Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o preventivní kontrolu LOG

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
domdur
Návštěvník
Návštěvník
Příspěvky: 39
Registrován: 12 bře 2016 16:18

Prosím o preventivní kontrolu LOG

#1 Příspěvek od domdur »

Dobrý den, při startu počítače se mi otevře mozila se stránkou která se evidentně připojuje na nějaké pochybné servery (eset začne bláznit a blokovat okna). Prosím proto o kontrolu logu a pomoc, jak to upravit.

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.10.2018
Ran by DurnaD (administrator) on NB-029 (09-10-2018 10:57:59)
Running from C:\Users\durnad\Desktop
Loaded Profiles: DurnaD (Available Profiles: defaultuser0 & it & DurnaD)
Platform: Windows 10 Pro Version 1607 14393.576 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\Broadcom\CV\bin\UshUpgradeService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Broadcom Corporation) C:\Program Files\Broadcom\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom\CV\bin\HostStorageService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(ESET) C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe
() C:\Dell\Sytem64Folder\DellRctlService.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Kerio Technologies Inc.) C:\Program Files (x86)\Kerio\UpdaterService\ktupdaterservice.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(McAfee, LLC.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(McAfee, LLC.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1338\DSAPI.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1338\pcdrwi.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe
(McAfee, LLC.) C:\Program Files\TrueKey\McAfee.TrueKey.SmartMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.1000_x64__kzf8qxf38zg5c\SkypeHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(HP Inc.) C:\Program Files\HP\HP PageWide MFP P57750\Bin\ScanToPCActivationApp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(Kerio Technologies Inc.) C:\Program Files (x86)\Kerio\Outlook Connector (Offline Edition)\KoffBackend.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(HP Inc.) C:\Program Files\HP\HP PageWide MFP P57750\Bin\HPNetworkCommunicatorCom.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320584 2016-10-31] (Intel Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [754984 2016-05-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8822016 2016-08-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1429248 2016-08-18] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [724400 2016-07-24] (Waves Audio Ltd.)
HKU\S-1-5-21-4106999633-2871329638-518651434-4360\...\Run: [Viber] => C:\Users\durnad\AppData\Local\Viber\Viber.exe [35828808 2018-09-27] (Viber Media S.à r.l.)
HKU\S-1-5-21-4106999633-2871329638-518651434-4360\...\Run: [HP PageWide MFP P57750 (NET)] => C:\Program Files\HP\HP PageWide MFP P57750\Bin\ScanToPCActivationApp.exe [3764360 2016-12-15] (HP Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat [2018-07-16] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1d84b795-4db9-4dd1-8ea2-daf251c89a23}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{a88191eb-159f-4bdf-80b5-82d2a3c12597}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-4106999633-2871329638-518651434-4360\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17win10.msn.com/?pc=DCTE
HKU\S-1-5-21-4106999633-2871329638-518651434-4360\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-4106999633-2871329638-518651434-4360 -> DefaultScope {92B29637-FFC4-420B-B6FA-A608E6B6BF20} URL =
SearchScopes: HKU\S-1-5-21-4106999633-2871329638-518651434-4360 -> {92B29637-FFC4-420B-B6FA-A608E6B6BF20} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-09-27] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-03] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 6ffi3ux2.default
FF ProfilePath: C:\Users\durnad\AppData\Roaming\Mozilla\Firefox\Profiles\6ffi3ux2.default [2018-10-09]
FF Homepage: Mozilla\Firefox\Profiles\6ffi3ux2.default -> hxxps://www.google.cz
FF NewTab: Mozilla\Firefox\Profiles\6ffi3ux2.default -> chrome://fvd.speeddial/content/fvd_about_blank.html
FF NewTabOverride: Mozilla\Firefox\Profiles\6ffi3ux2.default -> Enabled: pavel.sherbakov@gmail.com
FF Extension: (New Tab Page) - C:\Users\durnad\AppData\Roaming\Mozilla\Firefox\Profiles\6ffi3ux2.default\Extensions\pavel.sherbakov@gmail.com.xpi [2018-10-06]
FF Extension: (Firefox Monitor) - C:\Users\durnad\AppData\Roaming\Mozilla\Firefox\Profiles\6ffi3ux2.default\features\{6ecd7c32-49e5-4fb5-be14-04ea4c115118}\fxmonitor@mozilla.org.xpi [2018-10-04]
FF Extension: (Telemetry coverage) - C:\Users\durnad\AppData\Roaming\Mozilla\Firefox\Profiles\6ffi3ux2.default\features\{6ecd7c32-49e5-4fb5-be14-04ea4c115118}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-10-04] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_108.dll [2018-09-12] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWoW64\Macromed\Flash\NPSWF32_31_0_0_108.dll [2018-09-12] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\durnad\AppData\Local\Google\Chrome\User Data\Default [2018-06-20]
CHR Extension: (Slides) - C:\Users\durnad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-20]
CHR Extension: (Docs) - C:\Users\durnad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-20]
CHR Extension: (Google Drive) - C:\Users\durnad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-03]
CHR Extension: (YouTube) - C:\Users\durnad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-03]
CHR Extension: (Sheets) - C:\Users\durnad\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-20]
CHR Extension: (Google Docs Offline) - C:\Users\durnad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-06-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\durnad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-20]
CHR Extension: (Gmail) - C:\Users\durnad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-03]
CHR Extension: (Chrome Media Router) - C:\Users\durnad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-20]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [104744 2016-05-17] (Alps Electric Co., Ltd.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9680472 2018-09-26] (Microsoft Corporation)
S3 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [431088 2016-10-25] (Intel Corporation)
S3 dcpm-notify; C:\Program Files\Dell\CommandPowerManager\NotifyService.exe [94136 2016-06-02] (Dell Inc.)
S4 dcu-oobe; C:\Program Files (x86)\Dell\CommandUpdate\OobeService.exe [84408 2016-06-07] (Dell Inc.)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [209392 2018-05-09] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3350512 2018-05-09] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [218096 2018-05-09] (Dell Inc.)
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1338\DSAPI.exe [939328 2018-10-04] (PC-Doctor, Inc.)
R2 DellRctlService; c:\Dell\Sytem64Folder\DellRctlService.exe [524352 2016-06-02] ()
S3 EHttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\ehttpsrv.exe [41160 2015-10-02] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe [1576712 2015-10-02] (ESET)
R2 EraAgentSvc; C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe [1680000 2017-02-21] (ESET)
S3 eshasrv; C:\Program Files\ESET\ESET Endpoint Antivirus\eshasrv.exe [182984 2015-10-02] (ESET)
R2 esifsvc; C:\Windows\System32\Intel\DPTF\esif_uf.exe [1585784 2016-06-04] (Intel Corporation)
R2 hostcontrolsvc; C:\Program Files\Broadcom\CV\bin\HostControlService.exe [1038336 2016-11-09] (Broadcom Corporation)
R2 hoststoragesvc; C:\Program Files\Broadcom\CV\bin\HostStorageService.exe [42496 2016-11-09] (Broadcom Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2016-10-31] (Intel Corporation)
R2 ibtsiva; C:\Windows\system32\ibtsiva.exe [172272 2016-03-15] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [356336 2016-10-25] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-09-04] (Intel Corporation)
R2 ktupdaterservice; C:\Program Files (x86)\Kerio\UpdaterService\ktupdaterservice.exe [982224 2017-09-27] (Kerio Technologies Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2016-02-08] ()
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2016-06-15] (HP Inc.) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2016-06-15] (HP Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-08-18] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2017-03-19] (Microsoft Corporation)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [38872 2018-09-07] (Dell Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11644656 2018-08-13] (TeamViewer GmbH)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1000824 2018-05-14] (McAfee, LLC.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2018-05-14] (McAfee, LLC.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2018-05-14] (McAfee, Inc.)
R2 ushupgradesvc; C:\Program Files\Broadcom\CV\bin\UshUpgradeService.exe [254464 2016-11-09] ()
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [613296 2016-06-14] (Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-02-08] (Intel® Corporation)
S3 Dell.CommandPowerManager.Service; C:\Windows\system32\dllhost.exe /Processid:{2A54C219-8CF3-4AF7-BD44-E7B83D8E4501}
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcmnfcusb; C:\Windows\System32\drivers\bcmnfcusb.sys [46176 2016-11-09] (Broadcom Corporation.)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [41608 2018-05-08] (Dell Inc.)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [41208 2018-05-08] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [22864 2016-10-27] (OSR Open Systems Resources, Inc.)
R3 DellRctl; C:\Windows\System32\drivers\DellRctl.sys [33616 2016-06-02] ()
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [70208 2016-05-19] (Intel Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [65088 2016-05-19] (Intel Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255272 2015-10-08] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [186272 2015-10-08] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [169744 2015-10-08] (ESET)
R3 esif_lf; C:\Windows\System32\drivers\esif_lf.sys [343608 2016-05-19] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [341256 2016-03-18] (Intel Corporation)
R3 IntcAzAudAddService; C:\Windows\system32\drivers\RTDVHD64.sys [2678792 2016-08-18] (Realtek Semiconductor Corp.)
S3 mosuport; C:\Windows\System32\drivers\mosuport.sys [371352 2016-08-04] (ASIX Electronics Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [7116288 2016-07-16] (Intel Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [758488 2015-08-05] (Realsil Semiconductor Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 ST_ACCEL; C:\Windows\system32\DRIVERS\ST_Accel.sys [146512 2015-07-02] (STMicroelectronics)
R3 wbfcvusbdrv; C:\Windows\System32\Drivers\wbfcvusbdrv.sys [20064 2016-11-09] (Broadcom Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-09 10:57 - 2018-10-09 10:58 - 000020540 _____ C:\Users\durnad\Desktop\FRST.txt
2018-10-09 10:57 - 2018-10-09 10:57 - 000000000 ____D C:\FRST
2018-10-09 10:48 - 2018-10-09 10:57 - 002414592 _____ (Farbar) C:\Users\durnad\Desktop\FRST64.exe
2018-10-09 10:36 - 2018-10-09 10:36 - 000000000 ____D C:\Users\durnad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TouchPad
2018-10-08 20:42 - 2018-10-08 20:42 - 000478392 ____N (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\095D238F.sys
2018-10-08 20:42 - 2018-10-08 20:42 - 000085600 ____N (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\59924038.sys
2018-10-08 20:41 - 2018-10-08 20:42 - 000000000 ____D C:\KVRT_Data
2018-10-08 20:33 - 2018-10-08 20:34 - 000000000 ____D C:\AdwCleaner
2018-10-08 19:31 - 2018-10-08 19:31 - 000000000 ____D C:\Users\durnad\AppData\Local\ESET
2018-10-08 18:14 - 2018-10-08 20:41 - 147701544 _____ (AO Kaspersky Lab) C:\Users\durnad\Desktop\KVRT.exe
2018-10-08 18:14 - 2018-10-08 20:33 - 007592144 _____ (Malwarebytes) C:\Users\durnad\Desktop\adwcleaner_7.2.4.0.exe
2018-10-08 14:40 - 2018-10-08 15:50 - 000000000 ____D C:\Users\durnad\Documents\GTA San Andreas User Files
2018-10-08 14:40 - 2018-10-08 14:40 - 000000000 ____D C:\ProgramData\Caphyon
2018-10-08 14:37 - 2018-10-08 14:37 - 000000000 ____D C:\Program Files (x86)\Rockstar games
2018-10-04 09:38 - 2018-10-04 09:38 - 000358168 _____ C:\Users\durnad\Desktop\ZL DOTAZNÍK 2018.pdf
2018-10-04 08:35 - 2018-10-04 08:35 - 000002237 _____ C:\Users\Public\Desktop\SupportAssist.lnk
2018-10-03 10:39 - 2018-10-03 10:39 - 000002561 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-10-03 10:39 - 2018-10-03 10:39 - 000002555 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-10-03 10:39 - 2018-10-03 10:39 - 000002532 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-10-03 10:39 - 2018-10-03 10:39 - 000002527 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-10-03 10:39 - 2018-10-03 10:39 - 000002488 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-10-03 10:39 - 2018-10-03 10:39 - 000002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-10-03 10:39 - 2018-10-03 10:39 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-10-03 10:39 - 2018-10-03 10:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office
2018-10-03 09:09 - 2018-10-03 09:09 - 000000000 ____D C:\Users\durnad\AppData\Local\Viber
2018-09-27 11:40 - 2018-09-27 11:40 - 000009032 _____ C:\Users\durnad\AppData\Local\recently-used.xbel
2018-09-26 14:50 - 2018-09-26 14:50 - 000000074 _____ C:\Windows\SysWOW64\SmartFlow.txt
2018-09-20 07:50 - 2018-09-20 07:50 - 000419842 _____ C:\Users\durnad\Desktop\Ubytování montážníci odjezd).pdf
2018-09-12 09:21 - 2018-09-12 09:21 - 000000000 _____ C:\Users\durnad\Documents\HPPW5775_Fax_Port
2018-09-10 19:01 - 2018-09-10 19:01 - 000000000 _____ C:\Windows\HPMProp.INI

