D7A7}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D7AF22A8-9874-4FB9-A63D-57E6190FB25E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7AF22A8-9874-4FB9-A63D-57E6190FB25E}" => removed successfully
C:\Windows\System32\Tasks\{1431348C-DE15-4520-81AD-297852AE5EF4} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1431348C-DE15-4520-81AD-297852AE5EF4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E2BB02FB-F2A9-46C1-97AB-D46A823FDE98}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2BB02FB-F2A9-46C1-97AB-D46A823FDE98}" => removed successfully
C:\Windows\System32\Tasks\Nero\Nero Info => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Nero\Nero Info" => removed successfully
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ\icq.com.lnk => moved successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{74629FD2-FACE-43E4-9BF8-44A28F1244E5}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{972B68E1-9343-4144-B581-41AE60063E49}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C9164856-A9F4-41A7-957C-FD7A18F3BDCC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F5691003-7348-4389-BE26-CB06CE4F348A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F0958B4D-CBE4-45DF-8FBC-2524B96F97A9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{14422E6C-0916-48C0-BC93-E385B9DED02C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DC685A96-1679-4942-AD8E-23CD1AFA9C4B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5E77D304-EA78-45B4-9793-9F8CD7561BA3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ED4BA458-5994-4249-9EA6-C4EF4FA16F6E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0AAEA07D-C669-43B8-A9D5-C5AF3A35732A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EDFD0F1F-E64B-47F0-9DA6-C317627670DC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{813E0F3F-8EE6-446F-9C72-3C41E7C515E2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7FE6F72D-D1FE-4F3C-B58F-B7A04858B785}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8D0F8430-4616-4662-8D69-CBD4AD5EC228}C:\program files (x86)\skype\phone\skype.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E71F68B7-CDE1-4B6F-8679-9E81F0AE6190}C:\program files (x86)\skype\phone\skype.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C5299746-75F7-40CB-84AE-BFED3613BBD5}C:\program files (x86)\skype\phone\skype.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F48BC37D-9394-4661-8E58-F8CC328710E3}C:\program files (x86)\skype\phone\skype.exe" => removed successfully
HKLM\System\CurrentControlSet\Services\Service KMSELDI => removed successfully
Service KMSELDI => service removed successfully

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 30-01-2019 17:46:26)


Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\aswbdisk => could not remove, key could be protected

==== End of Fixlog 17:46:26 ====
Nahoru
Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:
Kontaktovat uživatele Diallix

Re: Problém se zapínáním a vypínáním PC

#15 Příspěvek od Diallix »

Dobre, ako je na tom pocitac?
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“