Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Nabouraná emailová komunikace, vykradený účet...
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 118251
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Nabouraná emailová komunikace, vykradený účet...
Tak buď je vaše osobní, nebo patří firmě (instituci). Jiné rozlišení nemáme. Měli jsme ti případy, kdy si firmní ajťáci u nás nechali odvirovat PC a sami za to shrábli odměnu. Tím jsme tomu učinili přítrž, poněvadž se nám to zdá dost nefér. Ten první případ tu samozřejmě řešíme. Je-li tomu tak, klidně sem dejte FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Nabouraná emailová komunikace, vykradený účet...
Díky! Nejde o instituci, nikdo za to smetanu slízávat nebude. 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03.03.2019
Ran by Částka Petr (administrator) on LENOVO-PC (06-03-2019 11:21:55)
Running from C:\Users\Petr\Desktop
Loaded Profiles: UpdatusUser & Částka Petr (Available Profiles: UpdatusUser & Částka Petr)
Platform: Windows 8.1 (Update) (X64) Language: Angličtina (Spojené státy)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft) [File not signed] C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
() [File not signed] C:\Windows\jmesoft\Service.exe
(LENOVO -> LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(CyberLink -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ClientConnect LTD -> ClientConnect LTD) C:\Program Files (x86)\LenovoBrowserGuard\Main\bin\CltMngSvc.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ClientConnect LTD -> ClientConnect LTD) C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\cltmng.exe
(Pokki -> Pokki) C:\Users\Petr\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - pGFX -> ) C:\Windows\System32\igfxTray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acresso Software Inc. -> Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Lenovo) [File not signed] C:\Windows\jmesoft\hotkey.exe
() [File not signed] C:\Windows\jmesoft\JME_LOAD.exe
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-04] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo) [File not signed]
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-17] () [File not signed]
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo (Beijing) Limited -> Lenovo)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-04-08] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2013-03-22] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1944576 2013-03-07] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] () [File not signed]
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Software Inc. -> Acresso Corporation)
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\MountPoints2: {2a1b4f04-bd53-11e6-8264-f0761c5221e3} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\MountPoints2: {2e20ddfc-7c38-11e7-8267-f0761c5221e3} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\MountPoints2: {4d1ec61d-d63a-11e5-825c-f0761c5221e3} - "G:\autorun.exe"
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\MountPoints2: {4d1ed478-d63a-11e5-825c-f0761c5221e3} - "F:\autorun.exe"
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\MountPoints2: {6206e3d8-ec3f-11e5-825e-f0761c5221e3} - "F:\autorun.exe"
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\MountPoints2: {95169767-9ab6-11e6-8264-f0761c5221e3} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\MountPoints2: {a6e9883d-7eaf-11e8-826f-f0761c5221e3} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\MountPoints2: {edd49d32-55a2-11e7-8266-f0761c5221e3} - "F:\HiSuiteDownLoader.exe"
HKLM\...\Drivers32: [vidc.XVID] => C:\WINDOWS\system32\xvidvfw.dll [255488 2011-05-30] () [File not signed]
HKLM\...\Drivers32: [msacm.l3acm] => C:\WINDOWS\SysWOW64\l3codecp.acm [186368 2014-10-29] (Microsoft Windows -> Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32: [vidc.XVID] => C:\WINDOWS\SysWOW64\xvidvfw.dll [240640 2011-05-30] () [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.121\Installer\chrmstp.exe [2019-03-06] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2018-09-20] (Adobe Systems, Incorporated -> Adobe Systems, Inc.)
AppInit_DLLs: C:\PROGRA~2\LENOVO~1\LENOVO~1\bin\SPVC64~1.DLL => C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll [206152 2014-05-12] (ClientConnect LTD -> ClientConnect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\LENOVO~1\LENOVO~1\bin\SPVC32~1.DLL => C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll [173896 2014-05-12] (ClientConnect LTD -> ClientConnect LTD)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{03F53F67-784D-4FB3-9EC0-A406A81A51C6}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{373C285D-1596-47EB-B690-00328B36A86A}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3971982784-3446199161-1991443711-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/?clid=29530
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation) [File not signed]
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2017-01-04] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2017-01-04] (Oracle America, Inc. -> Oracle Corporation)
FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC -> DivX, LLC.)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1223183.dll [2015-12-22] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC -> DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2016-03-04] (DivX, LLC -> DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-12] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-12] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2017-01-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2017-01-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-18] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-18] (Google Inc -> Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-02-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR Profile: C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default [2019-03-06]
CHR Extension: (Prezentace) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-17]
CHR Extension: (Dokumenty) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-17]
CHR Extension: (Disk Google) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (YouTube) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-16]
CHR Extension: (Vyhledávání Google) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-16]
CHR Extension: (Adobe Acrobat) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-07]
CHR Extension: (Dokumenty Google offline) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-27]
CHR Extension: (FormApps Extension) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfoopambfaclfjmpiaijnccgcmbeigi [2017-06-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]
CHR Extension: (Gmail) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-16]
CHR Extension: (Chrome Media Router) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-12]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 CltMngSvc; C:\Program Files (x86)\LenovoBrowserGuard\Main\bin\CltMngSvc.exe [2535752 2014-05-12] (ClientConnect LTD -> ClientConnect LTD)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-04] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
R2 IdeaTouch.LocalDataServer.Education; C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe [7680 2012-05-17] (Microsoft) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation - pGFX -> Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-12] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-17] () [File not signed]
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-22] (LENOVO -> LENOVO INCORPORATED.)
S4 LSEDT; C:\WINDOWS\System32\LSEDT.exe [32968 2016-02-16] (Lenovo.Ltd -> Lenovo)
S2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] (CyberLink -> )
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation -> Microsoft Corporation)
S2 0025841460351472mcinstcleanup; C:\WINDOWS\TEMP\002584~1.EXE -cleanup -nolog [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 BrSerIb; C:\WINDOWS\system32\DRIVERS\BrSerIb.sys [95344 2014-10-23] (Brother Industries, Ltd. -> Brother Industries Ltd.)
R3 BrUsbSIb; C:\WINDOWS\system32\DRIVERS\BrUsbSIb.sys [21872 2014-10-23] (Brother Industries, Ltd. -> Brother Industries Ltd.)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-12] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R1 MpKsl4f544884; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4218A688-72B8-40FC-8EFD-77D0EBAE5830}\MpKsl4f544884.sys [44928 2018-11-29] (Microsoft Windows Hardware Compatibility Publisher -> Microsoft Corporation)
S3 NETwNe64; C:\WINDOWS\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-05] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [2944216 2013-08-21] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation )
R3 vmuacflt; C:\WINDOWS\System32\Drivers\vmuacflt.sys [15872 2013-04-23] (Microsoft Windows Hardware Compatibility Publisher -> Vimicro Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Windows -> Microsoft Corporation)
R2 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] (CyberLink -> "CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-03-06 11:21 - 2019-03-06 11:22 - 000023925 _____ C:\Users\Petr\Desktop\FRST.txt
2019-03-06 11:21 - 2019-03-06 11:21 - 000000000 ____D C:\Users\Petr\Desktop\FRST-OlderVersion
2019-03-06 11:21 - 2019-03-06 11:21 - 000000000 ____D C:\FRST
2019-03-06 11:12 - 2019-03-06 11:21 - 002434560 _____ (Farbar) C:\Users\Petr\Desktop\FRST64.exe