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-09 10:54 - 2017-12-14 09:48 - 056140800 _____ C:\Users\durnad\Desktop\archive.pst
2018-10-09 10:54 - 2017-04-24 08:43 - 000000000 ____D C:\Users\durnad\Documents\Soubory aplikace Outlook
2018-10-09 10:47 - 2017-04-10 10:59 - 000000000 ____D C:\Users\durnad\AppData\LocalLow\Mozilla
2018-10-09 10:41 - 2016-07-16 13:47 - 000000000 ___HD C:\Program Files\WindowsApps
2018-10-09 10:41 - 2016-07-16 13:47 - 000000000 ____D C:\Windows\AppReadiness
2018-10-09 10:38 - 2017-04-28 09:17 - 000000000 ____D C:\ProgramData\firebird
2018-10-09 10:37 - 2018-08-16 16:40 - 000000000 ____D C:\Users\durnad\Documents\ViberDownloads
2018-10-09 10:37 - 2018-08-16 16:39 - 000000000 ____D C:\Users\durnad\AppData\Roaming\ViberPC
2018-10-09 10:36 - 2017-04-10 10:55 - 000000000 __SHD C:\Users\durnad\IntelGraphicsProfiles
2018-10-09 10:36 - 2017-04-10 10:24 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-10-09 06:42 - 2017-03-18 15:26 - 000000000 ____D C:\Windows\system32\SleepStudy
2018-10-08 20:43 - 2017-03-18 15:41 - 004012250 _____ C:\Windows\system32\PerfStringBackup.INI
2018-10-08 20:43 - 2016-08-02 16:32 - 001719924 _____ C:\Windows\system32\perfh005.dat
2018-10-08 20:43 - 2016-08-02 16:32 - 000465472 _____ C:\Windows\system32\perfc005.dat
2018-10-08 20:37 - 2018-06-15 13:06 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-10-08 20:37 - 2017-03-18 15:44 - 000067257 _____ C:\Windows\system32\CVFirmwareUpgradeLog.txt
2018-10-08 20:37 - 2017-03-18 15:26 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-10-08 20:36 - 2016-07-16 08:04 - 000786432 _____ C:\Windows\system32\config\BBI
2018-10-08 19:20 - 2017-09-10 15:30 - 000000000 ____D C:\Users\durnad\Desktop\Dominik Soukromé
2018-10-08 19:17 - 2017-04-10 10:55 - 000000000 ____D C:\Users\durnad\AppData\Local\Packages
2018-10-08 17:59 - 2016-07-16 13:47 - 000000000 ____D C:\Windows\LiveKernelReports
2018-10-08 17:57 - 2017-03-18 16:17 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-10-08 17:51 - 2017-04-10 10:55 - 000000000 ____D C:\Users\durnad
2018-10-08 17:50 - 2017-04-10 10:29 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-10-08 17:50 - 2017-04-10 10:29 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-10-08 17:50 - 2017-03-18 15:26 - 000498136 _____ C:\Windows\system32\FNTCACHE.DAT
2018-10-08 14:46 - 2016-07-16 13:36 - 000000000 ____D C:\Windows\CbsTemp
2018-10-08 14:44 - 2016-07-16 13:43 - 000471040 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2018-10-08 14:44 - 2016-07-16 13:43 - 000395264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2018-10-08 14:44 - 2016-07-16 13:43 - 000220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplayx.dll
2018-10-08 14:44 - 2016-07-16 13:43 - 000068096 _____ (Microsoft Corporation) C:\Windows\system32\dpnathlp.dll
2018-10-08 14:44 - 2016-07-16 13:43 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnathlp.dll
2018-10-08 14:44 - 2016-07-16 13:43 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpwsockx.dll
2018-10-08 14:44 - 2016-07-16 13:43 - 000027136 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe
2018-10-08 14:44 - 2016-07-16 13:43 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpmodemx.dll
2018-10-08 14:44 - 2016-07-16 13:43 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe
2018-10-08 14:44 - 2016-07-16 13:43 - 000020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplaysvr.exe
2018-10-08 14:44 - 2016-07-16 13:43 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dpnhupnp.dll
2018-10-08 14:44 - 2016-07-16 13:43 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dpnhpast.dll
2018-10-08 14:44 - 2016-07-16 13:43 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhupnp.dll
2018-10-08 14:44 - 2016-07-16 13:43 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhpast.dll
2018-10-08 14:44 - 2016-07-16 13:43 - 000006144 _____ (Microsoft Corporation) C:\Windows\system32\dpnlobby.dll
2018-10-08 14:44 - 2016-07-16 13:43 - 000006144 _____ (Microsoft Corporation) C:\Windows\system32\dpnaddr.dll
2018-10-08 14:44 - 2016-07-16 13:43 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnlobby.dll
2018-10-08 14:44 - 2016-07-16 13:43 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnaddr.dll
2018-10-05 08:36 - 2018-07-12 21:42 - 000001503 _____ C:\Users\durnad\Desktop\SQL Ekonom.lnk
2018-10-05 08:35 - 2017-04-10 02:59 - 000000120 _____ C:\Windows\system32\config\netlogon.ftl
2018-10-04 08:37 - 2018-05-17 12:08 - 000004242 _____ C:\Windows\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2018-10-04 08:37 - 2017-03-18 15:49 - 000000000 ____D C:\ProgramData\PCDr
2018-10-04 08:35 - 2017-03-18 15:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2018-10-04 08:35 - 2016-07-16 13:45 - 000000000 ____D C:\Windows\INF
2018-10-04 08:34 - 2017-06-28 12:07 - 000000000 ____D C:\ProgramData\SupportAssist
2018-10-04 08:30 - 2017-04-10 10:30 - 000001230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-10-03 17:56 - 2017-04-10 11:44 - 000000000 ____D C:\Users\durnad\AppData\LocalLow\Adobe
2018-10-03 17:28 - 2017-04-10 10:52 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-10-03 17:25 - 2018-06-12 16:47 - 000000000 ____D C:\Users\durnad\Documents\SimCity 4
2018-10-03 10:40 - 2016-07-16 13:47 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-10-03 10:38 - 2017-03-18 15:54 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-09-27 11:41 - 2017-05-02 14:39 - 000000000 ____D C:\Users\durnad\.gimp-2.8
2018-09-27 11:40 - 2017-05-02 14:42 - 000000000 ____D C:\Users\durnad\AppData\Local\gtk-2.0
2018-09-25 15:14 - 2017-11-13 09:34 - 000000000 ____D C:\Users\durnad\Desktop\Dokumentace pro Uralské Loko
2018-09-24 13:38 - 2017-04-10 10:06 - 000009160 __RSH C:\ProgramData\ntuser.pol
2018-09-23 13:33 - 2017-04-10 10:53 - 000004562 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-09-23 11:28 - 2018-03-02 08:51 - 000003360 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4106999633-2871329638-518651434-4360
2018-09-23 11:27 - 2017-04-10 10:57 - 000002392 _____ C:\Users\durnad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-09-23 11:27 - 2017-04-10 10:57 - 000000000 ___RD C:\Users\durnad\OneDrive
2018-09-21 09:31 - 2016-07-16 13:47 - 000000000 ____D C:\Windows\system32\NDF
2018-09-18 22:32 - 2017-04-10 10:26 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-09-12 09:21 - 2017-04-11 14:16 - 000000000 ____D C:\Users\durnad\AppData\Local\HP
2018-09-12 09:03 - 2018-03-14 09:33 - 000004638 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-09-12 09:03 - 2016-07-16 13:47 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-09-12 09:03 - 2016-07-16 13:47 - 000000000 ____D C:\Windows\system32\Macromed
2018-09-11 15:24 - 2017-04-10 02:44 - 000003276 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2018-09-10 19:00 - 2016-07-16 13:47 - 000000000 ____D C:\Windows\system32\spool
2018-09-09 20:20 - 2017-04-10 10:06 - 000000000 ____D C:\Users\tratadmin
2018-09-09 20:20 - 2017-04-10 02:39 - 000000000 ____D C:\Users\it
2018-09-09 20:20 - 2017-04-10 02:36 - 000000000 ____D C:\Users\defaultuser0

==================== Files in the root of some directories =======

2018-07-03 22:32 - 2018-08-09 15:49 - 000000000 _____ () C:\Users\durnad\AppData\Roaming\FileIn.cns
2018-07-03 22:32 - 2018-08-09 15:49 - 000000000 _____ () C:\Users\durnad\AppData\Roaming\FileOut.cns
2018-09-27 11:40 - 2018-09-27 11:40 - 000009032 _____ () C:\Users\durnad\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
2017-07-25 16:24 - 2017-01-18 13:50 - 000066472 _____ (Autodesk, Inc.) C:\Users\durnad\AppData\Local\Temp\AcDeltree.exe
2018-03-14 17:51 - 2018-03-14 17:51 - 000231936 _____ (Kerio Technologies Inc.) C:\Users\durnad\AppData\Local\Temp\KTOutlk.dll
2018-06-15 13:05 - 2018-06-15 13:05 - 000070160 _____ (ESET) C:\Users\durnad\AppData\Local\Temp\sha1sum.exe
2017-04-28 09:13 - 2017-04-28 09:13 - 000231936 _____ (Kerio Technologies Inc.) C:\Users\tratadmin\AppData\Local\Temp\KTOutlk.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-10-04 11:41

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.10.2018
Ran by DurnaD (09-10-2018 10:59:00)
Running from C:\Users\durnad\Desktop
Windows 10 Pro Version 1607 14393.576 (X64) (2017-04-10 00:38:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3801480981-3194726390-2044637386-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3801480981-3194726390-2044637386-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3801480981-3194726390-2044637386-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-3801480981-3194726390-2044637386-501 - Limited - Disabled)
it (S-1-5-21-3801480981-3194726390-2044637386-1001 - Administrator - Enabled) => C:\Users\it

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Endpoint Antivirus 6.2.2033.1 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Endpoint Antivirus 6.2.2033.1 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{13DA9C7C-EBFB-40D0-94A1-55B42883DF21}) (Version: 21.2.1 - HP Inc.) Hidden
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.008.20071 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.108 - Adobe Systems Incorporated)
Aplikace Intel® PROSet/Wireless (HKLM-x32\...\{552523b2-40ad-46b3-94f6-2b99d0860d5c}) (Version: 18.40.0 - Intel Corporation)
Autodesk DWG TrueView 2018 - English (HKLM\...\DWG TrueView 2018 - English) (Version: 22.0.50.0 - Autodesk)
Dell Command | Power Manager (HKLM\...\{DDDAF4A7-8B7D-4088-AECC-6F50E594B4F5}) (Version: 2.1.1 - Dell Inc.)
Dell Command | Update (HKLM-x32\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.2.0 - Dell Inc.)
Dell ControlVault Host Components Installer 64 bit (HKLM\...\{0F987BC2-6177-4A85-B441-BD26838242CE}) (Version: 4.5.17.305 - Broadcom Limited)
Dell Digital Delivery (HKLM-x32\...\{99B7C4B5-DC14-441D-A5B6-7340F682BC81}) (Version: 3.1.1117.0 - Dell Products, LP)
Dell SupportAssist (HKLM\...\{50EF2C72-95EC-4206-AAC3-9E84004A6140}) (Version: 3.0.1.62 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 10.1207.101.113 - ALPS ELECTRIC CO., LTD.)
Dell WLAN Radio Switch Driver (HKLM\...\{0C073C52-562D-4897-9839-5AE5405EC462}) (Version: 1.0.0.7 - Dell Inc.)
DWG TrueView 2018 - English (HKLM\...\{28B89EEF-1028-0409-0100-CF3F3A09B77D}) (Version: 22.0.50.0 - Autodesk) Hidden
Empire Earth - The Art of Conquest (HKLM-x32\...\{A10D72B9-9B20-47F8-AE4D-365BCC89F324}) (Version: 1.0.0.0 - Název společnosti:) Hidden
Empire Earth - The Art of Conquest (HKLM-x32\...\InstallShield_{A10D72B9-9B20-47F8-AE4D-365BCC89F324}) (Version: 1.0.0.0 - Název společnosti:)
Empire Earth (HKLM-x32\...\{65B09E79-0187-4813-8258-03991132E5A5}) (Version: 2.0.0.0 - Název společnosti:) Hidden
Empire Earth (HKLM-x32\...\InstallShield_{65B09E79-0187-4813-8258-03991132E5A5}) (Version: 2.0.0.0 - Název společnosti:)
ESET Endpoint Antivirus (HKLM\...\{3F2F7E08-192B-4F74-A540-E61BB8CD2A1E}) (Version: 6.2.2033.1 - ESET, spol. s r.o.)
ESET Remote Administrator Agent (HKLM\...\{41F12F70-5FA9-43F5-94F4-53B54EB4EEC4}) (Version: 6.5.522.0 - ESET, spol. s r.o.)
Firebird 2.5.0.26074 (x64) (HKLM\...\FBDBServer_2_5_x64_is1) (Version: 2.5.0.26074 - Firebird Project)
Firebird/InterBase(r) ODBC driver 2.0 (HKLM-x32\...\Firebird ODBC Driver_is1) (Version: 2.0 - Firebird Project)
GIMP 2.8.20 (HKLM\...\GIMP-2_is1) (Version: 2.8.20 - The GIMP Team)
Google Earth Pro (HKLM\...\{F914BC59-918A-498F-B2E3-B274C9CB48A8}) (Version: 7.3.2.5491 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Gothic III (HKLM-x32\...\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}) (Version: 1.0.0 - JoWooD Productions Software AG)
GTA San Andreas CZ (HKLM-x32\...\GTA San Andreas CZ 1.3.0) (Version: 1.3.0 - Rockstar Games)
HP Dropbox Plugin (HKLM-x32\...\{C532369A-0DB2-4955-99C2-15711A0EBA11}) (Version: 36.0.49.62779 - HP)
HP Google Drive Plugin (HKLM-x32\...\{E7AA21C9-D2D2-4AE0-9F61-D2FC755C933E}) (Version: 36.0.49.62779 - HP)
HP OneDrive Plugin (HKLM-x32\...\{D153F4F6-A6A7-459C-86F0-306052B34665}) (Version: 36.0.0.0 - HP)
IBM SPSS Statistics Subscription (HKLM\...\{02D81DCC-13D1-465C-9292-E46956489CA1}) (Version: 1.0.0.903 - IBM Corp)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.10900.330 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1167 - Intel Corporation)
Intel(R) Network Connections 20.3.300.1 (HKLM\...\PROSetDX) (Version: 20.3.300.1 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.2.1030 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{A354DC98-2677-4967-8AA0-3B867EE10202}) (Version: 18.1.1611.3223 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Kerio Connect (HKU\S-1-5-21-4106999633-2871329638-518651434-4360\...\KerioConnect) (Version: 9.2.3.9362 - Kerio Technologies Inc.)
Kerio Outlook Connector (Offline Edition) (HKLM-x32\...\{4A365C62-0B2C-4A5F-ACED-4F059BDDAC59}) (Version: 9.2.3336 - Kerio Technologies Inc.)
Kerio Updater Service (HKLM-x32\...\{c5ca4ec3-10b2-4447-b323-8448aae57a0b}) (Version: 2.0.176 - Kerio Technologies, Inc.) <==== ATTENTION
LibreOffice 5.3.2.2 (HKLM-x32\...\{8DA98699-6AD4-49CF-A9A0-B5E7B7981BE6}) (Version: 5.3.2.2 - The Document Foundation)
Live for Speed (HKLM-x32\...\Live for Speed) (Version: 0.6G - Jimbo)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.8627.1 - Waves Audio Ltd.) Hidden
McAfee True Key (HKLM\...\TrueKey) (Version: 5.0.150.1 - McAfee)
Microsoft Office 2016 pro podnikatele - cs-cz (HKLM\...\HomeBusinessRetail - cs-cz) (Version: 16.0.10827.20138 - Microsoft Corporation)
Microsoft Office 365 - cs-cz (HKLM\...\O365HomePremRetail - cs-cz) (Version: 16.0.10827.20138 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4106999633-2871329638-518651434-4360\...\OneDriveSetup.exe) (Version: 18.151.0729.0012 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mozilla Firefox 62.0.3 (x64 cs) (HKLM\...\Mozilla Firefox 62.0.3 (x64 cs)) (Version: 62.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 62.0.3.6848 - Mozilla)
MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{EBFC96E5-4409-426E-88B7-650ADB342E78}) (Version: 8.0.50727.42 - The Firebird Project)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10827.20138 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10827.20138 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10827.20138 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.10827.20138 - Microsoft Corporation) Hidden
PowerKey 3.0 (HKLM-x32\...\PowerKey3.0) (Version: - )
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6111 - Realtek Semiconductor Corp.)
RollerCoaster Tycoon 3 Platinum (HKLM-x32\...\GOGPACKRCT3_is1) (Version: 2.0.0.13 - GOG.com)
SimCity 4 Deluxe Edition (HKLM-x32\...\GOGPACKSC4_is1) (Version: 2.0.0.8 - GOG.com)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0071 - ST Microelectronics)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.2.14327 - TeamViewer)
Trainz Simulator 2009: World Builder Edition (HKLM-x32\...\AuranTS2009_is1) (Version: - Auran)
Viber (HKLM-x32\...\{FF0EABB8-2954-496B-8F2C-ADC004DFB39C}) (Version: 9.4.0.13 - Viber Media Inc.) Hidden
Viber (HKU\S-1-5-21-4106999633-2871329638-518651434-4360\...\{4145fbea-95a1-4c9d-a22e-809f70175be0}) (Version: 9.4.0.13 - Viber Media Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.1 - VideoLAN)
Warcraft III - Gold Edition verze 1.26 (HKLM-x32\...\{1DD8BB83-A075-4F9B-9F24-9383BC647D65}_is1) (Version: 1.26 - )
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Základní software zařízení HP Officejet Pro X576dw MFP (HKLM\...\{D98DDEDB-CE21-42EE-8BDB-02ED2395D06C}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Základní software zařízení HP PageWide MFP P57750 (HKLM\...\{BD4A2FF8-641B-4360-8ED4-BF8B867F1412}) (Version: 39.4.1978.16350 - HP Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4106999633-2871329638-518651434-4360_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2016 - English\dwgviewr.exe => No File
CustomCLSID: HKU\S-1-5-21-4106999633-2871329638-518651434-4360_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2018 - English\en-US\dwgviewrficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4106999633-2871329638-518651434-4360_Classes\CLSID\{B6EB585B-B467-4E46-A9C7-48D7D6FD26CB}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2018 - English\dwgviewr.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4106999633-2871329638-518651434-4360_Classes\CLSID\{CBBF6A46-87BC-A0B6-0D2E-2BB5531C96D3}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2017-02-15] (Autodesk, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2017-02-15] (Autodesk)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Antivirus\shellExt.dll [2015-10-02] (ESET)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Antivirus\shellExt.dll [2015-10-02] (ESET)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-10-25] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Antivirus\shellExt.dll [2015-10-02] (ESET)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08C9FCAA-FDE2-40FD-9466-0A73FE347F48} - System32\Tasks\Dell Cleanup => c:\windows\system32\oem\startmenufix.vbs [2016-09-14] ()
Task: {198FA073-AECE-40F4-B292-4997D6E3B425} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202}
Task: {1B8C2E07-A066-48AF-B670-3D8319A0E5E5} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-10-03] (Microsoft Corporation)
Task: {206DEBD1-0041-495E-9127-A3DE1CBECE6B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWoW64\Macromed\Flash\FlashUtil32_31_0_0_108_Plugin.exe [2018-09-12] (Adobe Systems Incorporated)
Task: {3061E025-2BD5-4403-956D-C2EC2D04DEC2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {332EC765-CC61-4259-AB33-FD31A6F6F9AD} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-09-26] (Microsoft Corporation)
Task: {36511363-C79D-406C-B7FE-21B68CCCABC4} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [2018-09-07] (Dell Inc.)
Task: {4655C382-B0A9-4376-A9DC-8582A4498D3A} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-08-18] (Realtek Semiconductor)
Task: {4F39A6DC-1EC7-4D5A-84A1-CF05D16DC911} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\Explorer.EXE /NOUACCHECK
Task: {5E8B2054-CD45-4AD0-AF2F-5E28331416E2} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-10-03] (Microsoft Corporation)
Task: {76725CB1-274C-419D-8068-72D90C912734} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-10-03] (Microsoft Corporation)
Task: {82F22249-9BC4-4179-8734-65682B9464E2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-09-26] (Microsoft Corporation)
Task: {9408B5B4-7104-47EA-8DE5-33DAC593C1A3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-10] (Google Inc.)
Task: {97BD698F-AFBD-43E8-B481-EC9FD8F5E08C} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-02-27] (McAfee, Inc.)
Task: {A0D4F310-7D43-4B96-88EA-D049407A3EA6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-10] (Google Inc.)
Task: {BBD50DF2-7156-4360-9E50-F1EA2E04A05C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-09-12] (Adobe Systems Incorporated)
Task: {C2D039E6-3FC2-4112-8CA6-47CA8895A154} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2018-10-03] (Microsoft Corporation)
Task: {F646C284-D5D2-4E5E-B910-D6984C73B724} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI_ActiveScriptEventConsumer_DellCommandPowerManagerAlertEventConsumer:
WMI_ActiveScriptEventConsumer_DellCommandPowerManagerPolicyChangeEventConsumer:

Shortcut: C:\Users\durnad\AppData\Roaming\Microsoft\Word\Статус%20выполнения%20по%20проектно-поэтапному%20п306848901688930916\Статус%20выполнения%20по%20проектно-поэтапному%20плану%20по%20унив.%20сан.комплексу%20от%20TRATEC.doc.lnk -> [LF `N"|5pu6l4U//D:\tY^Hg3(w,/J>Vh6 !B0BCA 2K?>;=5=8O ?> ?@>5:B=>-?>MB0?=><C ?;0=C ?> C=82. A0=.:><?;5:AC >B TRATEC.doc.!B0BCA 2K?>;=5=8O ?> ?@>5:B=>-?>MB0?=><C ?;0=C ?> C=82. A0=.:><?;5:AC >B TRATEC.doc>$$5:<D:\?????? ?????????? ?? ????????-?????????? ????? ?? ????. ???.????????? ?? TRATEC.docD:\!B0BCA 2K?>;=5=8O ?> ?@>5:B=>-?>MB0?=><C ?;0=C ?> C=82. A0=.:><?;5:AC >B TRATEC.docNejnovja verze12] (No File) <==== Cyrillic

==================== Loaded Modules (Whitelisted) ==============

2017-03-18 15:44 - 2016-11-09 08:37 - 000254464 _____ () C:\Program Files\Broadcom\CV\bin\UshUpgradeService.exe
2016-06-02 11:23 - 2016-06-02 11:23 - 000524352 _____ () c:\Dell\Sytem64Folder\DellRctlService.exe
2018-10-04 08:36 - 2018-10-04 08:36 - 002587968 _____ () C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1338\libprotobuf.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 000231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2017-03-19 00:18 - 2017-03-19 00:18 - 002681200 _____ () C:\Windows\System32\CoreUIComponents.dll
2017-03-18 23:53 - 2016-10-25 05:09 - 000384496 _____ () C:\Windows\system32\igfxTray.exe
2017-03-19 00:18 - 2017-03-19 00:18 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-19 00:18 - 2017-03-19 00:18 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-19 00:18 - 2017-03-19 00:18 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-19 00:18 - 2017-03-19 00:18 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-19 00:18 - 2017-03-19 00:18 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-03-19 00:18 - 2017-03-19 00:18 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-03-19 00:18 - 2017-03-19 00:18 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2018-08-05 22:24 - 2018-08-06 18:30 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.1000_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-08-05 22:24 - 2018-08-06 18:30 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.1000_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-08-05 22:24 - 2018-08-06 18:30 - 022373888 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.1000_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-08-05 22:24 - 2018-08-06 18:30 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.1000_x64__kzf8qxf38zg5c\skypert.dll
2018-08-05 22:24 - 2018-08-05 22:24 - 000653824 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.1000_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 000361984 _____ () C:\Windows\SYSTEM32\HrtfApo.dll
2017-09-27 23:37 - 2017-09-27 23:37 - 000073928 _____ () C:\Program Files (x86)\Kerio\UpdaterService\ktzlib100_1.2.8.dll
2016-05-02 15:46 - 2016-05-02 15:46 - 000134008 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2015-09-04 21:34 - 2015-09-04 21:34 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-09-27 23:34 - 2017-09-27 23:34 - 000073928 _____ () C:\Program Files (x86)\Kerio\Outlook Connector (Offline Edition)\ktzlib100_1.2.8.dll
2017-09-27 23:34 - 2017-09-27 23:34 - 000297656 _____ () C:\Program Files (x86)\Kerio\Outlook Connector (Offline Edition)\gmime.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-4106999633-2871329638-518651434-4360\Software\Classes\.scr: DWGTrueViewScriptFile => C:\Windows\system32\notepad.exe "%1"

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 13:47 - 2016-07-16 13:45 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4106999633-2871329638-518651434-4360\Control Panel\Desktop\\Wallpaper -> C:\Users\durnad\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{48A1358E-A01B-49D2-8C10-2F25FD11E2F0}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{BE40AF96-4976-4628-9E90-3D05E5293EDB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BF79046D-E614-48FD-88A3-527678B6D77F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BADD556D-583F-4E24-85D5-94031C159B30}] => (Allow) C:\Program Files\HP\HP Officejet Pro X576dw MFP\bin\FaxApplications.exe
FirewallRules: [{861B21A2-93E2-4293-84E2-66F365818F77}] => (Allow) C:\Program Files\HP\HP Officejet Pro X576dw MFP\bin\DigitalWizards.exe
FirewallRules: [{8B9D14FE-775F-4B13-BFEE-955E5157F716}] => (Allow) C:\Program Files\HP\HP Officejet Pro X576dw MFP\bin\SendAFax.exe
FirewallRules: [{02000F51-CA96-4D7F-8110-E1C8E32ECAD3}] => (Allow) C:\Program Files\HP\HP Officejet Pro X576dw MFP\Bin\DeviceSetup.exe
FirewallRules: [{8D026618-6C09-440D-A146-14C0E5CF20D3}] => (Allow) LPort=5357
FirewallRules: [{B823ACFC-F245-448C-9964-C9F43A8B2A2B}] => (Allow) C:\Program Files\HP\HP Officejet Pro X576dw MFP\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{877B71B5-1DDF-4C2F-BC6D-5FF570CC8D8E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{B8EFE7A2-500B-495E-B27F-4346B34D87CE}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{3CD53DFB-16D4-4F96-82E1-1F58B9DB64A7}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{7CBEA17D-7BF7-4817-A525-5F54B6D5B767}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{E390A422-5798-4889-A319-B2699031C5C9}C:\program files (x86)\sierra\empire earth\empire earth.exe] => (Block) C:\program files (x86)\sierra\empire earth\empire earth.exe
FirewallRules: [UDP Query User{BADC76D9-F48A-4314-AD67-173A32F7CA87}C:\program files (x86)\sierra\empire earth\empire earth.exe] => (Block) C:\program files (x86)\sierra\empire earth\empire earth.exe
FirewallRules: [TCP Query User{E8D289C8-79B5-45D5-B452-E9A742CDE089}C:\program files (x86)\sierra\empire earth\empire earth.exe] => (Block) C:\program files (x86)\sierra\empire earth\empire earth.exe
FirewallRules: [UDP Query User{F289773E-500F-4732-B214-BF2773723939}C:\program files (x86)\sierra\empire earth\empire earth.exe] => (Block) C:\program files (x86)\sierra\empire earth\empire earth.exe
FirewallRules: [TCP Query User{C4D325FD-43DD-451F-BFAB-0B86DC804845}C:\program files (x86)\train simulator\train simulator 2017\railworks.exe] => (Block) C:\program files (x86)\train simulator\train simulator 2017\railworks.exe
FirewallRules: [UDP Query User{B88A16F0-B538-411E-919A-9292556F481B}C:\program files (x86)\train simulator\train simulator 2017\railworks.exe] => (Block) C:\program files (x86)\train simulator\train simulator 2017\railworks.exe
FirewallRules: [TCP Query User{E1324EE3-B5ED-41B4-8D81-49BF35330E99}C:\program files (x86)\sierra\empire earth - the art of conquest\ee-aoc.exe] => (Block) C:\program files (x86)\sierra\empire earth - the art of conquest\ee-aoc.exe
FirewallRules: [UDP Query User{6C858F97-EB76-4B01-94A6-289B02ED0EF4}C:\program files (x86)\sierra\empire earth - the art of conquest\ee-aoc.exe] => (Block) C:\program files (x86)\sierra\empire earth - the art of conquest\ee-aoc.exe
FirewallRules: [TCP Query User{4BA50885-B820-4E69-A095-2D40DF729240}C:\program files\ibm\spss\statistics\subscription\stats.exe] => (Allow) C:\program files\ibm\spss\statistics\subscription\stats.exe
FirewallRules: [UDP Query User{5233151F-A8F0-4E15-A45E-3920354B117E}C:\program files\ibm\spss\statistics\subscription\stats.exe] => (Allow) C:\program files\ibm\spss\statistics\subscription\stats.exe
FirewallRules: [{BB529979-7A12-475B-853E-43AB04FA93AA}] => (Allow) C:\Program Files\HP\HP PageWide MFP P57750\bin\FaxApplications.exe
FirewallRules: [{2400020A-E7DD-4D35-8839-13DB5B8E3B11}] => (Allow) C:\Program Files\HP\HP PageWide MFP P57750\bin\DigitalWizards.exe
FirewallRules: [{25540852-F709-4347-8B9E-C447CAB6BA96}] => (Allow) C:\Program Files\HP\HP PageWide MFP P57750\bin\SendAFax.exe
FirewallRules: [{584541A7-B030-4528-8631-63A4A6525B17}] => (Allow) C:\Program Files\HP\HP PageWide MFP P57750\bin\FaxPrinterUtility.exe
FirewallRules: [{1C61F5F7-6FCD-4E31-8124-FA8FD54FF5A5}] => (Allow) C:\Program Files\HP\HP PageWide MFP P57750\Bin\DeviceSetup.exe
FirewallRules: [{DB72C0BF-7CA4-42B0-945D-DCDC4F70FBF0}] => (Allow) C:\Program Files\HP\HP PageWide MFP P57750\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{AC067B7B-8E7E-4108-AD13-EBEF78EB4A6D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8BF4A2CC-37F9-4C7F-954D-CEA27AED5128}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F2F9AB30-0D6D-4913-A8F7-B93D5F39B7BF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{578E3637-BE6E-4AF4-9743-420FDCEF23CB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{BB318252-FC95-4916-B77C-AD3E643E185E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{FA451DEB-13D5-4F53-A21E-7DD71FE99BA5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

02-10-2018 09:54:45 Naplánovaný kontrolní bod
08-10-2018 14:40:44 Instalační služba modulů systému Windows
08-10-2018 14:41:58 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/09/2018 10:39:42 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/09/2018 10:38:21 AM) (Source: Outlook) (EventID: 68) (User: )
Description: Upozornění zabezpečení pro načtení souboru KOFXP.DLL. Knihovna DLL tohoto zprostředkovatele MAPI může být pro váš systém škodlivá. Měli byste načítat jenom knihovny DLL od důvěryhodných zprostředkovatelů, kteří jsou zaregistrovaní v MapiSvc.Inf. Knihovna DLL tohoto zprostředkovatele se v příští aktualizaci klienta Outlooku zablokuje a její funkce už nebudou k dispozici. Další informace o registraci zprostředkovatelů knihoven DLL najdete v článku https://go.microsoft.com/fwlink/?linkid ... lcid=0x409.

