Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Eset online scaner najde 8 hrozeb, ale nedoběhne-bluescreen

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
altrok
Moderátor
Moderátor
Příspěvky: 7322
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Eset online scaner najde 8 hrozeb, ale nedoběhne-bluescr

#16 Příspěvek od altrok »

CCleaner bych na obcasne procisteni nechal, MBAM odinstalujte (pouzivame ho jen jako jednorazovy skener, ale nastavuje si aktivni sluzby, ktere nepotrebujete) a ESET ponechejte.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
Bary.Jan
Návštěvník
Návštěvník
Příspěvky: 84
Registrován: 09 pro 2013 15:20

Re: Eset online scaner najde 8 hrozeb, ale nedoběhne-bluescr

#17 Příspěvek od Bary.Jan »

Včera a dnes jsem celkem dost pouzival a při vypínání nebo restartu se skoro vždy objeví chybová hláška 0x0000.... piše se chyba explorer.exe a počítač dlouze nabíhá, celkem pomalu.
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7322
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Eset online scaner najde 8 hrozeb, ale nedoběhne-bluescr

#18 Příspěvek od altrok »

Dejte nove logy FRST.txt a Addition.txt
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
Bary.Jan
Návštěvník
Návštěvník
Příspěvky: 84
Registrován: 09 pro 2013 15:20

Re: Eset online scaner najde 8 hrozeb, ale nedoběhne-bluescr

#19 Příspěvek od Bary.Jan »