2019-02-22 14:24 - 2019-02-22 15:49 - 000010912 _____ C:\Users\Petr\Desktop\heslo.odt
2019-02-22 13:59 - 2019-02-22 13:59 - 000452747 _____ C:\Users\Petr\Downloads\2018_05_17_14_13_49.pdf
2019-02-22 13:58 - 2019-02-22 13:58 - 000452393 _____ C:\Users\Petr\Downloads\Let Repair Wire Trasnfer__ 2-11-19.pdf
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-03-06 11:20 - 2016-02-16 21:37 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3971982784-3446199161-1991443711-1002
2019-03-06 11:15 - 2016-02-16 21:51 - 000002255 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-03-06 11:15 - 2016-02-16 21:51 - 000002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-03-06 11:09 - 2016-08-29 06:38 - 000000000 ____D C:\Users\Petr\AppData\Roaming\Skype
2019-03-06 11:07 - 2016-02-16 21:30 - 000000000 ____D C:\Users\Petr\AppData\Local\SweetLabs App Platform
2019-03-06 11:06 - 2016-02-18 12:56 - 000000000 ___RD C:\Users\Petr\OneDrive
2019-03-05 16:13 - 2018-09-06 12:33 - 000014161 _____ C:\Users\Petr\Desktop\Nový Textový dokument OpenDocument.odt
2019-03-05 16:10 - 2016-02-16 22:40 - 000026474 _____ C:\WINDOWS\BRRBCOM.INI
2019-02-22 11:44 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2019-02-21 15:50 - 2016-03-16 08:33 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-02-14 13:34 - 2014-12-02 04:51 - 000739704 _____ C:\WINDOWS\system32\perfh005.dat
2019-02-14 13:34 - 2014-12-02 04:51 - 000151944 _____ C:\WINDOWS\system32\perfc005.dat
2019-02-14 13:34 - 2014-03-18 10:53 - 001749406 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-02-14 13:34 - 2013-08-22 14:36 - 000000000 ____D C:\WINDOWS\Inf
2019-02-14 13:01 - 2016-03-16 08:33 - 000004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-02-11 12:53 - 2017-07-27 12:50 - 000003186 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3971982784-3446199161-1991443711-1002
2019-02-11 12:53 - 2016-04-27 06:56 - 000002334 _____ C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive pro firmy.lnk
2019-02-05 14:40 - 2016-11-25 14:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2019-02-05 14:40 - 2016-05-06 13:53 - 000001236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
==================== Files in the root of some directories =======
2016-06-08 10:32 - 2007-11-20 08:22 - 000000060 ____R () C:\Program Files (x86)\BRINST.INI
Some files in TEMP:
====================
2018-06-06 11:44 - 2019-01-07 16:00 - 026481656 _____ (Microsoft Corporation) C:\Users\Petr\AppData\Local\Temp\AccessDatabaseEngine.exe
2018-06-06 11:44 - 2019-01-07 16:00 - 076055472 _____ (Microsoft Corporation) C:\Users\Petr\AppData\Local\Temp\accessruntimeanddataconnectivity2007sp3-kb2526310-fullfile-en-us.exe
2017-01-04 11:29 - 2017-01-04 11:29 - 000737856 _____ (Oracle Corporation) C:\Users\Petr\AppData\Local\Temp\jre-8u111-windows-au.exe
2016-06-08 09:37 - 2016-06-08 09:37 - 000739904 _____ (Oracle Corporation) C:\Users\Petr\AppData\Local\Temp\jre-8u91-windows-au.exe
2016-03-14 12:03 - 2016-03-14 12:03 - 000205808 _____ (McAfee, Inc.) C:\Users\Petr\AppData\Local\Temp\McCSPInstall.dll
2016-05-06 13:24 - 2016-03-14 12:03 - 000169184 _____ (McAfee Inc.) C:\Users\Petr\AppData\Local\Temp\mccspuninstall.exe
2016-08-01 06:33 - 2016-08-01 06:34 - 063953128 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\oct27FF.tmp.exe
2017-05-19 09:27 - 2017-05-19 09:28 - 064118864 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\oct2A04.tmp.exe
2018-01-19 16:09 - 2018-01-19 16:12 - 041424392 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\oct4705.tmp.exe
2016-09-20 12:31 - 2016-09-20 12:32 - 064108904 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\oct4CCB.tmp.exe
2017-08-11 06:51 - 2017-08-11 06:52 - 063610592 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\oct4F8C.tmp.exe
2018-03-15 15:59 - 2018-03-15 16:00 - 041560272 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\oct51B3.tmp.exe
2016-11-21 07:57 - 2016-11-21 07:58 - 064111920 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\oct53EA.tmp.exe
2017-10-09 07:40 - 2017-10-09 07:40 - 041565936 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\oct5F7.tmp.exe
2018-10-05 07:33 - 2018-10-05 07:34 - 043898176 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\oct65EB.tmp.exe
2017-09-25 13:17 - 2017-09-25 13:17 - 041563000 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\oct6E69.tmp.exe
2018-03-18 18:02 - 2018-03-18 18:02 - 041561472 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\oct7AF0.tmp.exe
2017-12-07 13:24 - 2017-12-07 13:25 - 041373360 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\oct8199.tmp.exe
2018-03-22 09:29 - 2018-03-22 09:30 - 041558960 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\oct8C6E.tmp.exe
2017-09-27 07:29 - 2017-09-27 07:29 - 041564368 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\octA0E9.tmp.exe
2019-01-03 08:41 - 2019-01-03 08:42 - 044622200 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\octD65F.tmp.exe
2017-10-30 13:02 - 2017-10-30 13:03 - 042197072 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\octDF41.tmp.exe
2017-12-18 12:16 - 2017-12-18 12:16 - 041440856 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\octEED.tmp.exe
2016-07-25 09:00 - 2016-07-25 09:01 - 063953600 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\octF187.tmp.exe
2018-11-23 11:07 - 2018-11-23 11:07 - 044113736 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\octF27D.tmp.exe
2016-06-08 10:41 - 2006-05-24 18:10 - 000455600 _____ (Macrovision Corporation) C:\Users\Petr\AppData\Local\Temp\_is46D5.exe
2016-06-08 09:27 - 2006-05-24 18:10 - 000455600 ____R (Macrovision Corporation) C:\Users\Petr\AppData\Local\Temp\_is5120.exe
2016-06-08 10:33 - 2006-05-24 18:10 - 000455600 ____R (Macrovision Corporation) C:\Users\Petr\AppData\Local\Temp\_is65AA.exe
2016-06-07 10:04 - 2006-05-24 18:10 - 000455600 _____ (Macrovision Corporation) C:\Users\Petr\AppData\Local\Temp\_is8A18.exe
2016-06-08 09:23 - 2006-05-24 18:10 - 000455600 ____R (Macrovision Corporation) C:\Users\Petr\AppData\Local\Temp\_isE66F.exe
2016-06-08 09:45 - 2006-05-24 18:10 - 000455600 ____R (Macrovision Corporation) C:\Users\Petr\AppData\Local\Temp\_isF504.exe
2016-06-08 10:49 - 2006-05-24 18:10 - 000455600 ____R (Macrovision Corporation) C:\Users\Petr\AppData\Local\Temp\_isF918.exe
2016-06-08 10:43 - 2006-05-24 18:10 - 000455600 _____ (Macrovision Corporation) C:\Users\Petr\AppData\Local\Temp\_isFA5D.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2019-03-05 15:17
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03.03.2019
Ran by Částka Petr (06-03-2019 11:23:28)
Running from C:\Users\Petr\Desktop
Windows 8.1 (Update) (X64) (2016-02-16 20:31:33)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3971982784-3446199161-1991443711-500 - Administrator - Disabled)
Guest (S-1-5-21-3971982784-3446199161-1991443711-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-3971982784-3446199161-1991443711-1001 - Limited - Enabled) => C:\Users\UpdatusUser
Částka Petr (S-1-5-21-3971982784-3446199161-1991443711-1002 - Administrator - Enabled) => C:\Users\Petr
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.198 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.3.183 - Adobe Systems, Inc.)
Brother Driver Deployment Wizard (HKLM-x32\...\{0ED38503-B69A-44B4-98BE-21BFF284A9B6}) (Version: 1.09.000 - Brother)
Brother MFL-Pro Suite MFC-J6520DW (HKLM-x32\...\{6A367B4D-2E1C-4843-9FF0-A1DF1DEAB1E6}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
collage of waste materials (HKLM-x32\...\{ECE59CCF-8619-4700-BD83-484962C959B8}) (Version: 1.20.2014.0617 - Tong child Research & Planning Co.,Ltd)
Dependency Package Update (HKLM\...\{0788641D-D31A-478D-BB34-C41564AE9F93}) (Version: 1.6.38.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM\...\{5252431C-288E-409D-ADCF-24407E0E6F70}) (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM\...\{FFED38DF-94DC-4FF9-96C1-A6990EDA6B03}) (Version: 1.6.29.00 - Lenovo Inc.) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.8.0.18 - DivX, LLC)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
EducationPortal (HKLM-x32\...\{65487538-FF20-421B-91DB-F6634B8D264C}) (Version: 5.00.012.0903 - Lenovo)
FastStone Image Viewer 6.2 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.2 - FastStone Soft)
Find the Differences (HKLM-x32\...\{65F9B587-24A7-466A-999A-9C5F9D452400}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
Find the Differences (HKLM-x32\...\InstallShield_{65F9B587-24A7-466A-999A-9C5F9D452400}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
Finding the Letters (HKLM-x32\...\{535FB733-FFCF-4460-8694-664A2F6C53B4}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
Finding the Letters (HKLM-x32\...\InstallShield_{535FB733-FFCF-4460-8694-664A2F6C53B4}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
FORM studio (HKLM-x32\...\FSCZ_is1) (Version: - KASTNER software s.r.o.)
FormApps Signing Extension (HKLM-x32\...\{ACA43D91-8B42-4D42-8C8B-A893BD6AA40D}) (Version: 2.8.2.28 - Software602 a.s.)
Fruits (HKLM-x32\...\{AA39BFDE-71E5-46A6-A10B-44C2F45A341E}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd) Hidden
Fruits (HKLM-x32\...\InstallShield_{AA39BFDE-71E5-46A6-A10B-44C2F45A341E}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.121 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Hightail for Lenovo (HKLM\...\{2F10E937-F6D7-4174-8AB9-B299E8FC5CEC}) (Version: 2.4.97.2751 - Hightail, Inc.)