Error: (10/08/2018 08:37:11 PM) (Source: DellRctlService) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/08/2018 08:37:10 PM) (Source: DellRctlService) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/08/2018 08:37:09 PM) (Source: DellRctlService) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/08/2018 08:26:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TRATEC)
Description: Aplikaci Microsoft.Windows.Photos_8wekyb3d8bbwe!App se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (10/08/2018 07:22:26 PM) (Source: Outlook) (EventID: 68) (User: )
Description: Upozornění zabezpečení pro načtení souboru KOFXP.DLL. Knihovna DLL tohoto zprostředkovatele MAPI může být pro váš systém škodlivá. Měli byste načítat jenom knihovny DLL od důvěryhodných zprostředkovatelů, kteří jsou zaregistrovaní v MapiSvc.Inf. Knihovna DLL tohoto zprostředkovatele se v příští aktualizaci klienta Outlooku zablokuje a její funkce už nebudou k dispozici. Další informace o registraci zprostředkovatelů knihoven DLL najdete v článku https://go.microsoft.com/fwlink/?linkid ... lcid=0x409.

Error: (10/08/2018 06:34:21 PM) (Source: Outlook) (EventID: 68) (User: )
Description: Upozornění zabezpečení pro načtení souboru KOFXP.DLL. Knihovna DLL tohoto zprostředkovatele MAPI může být pro váš systém škodlivá. Měli byste načítat jenom knihovny DLL od důvěryhodných zprostředkovatelů, kteří jsou zaregistrovaní v MapiSvc.Inf. Knihovna DLL tohoto zprostředkovatele se v příští aktualizaci klienta Outlooku zablokuje a její funkce už nebudou k dispozici. Další informace o registraci zprostředkovatelů knihoven DLL najdete v článku https://go.microsoft.com/fwlink/?linkid ... lcid=0x409.


System errors:
=============
Error: (10/09/2018 10:39:21 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: Tento počítač nemohl nastavit zabezpečenou relaci s řadičem
domény v doméně TRATEC z následujícího důvodu:
Pro vyřízení žádosti o přihlášení nejsou nyní k dispozici žádné přihlašovací servery.


To může vést k potížím při ověřování. Přesvědčte se, zda je tento
počítač připojen k síti. Pokud potíže trvají,
obraťte se na správce domény.



DALŠÍ INFORMACE

Pokud je tento počítač řadičem domény pro určenou doménu,
nastaví zabezpečenou relaci s emulátorem primárního řadiče domény v určené
doméně. V opačném případě tento počítač nastaví zabezpečenou relaci s libovolným řadičem domény
v určené doméně.

Error: (10/09/2018 10:36:38 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1130) (User: TRATEC)
Description: Selhání 1.
Název objektu zásad skupiny: MAPDRIVE-PRINTER-SHORTCUT
Cesta k objektu zásad skupiny: \\TRATEC.local\SysVol\TRATEC.local\Policies\{1EC5D8BD-49C1-4C79-B691-EE65F18D4BA8}\User
Název skriptu: \\s2008-02\VYROBA\!!\epc_log\testpc.vbs

Error: (10/09/2018 10:36:38 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1130) (User: TRATEC)
Description: Selhání 1.
Název objektu zásad skupiny: Default Domain Policy
Cesta k objektu zásad skupiny: \\TRATEC.local\sysvol\TRATEC.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\User
Název skriptu: start.cmd

Error: (10/09/2018 10:36:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (10/09/2018 10:36:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (10/09/2018 10:36:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (10/09/2018 10:36:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (10/09/2018 10:36:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
a APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.


Windows Defender:
===================================
Date: 2017-04-10 10:34:11.428
Description:
Virtuální počítač Windows Defender narazil na chybu při pokusu o nahrání podezřelého souboru pro další analýzu.
Název souboru: C:\Users\tratadmin\Downloads\kerio-connect-koff-9.2.2-2831-p1-win64.msi
Sha256: a437757833b20c8c58a3ccf7b9feac4fb497c58b8519bea1b0c8b1a5973511dd
Aktuální verze podpisu: AV: 1.239.1181.0, AS: 1.239.1181.0
Aktuální verze modulu: 1.1.13601.0
Kód chyby: 0x80078032

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz
Percentage of memory in use: 47%
Total physical RAM: 8074.95 MB
Available physical RAM: 4279.1 MB
Total Virtual: 9354.95 MB
Available Virtual: 5011.17 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:456.11 GB) (Free:190.99 GB) NTFS

\\?\Volume{6eb99678-1420-4331-8c48-c938897dab91}\ (WINRETOOLS) (Fixed) (Total:0.45 GB) (Free:0.08 GB) NTFS
\\?\Volume{84262ddf-8896-47b0-add7-4fd4fbcb9972}\ (Image) (Fixed) (Total:8.59 GB) (Free:0.58 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 43969A7D)

Partition: GPT.

==================== End of Addition.txt ============================

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Prosím o preventivní kontrolu LOG

#2 Příspěvek od Conder »

Ahoj :)

:arrow: Ak nepouzivas, mozes odinstalovat Intel Security True Key.

:arrow: Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
  • Uloz na plochu a ukonci vsetky programy
  • Spusti AdwCleaner ako spravca
  • Odsuhlas licencne podmienky
  • Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
  • Nechaj zaskrtnute vsetky nalezy
  • Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
  • Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
  • Otvori sa log, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

domdur
Návštěvník
Návštěvník
Příspěvky: 39
Registrován: 12 bře 2016 16:18

Re: Prosím o preventivní kontrolu LOG

#3 Příspěvek od domdur »

Žádná změna, opět se otevřela mozila a pokusila se otevřít adresu viz příloha. Intel true key bych odinstaloval, ale nezobrazuje se v seznamu nainstalovaných aplikací, jestli ničemu nevadí, tak to tam klidně nechám... Níže přikládám log z ADW:

# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-10-08.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 10-09-2018
# Duration: 00:00:03
# OS: Windows 10 Pro
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1249 octets] - [08/10/2018 20:34:20]
AdwCleaner[S01].txt - [1310 octets] - [08/10/2018 20:35:47]
AdwCleaner[C01].txt - [1496 octets] - [08/10/2018 20:36:01]
AdwCleaner[S02].txt - [1432 octets] - [09/10/2018 15:54:21]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Prosím o preventivní kontrolu LOG

#4 Příspěvek od Conder »

:arrow: Ten TrueKey najdes v zozname programov pod nazvom "McAfee True Key".

:arrow: Nasledne poprosim o obidva nove logy z FRST.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

domdur
Návštěvník
Návštěvník
Příspěvky: 39
Registrován: 12 bře 2016 16:18

Re: Prosím o preventivní kontrolu LOG

#5 Příspěvek od domdur »

Problém pořád přetrvává, po startu pc se zapne mozila bez vyzvání a otevře pochybnou stránku...

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.10.2018
Ran by DurnaD (administrator) on NB-029 (10-10-2018 08:57:28)
Running from C:\Users\durnad\Desktop
Loaded Profiles: DurnaD (Available Profiles: defaultuser0 & it & DurnaD)
Platform: Windows 10 Pro Version 1607 14393.576 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\Broadcom\CV\bin\UshUpgradeService.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Broadcom Corporation) C:\Program Files\Broadcom\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom\CV\bin\HostStorageService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
() C:\Dell\Sytem64Folder\DellRctlService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe
(ESET) C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
(Kerio Technologies Inc.) C:\Program Files (x86)\Kerio\UpdaterService\ktupdaterservice.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Intel(R) Corporation) C:\Program Files\Intel\NCS2\WMIProv\ncs2prov.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.1000_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Viber Media S.à r.l.) C:\Users\durnad\AppData\Local\Viber\Viber.exe
(HP Inc.) C:\Program Files\HP\HP PageWide MFP P57750\Bin\ScanToPCActivationApp.exe
(HP Inc.) C:\Program Files\HP\HP PageWide MFP P57750\Bin\HPNetworkCommunicatorCom.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1338\DSAPI.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1338\pcdrwi.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320584 2016-10-31] (Intel Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [754984 2016-05-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8822016 2016-08-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1429248 2016-08-18] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [724400 2016-07-24] (Waves Audio Ltd.)
HKU\S-1-5-21-4106999633-2871329638-518651434-4360\...\Run: [Viber] => C:\Users\durnad\AppData\Local\Viber\Viber.exe [35828808 2018-09-27] (Viber Media S.à r.l.)
HKU\S-1-5-21-4106999633-2871329638-518651434-4360\...\Run: [HP PageWide MFP P57750 (NET)] => C:\Program Files\HP\HP PageWide MFP P57750\Bin\ScanToPCActivationApp.exe [3764360 2016-12-15] (HP Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat [2018-07-16] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1d84b795-4db9-4dd1-8ea2-daf251c89a23}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{a88191eb-159f-4bdf-80b5-82d2a3c12597}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-4106999633-2871329638-518651434-4360\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17win10.msn.com/?pc=DCTE
HKU\S-1-5-21-4106999633-2871329638-518651434-4360\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-4106999633-2871329638-518651434-4360 -> DefaultScope {92B29637-FFC4-420B-B6FA-A608E6B6BF20} URL =
SearchScopes: HKU\S-1-5-21-4106999633-2871329638-518651434-4360 -> {92B29637-FFC4-420B-B6FA-A608E6B6BF20} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-09-27] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-03] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 6ffi3ux2.default
FF ProfilePath: C:\Users\durnad\AppData\Roaming\Mozilla\Firefox\Profiles\6ffi3ux2.default [2018-10-10]
FF Homepage: Mozilla\Firefox\Profiles\6ffi3ux2.default -> hxxps://www.google.cz
FF NewTab: Mozilla\Firefox\Profiles\6ffi3ux2.default -> chrome://fvd.speeddial/content/fvd_about_blank.html
FF NewTabOverride: Mozilla\Firefox\Profiles\6ffi3ux2.default -> Enabled: pavel.sherbakov@gmail.com
FF Extension: (New Tab Page) - C:\Users\durnad\AppData\Roaming\Mozilla\Firefox\Profiles\6ffi3ux2.default\Extensions\pavel.sherbakov@gmail.com.xpi [2018-10-09]
FF Extension: (Firefox Monitor) - C:\Users\durnad\AppData\Roaming\Mozilla\Firefox\Profiles\6ffi3ux2.default\features\{6ecd7c32-49e5-4fb5-be14-04ea4c115118}\fxmonitor@mozilla.org.xpi [2018-10-04]
FF Extension: (Telemetry coverage) - C:\Users\durnad\AppData\Roaming\Mozilla\Firefox\Profiles\6ffi3ux2.default\features\{6ecd7c32-49e5-4fb5-be14-04ea4c115118}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-10-04] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_122.dll [2018-10-09] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWoW64\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-10-09] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\durnad\AppData\Local\Google\Chrome\User Data\Default [2018-06-20]
CHR Extension: (Slides) - C:\Users\durnad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-20]
CHR Extension: (Docs) - C:\Users\durnad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-20]
CHR Extension: (Google Drive) - C:\Users\durnad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-03]
CHR Extension: (YouTube) - C:\Users\durnad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-03]
CHR Extension: (Sheets) - C:\Users\durnad\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-20]
CHR Extension: (Google Docs Offline) - C:\Users\durnad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-06-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\durnad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-20]
CHR Extension: (Gmail) - C:\Users\durnad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-03]
CHR Extension: (Chrome Media Router) - C:\Users\durnad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-20]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [104744 2016-05-17] (Alps Electric Co., Ltd.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9680472 2018-09-26] (Microsoft Corporation)
S3 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [431088 2016-10-25] (Intel Corporation)
S3 dcpm-notify; C:\Program Files\Dell\CommandPowerManager\NotifyService.exe [94136 2016-06-02] (Dell Inc.)
S4 dcu-oobe; C:\Program Files (x86)\Dell\CommandUpdate\OobeService.exe [84408 2016-06-07] (Dell Inc.)
S2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [209392 2018-05-09] (Dell Inc.)
S2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3350512 2018-05-09] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [218096 2018-05-09] (Dell Inc.)
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1338\DSAPI.exe [939328 2018-10-04] (PC-Doctor, Inc.)
R2 DellRctlService; c:\Dell\Sytem64Folder\DellRctlService.exe [524352 2016-06-02] ()
S3 EHttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\ehttpsrv.exe [41160 2015-10-02] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe [1576712 2015-10-02] (ESET)
R2 EraAgentSvc; C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe [1680000 2017-02-21] (ESET)
S3 eshasrv; C:\Program Files\ESET\ESET Endpoint Antivirus\eshasrv.exe [182984 2015-10-02] (ESET)
R2 esifsvc; C:\Windows\System32\Intel\DPTF\esif_uf.exe [1585784 2016-06-04] (Intel Corporation)
R2 hostcontrolsvc; C:\Program Files\Broadcom\CV\bin\HostControlService.exe [1038336 2016-11-09] (Broadcom Corporation)
R2 hoststoragesvc; C:\Program Files\Broadcom\CV\bin\HostStorageService.exe [42496 2016-11-09] (Broadcom Corporation)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2016-10-31] (Intel Corporation)
R2 ibtsiva; C:\Windows\system32\ibtsiva.exe [172272 2016-03-15] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [356336 2016-10-25] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-09-04] (Intel Corporation)
R2 ktupdaterservice; C:\Program Files (x86)\Kerio\UpdaterService\ktupdaterservice.exe [982224 2017-09-27] (Kerio Technologies Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2016-02-08] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2016-06-15] (HP Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2016-06-15] (HP Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-08-18] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2017-03-19] (Microsoft Corporation)
S2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [38872 2018-09-07] (Dell Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11644656 2018-08-13] (TeamViewer GmbH)
R2 ushupgradesvc; C:\Program Files\Broadcom\CV\bin\UshUpgradeService.exe [254464 2016-11-09] ()
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [613296 2016-06-14] (Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-02-08] (Intel® Corporation)
S3 Dell.CommandPowerManager.Service; C:\Windows\system32\dllhost.exe /Processid:{2A54C219-8CF3-4AF7-BD44-E7B83D8E4501}