tady je FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-11-2016
Ran by Eliška (administrator) on ELIŠKA-PC (18-11-2016 19:20:37)
Running from C:\Users\Eliška\Desktop
Loaded Profiles: Eliška (Available Profiles: Eliška)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security Premium\ekrn.exe
(AuthenTec, Inc.) C:\Program Files (x86)\Fingerprint Sensor\AtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ESET) C:\Program Files\ESET\ESET Smart Security Premium\egui.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Google Inc.) C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe
(Facebook Inc.) C:\Users\Eliška\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Samsung) C:\Program Files (x86)\SAMSUNG\Kies\Kies.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ZTE) C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Google Inc.) C:\Users\Eliška\AppData\Local\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Users\Eliška\AppData\Local\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
() C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\dbus-daemon.exe
() C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\db_daemon.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\SAMSUNG\Kies\KiesTrayAgent.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [342528 2009-06-19] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [4119552 2008-11-17] (Dell Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-05-28] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282632 2013-04-02] (CANON INC.)
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\...\Run: [Google Update] => C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\...\Run: [Facebook Update] => C:\Users\Eliška\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-06-29] (Facebook Inc.)
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1563440 2014-05-28] (Samsung)
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8944344 2016-09-28] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\mcserver.lnk [2016-11-13]
ShortcutTarget: mcserver.lnk -> C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exe (ZTE)
Startup: C:\Users\Eliška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk [2016-11-13]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{52C58F0C-8388-455D-B348-F367F1635E90}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{76DE49D9-1C51-40BD-9DC7-DF7FC9753243}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE12&ocid=UE12DHP
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-at/?pc=UE12&ocid=UE12DHP
SearchScopes: HKU\S-1-5-21-2426440832-341668823-1581636725-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97 ... -SearchBox
SearchScopes: HKU\S-1-5-21-2426440832-341668823-1581636725-1000 -> {984F4E3E-CF4D-48B9-B242-50E8083E1828} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_5
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-14] (Oracle Corporation)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-14] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Eliška\AppData\Roaming\Mozilla\Firefox\Profiles\3w1zlmmx.default [2016-11-18]
FF user.js: detected! => C:\Users\Eliška\AppData\Roaming\Mozilla\Firefox\Profiles\3w1zlmmx.default\user.js [2016-11-15]
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\3w1zlmmx.default -> Bing
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-20] [not signed]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-06-20] [not signed]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-06-20] [not signed]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-06-20] [not signed]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-20] [not signed]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\addon
FF Extension: (Bytemobile Optimization Client) - C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\addon [2012-07-25] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [No File]
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2426440832-341668823-1581636725-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Eliška\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2426440832-341668823-1581636725-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Eliška\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-24] (Google Inc.)
FF Plugin HKU\S-1-5-21-2426440832-341668823-1581636725-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Eliška\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-24] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2012-09-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2012-09-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2012-09-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2012-09-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2012-09-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2012-09-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2012-09-19] (Apple Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.msn.com/en-us/?pc=__PARAM__&ocid=__PARAM__DHP
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Eliška\AppData\Local\Google\Chrome\User Data\Default [2016-11-18]
CHR Extension: (YouTube) - C:\Users\Eliška\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Vyhledávání Google) - C:\Users\Eliška\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Kalendář Google) - C:\Users\Eliška\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Eliška\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-07]
CHR Extension: (Gmail) - C:\Users\Eliška\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Eliška\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-31]
CHR Profile: C:\Users\Eliška\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-11-15]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Eliška\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-16]
CHR HKU\S-1-5-21-2426440832-341668823-1581636725-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ATService; C:\Program Files (x86)\Fingerprint Sensor\AtService.exe [1807608 2009-08-16] (AuthenTec, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security Premium\ekrn.exe [2815520 2016-10-11] (ESET)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2016-05-27] (Freemake) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2016-05-27] (Ellora Assets Corp.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [3051520 2008-11-17] (Dell Inc.) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.) [File not signed]
R0 BMLoad; C:\Windows\SysWOW64\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.) [File not signed]
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [129152 2016-04-24] (Samsung Electronics Co., Ltd.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [232072 2016-10-13] (ESET)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [212096 2016-10-13] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [177792 2016-10-13] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [48768 2016-10-13] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [76416 2016-10-13] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59528 2016-10-13] (ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [91784 2016-10-13] (ESET)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
R3 ITECIRfilter; C:\Windows\System32\DRIVERS\ITECIRfilter.sys [36560 2016-03-10] (ITE Tech. Inc. )
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)
S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation)
S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)
S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2008-01-09] (Sony Ericsson Mobile Communications)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [221824 2016-04-24] (Samsung Electronics Co., Ltd.)
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.) [File not signed]
R1 tcpipBM; C:\Windows\SysWOW64\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.) [File not signed]
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 zte_cdc_acm; C:\Windows\System32\DRIVERS\zte_cdc_acm.sys [79872 2011-11-02] (ZTE)
S3 zte_cpo; C:\Windows\System32\DRIVERS\zte_cpo.sys [14336 2011-11-02] (ZTE)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-18 19:20 - 2016-11-18 19:21 - 00019494 _____ C:\Users\Eliška\Desktop\FRST.txt
2016-11-18 19:20 - 2016-11-18 19:20 - 00000000 ____D C:\FRST
2016-11-18 19:15 - 2016-11-18 19:15 - 02412032 _____ (Farbar) C:\Users\Eliška\Desktop\FRST64.exe
2016-11-17 20:20 - 2016-11-17 20:21 - 00000521 _____ C:\DelFix.txt
2016-11-15 00:16 - 2016-11-15 00:16 - 00002083 _____ C:\Users\Public\Desktop\ESET Ochrana bankovnictví a online plateb.lnk
2016-11-15 00:16 - 2016-11-15 00:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2016-11-15 00:16 - 2016-11-15 00:16 - 00000000 ____D C:\ProgramData\ESET
2016-11-15 00:16 - 2016-11-15 00:16 - 00000000 ____D C:\Program Files\ESET
2016-11-14 01:45 - 2016-11-14 01:45 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-11-13 20:15 - 2016-11-13 20:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-13 20:06 - 2016-11-13 20:08 - 22851472 _____ (Malwarebytes ) C:\Users\Eliška\Downloads\mbam-setup-2.2.1.1043.exe
2016-11-13 19:21 - 2016-11-13 19:23 - 46755096 _____ (Microsoft Corporation) C:\Users\Eliška\Downloads\mpas-feX64.exe
2016-11-13 14:30 - 2016-11-13 14:31 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-11-13 14:30 - 2016-11-13 14:31 - 00410624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\systemcpl.dll
2016-11-13 14:30 - 2016-11-13 14:31 - 00002048 _____ C:\Windows\SysWOW64\winver.exe
2016-11-13 14:30 - 2016-11-13 14:30 - 00113543 _____ C:\Windows\SysWOW64\slmgr.vbs
2016-11-13 14:30 - 2016-11-13 14:30 - 00001536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppcomapi.dll
2016-11-13 12:42 - 2016-11-13 14:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Program
2016-11-13 12:42 - 2016-11-13 14:03 - 00000000 ____D C:\Program Files (x86)\My Program
2016-10-28 14:44 - 2016-10-28 14:44 - 00000000 ___HT C:\Windows\wusa.lock
2016-10-28 14:44 - 2016-10-28 14:44 - 00000000 ____D C:\912d2e4e024f32452e1d
2016-10-28 14:43 - 2016-10-28 14:44 - 00159144 _____ (Microsoft Corporation) C:\Users\Eliška\Downloads\WindowsActivationUpdate.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-18 18:54 - 2013-06-11 16:35 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2016-11-18 18:54 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-18 18:52 - 2009-07-14 05:45 - 00022784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-18 18:52 - 2009-07-14 05:45 - 00022784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-18 18:25 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing
2016-11-17 23:15 - 2012-04-15 14:00 - 00000000 ____D C:\Users\Eliška\Desktop\zástupci
2016-11-17 17:52 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-11-17 17:42 - 2012-01-24 20:04 - 00000000 ____D C:\Users\Eliška\AppData\Local\ESET
2016-11-15 16:05 - 2012-01-24 16:00 - 00000000 ____D C:\Users\Eliška
2016-11-14 23:53 - 2012-01-24 16:15 - 00002378 _____ C:\Users\Eliška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-14 23:41 - 2013-12-16 13:45 - 00000000 ____D C:\ProgramData\Oracle
2016-11-14 23:39 - 2014-07-30 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-11-14 23:39 - 2012-02-21 13:42 - 00000000 ____D C:\Program Files (x86)\Java
2016-11-14 23:37 - 2014-07-30 15:19 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-11-14 01:54 - 2012-07-23 09:50 - 00000000 ____D C:\Users\Eliška\AppData\Local\CrashDumps
2016-11-14 01:54 - 2012-05-03 21:40 - 00000000 ____D C:\Windows\Minidump
2016-11-14 01:54 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\ModemLogs
2016-11-14 01:46 - 2012-05-06 15:43 - 00000000 ____D C:\Program Files\CCleaner
2016-11-14 01:45 - 2012-05-06 15:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-11-13 20:57 - 2009-07-14 16:18 - 00672424 _____ C:\Windows\system32\perfh005.dat
2016-11-13 20:57 - 2009-07-14 16:18 - 00142988 _____ C:\Windows\system32\perfc005.dat
2016-11-13 20:57 - 2009-07-14 06:13 - 01593374 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-13 20:47 - 2012-01-24 15:52 - 00000000 ____D C:\Windows\Panther
2016-11-13 20:45 - 2016-04-15 18:22 - 00001060 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-11-13 20:45 - 2016-03-19 23:33 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker 2.6.lnk
2016-11-13 20:45 - 2016-02-10 17:58 - 00001326 _____ C:\Users\Public\Desktop\Freemake Video Downloader.lnk
2016-11-13 20:45 - 2016-01-08 00:17 - 00001305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2016-11-13 20:45 - 2016-01-08 00:16 - 00001374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-11-13 20:45 - 2015-04-16 12:41 - 00002015 _____ C:\Users\Public\Desktop\Canon Quick Menu.lnk
2016-11-13 20:45 - 2014-10-06 19:55 - 00000938 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2016-11-13 20:45 - 2014-07-02 19:38 - 00002001 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
2016-11-13 20:45 - 2014-07-02 19:38 - 00001990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Uninstaller.lnk
2016-11-13 20:45 - 2014-07-02 19:38 - 00001924 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
2016-11-13 20:45 - 2014-06-18 10:42 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-11-13 20:45 - 2012-01-27 16:25 - 00001119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk
2016-11-13 20:45 - 2012-01-27 16:23 - 00001207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
2016-11-13 20:45 - 2012-01-27 16:20 - 00001262 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
2016-11-13 20:45 - 2012-01-27 16:20 - 00001169 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
2016-11-13 20:45 - 2012-01-27 16:18 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
2016-11-13 20:45 - 2012-01-27 16:18 - 00001353 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
2016-11-13 20:45 - 2012-01-24 16:09 - 00001150 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-11-13 20:45 - 2012-01-24 15:56 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-11-13 20:45 - 2012-01-24 15:56 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-11-13 20:45 - 2009-07-14 05:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-11-13 20:45 - 2009-07-14 05:57 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-11-13 20:45 - 2009-07-14 05:57 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-11-13 20:45 - 2009-07-14 05:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-11-13 20:45 - 2009-07-14 05:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-11-13 20:44 - 2016-10-01 15:02 - 00000000 ____D C:\Users\Eliška\Desktop\Pečení
2016-11-13 20:44 - 2013-09-13 16:20 - 00000908 _____ C:\Users\Eliška\Desktop\Downloads.lnk
2016-11-13 20:44 - 2013-08-09 15:38 - 00002246 _____ C:\Users\Eliška\Desktop\Internet Manager.lnk
2016-11-13 20:44 - 2012-08-03 12:09 - 00014408 _____ C:\Users\Eliška\Desktop\Stažené soubory.lnk
2016-11-13 20:44 - 2012-01-24 16:02 - 00001393 _____ C:\Users\Eliška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-11-13 20:44 - 2009-07-14 06:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-11-13 20:44 - 2009-07-14 05:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-11-13 13:38 - 2014-12-06 22:05 - 00000000 ____D C:\Users\Eliška\Desktop\Bety dort a fotky
2016-11-13 12:38 - 2013-08-25 22:21 - 00001912 _____ C:\Windows\epplauncher.mif
2016-11-13 12:37 - 2013-08-20 11:58 - 00000000 ____D C:\Windows\system32\MRT
2016-11-13 12:21 - 2012-01-24 20:50 - 144199024 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-31 23:24 - 2012-02-01 23:19 - 00000000 ____D C:\Users\Eliška\AppData\Roaming\Skype
2016-10-28 21:53 - 2012-01-24 16:12 - 00000000 ____D C:\Users\Eliška\AppData\Local\Google
2016-10-28 01:47 - 2012-02-04 21:12 - 00000000 ___RD C:\Program Files (x86)\Skype

==================== Files in the root of some directories =======

2012-02-03 15:13 - 2011-10-21 21:57 - 21073936 _____ () C:\Program Files\vlc-1.1.11-win32.exe
2014-07-30 21:36 - 2016-05-21 08:36 - 0000250 _____ () C:\Users\Eliška\AppData\Roaming\WB.CFG
2016-07-02 21:45 - 2016-07-02 21:45 - 0003584 _____ () C:\Users\Eliška\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-04 16:50 - 2015-03-04 16:50 - 0000849 _____ () C:\Users\Eliška\AppData\Local\recently-used.xbel

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2016-09-17 14:01] - [2016-08-16 18:36] - 1008640 ____A (Microsoft Corporation) E573BD9AB55C8E333C202B9E255F972E

C:\Windows\SysWOW64\User32.dll
[2016-11-13 14:30] - [2016-11-13 14:31] - 0833024 ____A (Microsoft Corporation) 2C9CC9F492CA596B1B9FC1AE5E916356