Host App Service (HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\SweetLabs_AP) (Version: 0.269.8.718 - Pokki) <==== ATTENTION
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.8.1000 - Intel Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Browser Guard (HKLM-x32\...\LenovoBrowserGuard) (Version: 2.14.0.129 - ClientConnect LTD) <==== ATTENTION
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.25.00 - Lenovo Group Limited)
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Lenovo USB2.0 UVC Camera (HKLM-x32\...\{70D2C5B8-EB22-45B1-9EAA-5E8C1C408A3B}) (Version: 1.00.0000 - Vimicro Corporation)
Lenovo Web Start (HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1) (Version: 1.0.2.53457 - Pokki)
LibreOffice 5.1.2.2 (HKLM-x32\...\{09AD7191-4F96-442C-B2F4-1491B144DBEB}) (Version: 5.1.2.2 - The Document Foundation)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Mammals (HKLM-x32\...\{33492EF5-7931-45B9-B74F-E4A99068B7C9}) (Version: 1.20.2014.0509 - Tong child Research & Planning Co.,Ltd)
Matching Roles (HKLM-x32\...\{92736E44-7608-4D80-9333-E40C82B7E8B3}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
Matching Roles (HKLM-x32\...\InstallShield_{92736E44-7608-4D80-9333-E40C82B7E8B3}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 60.5.0.6961 - Mozilla)
Mozilla Thunderbird 60.5.0 (x86 cs) (HKLM-x32\...\Mozilla Thunderbird 60.5.0 (x86 cs)) (Version: 60.5.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{A04A7656-A8E6-451F-A687-B1E34F83A8E2}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA Graphics Driver 332.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.92 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
OpenOffice 4.1.3 (HKLM-x32\...\{7308600A-5231-459C-A3E2-A637F842CACA}) (Version: 4.13.9783 - Apache Software Foundation)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7093 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0224 - REALTEK Semiconductor Corp.)
Scansoft PDF Professional (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version: - ) Hidden
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.)
Start Menu (HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\SweetLabs_Start_Menu) (Version: 0.269.8.718 - Pokki)
STORMWARE PDF Printer 10.1.0.1871 (HKLM\...\STORMWARE PDF Printer_is1) (Version: 10.1.0.1871 - STORMWARE)
STORMWARE POHODA CZ Komplet (HKLM-x32\...\{E4D96EE7-1C92-4121-8876-37972063DF37}) (Version: 12100.85 - STORMWARE)
StormWare Tax CZ DEMO (HKLM-x32\...\{43F904C7-A617-4515-943A-FDBDACE57B74}) (Version: 5.1.6302.10 - StormWare) Hidden
StormWare Tax CZ DEMO (HKLM-x32\...\{56AEC0F0-E101-4BEF-8712-8A576A231AA2}) (Version: 5.1.6302.10 - StormWare)
sudoku (HKLM-x32\...\{8C4715DF-8AC9-4F0A-8E35-F9B4CF318FF1}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd) Hidden
sudoku (HKLM-x32\...\InstallShield_{8C4715DF-8AC9-4F0A-8E35-F9B4CF318FF1}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3971982784-3446199161-1991443711-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-3971982784-3446199161-1991443711-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
ShellIconOverlayIdentifiers: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-04] (Hightail Inc. (YouSendIt Inc.) -> Hightail Inc.)
ShellIconOverlayIdentifiers: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-04] (Hightail Inc. (YouSendIt Inc.) -> Hightail Inc.)
ShellIconOverlayIdentifiers: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-04] (Hightail Inc. (YouSendIt Inc.) -> Hightail Inc.)
ShellIconOverlayIdentifiers: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-04] (Hightail Inc. (YouSendIt Inc.) -> Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-04] (Hightail Inc. (YouSendIt Inc.) -> Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-04] (Hightail Inc. (YouSendIt Inc.) -> Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-04] (Hightail Inc. (YouSendIt Inc.) -> Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-04] (Hightail Inc. (YouSendIt Inc.) -> Hightail Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [000LenovoFoldersContextMenu] -> {D2DB7BAA-9E12-4640-825C-B1EB36A3809A} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-04] (Hightail Inc. (YouSendIt Inc.) -> Hightail Inc.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2014-03-27] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0D09E63C-03C8-4A1D-878F-5B24E73E353E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {0D09E63C-03C8-4A1D-878F-5B24E73E353E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\WINDOWS\system32\GWX\GWXDetector.exe [2015-12-04] (Microsoft Windows -> Microsoft Corporation)
Task: {13A4C487-68F7-4B8A-B75B-2876E02E9E45} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {13A4C487-68F7-4B8A-B75B-2876E02E9E45} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\WINDOWS\system32\GWX\GWXDetector.exe [2015-12-04] (Microsoft Windows -> Microsoft Corporation)
Task: {1DFFCCC0-1931-4480-B1C0-85B4389E5CEE} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {1DFFCCC0-1931-4480-B1C0-85B4389E5CEE} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\WINDOWS\system32\GWX\GWXDetector.exe [2015-12-04] (Microsoft Windows -> Microsoft Corporation)
Task: {48040C76-5DE0-4E3A-A4E2-DB0DCB9991FE} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {48040C76-5DE0-4E3A-A4E2-DB0DCB9991FE} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {48040C76-5DE0-4E3A-A4E2-DB0DCB9991FE} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\WINDOWS\system32\GWX\GWXDetector.exe [2015-12-04] (Microsoft Windows -> Microsoft Corporation)
Task: {770BA25B-2355-4334-A286-9E0517744BB6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {78126E3D-A19E-465A-A41B-F9AE0B022320} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {8197A040-55BE-4B6A-8046-D1183A50FBEA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {90CD5E01-4EB3-45A3-8723-3FC2994E3C9B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd -> Piriform Ltd)
Task: {93D07814-3773-4B8F-99B9-F4362C379EFA} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe (Dolby Laboratories, Inc. -> Dolby Laboratories Inc.)
Task: {A00D71B7-C812-494D-94D5-CB39DA2D3FDE} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\Qt4.8\DivXUpdate.exe (DivX, LLC -> DivX, LLC)
Task: {A184FC17-755C-4E78-913B-99DCF30F7B73} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {C25156BE-D38D-439B-9BB7-FE6AA5F3F305} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe (Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo)
Task: {C6AC946D-5A76-46F5-A729-0D3A42BAB999} - System32\Tasks\{0DCC8433-C868-4FAC-955A-0B1C04628B29} => C:\WINDOWS\system32\pcalua.exe -a "C:\_základní SW balíček\Knihovny\vbrun60sp5.exe" -d "C:\_základní SW balíček\Knihovny"
Task: {D1F5B8FD-88D7-40AF-9C70-3AFBA5B6DD78} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\windows\system32\rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {FAE11101-1C22-4B91-92A7-8C3DF275A606} - System32\Tasks\SweetLabs App Platform => C:\Users\Petr\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe (Pokki -> Pokki)
Task: {FB41987C-FCC5-487D-ACC4-865E55D01899} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe (LENOVO -> )
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2014-12-02 04:03 - 2012-02-15 04:37 - 000594432 _____ (Realtek Semiconductor Corp. ) [File not signed] C:\WINDOWS\system32\Rtlihvs.dll
2016-02-17 00:26 - 2013-10-04 08:42 - 000210944 _____ (Bullzip) [File not signed] C:\Program Files\Common Files\STORMWARE\PDF Printer\Ports\STORMWARE\bzpdf.dll
2014-12-02 04:17 - 2012-05-17 20:30 - 000007680 _____ (Microsoft) [File not signed] C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe
2014-12-02 04:17 - 2012-06-17 22:26 - 000016896 _____ (Microsoft) [File not signed] C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataProvider.dll
2014-12-02 04:17 - 2012-05-17 20:30 - 000011264 _____ (Microsoft) [File not signed] C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.DataModel.dll
2013-05-12 02:45 - 2013-05-12 02:45 - 000733696 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
2014-12-02 04:05 - 2011-08-17 05:46 - 000032768 _____ () [File not signed] C:\Windows\jmesoft\Service.exe
2016-06-08 10:52 - 2012-10-26 09:40 - 000282112 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
2016-05-06 13:39 - 2015-12-31 15:15 - 000077312 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2014-12-02 04:02 - 2014-03-27 15:48 - 000067072 _____ (NVIDIA Corporation) [File not signed] C:\WINDOWS\SYSTEM32\Nv3DAppShExtR.dll
2014-12-02 04:05 - 2013-07-24 22:15 - 000118784 _____ (Lenovo) [File not signed] C:\Windows\jmesoft\hotkey.exe
2014-12-02 04:05 - 2011-08-17 05:46 - 000024576 _____ () [File not signed] C:\Windows\jmesoft\JME_LOAD.exe
2016-06-08 10:52 - 2013-04-08 12:39 - 000508928 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
2016-06-08 10:52 - 2013-03-22 16:21 - 004522496 ____R (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
2016-06-08 10:52 - 2013-03-07 08:41 - 001944576 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
2016-06-08 10:52 - 2013-04-08 12:37 - 001459712 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
2013-11-04 18:16 - 2013-11-04 18:16 - 000286720 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
2013-11-04 18:16 - 2013-11-04 18:16 - 000499200 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
2016-06-08 10:51 - 2009-02-27 15:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2016-06-08 10:52 - 2012-07-13 12:09 - 000385024 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2016-06-08 10:52 - 2008-08-18 17:27 - 000122880 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\brlmw03a.dll
2017-10-05 22:16 - 2017-10-05 22:16 - 027716608 ____R (Skype Technologies S.A.) [File not signed] C:\Program Files (x86)\Skype\Phone\SkypeSkylib.dll
2017-09-26 21:22 - 2017-09-26 21:22 - 001984000 ____R () [File not signed] C:\Program Files (x86)\Skype\Phone\skypert.dll
2017-10-05 22:03 - 2017-10-05 22:03 - 000654848 ____R (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Skype\Phone\RtmPal.dll
2017-10-05 22:05 - 2017-10-05 22:05 - 002969600 ____R (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Skype\Phone\RtmCodecs.dll
2017-10-05 22:08 - 2017-10-05 22:08 - 000941056 ____R (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Skype\Phone\RtmMediaManager.dll
2017-10-05 22:04 - 2017-10-05 22:04 - 000089088 ____R (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll
2017-10-05 22:07 - 2017-10-05 22:07 - 010914816 ____R (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Skype\Phone\RtmPltfm.dll
2014-12-02 04:05 - 2011-05-17 22:27 - 000028672 _____ () [File not signed] C:\Windows\jmesoft\hidhook.dll
2005-09-07 11:03 - 2005-09-07 11:03 - 000036864 _____ (Black Ice Software, Inc.) [File not signed] C:\Program Files (x86)\Nuance\PaperPort\blicectr.dll
2016-06-08 10:52 - 2013-04-08 12:23 - 000137728 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll
2016-06-08 10:52 - 2012-11-29 18:04 - 002040832 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2016-06-08 10:52 - 2011-02-28 10:32 - 000208896 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll
2016-06-08 10:52 - 2013-03-25 11:32 - 000078336 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLCze.dll
2016-06-08 10:52 - 2013-04-08 12:40 - 000079872 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll
2016-06-08 10:52 - 2013-04-08 12:40 - 017734144 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Skype\Phone\
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Petr\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\z-knoblozky-342.jpg
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{1F2716C6-0B28-4E6D-9620-F487A4BD5618}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3DAE90C1-58DE-4B48-A915-D5DB040DD566}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{419B6E59-862A-44FF-91E6-AD8BCA4394B0}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{16C239E1-8770-4A54-89CA-F2DF5E4A1146}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{218F93B6-F047-4370-99F4-9EB478C96081}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{226D0219-0321-408D-BA80-04176CC5BF05}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2030AE52-664D-4AD8-A28B-44A006461EBE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
==================== Restore Points =========================
13-02-2019 10:36:39 Scheduled Checkpoint
20-02-2019 10:45:55 Scheduled Checkpoint
05-03-2019 15:28:53 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/30/2019 12:08:02 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
Error: (01/22/2019 08:13:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program DllHost.exe verze 6.3.9600.17415 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.