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcmnfcusb; C:\Windows\System32\drivers\bcmnfcusb.sys [46176 2016-11-09] (Broadcom Corporation.)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [41608 2018-05-08] (Dell Inc.)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [41208 2018-05-08] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [22864 2016-10-27] (OSR Open Systems Resources, Inc.)
R3 DellRctl; C:\Windows\System32\drivers\DellRctl.sys [33616 2016-06-02] ()
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [70208 2016-05-19] (Intel Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [65088 2016-05-19] (Intel Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255272 2015-10-08] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [186272 2015-10-08] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [169744 2015-10-08] (ESET)
R3 esif_lf; C:\Windows\System32\drivers\esif_lf.sys [343608 2016-05-19] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [341256 2016-03-18] (Intel Corporation)
R3 IntcAzAudAddService; C:\Windows\system32\drivers\RTDVHD64.sys [2678792 2016-08-18] (Realtek Semiconductor Corp.)
S3 mosuport; C:\Windows\System32\drivers\mosuport.sys [371352 2016-08-04] (ASIX Electronics Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [7116288 2016-07-16] (Intel Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [758488 2015-08-05] (Realsil Semiconductor Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 ST_ACCEL; C:\Windows\system32\DRIVERS\ST_Accel.sys [146512 2015-07-02] (STMicroelectronics)
R3 wbfcvusbdrv; C:\Windows\System32\Drivers\wbfcvusbdrv.sys [20064 2016-11-09] (Broadcom Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-10 08:55 - 2018-10-10 08:55 - 000000000 ____D C:\Users\durnad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TouchPad
2018-10-10 08:35 - 2018-10-10 08:35 - 000131072 ___HT C:\Users\durnad\Desktop\~archive.pst.tmp
2018-10-09 15:59 - 2018-10-09 15:59 - 000002009 _____ C:\Users\durnad\AppData\Local\recently-used.xbel
2018-10-09 15:49 - 2018-10-09 15:53 - 007592144 _____ (Malwarebytes) C:\Users\durnad\Desktop\adwcleaner_7.2.4.0.exe
2018-10-09 10:59 - 2018-10-09 11:00 - 000040530 _____ C:\Users\durnad\Desktop\Addition.txt
2018-10-09 10:57 - 2018-10-10 08:58 - 000018837 _____ C:\Users\durnad\Desktop\FRST.txt
2018-10-09 10:57 - 2018-10-10 08:57 - 000000000 ____D C:\FRST
2018-10-09 10:48 - 2018-10-09 10:57 - 002414592 _____ (Farbar) C:\Users\durnad\Desktop\FRST64.exe
2018-10-08 20:41 - 2018-10-08 20:42 - 000000000 ____D C:\KVRT_Data
2018-10-08 20:33 - 2018-10-08 20:34 - 000000000 ____D C:\AdwCleaner
2018-10-08 19:31 - 2018-10-08 19:31 - 000000000 ____D C:\Users\durnad\AppData\Local\ESET
2018-10-08 18:14 - 2018-10-08 20:41 - 147701544 _____ (AO Kaspersky Lab) C:\Users\durnad\Desktop\KVRT.exe
2018-10-08 14:40 - 2018-10-08 15:50 - 000000000 ____D C:\Users\durnad\Documents\GTA San Andreas User Files
2018-10-08 14:40 - 2018-10-08 14:40 - 000000000 ____D C:\ProgramData\Caphyon
2018-10-08 14:37 - 2018-10-08 14:37 - 000000000 ____D C:\Program Files (x86)\Rockstar games
2018-10-04 09:38 - 2018-10-04 09:38 - 000358168 _____ C:\Users\durnad\Desktop\ZL DOTAZNÍK 2018.pdf
2018-10-04 08:35 - 2018-10-04 08:35 - 000002237 _____ C:\Users\Public\Desktop\SupportAssist.lnk
2018-10-03 10:39 - 2018-10-03 10:39 - 000002561 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-10-03 10:39 - 2018-10-03 10:39 - 000002555 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-10-03 10:39 - 2018-10-03 10:39 - 000002532 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-10-03 10:39 - 2018-10-03 10:39 - 000002527 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-10-03 10:39 - 2018-10-03 10:39 - 000002488 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-10-03 10:39 - 2018-10-03 10:39 - 000002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-10-03 10:39 - 2018-10-03 10:39 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-10-03 10:39 - 2018-10-03 10:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office
2018-10-03 09:09 - 2018-10-03 09:09 - 000000000 ____D C:\Users\durnad\AppData\Local\Viber
2018-09-26 14:50 - 2018-09-26 14:50 - 000000074 _____ C:\Windows\SysWOW64\SmartFlow.txt
2018-09-12 09:21 - 2018-09-12 09:21 - 000000000 _____ C:\Users\durnad\Documents\HPPW5775_Fax_Port
2018-09-10 19:01 - 2018-09-10 19:01 - 000000000 _____ C:\Windows\HPMProp.INI

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-10 08:57 - 2018-06-15 13:06 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-10-10 08:57 - 2017-04-10 10:59 - 000000000 ____D C:\Users\durnad\AppData\LocalLow\Mozilla
2018-10-10 08:56 - 2017-04-10 10:55 - 000000000 __SHD C:\Users\durnad\IntelGraphicsProfiles
2018-10-10 08:56 - 2017-04-10 10:24 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-10-10 08:55 - 2017-05-19 08:15 - 000000000 ____D C:\Program Files\Common Files\McAfee
2018-10-10 08:55 - 2017-05-19 08:04 - 000000000 ____D C:\ProgramData\McAfee
2018-10-10 08:55 - 2017-03-18 15:44 - 000069363 _____ C:\Windows\system32\CVFirmwareUpgradeLog.txt
2018-10-10 08:55 - 2017-03-18 15:26 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-10-10 08:54 - 2016-07-16 08:04 - 000786432 _____ C:\Windows\system32\config\BBI
2018-10-10 08:53 - 2017-12-14 09:48 - 056140800 _____ C:\Users\durnad\Desktop\archive.pst
2018-10-10 08:53 - 2017-03-18 15:53 - 000000000 ____D C:\Program Files\Common Files\Intel
2018-10-10 08:48 - 2017-04-10 10:55 - 000000000 ____D C:\Users\durnad\AppData\Local\Packages
2018-10-10 08:35 - 2017-04-24 08:43 - 000000000 ____D C:\Users\durnad\Documents\Soubory aplikace Outlook
2018-10-10 08:34 - 2017-04-28 09:17 - 000000000 ____D C:\ProgramData\firebird
2018-10-09 19:52 - 2017-04-10 10:55 - 000000000 ____D C:\Users\durnad
2018-10-09 18:04 - 2017-03-18 15:26 - 000000000 ____D C:\Windows\system32\SleepStudy
2018-10-09 17:30 - 2018-07-12 21:42 - 000001503 _____ C:\Users\durnad\Desktop\SQL Ekonom.lnk
2018-10-09 17:29 - 2017-04-10 02:59 - 000000120 _____ C:\Windows\system32\config\netlogon.ftl
2018-10-09 16:10 - 2016-07-16 13:47 - 000000000 ____D C:\Windows\rescache
2018-10-09 16:01 - 2017-03-18 15:41 - 004044900 _____ C:\Windows\system32\PerfStringBackup.INI
2018-10-09 16:01 - 2016-08-02 16:32 - 001736194 _____ C:\Windows\system32\perfh005.dat
2018-10-09 16:01 - 2016-08-02 16:32 - 000470328 _____ C:\Windows\system32\perfc005.dat
2018-10-09 15:59 - 2017-05-02 14:42 - 000000000 ____D C:\Users\durnad\AppData\Local\gtk-2.0
2018-10-09 15:59 - 2017-05-02 14:39 - 000000000 ____D C:\Users\durnad\.gimp-2.8
2018-10-09 15:58 - 2018-08-16 16:40 - 000000000 ____D C:\Users\durnad\Documents\ViberDownloads
2018-10-09 15:56 - 2018-08-16 16:39 - 000000000 ____D C:\Users\durnad\AppData\Roaming\ViberPC
2018-10-09 11:37 - 2018-03-14 09:33 - 000004638 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-10-09 11:37 - 2016-07-16 13:47 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-10-09 11:37 - 2016-07-16 13:47 - 000000000 ____D C:\Windows\system32\Macromed
2018-10-09 10:41 - 2016-07-16 13:47 - 000000000 ___HD C:\Program Files\WindowsApps
2018-10-09 10:41 - 2016-07-16 13:47 - 000000000 ____D C:\Windows\AppReadiness
2018-10-08 19:20 - 2017-09-10 15:30 - 000000000 ____D C:\Users\durnad\Desktop\Dominik Soukromé
2018-10-08 17:59 - 2016-07-16 13:47 - 000000000 ____D C:\Windows\LiveKernelReports
2018-10-08 17:57 - 2017-03-18 16:17 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-10-08 17:50 - 2017-04-10 10:29 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-10-08 17:50 - 2017-04-10 10:29 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-10-08 17:50 - 2017-03-18 15:26 - 000498136 _____ C:\Windows\system32\FNTCACHE.DAT
2018-10-08 14:46 - 2016-07-16 13:36 - 000000000 ____D C:\Windows\CbsTemp
2018-10-08 14:44 - 2016-07-16 13:43 - 000471040 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2018-10-08 14:44 - 2016-07-16 13:43 - 000395264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2018-10-08 14:44 - 2016-07-16 13:43 - 000220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplayx.dll
2018-10-08 14:44 - 2016-07-16 13:43 - 000068096 _____ (Microsoft Corporation) C:\Windows\system32\dpnathlp.dll
2018-10-08 14:44 - 2016-07-16 13:43 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnathlp.dll
2018-10-08 14:44 - 2016-07-16 13:43 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpwsockx.dll
2018-10-08 14:44 - 2016-07-16 13:43 - 000027136 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe
2018-10-08 14:44 - 2016-07-16 13:43 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpmodemx.dll
2018-10-08 14:44 - 2016-07-16 13:43 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe
2018-10-08 14:44 - 2016-07-16 13:43 - 000020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplaysvr.exe
2018-10-08 14:44 - 2016-07-16 13:43 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dpnhupnp.dll
2018-10-08 14:44 - 2016-07-16 13:43 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dpnhpast.dll
2018-10-08 14:44 - 2016-07-16 13:43 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhupnp.dll
2018-10-08 14:44 - 2016-07-16 13:43 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhpast.dll
2018-10-08 14:44 - 2016-07-16 13:43 - 000006144 _____ (Microsoft Corporation) C:\Windows\system32\dpnlobby.dll
2018-10-08 14:44 - 2016-07-16 13:43 - 000006144 _____ (Microsoft Corporation) C:\Windows\system32\dpnaddr.dll
2018-10-08 14:44 - 2016-07-16 13:43 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnlobby.dll
2018-10-08 14:44 - 2016-07-16 13:43 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnaddr.dll
2018-10-04 08:37 - 2018-05-17 12:08 - 000004242 _____ C:\Windows\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2018-10-04 08:37 - 2017-03-18 15:49 - 000000000 ____D C:\ProgramData\PCDr
2018-10-04 08:35 - 2017-03-18 15:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2018-10-04 08:35 - 2016-07-16 13:45 - 000000000 ____D C:\Windows\INF
2018-10-04 08:34 - 2017-06-28 12:07 - 000000000 ____D C:\ProgramData\SupportAssist
2018-10-04 08:30 - 2017-04-10 10:30 - 000001230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-10-03 17:56 - 2017-04-10 11:44 - 000000000 ____D C:\Users\durnad\AppData\LocalLow\Adobe
2018-10-03 17:28 - 2017-04-10 10:52 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-10-03 17:25 - 2018-06-12 16:47 - 000000000 ____D C:\Users\durnad\Documents\SimCity 4
2018-10-03 10:40 - 2016-07-16 13:47 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-10-03 10:38 - 2017-03-18 15:54 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-09-25 15:14 - 2017-11-13 09:34 - 000000000 ____D C:\Users\durnad\Desktop\Dokumentace pro Uralské Loko
2018-09-24 13:38 - 2017-04-10 10:06 - 000009160 __RSH C:\ProgramData\ntuser.pol
2018-09-23 13:33 - 2017-04-10 10:53 - 000004562 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-09-23 11:28 - 2018-03-02 08:51 - 000003360 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4106999633-2871329638-518651434-4360
2018-09-23 11:27 - 2017-04-10 10:57 - 000002392 _____ C:\Users\durnad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-09-23 11:27 - 2017-04-10 10:57 - 000000000 ___RD C:\Users\durnad\OneDrive
2018-09-21 09:31 - 2016-07-16 13:47 - 000000000 ____D C:\Windows\system32\NDF
2018-09-18 22:32 - 2017-04-10 10:26 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-09-12 09:21 - 2017-04-11 14:16 - 000000000 ____D C:\Users\durnad\AppData\Local\HP
2018-09-11 15:24 - 2017-04-10 02:44 - 000003276 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2018-09-10 19:00 - 2016-07-16 13:47 - 000000000 ____D C:\Windows\system32\spool