C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-10-24 23:32

==================== End of FRST.txt ============================

a tady je Adition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-11-2016
Ran by Eliška (18-11-2016 19:22:11)
Running from C:\Users\Eliška\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-01-24 15:00:07)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2426440832-341668823-1581636725-500 - Administrator - Disabled)
Elis (S-1-5-21-2426440832-341668823-1581636725-1003 - Limited - Enabled)
Eliška (S-1-5-21-2426440832-341668823-1581636725-1000 - Administrator - Enabled) => C:\Users\Eliška
Guest (S-1-5-21-2426440832-341668823-1581636725-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2426440832-341668823-1581636725-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security Premium 10.0.369.1 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security Premium 10.0.369.1 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personální firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.18) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
AuthenTec Fingerprint Software (HKLM-x32\...\{6B99AF03-2668-4572-BD3D-8C7A5D103065}) (Version: 8.5.3.0 - "AuthenTec,Inc.")
AVS Screen Capture version 2.0.1 (HKLM-x32\...\AVS Screen Capture_is1) (Version: - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Editor 6 (HKLM-x32\...\AVS Video Editor_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Recorder 2.5 (HKLM-x32\...\AVS Video Recorder_is1) (Version: - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)
Balíček ovladače systému Windows - AuthenTec Inc. (ATSwpWDF) Biometric (07/02/2009 8.5.0.251) (HKLM\...\815EB4ED418166EC2BBE3A39EAC38C74AE911A8C) (Version: 07/02/2009 8.5.0.251 - AuthenTec Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG3500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3500_series) (Version: 1.00 - Canon Inc.)
Canon MG3500 series On-screen Manual (HKLM-x32\...\Canon MG3500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.102.101.224 - ALPS ELECTRIC CO., LTD.)
Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11 Application) (Version: 5.10.38.30 - Dell Inc.)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.64 - DivX, LLC)
ESET Smart Security Premium (HKLM\...\{9FD38E7D-4EEC-4057-9D3A-2C48C91D0C12}) (Version: 10.0.369.1 - ESET, spol. s r.o.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Foxit PDF Editor (HKLM-x32\...\Foxit PDF Editor) (Version: - )
Foxit PDF Editor 2.0 Build 1011 + Patch version for Windows (HKLM-x32\...\{BA30BA25-3C41-FFFD-B067-1515F4EAC738}_is1) (Version: for Windows - )
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.8.0 - Ellora Assets Corporation)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Chrome (HKU\S-1-5-21-2426440832-341668823-1581636725-1000\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Internet Manager (HKLM\...\{27D28586-BEF1-4E06-8787-3B1FC3A41489}) (Version: 1.0.0.3 - ZTE CORPORATION)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Microsoft .NET Framework 4.6.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 cs) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 cs)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
My Program version 1.5 (HKLM-x32\...\{11C0B447-2D00-4891-B686-367E63EDAC63}_is1) (Version: 1.5 - My Company, Inc.)
Nero Burning ROM 2014 (HKLM-x32\...\{B0E4ACBC-4CFA-4B6D-9B7B-E13C171BCC23}) (Version: 15.0.05300 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Registrace uživatele zařízení Canon MG3500 series (HKLM-x32\...\Registrace uživatele zařízení Canon MG3500 series) (Version: - ‭Canon Inc.)
RICOH Media Driver ver.2.07.01.00 (HKLM-x32\...\{2B818257-E6C7-4841-8C29-C5C9A982BCE5}) (Version: 2.07.01.00 - RICOH)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
save2pc 5.44 (HKLM-x32\...\save2pc_is1) (Version: - FDRLab, Inc.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.0.127 - PandoraTV)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.10 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2426440832-341668823-1581636725-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Eliška\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2426440832-341668823-1581636725-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Eliška\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {076A80B0-8DC0-4244-BE78-1C9186EE4654} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-09-22] (Oracle Corporation)
Task: {4461739E-AB82-43F3-974A-6D232DFC2C9C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000Core1d1fe3fe3755df4 => C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {4AD3A0A2-7876-4CB1-9A0D-48BD6AD4087A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-19] (Adobe Systems Incorporated)
Task: {56ADCC3F-5D3D-48F0-8DE3-D34C4C9D5559} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000UA => C:\Users\Eliška\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-29] (Facebook Inc.)
Task: {7570F405-69D1-48D1-B3FE-4857EFEB9B1C} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {865D5A61-188C-47F6-9640-ECFD0FB81175} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-10-16] (Nero AG)
Task: {949D3DC8-9FEE-4B4C-8AF2-AA1F487F93F4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000Core => C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {A33F57FD-FC30-4274-A695-2E7963A56365} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000Core => C:\Users\Eliška\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-29] (Facebook Inc.)
Task: {A7F72BA3-C4E8-47B3-8042-B507D4D5F1AE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-28] (Piriform Ltd)
Task: {ADA5A295-A151-44E8-B18A-EC1E90586FBE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {B2859F79-E28B-472C-A6CF-199CF67FAC30} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000UA => C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {C12C4841-312E-47A3-9B13-BC4076B1CB8E} - System32\Tasks\{B523F393-A29A-469A-85C2-320DBBFAB1A4} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/cs/abandoninstall?page=tsMain
Task: {C855205F-3F08-46DF-9BB6-1DB110C9D81F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000UA1d1fe3fe3e4ea46 => C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {CD3DF530-E3EA-4D99-9E78-F5EA6575C4B4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-01] (Adobe Systems Incorporated)
Task: {E2CD6A62-A116-4230-88F7-DAD8A93AD26B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {EF70D17C-2E6C-4A23-AB38-8CD02E591545} - System32\Tasks\Google Updater and Installer => C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {EFE554F8-5220-462E-8F18-30E9B03E59E3} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-01] (Adobe Systems Incorporated)
Task: {F2BF26DB-5BB5-4127-854F-348E3CCDFAB7} - System32\Tasks\{38177F14-8DEA-48AB-ACAA-D6717578CE04} => Chrome.exe hxxp://ui.skype.com/ui/0/6.20.0.104/cs/abandoninstall?page=tsMain

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-11-10 09:58 - 2008-11-17 07:29 - 00032768 _____ () C:\Windows\System32\WLTRYSVC.EXE
2015-11-10 09:58 - 2008-11-17 07:29 - 00057856 _____ () C:\Windows\System32\bcmwlrmt.dll
2012-01-27 15:43 - 2012-01-09 19:44 - 00193536 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2013-08-09 15:37 - 2012-05-23 09:38 - 00221552 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\dbus-daemon.exe
2013-08-09 15:37 - 2012-05-23 09:38 - 00037232 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\db_daemon.exe
2016-01-06 17:41 - 2016-01-06 17:41 - 00062168 _____ () C:\Program Files\CCleaner\branding.dll
2016-09-28 17:25 - 2016-09-28 17:25 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2013-08-09 15:37 - 2011-05-06 04:03 - 00594944 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\dbus-1.dll
2013-08-09 15:37 - 2012-05-23 09:34 - 00099840 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\itapi.dll
2013-08-09 15:37 - 2012-05-23 09:34 - 00027648 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\log.dll
2013-08-09 15:37 - 2010-10-14 10:37 - 00971776 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\libxml2.dll
2013-08-09 15:37 - 2010-10-14 10:37 - 00080688 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\zlib1.dll
2013-08-09 15:37 - 2012-05-23 09:34 - 00058880 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\coder.dll
2013-08-09 15:37 - 2012-05-23 09:34 - 00043520 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\audio.dll
2013-08-09 15:37 - 2012-05-23 09:34 - 00036352 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\libConfig.dll
2013-08-09 15:37 - 2012-05-23 09:34 - 00021504 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\libctlsvr.dll
2013-08-09 15:37 - 2011-12-26 08:41 - 00090624 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\CaptureCrash.dll
2013-08-09 15:37 - 2007-09-09 16:07 - 00151552 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\libexpat.dll
2013-08-09 15:37 - 2011-05-06 04:02 - 00341504 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\sqlite3.dll
2016-11-14 23:53 - 2016-11-08 21:29 - 01819240 _____ () C:\Users\Eliška\AppData\Local\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-14 23:53 - 2016-11-08 21:29 - 00093288 _____ () C:\Users\Eliška\AppData\Local\Google\Chrome\Application\54.0.2840.99\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2016-11-15 18:39 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2426440832-341668823-1581636725-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Google Update => "C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Sony Ericsson PC Companion => "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /systray /nologon