ID procesu: 145c
Čas spuštění: 01d4b22151b2dc1f
Čas ukončení: 125
Cesta k aplikaci: C:\WINDOWS\system32\DllHost.exe
ID hlášení: 2c2f78ec-1e15-11e9-8273-f0761c5221e3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (01/18/2019 11:06:23 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
Error: (01/09/2019 09:17:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: PDFProFiltSrvPP.exe, verze: 12.1.11402.100, časové razítko: 0x4e37ed94
Název chybujícího modulu: PDFProFiltSrvPP.exe, verze: 12.1.11402.100, časové razítko: 0x4e37ed94
Kód výjimky: 0xc0000005
Posun chyby: 0x00003510
ID chybujícího procesu: 0x6cc
Čas spuštění chybující aplikace: 0x01d4750853a391da
Cesta k chybující aplikaci: C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
Cesta k chybujícímu modulu: C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
ID zprávy: 10b31179-13e7-11e9-8273-f0761c5221e3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (12/20/2018 11:01:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program FSViewer.exe verze 6.2.0.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.
ID procesu: 1e50
Čas spuštění: 01d4984a2bdc9e20
Čas ukončení: 62
Cesta k aplikaci: C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe
ID hlášení: 3f2ff79d-043e-11e9-8273-f0761c5221e3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (12/11/2018 03:17:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program FSViewer.exe verze 6.2.0.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.
ID procesu: ca4
Čas spuštění: 01d4915902122f95
Čas ukončení: 31
Cesta k aplikaci: C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe
ID hlášení: 7200cfb5-fd4f-11e8-8273-f0761c5221e3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (09/27/2018 12:09:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: soffice.bin, verze: 5.1.2.2, časové razítko: 0x56fc50e8
Název chybujícího modulu: mergedlo.dll, verze: 5.1.2.2, časové razítko: 0x56fc50ab
Kód výjimky: 0xc0000005
Posun chyby: 0x01dc525e
ID chybujícího procesu: 0x894
Čas spuštění chybující aplikace: 0x01d45651c45290e9
Cesta k chybující aplikaci: C:\Program Files (x86)\LibreOffice 5\program\soffice.bin
Cesta k chybujícímu modulu: C:\Program Files (x86)\LibreOffice 5\program\mergedlo.dll
ID zprávy: c2df6322-c245-11e8-8271-f0761c5221e3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (09/06/2018 07:51:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program FSViewer.exe verze 6.2.0.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.
ID procesu: 1e40
Čas spuštění: 01d445ab162ed064
Čas ukončení: 15
Cesta k aplikaci: C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe
ID hlášení: 475f0734-b1a1-11e8-8271-f0761c5221e3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
System errors:
=============
Error: (02/22/2019 10:39:03 AM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: )
Description: Kontrola šifrovaného svazku: Informace o svazku G: nelze přečíst.
Error: (01/09/2019 09:17:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba PDFProFiltSrvPP byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (01/09/2019 07:08:04 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {995C996E-D918-4A8C-A302-45719A6F4EA7} se v daném časovém limitu neregistroval u služby DCOM.
Error: (01/08/2019 08:35:29 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: Ve struktuře systému souborů na svazku Windows8_OS bylo zjištěno poškození.
A corruption was found in a file system index structure. The file reference number is 0x1000000002adf. The name of the file is "\Windows\servicing\Packages". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
Error: (01/08/2019 08:35:29 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: Ve struktuře systému souborů na svazku Windows8_OS bylo zjištěno poškození.
The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x6000000039764. The name of the file is "<unable to determine file name>".
Error: (01/08/2019 08:35:29 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: Ve struktuře systému souborů na svazku Windows8_OS bylo zjištěno poškození.
A corruption was found in a file system index structure. The file reference number is 0x1000000002adf. The name of the file is "\Windows\servicing\Packages". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
Error: (01/08/2019 08:35:29 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: Ve struktuře systému souborů na svazku Windows8_OS bylo zjištěno poškození.
A corruption was found in a file system index structure. The file reference number is 0x1000000002adf. The name of the file is "\Windows\servicing\Packages". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
Error: (01/08/2019 08:35:29 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: Ve struktuře systému souborů na svazku Windows8_OS bylo zjištěno poškození.
The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x800000003c643. The name of the file is "<unable to determine file name>".
Windows Defender:
===================================
Date: 2019-03-05 15:23:55.460
Description:
Vyhledávání Windows Defender bylo zastaveno před dokončením.
ID vyhledávání: {F752D422-B262-43AC-8C2F-86B301EF0516}
Typ vyhledávání: Antimalwarový program
Parametry vyhledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2019-02-22 14:44:15.557
Description:
Vyhledávání Windows Defender bylo zastaveno před dokončením.
ID vyhledávání: {836E13A8-A7FF-443F-B3A9-5D5F7722AFED}
Typ vyhledávání: Antimalwarový program
Parametry vyhledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2019-02-22 13:45:58.316
Description:
Vyhledávání Windows Defender bylo zastaveno před dokončením.
ID vyhledávání: {71520B76-4556-4855-A4C2-C61144EFEEF6}
Typ vyhledávání: Antimalwarový program
Parametry vyhledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2019-02-22 12:40:20.607
Description:
Vyhledávání Windows Defender bylo zastaveno před dokončením.
ID vyhledávání: {D8E6473A-FAEE-411A-B7E0-85272F654502}
Typ vyhledávání: Antimalwarový program
Parametry vyhledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2019-02-20 10:51:40.523
Description:
Vyhledávání Windows Defender bylo zastaveno před dokončením.
ID vyhledávání: {642EB7F4-E166-4BBD-8F88-61B2F894DBFD}
Typ vyhledávání: Antimalwarový program
Parametry vyhledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
CodeIntegrity:
===================================
Date: 2018-11-06 09:51:14.274
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-11-02 13:47:33.574
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-08-16 11:01:44.249
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-08-08 11:37:00.054
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-07-03 13:08:19.295
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-06-04 13:14:16.283
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-03-16 08:21:28.369
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-11-21 14:36:13.608
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4460T CPU @ 1.90GHz
Percentage of memory in use: 34%
Total physical RAM: 8091.89 MB
Available physical RAM: 5261.78 MB
Total Virtual: 9371.89 MB
Available Virtual: 6114.79 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:905.25 GB) (Free:833.48 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (ADATA HD710) (Fixed) (Total:931.28 GB) (Free:882.28 GB) FAT32
Drive f: (TOM-16GB) (Removable) (Total:14.53 GB) (Free:7.84 GB) NTFS
\\?\Volume{de5046c7-2a35-4334-a288-c1de5be481d1}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.69 GB) NTFS
\\?\Volume{603dce74-0211-4db9-8842-26b55c18353b}\ (PBR_DRV) (Fixed) (Total:24.41 GB) (Free:13.47 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1C0CE13A)
Partition: GPT.