==================== Files in the root of some directories =======

2018-07-03 22:32 - 2018-08-09 15:49 - 000000000 _____ () C:\Users\durnad\AppData\Roaming\FileIn.cns
2018-07-03 22:32 - 2018-08-09 15:49 - 000000000 _____ () C:\Users\durnad\AppData\Roaming\FileOut.cns
2018-10-09 15:59 - 2018-10-09 15:59 - 000002009 _____ () C:\Users\durnad\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
2018-10-10 08:53 - 2018-03-06 19:05 - 001013200 _____ (McAfee, Inc.) C:\Users\durnad\AppData\Local\Temp\0128091539154438McInst.exe
2017-07-25 16:24 - 2017-01-18 13:50 - 000066472 _____ (Autodesk, Inc.) C:\Users\durnad\AppData\Local\Temp\AcDeltree.exe
2018-03-14 17:51 - 2018-03-14 17:51 - 000231936 _____ (Kerio Technologies Inc.) C:\Users\durnad\AppData\Local\Temp\KTOutlk.dll
2018-06-15 13:05 - 2018-06-15 13:05 - 000070160 _____ (ESET) C:\Users\durnad\AppData\Local\Temp\sha1sum.exe
2017-04-28 09:13 - 2017-04-28 09:13 - 000231936 _____ (Kerio Technologies Inc.) C:\Users\tratadmin\AppData\Local\Temp\KTOutlk.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-10-04 11:41

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.10.2018
Ran by DurnaD (10-10-2018 08:59:17)
Running from C:\Users\durnad\Desktop
Windows 10 Pro Version 1607 14393.576 (X64) (2017-04-10 00:38:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3801480981-3194726390-2044637386-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3801480981-3194726390-2044637386-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3801480981-3194726390-2044637386-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-3801480981-3194726390-2044637386-501 - Limited - Disabled)
it (S-1-5-21-3801480981-3194726390-2044637386-1001 - Administrator - Enabled) => C:\Users\it

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Endpoint Antivirus 6.2.2033.1 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Endpoint Antivirus 6.2.2033.1 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{13DA9C7C-EBFB-40D0-94A1-55B42883DF21}) (Version: 21.2.1 - HP Inc.) Hidden
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.008.20071 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Aplikace Intel® PROSet/Wireless (HKLM-x32\...\{552523b2-40ad-46b3-94f6-2b99d0860d5c}) (Version: 18.40.0 - Intel Corporation)
Autodesk DWG TrueView 2018 - English (HKLM\...\DWG TrueView 2018 - English) (Version: 22.0.50.0 - Autodesk)
Dell Command | Power Manager (HKLM\...\{DDDAF4A7-8B7D-4088-AECC-6F50E594B4F5}) (Version: 2.1.1 - Dell Inc.)
Dell Command | Update (HKLM-x32\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.2.0 - Dell Inc.)
Dell ControlVault Host Components Installer 64 bit (HKLM\...\{0F987BC2-6177-4A85-B441-BD26838242CE}) (Version: 4.5.17.305 - Broadcom Limited)
Dell Digital Delivery (HKLM-x32\...\{99B7C4B5-DC14-441D-A5B6-7340F682BC81}) (Version: 3.1.1117.0 - Dell Products, LP)
Dell SupportAssist (HKLM\...\{50EF2C72-95EC-4206-AAC3-9E84004A6140}) (Version: 3.0.1.62 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 10.1207.101.113 - ALPS ELECTRIC CO., LTD.)
Dell WLAN Radio Switch Driver (HKLM\...\{0C073C52-562D-4897-9839-5AE5405EC462}) (Version: 1.0.0.7 - Dell Inc.)
DWG TrueView 2018 - English (HKLM\...\{28B89EEF-1028-0409-0100-CF3F3A09B77D}) (Version: 22.0.50.0 - Autodesk) Hidden
Empire Earth - The Art of Conquest (HKLM-x32\...\{A10D72B9-9B20-47F8-AE4D-365BCC89F324}) (Version: 1.0.0.0 - Název společnosti:) Hidden
Empire Earth - The Art of Conquest (HKLM-x32\...\InstallShield_{A10D72B9-9B20-47F8-AE4D-365BCC89F324}) (Version: 1.0.0.0 - Název společnosti:)
Empire Earth (HKLM-x32\...\{65B09E79-0187-4813-8258-03991132E5A5}) (Version: 2.0.0.0 - Název společnosti:) Hidden
Empire Earth (HKLM-x32\...\InstallShield_{65B09E79-0187-4813-8258-03991132E5A5}) (Version: 2.0.0.0 - Název společnosti:)
ESET Endpoint Antivirus (HKLM\...\{3F2F7E08-192B-4F74-A540-E61BB8CD2A1E}) (Version: 6.2.2033.1 - ESET, spol. s r.o.)
ESET Remote Administrator Agent (HKLM\...\{41F12F70-5FA9-43F5-94F4-53B54EB4EEC4}) (Version: 6.5.522.0 - ESET, spol. s r.o.)
Firebird 2.5.0.26074 (x64) (HKLM\...\FBDBServer_2_5_x64_is1) (Version: 2.5.0.26074 - Firebird Project)
Firebird/InterBase(r) ODBC driver 2.0 (HKLM-x32\...\Firebird ODBC Driver_is1) (Version: 2.0 - Firebird Project)
GIMP 2.8.20 (HKLM\...\GIMP-2_is1) (Version: 2.8.20 - The GIMP Team)
Google Earth Pro (HKLM\...\{F914BC59-918A-498F-B2E3-B274C9CB48A8}) (Version: 7.3.2.5491 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Gothic III (HKLM-x32\...\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}) (Version: 1.0.0 - JoWooD Productions Software AG)
GTA San Andreas CZ (HKLM-x32\...\GTA San Andreas CZ 1.3.0) (Version: 1.3.0 - Rockstar Games)
HP Dropbox Plugin (HKLM-x32\...\{C532369A-0DB2-4955-99C2-15711A0EBA11}) (Version: 36.0.49.62779 - HP)
HP Google Drive Plugin (HKLM-x32\...\{E7AA21C9-D2D2-4AE0-9F61-D2FC755C933E}) (Version: 36.0.49.62779 - HP)
HP OneDrive Plugin (HKLM-x32\...\{D153F4F6-A6A7-459C-86F0-306052B34665}) (Version: 36.0.0.0 - HP)
IBM SPSS Statistics Subscription (HKLM\...\{02D81DCC-13D1-465C-9292-E46956489CA1}) (Version: 1.0.0.903 - IBM Corp)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.10900.330 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1167 - Intel Corporation)
Intel(R) Network Connections 20.3.300.1 (HKLM\...\PROSetDX) (Version: 20.3.300.1 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.2.1030 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{A354DC98-2677-4967-8AA0-3B867EE10202}) (Version: 18.1.1611.3223 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Kerio Connect (HKU\S-1-5-21-4106999633-2871329638-518651434-4360\...\KerioConnect) (Version: 9.2.3.9362 - Kerio Technologies Inc.)
Kerio Outlook Connector (Offline Edition) (HKLM-x32\...\{4A365C62-0B2C-4A5F-ACED-4F059BDDAC59}) (Version: 9.2.3336 - Kerio Technologies Inc.)
Kerio Updater Service (HKLM-x32\...\{c5ca4ec3-10b2-4447-b323-8448aae57a0b}) (Version: 2.0.176 - Kerio Technologies, Inc.) <==== ATTENTION
LibreOffice 5.3.2.2 (HKLM-x32\...\{8DA98699-6AD4-49CF-A9A0-B5E7B7981BE6}) (Version: 5.3.2.2 - The Document Foundation)
Live for Speed (HKLM-x32\...\Live for Speed) (Version: 0.6G - Jimbo)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.8627.1 - Waves Audio Ltd.) Hidden
Microsoft Office 2016 pro podnikatele - cs-cz (HKLM\...\HomeBusinessRetail - cs-cz) (Version: 16.0.10827.20138 - Microsoft Corporation)
Microsoft Office 365 - cs-cz (HKLM\...\O365HomePremRetail - cs-cz) (Version: 16.0.10827.20138 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4106999633-2871329638-518651434-4360\...\OneDriveSetup.exe) (Version: 18.151.0729.0012 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mozilla Firefox 62.0.3 (x64 cs) (HKLM\...\Mozilla Firefox 62.0.3 (x64 cs)) (Version: 62.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 62.0.3.6848 - Mozilla)
MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{EBFC96E5-4409-426E-88B7-650ADB342E78}) (Version: 8.0.50727.42 - The Firebird Project)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10827.20138 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10827.20138 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10827.20138 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.10827.20138 - Microsoft Corporation) Hidden
PowerKey 3.0 (HKLM-x32\...\PowerKey3.0) (Version: - )
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6111 - Realtek Semiconductor Corp.)
RollerCoaster Tycoon 3 Platinum (HKLM-x32\...\GOGPACKRCT3_is1) (Version: 2.0.0.13 - GOG.com)
SimCity 4 Deluxe Edition (HKLM-x32\...\GOGPACKSC4_is1) (Version: 2.0.0.8 - GOG.com)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0071 - ST Microelectronics)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.2.14327 - TeamViewer)
Trainz Simulator 2009: World Builder Edition (HKLM-x32\...\AuranTS2009_is1) (Version: - Auran)
Viber (HKLM-x32\...\{FF0EABB8-2954-496B-8F2C-ADC004DFB39C}) (Version: 9.4.0.13 - Viber Media Inc.) Hidden
Viber (HKU\S-1-5-21-4106999633-2871329638-518651434-4360\...\{4145fbea-95a1-4c9d-a22e-809f70175be0}) (Version: 9.4.0.13 - Viber Media Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.1 - VideoLAN)
Warcraft III - Gold Edition verze 1.26 (HKLM-x32\...\{1DD8BB83-A075-4F9B-9F24-9383BC647D65}_is1) (Version: 1.26 - )
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Základní software zařízení HP Officejet Pro X576dw MFP (HKLM\...\{D98DDEDB-CE21-42EE-8BDB-02ED2395D06C}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Základní software zařízení HP PageWide MFP P57750 (HKLM\...\{BD4A2FF8-641B-4360-8ED4-BF8B867F1412}) (Version: 39.4.1978.16350 - HP Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4106999633-2871329638-518651434-4360_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2016 - English\dwgviewr.exe => No File
CustomCLSID: HKU\S-1-5-21-4106999633-2871329638-518651434-4360_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2018 - English\en-US\dwgviewrficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4106999633-2871329638-518651434-4360_Classes\CLSID\{B6EB585B-B467-4E46-A9C7-48D7D6FD26CB}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2018 - English\dwgviewr.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4106999633-2871329638-518651434-4360_Classes\CLSID\{CBBF6A46-87BC-A0B6-0D2E-2BB5531C96D3}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2017-02-15] (Autodesk, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2017-02-15] (Autodesk)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Antivirus\shellExt.dll [2015-10-02] (ESET)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Antivirus\shellExt.dll [2015-10-02] (ESET)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-10-25] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Antivirus\shellExt.dll [2015-10-02] (ESET)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08C9FCAA-FDE2-40FD-9466-0A73FE347F48} - System32\Tasks\Dell Cleanup => c:\windows\system32\oem\startmenufix.vbs [2016-09-14] ()
Task: {198FA073-AECE-40F4-B292-4997D6E3B425} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202}
Task: {1B8C2E07-A066-48AF-B670-3D8319A0E5E5} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-10-03] (Microsoft Corporation)
Task: {206DEBD1-0041-495E-9127-A3DE1CBECE6B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWoW64\Macromed\Flash\FlashUtil32_31_0_0_122_Plugin.exe [2018-10-09] (Adobe Systems Incorporated)
Task: {3061E025-2BD5-4403-956D-C2EC2D04DEC2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {332EC765-CC61-4259-AB33-FD31A6F6F9AD} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-09-26] (Microsoft Corporation)
Task: {36511363-C79D-406C-B7FE-21B68CCCABC4} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [2018-09-07] (Dell Inc.)
Task: {4655C382-B0A9-4376-A9DC-8582A4498D3A} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-08-18] (Realtek Semiconductor)
Task: {4F39A6DC-1EC7-4D5A-84A1-CF05D16DC911} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\Explorer.EXE /NOUACCHECK
Task: {5E8B2054-CD45-4AD0-AF2F-5E28331416E2} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-10-03] (Microsoft Corporation)
Task: {76725CB1-274C-419D-8068-72D90C912734} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-10-03] (Microsoft Corporation)
Task: {82F22249-9BC4-4179-8734-65682B9464E2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-09-26] (Microsoft Corporation)
Task: {9408B5B4-7104-47EA-8DE5-33DAC593C1A3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-10] (Google Inc.)
Task: {A0D4F310-7D43-4B96-88EA-D049407A3EA6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-10] (Google Inc.)
Task: {BBD50DF2-7156-4360-9E50-F1EA2E04A05C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-10-09] (Adobe Systems Incorporated)
Task: {C2D039E6-3FC2-4112-8CA6-47CA8895A154} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2018-10-03] (Microsoft Corporation)
Task: {F646C284-D5D2-4E5E-B910-D6984C73B724} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI_ActiveScriptEventConsumer_DellCommandPowerManagerAlertEventConsumer:
WMI_ActiveScriptEventConsumer_DellCommandPowerManagerPolicyChangeEventConsumer:

Shortcut: C:\Users\durnad\AppData\Roaming\Microsoft\Word\Статус%20выполнения%20по%20проектно-поэтапному%20п306848901688930916\Статус%20выполнения%20по%20проектно-поэтапному%20плану%20по%20унив.%20сан.комплексу%20от%20TRATEC.doc.lnk -> [LF `N"|5pu6l4U//D:\tY^Hg3(w,/J>Vh6 !B0BCA 2K?>;=5=8O ?> ?@>5:B=>-?>MB0?=><C ?;0=C ?> C=82. A0=.:><?;5:AC >B TRATEC.doc.!B0BCA 2K?>;=5=8O ?> ?@>5:B=>-?>MB0?=><C ?;0=C ?> C=82. A0=.:><?;5:AC >B TRATEC.doc>$$5:<D:\?????? ?????????? ?? ????????-?????????? ????? ?? ????. ???.????????? ?? TRATEC.docD:\!B0BCA 2K?>;=5=8O ?> ?@>5:B=>-?>MB0?=><C ?;0=C ?> C=82. A0=.:><?;5:AC >B TRATEC.docNejnovja verze12] (No File) <==== Cyrillic