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{45256570-A8CD-4216-A759-FB9363CDD6E1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{72AC8E75-B99E-44F2-ABFA-AD9366160C3C}C:\users\eliška\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\eliška\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{4BB66A68-47B9-46A9-90C5-7BDA5A2907E8}C:\users\eliška\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\eliška\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{511CBFD0-C27E-4D6A-A995-E6CDA0478C28}E:\skype\phone\skype.exe] => (Block) E:\skype\phone\skype.exe
FirewallRules: [UDP Query User{ADB0BC86-9020-4BB7-9C2B-F73488BA0149}E:\skype\phone\skype.exe] => (Block) E:\skype\phone\skype.exe
FirewallRules: [{A88F2FDE-B95C-4A42-9FD6-7DEF034D37D4}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{E8EBC84A-A62F-4E51-8CE5-38D7EF651879}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [TCP Query User{8B1A6AA0-7F71-42D2-9AFF-4F2300D61433}C:\users\eliška\desktop\zástupci\skype\phone\skype.exe] => (Block) C:\users\eliška\desktop\zástupci\skype\phone\skype.exe
FirewallRules: [UDP Query User{665AF446-3CC1-4409-972E-D1B07242AFBC}C:\users\eliška\desktop\zástupci\skype\phone\skype.exe] => (Block) C:\users\eliška\desktop\zástupci\skype\phone\skype.exe
FirewallRules: [TCP Query User{FF4C2287-5314-4F78-9DF9-EE1A5D3962ED}C:\program files\foxit software\pdf editor\pdfedit.exe] => (Allow) C:\program files\foxit software\pdf editor\pdfedit.exe
FirewallRules: [UDP Query User{43520E64-DC70-4ABD-8615-5820EABFD3F8}C:\program files\foxit software\pdf editor\pdfedit.exe] => (Allow) C:\program files\foxit software\pdf editor\pdfedit.exe
FirewallRules: [TCP Query User{7E2EF2A1-C078-42D6-BAEE-6EF2BB1B64CF}C:\program files\foxit software\pdf editor\pdfedit.exe] => (Allow) C:\program files\foxit software\pdf editor\pdfedit.exe
FirewallRules: [UDP Query User{12C62AE4-7157-4980-8D16-558AB29F6D57}C:\program files\foxit software\pdf editor\pdfedit.exe] => (Allow) C:\program files\foxit software\pdf editor\pdfedit.exe
FirewallRules: [{1651DBAA-47AE-44B4-9002-15C3F684CB2E}] => (Allow) C:\Users\Eliška\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{1893C48A-F7C5-481D-A362-FB8EE5F48111}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2879891B-F842-4353-91D5-AD56632F5ED2}] => (Allow) LPort=2869
FirewallRules: [{9A5C4298-AB99-4F32-8880-40B1FE6B6178}] => (Allow) LPort=1900
FirewallRules: [{8CF901A8-3691-421B-8824-F000F9EA045D}] => (Allow) C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{8055DCCC-E528-4952-BF7A-C64F59EFE3C5}C:\users\eliška\desktop\zástupci\skype\phone\skype.exe] => (Block) C:\users\eliška\desktop\zástupci\skype\phone\skype.exe
FirewallRules: [UDP Query User{46E9FEF9-9E62-492F-B67E-64412EE8EB79}C:\users\eliška\desktop\zástupci\skype\phone\skype.exe] => (Block) C:\users\eliška\desktop\zástupci\skype\phone\skype.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Adaptér tunelového režimu Microsoft Teredo
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/18/2016 06:56:14 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Aktivace licence systému Windows se nezdařila. Chyba 0x00000000.

Error: (11/18/2016 06:56:14 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
0x800401F9

Error: (11/18/2016 06:39:41 PM) (Source: ESENT) (EventID: 455) (User: )
Description: CCleaner64 (5376) testing: Při otevírání souboru protokolu C:\Users\Eliška\AppData\Local\Microsoft\Windows\WebCache\V01.log došlo k chybě -1032 (0xfffffbf8).

Error: (11/18/2016 06:39:41 PM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner64 (5376) testing: Pokus o otevření souboru C:\Users\Eliška\AppData\Local\Microsoft\Windows\WebCache\V01.log jen pro čtení se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).

Error: (11/18/2016 06:39:31 PM) (Source: ESENT) (EventID: 455) (User: )
Description: CCleaner64 (5376) testing: Při otevírání souboru protokolu C:\Users\Eliška\AppData\Local\Microsoft\Windows\WebCache\V01.log došlo k chybě -1032 (0xfffffbf8).

Error: (11/18/2016 06:39:31 PM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner64 (5376) testing: Pokus o otevření souboru C:\Users\Eliška\AppData\Local\Microsoft\Windows\WebCache\V01.log jen pro čtení se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).

Error: (11/18/2016 06:25:48 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Aktivace licence systému Windows se nezdařila. Chyba 0x00000000.

Error: (11/18/2016 06:25:48 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
0x800401F9

Error: (11/18/2016 04:51:11 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Aktivace licence systému Windows se nezdařila. Chyba 0x00000000.

Error: (11/18/2016 04:51:11 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
0x800401F9


System errors:
=============
Error: (11/18/2016 06:56:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Google Update (gupdate) neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (11/18/2016 06:56:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Služba Google Update (gupdate) bylo dosaženo časového limitu (30000 ms).

Error: (11/18/2016 06:53:40 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (11/18/2016 06:53:40 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (11/18/2016 06:27:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Google Update (gupdate) neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (11/18/2016 06:27:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Služba Google Update (gupdate) bylo dosaženo časového limitu (30000 ms).

Error: (11/18/2016 06:24:52 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (11/18/2016 06:24:52 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (11/18/2016 04:53:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Google Update (gupdate) neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (11/18/2016 04:53:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Služba Google Update (gupdate) bylo dosaženo časového limitu (30000 ms).


CodeIntegrity:
===================================
Date: 2016-11-18 19:20:21.551
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-18 19:15:04.553
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-18 18:54:17.009
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-18 18:52:37.708
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-18 18:25:37.028
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-18 18:20:03.824
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-18 16:51:01.784
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-18 02:03:46.872
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-17 23:49:47.114
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-17 23:47:38.332
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz
Percentage of memory in use: 46%
Total physical RAM: 4090.89 MB
Available physical RAM: 2181.55 MB
Total Virtual: 8179.96 MB
Available Virtual: 5919.05 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:139.26 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 10000000)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7322
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Eset online scaner najde 8 hrozeb, ale nedoběhne-bluescr

#20 Příspěvek od altrok »

:arrow: Pokuste se chybovou hlasku o padu exploreru vyfotit/vyscreenovat, at se mame ceho chytit.


:arrow: Ulozte na plochu rkill.exe, ukoncete vsechny aplikace a spustte - kdyby ho havet blokovala, pouzijte alternativni odkaz POZOR - TATO UTILITA MA VELKOU SCHOPNOST MAZAT - NESPOUSTEJTE JI BEZ DOPORUCENI RADCE
:arrow: Ulozte na plochu ComboFix.exe - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete antiviry a vsechny real-time ochrany
  • spustte ComboFix jako spravce (lepe pod uctem s administratorskym opravnenim)
  • s licencnimi podminkami souhlaste - Ano
  • pokud je nabidnuta instalace konzoly pro zotaveni, souhlaste
  • v prubehu skenovani nechte PC v klidu - nic nespoustejte a do okna ComboFixu neklikejte
  • vysledek skenu naleznete v C:\ComboFix.txt, jehoz obsah mi zkopirujte do pristi odpovedi.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
Bary.Jan
Návštěvník
Návštěvník
Příspěvky: 84
Registrován: 09 pro 2013 15:20

Re: Eset online scaner najde 8 hrozeb, ale nedoběhne-bluescr

#21 Příspěvek od Bary.Jan »

Tak tady jsou, snad to je tak jak jste psal v navodu, nechal sem to běžet a ten combofix sam restartoval tak snad je to doře...