========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 8276A664)
Partition 1: (Active) - (Size=931.5 GB) - (Type=0C)
========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 14.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=14.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03.03.2019
Ran by Částka Petr (administrator) on LENOVO-PC (06-03-2019 11:21:55)
Running from C:\Users\Petr\Desktop
Loaded Profiles: UpdatusUser & Částka Petr (Available Profiles: UpdatusUser & Částka Petr)
Platform: Windows 8.1 (Update) (X64) Language: Angličtina (Spojené státy)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft) [File not signed] C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
() [File not signed] C:\Windows\jmesoft\Service.exe
(LENOVO -> LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(CyberLink -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ClientConnect LTD -> ClientConnect LTD) C:\Program Files (x86)\LenovoBrowserGuard\Main\bin\CltMngSvc.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ClientConnect LTD -> ClientConnect LTD) C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\cltmng.exe
(Pokki -> Pokki) C:\Users\Petr\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - pGFX -> ) C:\Windows\System32\igfxTray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acresso Software Inc. -> Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Lenovo) [File not signed] C:\Windows\jmesoft\hotkey.exe
() [File not signed] C:\Windows\jmesoft\JME_LOAD.exe
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-04] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo) [File not signed]
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-17] () [File not signed]
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo (Beijing) Limited -> Lenovo)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-04-08] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2013-03-22] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1944576 2013-03-07] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] () [File not signed]
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Software Inc. -> Acresso Corporation)
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\MountPoints2: {2a1b4f04-bd53-11e6-8264-f0761c5221e3} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\MountPoints2: {2e20ddfc-7c38-11e7-8267-f0761c5221e3} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\MountPoints2: {4d1ec61d-d63a-11e5-825c-f0761c5221e3} - "G:\autorun.exe"
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\MountPoints2: {4d1ed478-d63a-11e5-825c-f0761c5221e3} - "F:\autorun.exe"
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\MountPoints2: {6206e3d8-ec3f-11e5-825e-f0761c5221e3} - "F:\autorun.exe"
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\MountPoints2: {95169767-9ab6-11e6-8264-f0761c5221e3} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\MountPoints2: {a6e9883d-7eaf-11e8-826f-f0761c5221e3} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\MountPoints2: {edd49d32-55a2-11e7-8266-f0761c5221e3} - "F:\HiSuiteDownLoader.exe"
HKLM\...\Drivers32: [vidc.XVID] => C:\WINDOWS\system32\xvidvfw.dll [255488 2011-05-30] () [File not signed]
HKLM\...\Drivers32: [msacm.l3acm] => C:\WINDOWS\SysWOW64\l3codecp.acm [186368 2014-10-29] (Microsoft Windows -> Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32: [vidc.XVID] => C:\WINDOWS\SysWOW64\xvidvfw.dll [240640 2011-05-30] () [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.121\Installer\chrmstp.exe [2019-03-06] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2018-09-20] (Adobe Systems, Incorporated -> Adobe Systems, Inc.)
AppInit_DLLs: C:\PROGRA~2\LENOVO~1\LENOVO~1\bin\SPVC64~1.DLL => C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll [206152 2014-05-12] (ClientConnect LTD -> ClientConnect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\LENOVO~1\LENOVO~1\bin\SPVC32~1.DLL => C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll [173896 2014-05-12] (ClientConnect LTD -> ClientConnect LTD)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{03F53F67-784D-4FB3-9EC0-A406A81A51C6}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{373C285D-1596-47EB-B690-00328B36A86A}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3971982784-3446199161-1991443711-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/?clid=29530
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation) [File not signed]
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2017-01-04] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2017-01-04] (Oracle America, Inc. -> Oracle Corporation)
FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC -> DivX, LLC.)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1223183.dll [2015-12-22] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC -> DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2016-03-04] (DivX, LLC -> DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-12] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-12] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2017-01-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2017-01-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-18] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-18] (Google Inc -> Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-02-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR Profile: C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default [2019-03-06]
CHR Extension: (Prezentace) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-17]
CHR Extension: (Dokumenty) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-17]
CHR Extension: (Disk Google) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (YouTube) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-16]
CHR Extension: (Vyhledávání Google) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-16]
CHR Extension: (Adobe Acrobat) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-07]
CHR Extension: (Dokumenty Google offline) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-27]
CHR Extension: (FormApps Extension) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfoopambfaclfjmpiaijnccgcmbeigi [2017-06-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]
CHR Extension: (Gmail) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-16]
CHR Extension: (Chrome Media Router) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-12]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 CltMngSvc; C:\Program Files (x86)\LenovoBrowserGuard\Main\bin\CltMngSvc.exe [2535752 2014-05-12] (ClientConnect LTD -> ClientConnect LTD)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-04] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
R2 IdeaTouch.LocalDataServer.Education; C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe [7680 2012-05-17] (Microsoft) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation - pGFX -> Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-12] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-17] () [File not signed]
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-22] (LENOVO -> LENOVO INCORPORATED.)
S4 LSEDT; C:\WINDOWS\System32\LSEDT.exe [32968 2016-02-16] (Lenovo.Ltd -> Lenovo)
S2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] (CyberLink -> )
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation -> Microsoft Corporation)
S2 0025841460351472mcinstcleanup; C:\WINDOWS\TEMP\002584~1.EXE -cleanup -nolog [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 BrSerIb; C:\WINDOWS\system32\DRIVERS\BrSerIb.sys [95344 2014-10-23] (Brother Industries, Ltd. -> Brother Industries Ltd.)
R3 BrUsbSIb; C:\WINDOWS\system32\DRIVERS\BrUsbSIb.sys [21872 2014-10-23] (Brother Industries, Ltd. -> Brother Industries Ltd.)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-12] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R1 MpKsl4f544884; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4218A688-72B8-40FC-8EFD-77D0EBAE5830}\MpKsl4f544884.sys [44928 2018-11-29] (Microsoft Windows Hardware Compatibility Publisher -> Microsoft Corporation)
S3 NETwNe64; C:\WINDOWS\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-05] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [2944216 2013-08-21] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation )
R3 vmuacflt; C:\WINDOWS\System32\Drivers\vmuacflt.sys [15872 2013-04-23] (Microsoft Windows Hardware Compatibility Publisher -> Vimicro Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Windows -> Microsoft Corporation)
R2 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] (CyberLink -> "CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-03-06 11:21 - 2019-03-06 11:22 - 000023925 _____ C:\Users\Petr\Desktop\FRST.txt
2019-03-06 11:21 - 2019-03-06 11:21 - 000000000 ____D C:\Users\Petr\Desktop\FRST-OlderVersion
2019-03-06 11:21 - 2019-03-06 11:21 - 000000000 ____D C:\FRST
2019-03-06 11:12 - 2019-03-06 11:21 - 002434560 _____ (Farbar) C:\Users\Petr\Desktop\FRST64.exe
2019-02-22 14:24 - 2019-02-22 15:49 - 000010912 _____ C:\Users\Petr\Desktop\heslo.odt
2019-02-22 13:59 - 2019-02-22 13:59 - 000452747 _____ C:\Users\Petr\Downloads\2018_05_17_14_13_49.pdf