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 13:42 - 2016-07-16 13:42 - 000231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2017-03-19 00:18 - 2017-03-19 00:18 - 002681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2017-03-18 15:44 - 2016-11-09 08:37 - 000254464 _____ () C:\Program Files\Broadcom\CV\bin\UshUpgradeService.exe
2016-06-02 11:23 - 2016-06-02 11:23 - 000524352 _____ () c:\Dell\Sytem64Folder\DellRctlService.exe
2015-05-19 10:11 - 2015-05-19 10:11 - 000007680 _____ () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
2017-03-19 00:18 - 2017-03-19 00:18 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-19 00:18 - 2017-03-19 00:18 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-18 23:53 - 2016-10-25 05:09 - 000384496 _____ () C:\Windows\system32\igfxTray.exe
2017-03-19 00:18 - 2017-03-19 00:18 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-19 00:18 - 2017-03-19 00:18 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-19 00:18 - 2017-03-19 00:18 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-03-19 00:18 - 2017-03-19 00:18 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-03-19 00:18 - 2017-03-19 00:18 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2018-08-05 22:24 - 2018-08-06 18:30 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.1000_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-08-05 22:24 - 2018-08-06 18:30 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.1000_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-08-05 22:24 - 2018-08-06 18:30 - 022373888 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.1000_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-08-05 22:24 - 2018-08-06 18:30 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.1000_x64__kzf8qxf38zg5c\skypert.dll
2018-10-04 08:36 - 2018-10-04 08:36 - 002587968 _____ () C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1338\libprotobuf.dll
2017-09-27 23:37 - 2017-09-27 23:37 - 000073928 _____ () C:\Program Files (x86)\Kerio\UpdaterService\ktzlib100_1.2.8.dll
2016-05-02 15:46 - 2016-05-02 15:46 - 000134008 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2015-09-04 21:34 - 2015-09-04 21:34 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-4106999633-2871329638-518651434-4360\Software\Classes\.scr: DWGTrueViewScriptFile => C:\Windows\system32\notepad.exe "%1"

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 13:47 - 2016-07-16 13:45 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4106999633-2871329638-518651434-4360\Control Panel\Desktop\\Wallpaper -> C:\Users\durnad\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{48A1358E-A01B-49D2-8C10-2F25FD11E2F0}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{BE40AF96-4976-4628-9E90-3D05E5293EDB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BF79046D-E614-48FD-88A3-527678B6D77F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BADD556D-583F-4E24-85D5-94031C159B30}] => (Allow) C:\Program Files\HP\HP Officejet Pro X576dw MFP\bin\FaxApplications.exe
FirewallRules: [{861B21A2-93E2-4293-84E2-66F365818F77}] => (Allow) C:\Program Files\HP\HP Officejet Pro X576dw MFP\bin\DigitalWizards.exe
FirewallRules: [{8B9D14FE-775F-4B13-BFEE-955E5157F716}] => (Allow) C:\Program Files\HP\HP Officejet Pro X576dw MFP\bin\SendAFax.exe
FirewallRules: [{02000F51-CA96-4D7F-8110-E1C8E32ECAD3}] => (Allow) C:\Program Files\HP\HP Officejet Pro X576dw MFP\Bin\DeviceSetup.exe
FirewallRules: [{8D026618-6C09-440D-A146-14C0E5CF20D3}] => (Allow) LPort=5357
FirewallRules: [{B823ACFC-F245-448C-9964-C9F43A8B2A2B}] => (Allow) C:\Program Files\HP\HP Officejet Pro X576dw MFP\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{877B71B5-1DDF-4C2F-BC6D-5FF570CC8D8E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{B8EFE7A2-500B-495E-B27F-4346B34D87CE}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{3CD53DFB-16D4-4F96-82E1-1F58B9DB64A7}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{7CBEA17D-7BF7-4817-A525-5F54B6D5B767}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{E390A422-5798-4889-A319-B2699031C5C9}C:\program files (x86)\sierra\empire earth\empire earth.exe] => (Block) C:\program files (x86)\sierra\empire earth\empire earth.exe
FirewallRules: [UDP Query User{BADC76D9-F48A-4314-AD67-173A32F7CA87}C:\program files (x86)\sierra\empire earth\empire earth.exe] => (Block) C:\program files (x86)\sierra\empire earth\empire earth.exe
FirewallRules: [TCP Query User{E8D289C8-79B5-45D5-B452-E9A742CDE089}C:\program files (x86)\sierra\empire earth\empire earth.exe] => (Block) C:\program files (x86)\sierra\empire earth\empire earth.exe
FirewallRules: [UDP Query User{F289773E-500F-4732-B214-BF2773723939}C:\program files (x86)\sierra\empire earth\empire earth.exe] => (Block) C:\program files (x86)\sierra\empire earth\empire earth.exe
FirewallRules: [TCP Query User{C4D325FD-43DD-451F-BFAB-0B86DC804845}C:\program files (x86)\train simulator\train simulator 2017\railworks.exe] => (Block) C:\program files (x86)\train simulator\train simulator 2017\railworks.exe
FirewallRules: [UDP Query User{B88A16F0-B538-411E-919A-9292556F481B}C:\program files (x86)\train simulator\train simulator 2017\railworks.exe] => (Block) C:\program files (x86)\train simulator\train simulator 2017\railworks.exe
FirewallRules: [TCP Query User{E1324EE3-B5ED-41B4-8D81-49BF35330E99}C:\program files (x86)\sierra\empire earth - the art of conquest\ee-aoc.exe] => (Block) C:\program files (x86)\sierra\empire earth - the art of conquest\ee-aoc.exe
FirewallRules: [UDP Query User{6C858F97-EB76-4B01-94A6-289B02ED0EF4}C:\program files (x86)\sierra\empire earth - the art of conquest\ee-aoc.exe] => (Block) C:\program files (x86)\sierra\empire earth - the art of conquest\ee-aoc.exe
FirewallRules: [TCP Query User{4BA50885-B820-4E69-A095-2D40DF729240}C:\program files\ibm\spss\statistics\subscription\stats.exe] => (Allow) C:\program files\ibm\spss\statistics\subscription\stats.exe
FirewallRules: [UDP Query User{5233151F-A8F0-4E15-A45E-3920354B117E}C:\program files\ibm\spss\statistics\subscription\stats.exe] => (Allow) C:\program files\ibm\spss\statistics\subscription\stats.exe
FirewallRules: [{BB529979-7A12-475B-853E-43AB04FA93AA}] => (Allow) C:\Program Files\HP\HP PageWide MFP P57750\bin\FaxApplications.exe
FirewallRules: [{2400020A-E7DD-4D35-8839-13DB5B8E3B11}] => (Allow) C:\Program Files\HP\HP PageWide MFP P57750\bin\DigitalWizards.exe
FirewallRules: [{25540852-F709-4347-8B9E-C447CAB6BA96}] => (Allow) C:\Program Files\HP\HP PageWide MFP P57750\bin\SendAFax.exe
FirewallRules: [{584541A7-B030-4528-8631-63A4A6525B17}] => (Allow) C:\Program Files\HP\HP PageWide MFP P57750\bin\FaxPrinterUtility.exe
FirewallRules: [{1C61F5F7-6FCD-4E31-8124-FA8FD54FF5A5}] => (Allow) C:\Program Files\HP\HP PageWide MFP P57750\Bin\DeviceSetup.exe
FirewallRules: [{DB72C0BF-7CA4-42B0-945D-DCDC4F70FBF0}] => (Allow) C:\Program Files\HP\HP PageWide MFP P57750\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{AC067B7B-8E7E-4108-AD13-EBEF78EB4A6D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8BF4A2CC-37F9-4C7F-954D-CEA27AED5128}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F2F9AB30-0D6D-4913-A8F7-B93D5F39B7BF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{578E3637-BE6E-4AF4-9743-420FDCEF23CB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{BB318252-FC95-4916-B77C-AD3E643E185E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{FA451DEB-13D5-4F53-A21E-7DD71FE99BA5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

02-10-2018 09:54:45 Naplánovaný kontrolní bod
08-10-2018 14:40:44 Instalační služba modulů systému Windows
08-10-2018 14:41:58 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/10/2018 08:58:44 AM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Net.WebException</Type><Message><![CDATA[Vzdálený název nelze rozpoznat: 'downloads.dell.com']]></Message><Source><![CDATA[System]]></Source><StackTrace><![CDATA[ v System.Net.HttpWebRequest.GetResponse()
v eSupport.Common.Client.Core.DownloadHelper.IsFileNotModified(String fileLocation, String fileType, String fileName)]]></StackTrace><SysInfo STag="546LZF2" SMBIOSMajVer="3" SMBIOSMinVer="0" SMBIOSBIOSVer="1.11.4" SMBIOSPresent="True" Rel_Date="20161222000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="Latitude E5570" Ident_Num="NB-029" TimeZone="(UTC+01:00) Praha, Bratislava, Budapešť, Bělehrad, Lublaň" OSName="Microsoft Windows 10 Pro"/><HostIP>127.0.0.1</HostIP></Exception>

Error: (10/10/2018 08:55:12 AM) (Source: DellRctlService) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/10/2018 08:55:11 AM) (Source: DellRctlService) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/10/2018 08:37:15 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/10/2018 08:35:06 AM) (Source: Outlook) (EventID: 68) (User: )
Description: Upozornění zabezpečení pro načtení souboru KOFXP.DLL. Knihovna DLL tohoto zprostředkovatele MAPI může být pro váš systém škodlivá. Měli byste načítat jenom knihovny DLL od důvěryhodných zprostředkovatelů, kteří jsou zaregistrovaní v MapiSvc.Inf. Knihovna DLL tohoto zprostředkovatele se v příští aktualizaci klienta Outlooku zablokuje a její funkce už nebudou k dispozici. Další informace o registraci zprostředkovatelů knihoven DLL najdete v článku https://go.microsoft.com/fwlink/?linkid ... lcid=0x409.

Error: (10/09/2018 05:03:20 PM) (Source: Outlook) (EventID: 68) (User: )
Description: Upozornění zabezpečení pro načtení souboru KOFXP.DLL. Knihovna DLL tohoto zprostředkovatele MAPI může být pro váš systém škodlivá. Měli byste načítat jenom knihovny DLL od důvěryhodných zprostředkovatelů, kteří jsou zaregistrovaní v MapiSvc.Inf. Knihovna DLL tohoto zprostředkovatele se v příští aktualizaci klienta Outlooku zablokuje a její funkce už nebudou k dispozici. Další informace o registraci zprostředkovatelů knihoven DLL najdete v článku https://go.microsoft.com/fwlink/?linkid ... lcid=0x409.

Error: (10/09/2018 03:55:35 PM) (Source: DellRctlService) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/09/2018 03:55:34 PM) (Source: DellRctlService) (EventID: 0) (User: )
Description: Event-ID 0


System errors:
=============
Error: (10/10/2018 08:56:03 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1130) (User: TRATEC)
Description: Selhání 1.
Název objektu zásad skupiny: MAPDRIVE-PRINTER-SHORTCUT
Cesta k objektu zásad skupiny: \\TRATEC.local\SysVol\TRATEC.local\Policies\{1EC5D8BD-49C1-4C79-B691-EE65F18D4BA8}\User
Název skriptu: \\s2008-02\VYROBA\!!\epc_log\testpc.vbs

Error: (10/10/2018 08:56:03 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1130) (User: TRATEC)
Description: Selhání 1.
Název objektu zásad skupiny: Default Domain Policy
Cesta k objektu zásad skupiny: \\TRATEC.local\sysvol\TRATEC.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\User
Název skriptu: start.cmd

Error: (10/10/2018 08:55:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (10/10/2018 08:55:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (10/10/2018 08:55:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (10/10/2018 08:55:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (10/10/2018 08:55:53 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
a APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (10/10/2018 08:55:49 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: TRATEC)
Description: Zpracování zásad skupiny selhalo v důsledku toho, že se nebylo v síti možné připojit k řadiči domény. Může se jednat o přechodný stav. Po připojení počítače k řadiči domény a úspěšném zpracování zásad skupiny bude odeslána zpráva o úspěšném provedení těchto akcí. Pokud se tato zpráva nezobrazí během několika hodin, obraťte se na správce.


Windows Defender:
===================================
Date: 2017-04-10 10:34:11.428
Description:
Virtuální počítač Windows Defender narazil na chybu při pokusu o nahrání podezřelého souboru pro další analýzu.
Název souboru: C:\Users\tratadmin\Downloads\kerio-connect-koff-9.2.2-2831-p1-win64.msi
Sha256: a437757833b20c8c58a3ccf7b9feac4fb497c58b8519bea1b0c8b1a5973511dd
Aktuální verze podpisu: AV: 1.239.1181.0, AS: 1.239.1181.0
Aktuální verze modulu: 1.1.13601.0
Kód chyby: 0x80078032

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz
Percentage of memory in use: 29%
Total physical RAM: 8074.95 MB
Available physical RAM: 5673.95 MB
Total Virtual: 9354.95 MB
Available Virtual: 6630.68 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:456.11 GB) (Free:191.2 GB) NTFS

\\?\Volume{6eb99678-1420-4331-8c48-c938897dab91}\ (WINRETOOLS) (Fixed) (Total:0.45 GB) (Free:0.08 GB) NTFS
\\?\Volume{84262ddf-8896-47b0-add7-4fd4fbcb9972}\ (Image) (Fixed) (Total:8.59 GB) (Free:0.58 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 43969A7D)

Partition: GPT.