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/18/2016 08:10:52 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\System32\WLTRYSVC.EXE (PID: 1480) [WD-HEUR]
* C:\Windows\System32\bcmwltry.exe (PID: 1504) [WD-HEUR]
* C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (PID: 1896) [AU-HEUR]
* C:\Windows\System32\WLTRAY.EXE (PID: 2372) [WD-HEUR]

4 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* TBS [Missing Service]

Searching for Missing Digital Signatures:

* C:\Windows\System32\user32.dll : 1 008 640 : 08/16/2016 06:36 PM : e573bd9ab55c8e333c202b9e255f972e [NoSig]
+-> C:\Windows\SysWOW64\user32.dll : 833 024 : 11/13/2016 02:31 PM : 2c9cc9f492ca596b1b9fc1ae5e916356 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll : 1 008 640 : 07/14/2009 02:41 AM : 72d7b3ea16946e8f0cf7458150031cc6 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll : 1 008 128 : 11/20/2010 02:27 PM : fe70103391a64039a921dbfff9c7ab1b [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.19061_none_2b252a2884278aa2\user32.dll : 1 008 640 : 11/10/2015 07:55 PM : 06bf84d26a05d400f6b3fb3d3de0b03a [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.23265_none_2bb2ca019d418cef\user32.dll : 1 009 152 : 11/10/2015 07:59 PM : e42cb2576d5c8456c60988b1c908f41a [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.23528_none_2be110419d1e60a5\user32.dll : 1 009 152 : 08/16/2016 06:36 PM : 8f4b991e7837e8e0f90c856659456652 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll : 833 024 : 07/14/2009 02:11 AM : e8b0ffc209e504cb7e79fc24e6c085f0 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll : 833 024 : 11/20/2010 01:08 PM : 5e0db2d8b2750543cd2ebb9ea8e6cdd3 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.19061_none_3579d47ab8884c9d\user32.dll : 833 024 : 11/10/2015 07:37 PM : 0a78439765e31510d75c9e2284f3a722 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.23265_none_36077453d1a24eea\user32.dll : 833 024 : 11/10/2015 07:35 PM : d0a3a0dbf77ee35ce97e55de92014e05 [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.23528_none_3635ba93d17f22a0\user32.dll : 833 024 : 08/16/2016 03:48 AM : 0fbc0e335b65ee5a0175631237817510 [Pos Repl]

Checking HOSTS File:

* No issues found.

Program finished at: 11/18/2016 08:15:32 PM
Execution time: 0 hours(s), 4 minute(s), and 40 seconds(s)