2019-02-22 13:58 - 2019-02-22 13:58 - 000452393 _____ C:\Users\Petr\Downloads\Let Repair Wire Trasnfer__ 2-11-19.pdf
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-03-06 11:20 - 2016-02-16 21:37 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3971982784-3446199161-1991443711-1002
2019-03-06 11:15 - 2016-02-16 21:51 - 000002255 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-03-06 11:15 - 2016-02-16 21:51 - 000002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-03-06 11:09 - 2016-08-29 06:38 - 000000000 ____D C:\Users\Petr\AppData\Roaming\Skype
2019-03-06 11:07 - 2016-02-16 21:30 - 000000000 ____D C:\Users\Petr\AppData\Local\SweetLabs App Platform
2019-03-06 11:06 - 2016-02-18 12:56 - 000000000 ___RD C:\Users\Petr\OneDrive
2019-03-05 16:13 - 2018-09-06 12:33 - 000014161 _____ C:\Users\Petr\Desktop\Nový Textový dokument OpenDocument.odt
2019-03-05 16:10 - 2016-02-16 22:40 - 000026474 _____ C:\WINDOWS\BRRBCOM.INI
2019-02-22 11:44 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2019-02-21 15:50 - 2016-03-16 08:33 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-02-14 13:34 - 2014-12-02 04:51 - 000739704 _____ C:\WINDOWS\system32\perfh005.dat
2019-02-14 13:34 - 2014-12-02 04:51 - 000151944 _____ C:\WINDOWS\system32\perfc005.dat
2019-02-14 13:34 - 2014-03-18 10:53 - 001749406 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-02-14 13:34 - 2013-08-22 14:36 - 000000000 ____D C:\WINDOWS\Inf
2019-02-14 13:01 - 2016-03-16 08:33 - 000004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-02-11 12:53 - 2017-07-27 12:50 - 000003186 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3971982784-3446199161-1991443711-1002
2019-02-11 12:53 - 2016-04-27 06:56 - 000002334 _____ C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive pro firmy.lnk
2019-02-05 14:40 - 2016-11-25 14:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2019-02-05 14:40 - 2016-05-06 13:53 - 000001236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
==================== Files in the root of some directories =======
2016-06-08 10:32 - 2007-11-20 08:22 - 000000060 ____R () C:\Program Files (x86)\BRINST.INI
Some files in TEMP:
====================
2018-06-06 11:44 - 2019-01-07 16:00 - 026481656 _____ (Microsoft Corporation) C:\Users\Petr\AppData\Local\Temp\AccessDatabaseEngine.exe
2018-06-06 11:44 - 2019-01-07 16:00 - 076055472 _____ (Microsoft Corporation) C:\Users\Petr\AppData\Local\Temp\accessruntimeanddataconnectivity2007sp3-kb2526310-fullfile-en-us.exe
2017-01-04 11:29 - 2017-01-04 11:29 - 000737856 _____ (Oracle Corporation) C:\Users\Petr\AppData\Local\Temp\jre-8u111-windows-au.exe
2016-06-08 09:37 - 2016-06-08 09:37 - 000739904 _____ (Oracle Corporation) C:\Users\Petr\AppData\Local\Temp\jre-8u91-windows-au.exe
2016-03-14 12:03 - 2016-03-14 12:03 - 000205808 _____ (McAfee, Inc.) C:\Users\Petr\AppData\Local\Temp\McCSPInstall.dll
2016-05-06 13:24 - 2016-03-14 12:03 - 000169184 _____ (McAfee Inc.) C:\Users\Petr\AppData\Local\Temp\mccspuninstall.exe
2016-08-01 06:33 - 2016-08-01 06:34 - 063953128 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\oct27FF.tmp.exe
2017-05-19 09:27 - 2017-05-19 09:28 - 064118864 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\oct2A04.tmp.exe
2018-01-19 16:09 - 2018-01-19 16:12 - 041424392 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\oct4705.tmp.exe
2016-09-20 12:31 - 2016-09-20 12:32 - 064108904 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\oct4CCB.tmp.exe
2017-08-11 06:51 - 2017-08-11 06:52 - 063610592 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\oct4F8C.tmp.exe
2018-03-15 15:59 - 2018-03-15 16:00 - 041560272 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\oct51B3.tmp.exe
2016-11-21 07:57 - 2016-11-21 07:58 - 064111920 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\oct53EA.tmp.exe
2017-10-09 07:40 - 2017-10-09 07:40 - 041565936 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\oct5F7.tmp.exe
2018-10-05 07:33 - 2018-10-05 07:34 - 043898176 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\oct65EB.tmp.exe
2017-09-25 13:17 - 2017-09-25 13:17 - 041563000 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\oct6E69.tmp.exe
2018-03-18 18:02 - 2018-03-18 18:02 - 041561472 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\oct7AF0.tmp.exe
2017-12-07 13:24 - 2017-12-07 13:25 - 041373360 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\oct8199.tmp.exe
2018-03-22 09:29 - 2018-03-22 09:30 - 041558960 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\oct8C6E.tmp.exe
2017-09-27 07:29 - 2017-09-27 07:29 - 041564368 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\octA0E9.tmp.exe
2019-01-03 08:41 - 2019-01-03 08:42 - 044622200 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\octD65F.tmp.exe
2017-10-30 13:02 - 2017-10-30 13:03 - 042197072 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\octDF41.tmp.exe
2017-12-18 12:16 - 2017-12-18 12:16 - 041440856 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\octEED.tmp.exe
2016-07-25 09:00 - 2016-07-25 09:01 - 063953600 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\octF187.tmp.exe
2018-11-23 11:07 - 2018-11-23 11:07 - 044113736 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\octF27D.tmp.exe
2016-06-08 10:41 - 2006-05-24 18:10 - 000455600 _____ (Macrovision Corporation) C:\Users\Petr\AppData\Local\Temp\_is46D5.exe
2016-06-08 09:27 - 2006-05-24 18:10 - 000455600 ____R (Macrovision Corporation) C:\Users\Petr\AppData\Local\Temp\_is5120.exe
2016-06-08 10:33 - 2006-05-24 18:10 - 000455600 ____R (Macrovision Corporation) C:\Users\Petr\AppData\Local\Temp\_is65AA.exe
2016-06-07 10:04 - 2006-05-24 18:10 - 000455600 _____ (Macrovision Corporation) C:\Users\Petr\AppData\Local\Temp\_is8A18.exe
2016-06-08 09:23 - 2006-05-24 18:10 - 000455600 ____R (Macrovision Corporation) C:\Users\Petr\AppData\Local\Temp\_isE66F.exe
2016-06-08 09:45 - 2006-05-24 18:10 - 000455600 ____R (Macrovision Corporation) C:\Users\Petr\AppData\Local\Temp\_isF504.exe
2016-06-08 10:49 - 2006-05-24 18:10 - 000455600 ____R (Macrovision Corporation) C:\Users\Petr\AppData\Local\Temp\_isF918.exe
2016-06-08 10:43 - 2006-05-24 18:10 - 000455600 _____ (Macrovision Corporation) C:\Users\Petr\AppData\Local\Temp\_isFA5D.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2019-03-05 15:17
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03.03.2019
Ran by Částka Petr (06-03-2019 11:23:28)
Running from C:\Users\Petr\Desktop
Windows 8.1 (Update) (X64) (2016-02-16 20:31:33)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3971982784-3446199161-1991443711-500 - Administrator - Disabled)
Guest (S-1-5-21-3971982784-3446199161-1991443711-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-3971982784-3446199161-1991443711-1001 - Limited - Enabled) => C:\Users\UpdatusUser
Částka Petr (S-1-5-21-3971982784-3446199161-1991443711-1002 - Administrator - Enabled) => C:\Users\Petr
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.198 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.3.183 - Adobe Systems, Inc.)
Brother Driver Deployment Wizard (HKLM-x32\...\{0ED38503-B69A-44B4-98BE-21BFF284A9B6}) (Version: 1.09.000 - Brother)
Brother MFL-Pro Suite MFC-J6520DW (HKLM-x32\...\{6A367B4D-2E1C-4843-9FF0-A1DF1DEAB1E6}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
collage of waste materials (HKLM-x32\...\{ECE59CCF-8619-4700-BD83-484962C959B8}) (Version: 1.20.2014.0617 - Tong child Research & Planning Co.,Ltd)
Dependency Package Update (HKLM\...\{0788641D-D31A-478D-BB34-C41564AE9F93}) (Version: 1.6.38.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM\...\{5252431C-288E-409D-ADCF-24407E0E6F70}) (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM\...\{FFED38DF-94DC-4FF9-96C1-A6990EDA6B03}) (Version: 1.6.29.00 - Lenovo Inc.) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.8.0.18 - DivX, LLC)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
EducationPortal (HKLM-x32\...\{65487538-FF20-421B-91DB-F6634B8D264C}) (Version: 5.00.012.0903 - Lenovo)
FastStone Image Viewer 6.2 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.2 - FastStone Soft)
Find the Differences (HKLM-x32\...\{65F9B587-24A7-466A-999A-9C5F9D452400}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
Find the Differences (HKLM-x32\...\InstallShield_{65F9B587-24A7-466A-999A-9C5F9D452400}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
Finding the Letters (HKLM-x32\...\{535FB733-FFCF-4460-8694-664A2F6C53B4}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
Finding the Letters (HKLM-x32\...\InstallShield_{535FB733-FFCF-4460-8694-664A2F6C53B4}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
FORM studio (HKLM-x32\...\FSCZ_is1) (Version: - KASTNER software s.r.o.)
FormApps Signing Extension (HKLM-x32\...\{ACA43D91-8B42-4D42-8C8B-A893BD6AA40D}) (Version: 2.8.2.28 - Software602 a.s.)
Fruits (HKLM-x32\...\{AA39BFDE-71E5-46A6-A10B-44C2F45A341E}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd) Hidden
Fruits (HKLM-x32\...\InstallShield_{AA39BFDE-71E5-46A6-A10B-44C2F45A341E}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.121 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Hightail for Lenovo (HKLM\...\{2F10E937-F6D7-4174-8AB9-B299E8FC5CEC}) (Version: 2.4.97.2751 - Hightail, Inc.)