==================== End of Addition.txt ============================

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Prosím o preventivní kontrolu LOG

#6 Příspěvek od Conder »

:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
    CloseProcesses:
    CreateRestorePoint:
    
    PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
    File: C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
    File: C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
    File: C:\Windows\System32\HPZinw12.dll
    File: C:\Windows\System32\HPZipm12.dll
    ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{c5ca4ec3-10b2-4447-b323-8448aae57a0b}
    CMD: type "c:\windows\system32\oem\startmenufix.vbs"
    CMD: type "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat"
    
    Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat [2018-07-16] ()
    HKU\S-1-5-21-4106999633-2871329638-518651434-4360\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17win10.msn.com/?pc=DCTE
    HKU\S-1-5-21-4106999633-2871329638-518651434-4360\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
    SearchScopes: HKU\S-1-5-21-4106999633-2871329638-518651434-4360 -> DefaultScope {92B29637-FFC4-420B-B6FA-A608E6B6BF20} URL = 
    SearchScopes: HKU\S-1-5-21-4106999633-2871329638-518651434-4360 -> {92B29637-FFC4-420B-B6FA-A608E6B6BF20} URL = 
    FF NewTab: Mozilla\Firefox\Profiles\6ffi3ux2.default -> chrome://fvd.speeddial/content/fvd_about_blank.html
    FF NewTabOverride: Mozilla\Firefox\Profiles\6ffi3ux2.default -> Enabled: pavel.sherbakov@gmail.com
    2018-10-10 08:55 - 2017-05-19 08:15 - 000000000 ____D C:\Program Files\Common Files\McAfee
    2018-10-10 08:55 - 2017-05-19 08:04 - 000000000 ____D C:\ProgramData\McAfee
    2018-07-03 22:32 - 2018-08-09 15:49 - 000000000 _____ () C:\Users\durnad\AppData\Roaming\FileIn.cns
    2018-07-03 22:32 - 2018-08-09 15:49 - 000000000 _____ () C:\Users\durnad\AppData\Roaming\FileOut.cns
    CustomCLSID: HKU\S-1-5-21-4106999633-2871329638-518651434-4360_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2016 - English\dwgviewr.exe => No File
    ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
    ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
    Task: {198FA073-AECE-40F4-B292-4997D6E3B425} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202}
    Task: {F646C284-D5D2-4E5E-B910-D6984C73B724} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}
    Shortcut: C:\Users\durnad\AppData\Roaming\Microsoft\Word\Статус%20выполнения%20по%20проектно-поэтапному%20п306848901688930916\Статус%20выполнения%20по%20проектно-поэтапному%20плану%20по%20унив.%20сан.комплексу%20от%20TRATEC.doc.lnk -> [LF `N"|5pu6l4U//D:\tY^Hg3(w,/J>Vh6 !B0BCA 2K?>;=5=8O ?> ?@>5:B=>-?>MB0?=><C ?;0=C ?> C=82. A0=.:><?;5:AC >B TRATEC.doc.!B0BCA 2K?>;=5=8O ?> ?@>5:B=>-?>MB0?=><C ?;0=C ?> C=82. A0=.:><?;5:AC >B TRATEC.doc>$$5:<D:\?????? ?????????? ?? ????????-?????????? ????? ?? ????. ???.????????? ?? TRATEC.docD:\!B0BCA 2K?>;=5=8O ?> ?@>5:B=>-?>MB0?=><C ?;0=C ?> C=82. A0=.:><?;5:AC >B TRATEC.docNejnovja verze12] (No File) <==== Cyrillic
    C:\Users\durnad\AppData\Roaming\Microsoft\Word\*.lnk
    
    Hosts:
    EmptyTemp:
    End
  • Klikni na Subor a potom na Ulozit
  • Vpravo dole vyber kodovanie Unicode
  • Subor uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

domdur
Návštěvník
Návštěvník
Příspěvky: 39
Registrován: 12 bře 2016 16:18

Re: Prosím o preventivní kontrolu LOG

#7 Příspěvek od domdur »

Po krátké odmlce posílám fixlog. Firefox se už nespouští bez vyzvání po spuštění PC, ale PC je dost rozvláčné po provedení oprav. Postupně se ale zlepšuje, nevím jestli to je jenom pocit nebo ne. :D

Fix result of Farbar Recovery Scan Tool (x64) Version: 10.10.2018
Ran by DurnaD (15-10-2018 08:32:27) Run:1
Running from C:\Users\durnad\Desktop
Loaded Profiles: DurnaD (Available Profiles: defaultuser0 & it & DurnaD & tratadmin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
File: C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
File: C:\Windows\System32\HPZinw12.dll
File: C:\Windows\System32\HPZipm12.dll
ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{c5ca4ec3-10b2-4447-b323-8448aae57a0b}
CMD: type "c:\windows\system32\oem\startmenufix.vbs"
CMD: type "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat"

Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat [2018-07-16] ()
HKU\S-1-5-21-4106999633-2871329638-518651434-4360\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17win10.msn.com/?pc=DCTE
HKU\S-1-5-21-4106999633-2871329638-518651434-4360\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-4106999633-2871329638-518651434-4360 -> DefaultScope {92B29637-FFC4-420B-B6FA-A608E6B6BF20} URL =
SearchScopes: HKU\S-1-5-21-4106999633-2871329638-518651434-4360 -> {92B29637-FFC4-420B-B6FA-A608E6B6BF20} URL =
FF NewTab: Mozilla\Firefox\Profiles\6ffi3ux2.default -> chrome://fvd.speeddial/content/fvd_about_blank.html
FF NewTabOverride: Mozilla\Firefox\Profiles\6ffi3ux2.default -> Enabled: pavel.sherbakov@gmail.com
2018-10-10 08:55 - 2017-05-19 08:15 - 000000000 ____D C:\Program Files\Common Files\McAfee
2018-10-10 08:55 - 2017-05-19 08:04 - 000000000 ____D C:\ProgramData\McAfee
2018-07-03 22:32 - 2018-08-09 15:49 - 000000000 _____ () C:\Users\durnad\AppData\Roaming\FileIn.cns
2018-07-03 22:32 - 2018-08-09 15:49 - 000000000 _____ () C:\Users\durnad\AppData\Roaming\FileOut.cns
CustomCLSID: HKU\S-1-5-21-4106999633-2871329638-518651434-4360_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2016 - English\dwgviewr.exe => No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {198FA073-AECE-40F4-B292-4997D6E3B425} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202}
Task: {F646C284-D5D2-4E5E-B910-D6984C73B724} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}
Shortcut: C:\Users\durnad\AppData\Roaming\Microsoft\Word\Статус%20выполнения%20по%20проектно-поэтапному%20п306848901688930916\Статус%20выполнения%20по%20проектно-поэтапному%20плану%20по%20унив.%20сан.комплексу%20от%20TRATEC.doc.lnk -> [LF `N"|5pu6l4U//D:\tY^Hg3(w,/J>Vh6 !B0BCA 2K?>;=5=8O ?> ?@>5:B=>-?>MB0?=><C ?;0=C ?> C=82. A0=.:><?;5:AC >B TRATEC.doc.!B0BCA 2K?>;=5=8O ?> ?@>5:B=>-?>MB0?=><C ?;0=C ?> C=82. A0=.:><?;5:AC >B TRATEC.doc>$$5:<D:\?????? ?????????? ?? ????????-?????????? ????? ?? ????. ???.????????? ?? TRATEC.docD:\!B0BCA 2K?>;=5=8O ?> ?@>5:B=>-?>MB0?=><C ?;0=C ?> C=82. A0=.:><?;5:AC >B TRATEC.docNejnovja verze12] (No File) <==== Cyrillic
C:\Users\durnad\AppData\Roaming\Microsoft\Word\*.lnk

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========



Count : 18186
Average :
Sum : 123120030056
Maximum :
Minimum :
Property : Length




========= End of Powershell: =========


========================= File: C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe ========================

C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
File not signed
MD5: 8213094EA736A9C575AB0E22AD09B0BA
Creation and modification date: 2015-05-19 10:11 - 2015-05-19 10:11
Size: 000335872
Attributes: ----A
Company Name: Intel Corporation
Internal Name: isa.exe
Original Name: isa.exe
Product: Intel(R) Security Assist
Description: Intel(R) Security Assist
File Version: 1.0.0.532
Product Version: 1.0.0.532
Copyright: Copyright © 2014
VirusTotal: https://www.virustotal.com/file/12670a4 ... 539067068/

====== End of File: ======


========================= File: C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe ========================

C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
File not signed
MD5: 1DFC3CCA51785254C5604238BB1A5467
Creation and modification date: 2015-05-19 10:11 - 2015-05-19 10:11
Size: 000007680
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: https://www.virustotal.com/file/31451a9 ... 539226063/

====== End of File: ======


========================= File: C:\Windows\System32\HPZinw12.dll ========================

C:\Windows\System32\HPZinw12.dll
File not signed
MD5: 07B1F9832B37BA89A656956D04ED0662
Creation and modification date: 2016-06-15 04:36 - 2016-06-15 04:36
Size: 000050688
Attributes: ----A
Company Name: HP Inc.
Internal Name: Dot4Net
Original Name: Dot4Net.DLL
Product: Bidi User Mode
Description: Dot4Net Module
File Version: 21,2,1,1544
Product Version: 21,2,1,1544
Copyright: © Copyright 2015 HP Development Company, L.P.
VirusTotal: https://www.virustotal.com/file/fa16e55 ... 537828921/

====== End of File: ======


========================= File: C:\Windows\System32\HPZipm12.dll ========================

C:\Windows\System32\HPZipm12.dll
File not signed
MD5: 91675C437BE3939B3E61ED3102246C81
Creation and modification date: 2016-06-15 04:36 - 2016-06-15 04:36
Size: 000066048
Attributes: ----A
Company Name: HP Inc.
Internal Name: PmlDrv
Original Name: PmlDrv.DLL
Product: Bidi User Mode
Description: PmlDrv Module
File Version: 21,2,1,1544
Product Version: 21,2,1,1544
Copyright: © Copyright 2015 HP Development Company, L.P.
VirusTotal: https://www.virustotal.com/file/fe60cef ... 537828749/

====== End of File: ======

================== ExportKey: ===================

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{c5ca4ec3-10b2-4447-b323-8448aae57a0b}]
"AuthorizedCDFPrefix"=""
"Comments"="Služba Kerio Updater Service umožňuje aktualizaci desktopových aplikací Kerio Technologies uživatelům bez administrátorských práv."
"Contact"="Technical Support"
"DisplayVersion"="2.0.176"
"HelpLink"="http://support.kerio.com"
"HelpTelephone"=""
"InstallDate"="20180314"
"InstallLocation"="C:\Program Files (x86)\Kerio\"
"InstallSource"="C:\Users\durnad\AppData\Local\Temp\KMS.KOFF-9-2-5-T-3-336.exe\"
"ModifyPath"="MsiExec.exe /X{c5ca4ec3-10b2-4447-b323-8448aae57a0b}"
"NoModify"="1"
"NoRepair"="1"
"Publisher"="Kerio Technologies, Inc."
"Readme"=""
"Size"=""
"EstimatedSize"="12106"
"UninstallString"="MsiExec.exe /X{c5ca4ec3-10b2-4447-b323-8448aae57a0b}"
"URLInfoAbout"="http://www.kerio.com"
"URLUpdateInfo"="http://www.kerio.com"
"VersionMajor"="2"
"VersionMinor"="0"
"WindowsInstaller"="1"
"Version"="33554608"
"Language"="1029"
"DisplayName"="Kerio Updater Service"
"sEstimatedSize2"="6053"

=== End of ExportKey ===

========= type "c:\windows\system32\oem\startmenufix.vbs" =========


Dim binFoundKey
Set objShell = WScript.CreateObject("WScript.Shell")
set filesys = CreateObject("Scripting.FileSystemObject")
Set writefile= filesys.CreateTextFile("c:\windows\system32\oem\StartMenuFix.Log", True)
set logfile = filesys.GetFile("c:\windows\system32\oem\StartMenuFix.Log")
set scriptfile = filesys.GetFile("c:\windows\system32\oem\StartMenuFix.vbs")

' VBScript has no good way to detect if key exists
' Must check for error when trying to read.
' Turn off error handling
on error resume next
strKey = objShell.RegRead ("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateChange\PackageList\Microsoft.Windows.ShellExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy\")
binFoundKey = (err.number = 0)
' Resetting error handling
on error goto 0

if binFoundKey then
'WScript.echo "Found Key"
writefile.WriteLine "Found Key"
' key found, must remove
objShell.RegDelete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateChange\PackageList\Microsoft.Windows.ShellExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy\"
'WScript.echo "Key deleted"
writefile.WriteLine "Key deleted"
writefile.WriteLine "Issue reboot"
writefile.close
' Hide log file
logfile.Attributes = 2
' Hide script file
scriptfile.Attributes = 2
' Issue reboot
objShell.Run "C:\WINDOWS\system32\shutdown.exe -r -t 0"
else
'WScript.echo "Key not found"
writefile.WriteLine "Key not found"
writefile.close
' Hide log file
logfile.Attributes = 2
' Hide script file
scriptfile.Attributes = 2
end if
========= End of CMD: =========


========= type "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat" =========

@echo off
TITLE Update check..
start "" http://zipansion.com/2HkmW
========= End of CMD: =========

HKLM\System\CurrentControlSet\Control\Lsa\\Notification Packages => value restored successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat => moved successfully
HKU\S-1-5-21-4106999633-2871329638-518651434-4360\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-4106999633-2871329638-518651434-4360\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
"HKU\S-1-5-21-4106999633-2871329638-518651434-4360\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-4106999633-2871329638-518651434-4360\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{92B29637-FFC4-420B-B6FA-A608E6B6BF20} => removed successfully
HKLM\Software\Classes\CLSID\{92B29637-FFC4-420B-B6FA-A608E6B6BF20} => not found
"Firefox newtab" => removed successfully
"Firefox NewTabOverride (pavel.sherbakov@gmail.com) " => removed successfully
C:\Program Files\Common Files\McAfee => moved successfully
C:\ProgramData\McAfee => moved successfully
C:\Users\durnad\AppData\Roaming\FileIn.cns => moved successfully
C:\Users\durnad\AppData\Roaming\FileOut.cns => moved successfully
HKU\S-1-5-21-4106999633-2871329638-518651434-4360_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98} => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\CLSID\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{198FA073-AECE-40F4-B292-4997D6E3B425}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{198FA073-AECE-40F4-B292-4997D6E3B425}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F646C284-D5D2-4E5E-B910-D6984C73B724}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F646C284-D5D2-4E5E-B910-D6984C73B724}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}" => removed successfully
C:\Users\durnad\AppData\Roaming\Microsoft\Word\Статус%20выполнения%20по%20проектно-поэтапному%20п306848901688930916\Статус%20выполнения%20по%20проектно-поэтапному%20плану%20по%20унив.%20сан.комплексу%20от%20TRATEC.doc.lnk => moved successfully

=========== "C:\Users\durnad\AppData\Roaming\Microsoft\Word\*.lnk" ==========

not found

========= End -> "C:\Users\durnad\AppData\Roaming\Microsoft\Word\*.lnk" ========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1059167630 B
Java, Flash, Steam htmlcache => 34909 B
Windows/system/drivers => 238637635 B
Edge => 2407234 B
Chrome => 49922054 B
Firefox => 1120568903 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 48938 B
NetworkService => 10832 B
defaultuser0 => 595457 B
it => 22932113 B
__sbs_netsetup__ => 0 B
durnad => 32948176790 B
tratadmin => 45987825 B

RecycleBin => 251077259 B
EmptyTemp: => 33.3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 09:32:51 ====

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Prosím o preventivní kontrolu LOG

#8 Příspěvek od Conder »

:arrow: Plocha ma vyse 114 GB, co je prilis vela. Presun vsetky subory a zlozky z plochy do dokumentov a na ploche nechaj iba odkazy/zastupcov. Prilis velka velkost plochy moze sposobit spomalenie systemu.

:arrow: Co znamena, ze "PC je dost rozvlacne"? :D

:arrow: Poprosim o obidva nove logy z FRST.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Odpovědět