combofix

ComboFix 16-11-13.01 - Eliška 18.11.2016 20:24:06.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4091.2235 [GMT 1:00]
Spuštěný z: c:\users\EliÜka\Desktop\ComboFix.exe
AV: ESET Smart Security Premium 10.0.369.1 *Disabled/Updated* {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
FW: ESET Personální firewall *Disabled* {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
SP: ESET Smart Security Premium 10.0.369.1 *Disabled/Updated* {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\msdownld.tmp
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\Red33B8.tmp
c:\windows\SysWow64\Red9048.tmp
c:\windows\SysWow64\RedA86.tmp
c:\windows\SysWow64\RedEB34.tmp
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-10-18 do 2016-11-18 )))))))))))))))))))))))))))))))
.
.
2016-11-18 18:20 . 2016-11-18 18:22 -------- d-----w- C:\FRST
2016-11-14 23:16 . 2016-11-14 23:16 -------- d-----w- c:\program files\ESET
2016-11-13 19:15 . 2016-11-13 19:15 -------- d-----w- c:\programdata\Malwarebytes
2016-11-13 13:30 . 2016-11-13 13:31 2048 ----a-w- c:\windows\SysWow64\winver.exe
2016-11-13 13:30 . 2016-11-13 13:31 833024 ----a-w- c:\windows\SysWow64\user32.dll
2016-11-13 13:30 . 2016-11-13 13:31 410624 ----a-w- c:\windows\SysWow64\systemcpl.dll
2016-11-13 13:30 . 2016-11-13 13:30 1536 ----a-w- c:\windows\SysWow64\sppcomapi.dll
2016-11-13 13:30 . 2016-11-13 13:30 113543 ----a-w- c:\windows\SysWow64\slmgr.vbs
2016-11-13 11:42 . 2016-11-13 13:03 -------- d-----w- c:\program files (x86)\My Program
2016-10-28 13:44 . 2016-10-28 13:44 -------- d-----w- C:\912d2e4e024f32452e1d
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-11-14 22:37 . 2014-07-30 14:19 97856 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2016-11-13 11:21 . 2012-01-24 19:50 144199024 -c--a-w- c:\windows\system32\MRT.exe
2016-10-19 10:14 . 2016-11-13 18:23 12033040 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1B382D45-6969-4CA6-9B3E-5ECE36B6FC29}\mpengine.dll
2016-10-13 14:39 . 2016-10-13 14:39 91784 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2016-10-13 14:39 . 2016-10-13 14:39 76416 ----a-w- c:\windows\system32\drivers\epfw.sys
2016-10-13 14:39 . 2016-10-13 14:39 59528 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2016-10-13 14:39 . 2016-10-13 14:39 48768 ----a-w- c:\windows\system32\drivers\ekbdflt.sys
2016-10-13 14:39 . 2016-10-13 14:39 232072 ----a-w- c:\windows\system32\drivers\eamonm.sys
2016-10-13 14:39 . 2016-10-13 14:39 212096 ----a-w- c:\windows\system32\drivers\edevmon.sys
2016-10-13 14:39 . 2016-10-13 14:39 177792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2016-09-02 15:40 . 2016-09-17 13:01 631176 ----a-w- c:\windows\system32\winresume.efi
2016-09-02 15:35 . 2016-09-17 13:01 706280 ----a-w- c:\windows\system32\winload.efi
2016-09-02 15:35 . 2016-09-17 13:01 5548264 ----a-w- c:\windows\system32\ntoskrnl.exe
2016-09-02 15:35 . 2016-09-17 13:01 95464 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2016-09-02 15:35 . 2016-09-17 13:01 154856 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2016-09-02 15:34 . 2016-09-17 13:01 1732864 ----a-w- c:\windows\system32\ntdll.dll
2016-09-02 15:31 . 2016-09-17 13:01 362496 ----a-w- c:\windows\system32\wow64win.dll
2016-09-02 15:31 . 2016-09-17 13:01 243712 ----a-w- c:\windows\system32\wow64.dll
2016-09-02 15:31 . 2016-09-17 13:01 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2016-09-02 15:31 . 2016-09-17 13:01 215552 ----a-w- c:\windows\system32\winsrv.dll
2016-09-02 15:31 . 2016-09-17 13:01 210432 ----a-w- c:\windows\system32\wdigest.dll
2016-09-02 15:31 . 2016-09-17 13:01 86528 ----a-w- c:\windows\system32\TSpkg.dll
2016-09-02 15:31 . 2016-09-17 13:01 503808 ----a-w- c:\windows\system32\srcore.dll
2016-09-02 15:31 . 2016-09-17 13:01 50176 ----a-w- c:\windows\system32\srclient.dll
2016-09-02 15:31 . 2016-09-17 13:01 135680 ----a-w- c:\windows\system32\sspicli.dll
2016-09-02 15:31 . 2016-09-17 13:01 28672 ----a-w- c:\windows\system32\sspisrv.dll
2016-09-02 15:30 . 2016-09-17 13:01 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
2016-09-02 15:30 . 2016-09-17 13:01 28160 ----a-w- c:\windows\system32\secur32.dll
2016-09-02 15:30 . 2016-09-17 13:01 345600 ----a-w- c:\windows\system32\schannel.dll
2016-09-02 15:30 . 2016-09-17 13:01 1212928 ----a-w- c:\windows\system32\rpcrt4.dll
2016-09-02 15:30 . 2016-09-17 13:01 190464 ----a-w- c:\windows\system32\rpchttp.dll
2016-09-02 15:30 . 2016-09-17 13:01 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2016-09-02 15:30 . 2016-09-17 13:01 312320 ----a-w- c:\windows\system32\ncrypt.dll
2016-09-02 15:30 . 2016-09-17 13:01 316416 ----a-w- c:\windows\system32\msv1_0.dll
2016-09-02 15:30 . 2016-09-17 13:01 60416 ----a-w- c:\windows\system32\msobjs.dll
2016-09-02 15:30 . 2016-09-17 13:01 146432 ----a-w- c:\windows\system32\msaudite.dll
2016-09-02 15:30 . 2016-09-17 13:01 419840 ----a-w- c:\windows\system32\KernelBase.dll
2016-09-02 15:30 . 2016-09-17 13:01 1163264 ----a-w- c:\windows\system32\kernel32.dll
2016-09-02 15:30 . 2016-09-17 13:01 730624 ----a-w- c:\windows\system32\kerberos.dll
2016-09-02 15:30 . 2016-09-17 13:01 1464320 ----a-w- c:\windows\system32\lsasrv.dll
2016-09-02 15:30 . 2016-09-17 13:01 44032 ----a-w- c:\windows\system32\csrsrv.dll
2016-09-02 15:30 . 2016-09-17 13:01 43520 ----a-w- c:\windows\system32\cryptbase.dll
2016-09-02 15:30 . 2016-09-17 13:01 22016 ----a-w- c:\windows\system32\credssp.dll
2016-09-02 15:30 . 2016-09-17 13:01 880640 ----a-w- c:\windows\system32\advapi32.dll
2016-09-02 15:30 . 2016-09-17 13:01 34816 ----a-w- c:\windows\system32\appidsvc.dll
2016-09-02 15:30 . 2016-09-17 13:01 59904 ----a-w- c:\windows\system32\appidapi.dll
2016-09-02 15:30 . 2016-09-17 13:01 463872 ----a-w- c:\windows\system32\certcli.dll
2016-09-02 15:30 . 2016-09-17 13:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 6656 ----a-w- c:\windows\system32\apisetschema.dll
2016-09-02 15:30 . 2016-09-17 13:01 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 690688 ----a-w- c:\windows\system32\adtschema.dll
2016-09-02 15:21 . 2016-09-17 13:01 4000488 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2016-09-02 15:21 . 2016-09-17 13:01 3944680 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2016-09-02 15:18 . 2016-09-17 13:01 1314112 ----a-w- c:\windows\SysWow64\ntdll.dll
2016-09-02 15:16 . 2016-09-17 13:01 275456 ----a-w- c:\windows\SysWow64\KernelBase.dll
2016-09-02 15:16 . 2016-09-17 13:01 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2016-09-02 15:16 . 2016-09-17 13:01 666112 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2016-09-02 15:16 . 2016-09-17 13:01 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2016-09-02 15:16 . 2016-09-17 13:01 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2016-09-02 15:16 . 2016-09-17 13:01 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2016-09-02 15:16 . 2016-09-17 13:01 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2016-09-02 15:16 . 2016-09-17 13:01 254464 ----a-w- c:\windows\SysWow64\schannel.dll
2016-09-02 15:16 . 2016-09-17 13:01 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2016-09-02 15:16 . 2016-09-17 13:01 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2016-09-02 15:16 . 2016-09-17 13:01 260608 ----a-w- c:\windows\SysWow64\msv1_0.dll
2016-09-02 15:16 . 2016-09-17 13:01 223232 ----a-w- c:\windows\SysWow64\ncrypt.dll
2016-09-02 15:16 . 2016-09-17 13:01 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2016-09-02 15:16 . 2016-09-17 13:01 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2016-09-02 15:16 . 2016-09-17 13:01 553472 ----a-w- c:\windows\SysWow64\kerberos.dll
2016-09-02 15:16 . 2016-09-17 13:01 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2016-09-02 15:16 . 2016-09-17 13:01 342528 ----a-w- c:\windows\SysWow64\certcli.dll
2016-09-02 15:16 . 2016-09-17 13:01 644096 ----a-w- c:\windows\SysWow64\advapi32.dll
2016-09-02 15:16 . 2016-09-17 13:01 50688 ----a-w- c:\windows\SysWow64\appidapi.dll
2016-09-02 15:16 . 2016-09-17 13:01 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2016-08-16 . E573BD9AB55C8E333C202B9E255F972E . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2014-05-28 1563440]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-09-28 8944344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2014-05-28 310064]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2014-11-17 448856]
"CanonQuickMenu"="c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2013-04-02 1282632]
.
c:\users\Eliška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
mcserver.lnk - c:\program files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exe [2013-8-9 69488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys;c:\windows\SYSNATIVE\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1018unic.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 usbrndis6;Adaptér USB RNDIS6;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 zte_cdc_acm;ZTE All CDC-ACM driver;c:\windows\system32\DRIVERS\zte_cdc_acm.sys;c:\windows\SYSNATIVE\DRIVERS\zte_cdc_acm.sys [x]
R3 zte_cpo;ZTE All Install;c:\windows\system32\DRIVERS\zte_cpo.sys;c:\windows\SYSNATIVE\DRIVERS\zte_cpo.sys [x]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys;c:\windows\SYSNATIVE\drivers\BMLoad.sys [x]
S0 edevmon;edevmon;c:\windows\system32\DRIVERS\edevmon.sys;c:\windows\SYSNATIVE\DRIVERS\edevmon.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ATService;AuthenTec Fingerprint Service;c:\program files (x86)\Fingerprint Sensor\AtService.exe;c:\program files (x86)\Fingerprint Sensor\AtService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\ekbdflt.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security Premium\ekrn.exe;c:\program files\ESET\ESET Smart Security Premium\ekrn.exe [x]
S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys;c:\windows\SYSNATIVE\Drivers\ATSwpWDF.sys [x]
S3 ITECIRfilter;ITECIR Filter Driver;c:\windows\system32\DRIVERS\ITECIRfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ITECIRfilter.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys;c:\windows\SYSNATIVE\DRIVERS\seehcri.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2016-10-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-15 11:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 342528]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-17 4119552]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Eliška\AppData\Roaming\Mozilla\Firefox\Profiles\3w1zlmmx.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-10 - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.21"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
c:\program files (x86)\T-Mobile\InternetManager_Z\Bin\dbus-daemon.exe
c:\program files (x86)\T-Mobile\InternetManager_Z\Bin\db_daemon.exe
c:\program files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
c:\program files (x86)\Canon\Quick Menu\CNQMSWCS.exe
.
**************************************************************************
.
Celkový čas: 2016-11-18 20:51:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-11-18 19:51
.
Před spuštěním: Volných bajtů: 148 811 022 336
Po spuštění: Volných bajtů: 148 898 029 568
.
- - End Of File - - 310FBFA704F0B59E4570E9C6A7E174A5
A36C5E4F47E84449FF07ED3517B43A31
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7322
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Eset online scaner najde 8 hrozeb, ale nedoběhne-bluescr

#22 Příspěvek od altrok »

:arrow: Pokud jeste nemate, presunte ComboFix primo do korenoveho adresare (jeho umisteni bude C:\Combofix.exe) :!:
  • Otevrete Poznamkovy blok (Start -> Spustit -> notepad)
  • zkopirujte do nej skript nize a ulozte rovnez do korenoveho adresare jako CFScript (Typ souboru: Textovy dokument)

    Kód: Vybrat vše

    KillAll::

Registry::
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"=-
"SunJavaUpdateSched"=-
"QuickTime Task"=-

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

ClearJavaCache::