Host App Service (HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\SweetLabs_AP) (Version: 0.269.8.718 - Pokki) <==== ATTENTION
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.8.1000 - Intel Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Browser Guard (HKLM-x32\...\LenovoBrowserGuard) (Version: 2.14.0.129 - ClientConnect LTD) <==== ATTENTION
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.25.00 - Lenovo Group Limited)
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Lenovo USB2.0 UVC Camera (HKLM-x32\...\{70D2C5B8-EB22-45B1-9EAA-5E8C1C408A3B}) (Version: 1.00.0000 - Vimicro Corporation)
Lenovo Web Start (HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1) (Version: 1.0.2.53457 - Pokki)
LibreOffice 5.1.2.2 (HKLM-x32\...\{09AD7191-4F96-442C-B2F4-1491B144DBEB}) (Version: 5.1.2.2 - The Document Foundation)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Mammals (HKLM-x32\...\{33492EF5-7931-45B9-B74F-E4A99068B7C9}) (Version: 1.20.2014.0509 - Tong child Research & Planning Co.,Ltd)
Matching Roles (HKLM-x32\...\{92736E44-7608-4D80-9333-E40C82B7E8B3}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
Matching Roles (HKLM-x32\...\InstallShield_{92736E44-7608-4D80-9333-E40C82B7E8B3}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 60.5.0.6961 - Mozilla)
Mozilla Thunderbird 60.5.0 (x86 cs) (HKLM-x32\...\Mozilla Thunderbird 60.5.0 (x86 cs)) (Version: 60.5.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{A04A7656-A8E6-451F-A687-B1E34F83A8E2}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA Graphics Driver 332.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.92 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
OpenOffice 4.1.3 (HKLM-x32\...\{7308600A-5231-459C-A3E2-A637F842CACA}) (Version: 4.13.9783 - Apache Software Foundation)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7093 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0224 - REALTEK Semiconductor Corp.)
Scansoft PDF Professional (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version: - ) Hidden
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.)
Start Menu (HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\SweetLabs_Start_Menu) (Version: 0.269.8.718 - Pokki)
STORMWARE PDF Printer 10.1.0.1871 (HKLM\...\STORMWARE PDF Printer_is1) (Version: 10.1.0.1871 - STORMWARE)
STORMWARE POHODA CZ Komplet (HKLM-x32\...\{E4D96EE7-1C92-4121-8876-37972063DF37}) (Version: 12100.85 - STORMWARE)
StormWare Tax CZ DEMO (HKLM-x32\...\{43F904C7-A617-4515-943A-FDBDACE57B74}) (Version: 5.1.6302.10 - StormWare) Hidden
StormWare Tax CZ DEMO (HKLM-x32\...\{56AEC0F0-E101-4BEF-8712-8A576A231AA2}) (Version: 5.1.6302.10 - StormWare)
sudoku (HKLM-x32\...\{8C4715DF-8AC9-4F0A-8E35-F9B4CF318FF1}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd) Hidden
sudoku (HKLM-x32\...\InstallShield_{8C4715DF-8AC9-4F0A-8E35-F9B4CF318FF1}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3971982784-3446199161-1991443711-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-3971982784-3446199161-1991443711-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
ShellIconOverlayIdentifiers: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-04] (Hightail Inc. (YouSendIt Inc.) -> Hightail Inc.)
ShellIconOverlayIdentifiers: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-04] (Hightail Inc. (YouSendIt Inc.) -> Hightail Inc.)
ShellIconOverlayIdentifiers: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-04] (Hightail Inc. (YouSendIt Inc.) -> Hightail Inc.)
ShellIconOverlayIdentifiers: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-04] (Hightail Inc. (YouSendIt Inc.) -> Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-04] (Hightail Inc. (YouSendIt Inc.) -> Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-04] (Hightail Inc. (YouSendIt Inc.) -> Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-04] (Hightail Inc. (YouSendIt Inc.) -> Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-04] (Hightail Inc. (YouSendIt Inc.) -> Hightail Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [000LenovoFoldersContextMenu] -> {D2DB7BAA-9E12-4640-825C-B1EB36A3809A} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-04] (Hightail Inc. (YouSendIt Inc.) -> Hightail Inc.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2014-03-27] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0D09E63C-03C8-4A1D-878F-5B24E73E353E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {0D09E63C-03C8-4A1D-878F-5B24E73E353E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\WINDOWS\system32\GWX\GWXDetector.exe [2015-12-04] (Microsoft Windows -> Microsoft Corporation)
Task: {13A4C487-68F7-4B8A-B75B-2876E02E9E45} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {13A4C487-68F7-4B8A-B75B-2876E02E9E45} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\WINDOWS\system32\GWX\GWXDetector.exe [2015-12-04] (Microsoft Windows -> Microsoft Corporation)
Task: {1DFFCCC0-1931-4480-B1C0-85B4389E5CEE} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {1DFFCCC0-1931-4480-B1C0-85B4389E5CEE} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\WINDOWS\system32\GWX\GWXDetector.exe [2015-12-04] (Microsoft Windows -> Microsoft Corporation)
Task: {48040C76-5DE0-4E3A-A4E2-DB0DCB9991FE} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {48040C76-5DE0-4E3A-A4E2-DB0DCB9991FE} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {48040C76-5DE0-4E3A-A4E2-DB0DCB9991FE} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\WINDOWS\system32\GWX\GWXDetector.exe [2015-12-04] (Microsoft Windows -> Microsoft Corporation)
Task: {770BA25B-2355-4334-A286-9E0517744BB6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {78126E3D-A19E-465A-A41B-F9AE0B022320} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {8197A040-55BE-4B6A-8046-D1183A50FBEA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {90CD5E01-4EB3-45A3-8723-3FC2994E3C9B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd -> Piriform Ltd)
Task: {93D07814-3773-4B8F-99B9-F4362C379EFA} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe (Dolby Laboratories, Inc. -> Dolby Laboratories Inc.)
Task: {A00D71B7-C812-494D-94D5-CB39DA2D3FDE} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\Qt4.8\DivXUpdate.exe (DivX, LLC -> DivX, LLC)
Task: {A184FC17-755C-4E78-913B-99DCF30F7B73} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {C25156BE-D38D-439B-9BB7-FE6AA5F3F305} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe (Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo)
Task: {C6AC946D-5A76-46F5-A729-0D3A42BAB999} - System32\Tasks\{0DCC8433-C868-4FAC-955A-0B1C04628B29} => C:\WINDOWS\system32\pcalua.exe -a "C:\_základní SW balíček\Knihovny\vbrun60sp5.exe" -d "C:\_základní SW balíček\Knihovny"
Task: {D1F5B8FD-88D7-40AF-9C70-3AFBA5B6DD78} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\windows\system32\rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {FAE11101-1C22-4B91-92A7-8C3DF275A606} - System32\Tasks\SweetLabs App Platform => C:\Users\Petr\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe (Pokki -> Pokki)
Task: {FB41987C-FCC5-487D-ACC4-865E55D01899} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe (LENOVO -> )
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2014-12-02 04:03 - 2012-02-15 04:37 - 000594432 _____ (Realtek Semiconductor Corp. ) [File not signed] C:\WINDOWS\system32\Rtlihvs.dll
2016-02-17 00:26 - 2013-10-04 08:42 - 000210944 _____ (Bullzip) [File not signed] C:\Program Files\Common Files\STORMWARE\PDF Printer\Ports\STORMWARE\bzpdf.dll
2014-12-02 04:17 - 2012-05-17 20:30 - 000007680 _____ (Microsoft) [File not signed] C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe
2014-12-02 04:17 - 2012-06-17 22:26 - 000016896 _____ (Microsoft) [File not signed] C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataProvider.dll
2014-12-02 04:17 - 2012-05-17 20:30 - 000011264 _____ (Microsoft) [File not signed] C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.DataModel.dll
2013-05-12 02:45 - 2013-05-12 02:45 - 000733696 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
2014-12-02 04:05 - 2011-08-17 05:46 - 000032768 _____ () [File not signed] C:\Windows\jmesoft\Service.exe
2016-06-08 10:52 - 2012-10-26 09:40 - 000282112 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
2016-05-06 13:39 - 2015-12-31 15:15 - 000077312 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2014-12-02 04:02 - 2014-03-27 15:48 - 000067072 _____ (NVIDIA Corporation) [File not signed] C:\WINDOWS\SYSTEM32\Nv3DAppShExtR.dll
2014-12-02 04:05 - 2013-07-24 22:15 - 000118784 _____ (Lenovo) [File not signed] C:\Windows\jmesoft\hotkey.exe
2014-12-02 04:05 - 2011-08-17 05:46 - 000024576 _____ () [File not signed] C:\Windows\jmesoft\JME_LOAD.exe
2016-06-08 10:52 - 2013-04-08 12:39 - 000508928 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
2016-06-08 10:52 - 2013-03-22 16:21 - 004522496 ____R (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
2016-06-08 10:52 - 2013-03-07 08:41 - 001944576 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
2016-06-08 10:52 - 2013-04-08 12:37 - 001459712 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
2013-11-04 18:16 - 2013-11-04 18:16 - 000286720 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
2013-11-04 18:16 - 2013-11-04 18:16 - 000499200 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
2016-06-08 10:51 - 2009-02-27 15:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2016-06-08 10:52 - 2012-07-13 12:09 - 000385024 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2016-06-08 10:52 - 2008-08-18 17:27 - 000122880 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\brlmw03a.dll
2017-10-05 22:16 - 2017-10-05 22:16 - 027716608 ____R (Skype Technologies S.A.) [File not signed] C:\Program Files (x86)\Skype\Phone\SkypeSkylib.dll
2017-09-26 21:22 - 2017-09-26 21:22 - 001984000 ____R () [File not signed] C:\Program Files (x86)\Skype\Phone\skypert.dll
2017-10-05 22:03 - 2017-10-05 22:03 - 000654848 ____R (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Skype\Phone\RtmPal.dll
2017-10-05 22:05 - 2017-10-05 22:05 - 002969600 ____R (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Skype\Phone\RtmCodecs.dll
2017-10-05 22:08 - 2017-10-05 22:08 - 000941056 ____R (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Skype\Phone\RtmMediaManager.dll
2017-10-05 22:04 - 2017-10-05 22:04 - 000089088 ____R (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll
2017-10-05 22:07 - 2017-10-05 22:07 - 010914816 ____R (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Skype\Phone\RtmPltfm.dll
2014-12-02 04:05 - 2011-05-17 22:27 - 000028672 _____ () [File not signed] C:\Windows\jmesoft\hidhook.dll
2005-09-07 11:03 - 2005-09-07 11:03 - 000036864 _____ (Black Ice Software, Inc.) [File not signed] C:\Program Files (x86)\Nuance\PaperPort\blicectr.dll
2016-06-08 10:52 - 2013-04-08 12:23 - 000137728 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll
2016-06-08 10:52 - 2012-11-29 18:04 - 002040832 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2016-06-08 10:52 - 2011-02-28 10:32 - 000208896 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll
2016-06-08 10:52 - 2013-03-25 11:32 - 000078336 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLCze.dll
2016-06-08 10:52 - 2013-04-08 12:40 - 000079872 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll
2016-06-08 10:52 - 2013-04-08 12:40 - 017734144 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Skype\Phone\
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Petr\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\z-knoblozky-342.jpg
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{1F2716C6-0B28-4E6D-9620-F487A4BD5618}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3DAE90C1-58DE-4B48-A915-D5DB040DD566}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{419B6E59-862A-44FF-91E6-AD8BCA4394B0}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{16C239E1-8770-4A54-89CA-F2DF5E4A1146}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{218F93B6-F047-4370-99F4-9EB478C96081}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{226D0219-0321-408D-BA80-04176CC5BF05}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2030AE52-664D-4AD8-A28B-44A006461EBE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
==================== Restore Points =========================
13-02-2019 10:36:39 Scheduled Checkpoint
20-02-2019 10:45:55 Scheduled Checkpoint
05-03-2019 15:28:53 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/30/2019 12:08:02 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
Error: (01/22/2019 08:13:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program DllHost.exe verze 6.3.9600.17415 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.