Reboot::
  • Tento CFScript.txt chytte, doslova pretahnete nad ikonu ComboFixu a pustte.
    Obrázek
  • Po restartu na Vas vyskoci log, jehoz obsah mi vlozte do dalsi odpovedi.
:arrow: Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou Windows. V tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
Bary.Jan
Návštěvník
Návštěvník
Příspěvky: 84
Registrován: 09 pro 2013 15:20

Re: Eset online scaner najde 8 hrozeb, ale nedoběhne-bluescr

#23 Příspěvek od Bary.Jan »

Nebyl jsem si trochu jistý při tom ukladani na C:/ tak snad je to správně- zde je log:

ComboFix 16-11-13.01 - Eliška 21.11.2016 1:00.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4091.2420 [GMT 1:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: ESET Smart Security Premium 10.0.369.1 *Disabled/Updated* {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
FW: ESET Personální firewall *Disabled* {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
SP: ESET Smart Security Premium 10.0.369.1 *Disabled/Updated* {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-10-21 do 2016-11-21 )))))))))))))))))))))))))))))))
.
.
2016-11-21 00:10 . 2016-11-21 00:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-11-18 18:20 . 2016-11-18 18:22 -------- d-----w- C:\FRST
2016-11-14 23:16 . 2016-11-14 23:16 -------- d-----w- c:\program files\ESET
2016-11-13 19:15 . 2016-11-13 19:15 -------- d-----w- c:\programdata\Malwarebytes
2016-11-13 18:23 . 2016-10-19 10:14 12033040 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1B382D45-6969-4CA6-9B3E-5ECE36B6FC29}\mpengine.dll
2016-11-13 13:30 . 2016-11-13 13:31 2048 ----a-w- c:\windows\SysWow64\winver.exe
2016-11-13 13:30 . 2016-11-13 13:31 833024 ----a-w- c:\windows\SysWow64\user32.dll
2016-11-13 13:30 . 2016-11-13 13:31 410624 ----a-w- c:\windows\SysWow64\systemcpl.dll
2016-11-13 13:30 . 2016-11-13 13:30 1536 ----a-w- c:\windows\SysWow64\sppcomapi.dll
2016-11-13 13:30 . 2016-11-13 13:30 113543 ----a-w- c:\windows\SysWow64\slmgr.vbs
2016-11-13 11:42 . 2016-11-13 13:03 -------- d-----w- c:\program files (x86)\My Program
2016-10-28 13:44 . 2016-10-28 13:44 -------- d-----w- C:\912d2e4e024f32452e1d
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-11-14 22:37 . 2014-07-30 14:19 97856 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2016-11-13 11:21 . 2012-01-24 19:50 144199024 -c--a-w- c:\windows\system32\MRT.exe
2016-10-13 14:39 . 2016-10-13 14:39 91784 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2016-10-13 14:39 . 2016-10-13 14:39 76416 ----a-w- c:\windows\system32\drivers\epfw.sys
2016-10-13 14:39 . 2016-10-13 14:39 59528 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2016-10-13 14:39 . 2016-10-13 14:39 48768 ----a-w- c:\windows\system32\drivers\ekbdflt.sys
2016-10-13 14:39 . 2016-10-13 14:39 232072 ----a-w- c:\windows\system32\drivers\eamonm.sys
2016-10-13 14:39 . 2016-10-13 14:39 212096 ----a-w- c:\windows\system32\drivers\edevmon.sys
2016-10-13 14:39 . 2016-10-13 14:39 177792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2016-09-02 15:40 . 2016-09-17 13:01 631176 ----a-w- c:\windows\system32\winresume.efi
2016-09-02 15:35 . 2016-09-17 13:01 706280 ----a-w- c:\windows\system32\winload.efi
2016-09-02 15:35 . 2016-09-17 13:01 5548264 ----a-w- c:\windows\system32\ntoskrnl.exe
2016-09-02 15:35 . 2016-09-17 13:01 95464 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2016-09-02 15:35 . 2016-09-17 13:01 154856 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2016-09-02 15:34 . 2016-09-17 13:01 1732864 ----a-w- c:\windows\system32\ntdll.dll
2016-09-02 15:31 . 2016-09-17 13:01 362496 ----a-w- c:\windows\system32\wow64win.dll
2016-09-02 15:31 . 2016-09-17 13:01 243712 ----a-w- c:\windows\system32\wow64.dll
2016-09-02 15:31 . 2016-09-17 13:01 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2016-09-02 15:31 . 2016-09-17 13:01 215552 ----a-w- c:\windows\system32\winsrv.dll
2016-09-02 15:31 . 2016-09-17 13:01 210432 ----a-w- c:\windows\system32\wdigest.dll
2016-09-02 15:31 . 2016-09-17 13:01 86528 ----a-w- c:\windows\system32\TSpkg.dll
2016-09-02 15:31 . 2016-09-17 13:01 503808 ----a-w- c:\windows\system32\srcore.dll
2016-09-02 15:31 . 2016-09-17 13:01 50176 ----a-w- c:\windows\system32\srclient.dll
2016-09-02 15:31 . 2016-09-17 13:01 135680 ----a-w- c:\windows\system32\sspicli.dll
2016-09-02 15:31 . 2016-09-17 13:01 28672 ----a-w- c:\windows\system32\sspisrv.dll
2016-09-02 15:30 . 2016-09-17 13:01 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
2016-09-02 15:30 . 2016-09-17 13:01 28160 ----a-w- c:\windows\system32\secur32.dll
2016-09-02 15:30 . 2016-09-17 13:01 345600 ----a-w- c:\windows\system32\schannel.dll
2016-09-02 15:30 . 2016-09-17 13:01 1212928 ----a-w- c:\windows\system32\rpcrt4.dll
2016-09-02 15:30 . 2016-09-17 13:01 190464 ----a-w- c:\windows\system32\rpchttp.dll
2016-09-02 15:30 . 2016-09-17 13:01 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2016-09-02 15:30 . 2016-09-17 13:01 312320 ----a-w- c:\windows\system32\ncrypt.dll
2016-09-02 15:30 . 2016-09-17 13:01 316416 ----a-w- c:\windows\system32\msv1_0.dll
2016-09-02 15:30 . 2016-09-17 13:01 60416 ----a-w- c:\windows\system32\msobjs.dll
2016-09-02 15:30 . 2016-09-17 13:01 146432 ----a-w- c:\windows\system32\msaudite.dll
2016-09-02 15:30 . 2016-09-17 13:01 419840 ----a-w- c:\windows\system32\KernelBase.dll
2016-09-02 15:30 . 2016-09-17 13:01 1163264 ----a-w- c:\windows\system32\kernel32.dll
2016-09-02 15:30 . 2016-09-17 13:01 730624 ----a-w- c:\windows\system32\kerberos.dll
2016-09-02 15:30 . 2016-09-17 13:01 1464320 ----a-w- c:\windows\system32\lsasrv.dll
2016-09-02 15:30 . 2016-09-17 13:01 44032 ----a-w- c:\windows\system32\csrsrv.dll
2016-09-02 15:30 . 2016-09-17 13:01 43520 ----a-w- c:\windows\system32\cryptbase.dll
2016-09-02 15:30 . 2016-09-17 13:01 22016 ----a-w- c:\windows\system32\credssp.dll
2016-09-02 15:30 . 2016-09-17 13:01 880640 ----a-w- c:\windows\system32\advapi32.dll
2016-09-02 15:30 . 2016-09-17 13:01 34816 ----a-w- c:\windows\system32\appidsvc.dll
2016-09-02 15:30 . 2016-09-17 13:01 59904 ----a-w- c:\windows\system32\appidapi.dll
2016-09-02 15:30 . 2016-09-17 13:01 463872 ----a-w- c:\windows\system32\certcli.dll
2016-09-02 15:30 . 2016-09-17 13:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 6656 ----a-w- c:\windows\system32\apisetschema.dll
2016-09-02 15:30 . 2016-09-17 13:01 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-09-02 15:30 . 2016-09-17 13:01 690688 ----a-w- c:\windows\system32\adtschema.dll
2016-09-02 15:21 . 2016-09-17 13:01 4000488 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2016-09-02 15:21 . 2016-09-17 13:01 3944680 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2016-09-02 15:18 . 2016-09-17 13:01 1314112 ----a-w- c:\windows\SysWow64\ntdll.dll
2016-09-02 15:16 . 2016-09-17 13:01 275456 ----a-w- c:\windows\SysWow64\KernelBase.dll
2016-09-02 15:16 . 2016-09-17 13:01 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2016-09-02 15:16 . 2016-09-17 13:01 666112 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2016-09-02 15:16 . 2016-09-17 13:01 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2016-09-02 15:16 . 2016-09-17 13:01 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2016-09-02 15:16 . 2016-09-17 13:01 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2016-09-02 15:16 . 2016-09-17 13:01 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2016-09-02 15:16 . 2016-09-17 13:01 254464 ----a-w- c:\windows\SysWow64\schannel.dll
2016-09-02 15:16 . 2016-09-17 13:01 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2016-09-02 15:16 . 2016-09-17 13:01 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2016-09-02 15:16 . 2016-09-17 13:01 260608 ----a-w- c:\windows\SysWow64\msv1_0.dll
2016-09-02 15:16 . 2016-09-17 13:01 223232 ----a-w- c:\windows\SysWow64\ncrypt.dll
2016-09-02 15:16 . 2016-09-17 13:01 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2016-09-02 15:16 . 2016-09-17 13:01 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2016-09-02 15:16 . 2016-09-17 13:01 553472 ----a-w- c:\windows\SysWow64\kerberos.dll
2016-09-02 15:16 . 2016-09-17 13:01 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2016-09-02 15:16 . 2016-09-17 13:01 342528 ----a-w- c:\windows\SysWow64\certcli.dll
2016-09-02 15:16 . 2016-09-17 13:01 644096 ----a-w- c:\windows\SysWow64\advapi32.dll
2016-09-02 15:16 . 2016-09-17 13:01 50688 ----a-w- c:\windows\SysWow64\appidapi.dll
2016-09-02 15:16 . 2016-09-17 13:01 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-09-02 15:16 . 2016-09-17 13:01 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2016-08-16 . E573BD9AB55C8E333C202B9E255F972E . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2014-05-28 1563440]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-09-28 8944344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2014-05-28 310064]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2014-11-17 448856]
"CanonQuickMenu"="c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2013-04-02 1282632]
.
c:\users\Eliška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
mcserver.lnk - c:\program files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exe [2013-8-9 69488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys;c:\windows\SYSNATIVE\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1018unic.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 usbrndis6;Adaptér USB RNDIS6;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 zte_cdc_acm;ZTE All CDC-ACM driver;c:\windows\system32\DRIVERS\zte_cdc_acm.sys;c:\windows\SYSNATIVE\DRIVERS\zte_cdc_acm.sys [x]
R3 zte_cpo;ZTE All Install;c:\windows\system32\DRIVERS\zte_cpo.sys;c:\windows\SYSNATIVE\DRIVERS\zte_cpo.sys [x]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys;c:\windows\SYSNATIVE\drivers\BMLoad.sys [x]
S0 edevmon;edevmon;c:\windows\system32\DRIVERS\edevmon.sys;c:\windows\SYSNATIVE\DRIVERS\edevmon.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ATService;AuthenTec Fingerprint Service;c:\program files (x86)\Fingerprint Sensor\AtService.exe;c:\program files (x86)\Fingerprint Sensor\AtService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\ekbdflt.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security Premium\ekrn.exe;c:\program files\ESET\ESET Smart Security Premium\ekrn.exe [x]
S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys;c:\windows\SYSNATIVE\Drivers\ATSwpWDF.sys [x]
S3 ITECIRfilter;ITECIR Filter Driver;c:\windows\system32\DRIVERS\ITECIRfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ITECIRfilter.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys;c:\windows\SYSNATIVE\DRIVERS\seehcri.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2016-10-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-15 11:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 342528]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-17 4119552]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 212.33.36.155 212.33.55.5
FF - ProfilePath - c:\users\Eliška\AppData\Roaming\Mozilla\Firefox\Profiles\3w1zlmmx.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
c:\program files (x86)\T-Mobile\InternetManager_Z\Bin\dbus-daemon.exe
c:\program files (x86)\T-Mobile\InternetManager_Z\Bin\db_daemon.exe
c:\program files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
c:\program files (x86)\Canon\Quick Menu\CNQMSWCS.exe
.
**************************************************************************
.
Celkový čas: 2016-11-21 01:23:56 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-11-21 00:23
ComboFix2.txt 2016-11-18 19:51
.
Před spuštěním: Volných bajtů: 149 088 067 584
Po spuštění: Volných bajtů: 149 521 158 144
.
- - End Of File - - 117C4EF6C81722810E5122CC4583254B
A36C5E4F47E84449FF07ED3517B43A31
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7322
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Eset online scaner najde 8 hrozeb, ale nedoběhne-bluescr