ID procesu: 145c
Čas spuštění: 01d4b22151b2dc1f
Čas ukončení: 125
Cesta k aplikaci: C:\WINDOWS\system32\DllHost.exe
ID hlášení: 2c2f78ec-1e15-11e9-8273-f0761c5221e3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (01/18/2019 11:06:23 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
Error: (01/09/2019 09:17:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: PDFProFiltSrvPP.exe, verze: 12.1.11402.100, časové razítko: 0x4e37ed94
Název chybujícího modulu: PDFProFiltSrvPP.exe, verze: 12.1.11402.100, časové razítko: 0x4e37ed94
Kód výjimky: 0xc0000005
Posun chyby: 0x00003510
ID chybujícího procesu: 0x6cc
Čas spuštění chybující aplikace: 0x01d4750853a391da
Cesta k chybující aplikaci: C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
Cesta k chybujícímu modulu: C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
ID zprávy: 10b31179-13e7-11e9-8273-f0761c5221e3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (12/20/2018 11:01:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program FSViewer.exe verze 6.2.0.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.
ID procesu: 1e50
Čas spuštění: 01d4984a2bdc9e20
Čas ukončení: 62
Cesta k aplikaci: C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe
ID hlášení: 3f2ff79d-043e-11e9-8273-f0761c5221e3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (12/11/2018 03:17:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program FSViewer.exe verze 6.2.0.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.
ID procesu: ca4
Čas spuštění: 01d4915902122f95
Čas ukončení: 31
Cesta k aplikaci: C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe
ID hlášení: 7200cfb5-fd4f-11e8-8273-f0761c5221e3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (09/27/2018 12:09:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: soffice.bin, verze: 5.1.2.2, časové razítko: 0x56fc50e8
Název chybujícího modulu: mergedlo.dll, verze: 5.1.2.2, časové razítko: 0x56fc50ab
Kód výjimky: 0xc0000005
Posun chyby: 0x01dc525e
ID chybujícího procesu: 0x894
Čas spuštění chybující aplikace: 0x01d45651c45290e9
Cesta k chybující aplikaci: C:\Program Files (x86)\LibreOffice 5\program\soffice.bin
Cesta k chybujícímu modulu: C:\Program Files (x86)\LibreOffice 5\program\mergedlo.dll
ID zprávy: c2df6322-c245-11e8-8271-f0761c5221e3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (09/06/2018 07:51:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program FSViewer.exe verze 6.2.0.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.
ID procesu: 1e40
Čas spuštění: 01d445ab162ed064
Čas ukončení: 15
Cesta k aplikaci: C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe
ID hlášení: 475f0734-b1a1-11e8-8271-f0761c5221e3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
System errors:
=============
Error: (02/22/2019 10:39:03 AM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: )
Description: Kontrola šifrovaného svazku: Informace o svazku G: nelze přečíst.
Error: (01/09/2019 09:17:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba PDFProFiltSrvPP byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (01/09/2019 07:08:04 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {995C996E-D918-4A8C-A302-45719A6F4EA7} se v daném časovém limitu neregistroval u služby DCOM.
Error: (01/08/2019 08:35:29 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: Ve struktuře systému souborů na svazku Windows8_OS bylo zjištěno poškození.
A corruption was found in a file system index structure. The file reference number is 0x1000000002adf. The name of the file is "\Windows\servicing\Packages". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
Error: (01/08/2019 08:35:29 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: Ve struktuře systému souborů na svazku Windows8_OS bylo zjištěno poškození.
The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x6000000039764. The name of the file is "<unable to determine file name>".
Error: (01/08/2019 08:35:29 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: Ve struktuře systému souborů na svazku Windows8_OS bylo zjištěno poškození.
A corruption was found in a file system index structure. The file reference number is 0x1000000002adf. The name of the file is "\Windows\servicing\Packages". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
Error: (01/08/2019 08:35:29 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: Ve struktuře systému souborů na svazku Windows8_OS bylo zjištěno poškození.
A corruption was found in a file system index structure. The file reference number is 0x1000000002adf. The name of the file is "\Windows\servicing\Packages". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
Error: (01/08/2019 08:35:29 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: Ve struktuře systému souborů na svazku Windows8_OS bylo zjištěno poškození.
The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x800000003c643. The name of the file is "<unable to determine file name>".
Windows Defender:
===================================
Date: 2019-03-05 15:23:55.460
Description:
Vyhledávání Windows Defender bylo zastaveno před dokončením.
ID vyhledávání: {F752D422-B262-43AC-8C2F-86B301EF0516}
Typ vyhledávání: Antimalwarový program
Parametry vyhledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2019-02-22 14:44:15.557
Description:
Vyhledávání Windows Defender bylo zastaveno před dokončením.
ID vyhledávání: {836E13A8-A7FF-443F-B3A9-5D5F7722AFED}
Typ vyhledávání: Antimalwarový program
Parametry vyhledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2019-02-22 13:45:58.316
Description:
Vyhledávání Windows Defender bylo zastaveno před dokončením.
ID vyhledávání: {71520B76-4556-4855-A4C2-C61144EFEEF6}
Typ vyhledávání: Antimalwarový program
Parametry vyhledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2019-02-22 12:40:20.607
Description:
Vyhledávání Windows Defender bylo zastaveno před dokončením.
ID vyhledávání: {D8E6473A-FAEE-411A-B7E0-85272F654502}
Typ vyhledávání: Antimalwarový program
Parametry vyhledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2019-02-20 10:51:40.523
Description:
Vyhledávání Windows Defender bylo zastaveno před dokončením.
ID vyhledávání: {642EB7F4-E166-4BBD-8F88-61B2F894DBFD}
Typ vyhledávání: Antimalwarový program
Parametry vyhledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
CodeIntegrity:
===================================
Date: 2018-11-06 09:51:14.274
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-11-02 13:47:33.574
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-08-16 11:01:44.249
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-08-08 11:37:00.054
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-07-03 13:08:19.295
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-06-04 13:14:16.283
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-03-16 08:21:28.369
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-11-21 14:36:13.608
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4460T CPU @ 1.90GHz
Percentage of memory in use: 34%
Total physical RAM: 8091.89 MB
Available physical RAM: 5261.78 MB
Total Virtual: 9371.89 MB
Available Virtual: 6114.79 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:905.25 GB) (Free:833.48 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (ADATA HD710) (Fixed) (Total:931.28 GB) (Free:882.28 GB) FAT32
Drive f: (TOM-16GB) (Removable) (Total:14.53 GB) (Free:7.84 GB) NTFS
\\?\Volume{de5046c7-2a35-4334-a288-c1de5be481d1}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.69 GB) NTFS
\\?\Volume{603dce74-0211-4db9-8842-26b55c18353b}\ (PBR_DRV) (Fixed) (Total:24.41 GB) (Free:13.47 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1C0CE13A)
Partition: GPT.
========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 8276A664)
Partition 1: (Active) - (Size=931.5 GB) - (Type=0C)
========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 14.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=14.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
-
Rudy
- Site Admin
- Příspěvky: 118251
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Nabouraná emailová komunikace, vykradený účet...
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/
ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?