#24 Příspěvek od altrok »

  • Prejmenujte ComboFix na Uninstall a spustte jako spravce
  • ComboFix se odinstaluje.


:arrow: Start -> vepiste cmd
  • na vysledek vyhledavani kliknete pravym a zvolte Spustit jako spravce
  • do spusteneho okna vepiste: sfc /scannow
  • a odentrujte
  • po jeho skonceni jeste do otevreneho prikazoveho radku vepiste (pripadne text zkopirujte do schranky pomoci Ctrl+C a vlozte pres pravy klik a vlozit)
    findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >> "%userprofile%\desktop\sfcdetails.txt"
  • a odentrujte
  • obsah logu sfcdetails.txt umisteneho na plose zkopirujte do pristi odpovedi
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
Bary.Jan
Návštěvník
Návštěvník
Příspěvky: 84
Registrován: 09 pro 2013 15:20

Re: Eset online scaner najde 8 hrozeb, ale nedoběhne-bluescr

#25 Příspěvek od Bary.Jan »

Tak jsem se zasekl hned s Combofix. Přejmenovat se mi podařilo, spustil jsem jako správce, ale nechce se smazat. Naběhne dialogove okno, proběhne x y zelených řádku a nad tím nabíhá zelený pruh, poté naskočí další okno, ke nabíhají nahoře červený a dole modrý pruh, po chvíli okna zmizí a akorát pak očítač pípne takové to krátké pípnutí jako když windovs vyhodí dialgove okno a tim to hasne, poté zase naběhne stejny proces Combo fix a stale se opakuje dokola a na nic nereaguje. Zkoušel sem zavřit prohlizec, vypnout eset a stejne stale dokola a nepomuže nic než restart...
Nahoru
Bary.Jan
Návštěvník
Návštěvník
Příspěvky: 84
Registrován: 09 pro 2013 15:20

Re: Eset online scaner najde 8 hrozeb, ale nedoběhne-bluescr

#26 Příspěvek od Bary.Jan »

Tak asi po třetím restartu byl ComboFix pryč a pokračoval jsem dle navodu. Zde je log...

2016-11-14 03:11:32, Info CSI 00000009 [SR] Verifying 1 components
2016-11-14 03:11:32, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2016-11-14 03:11:33, Info CSI 0000000c [SR] Verify complete
2016-11-14 03:11:34, Info CSI 0000000d [SR] Verifying 1 components
2016-11-14 03:11:34, Info CSI 0000000e [SR] Beginning Verify and Repair transaction
2016-11-14 03:11:36, Info CSI 00000010 [SR] Verify complete
2016-11-17 02:53:10, Info CSI 00000009 [SR] Verifying 1 components
2016-11-17 02:53:10, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2016-11-17 02:53:11, Info CSI 0000000c [SR] Verify complete
2016-11-22 03:13:35, Info CSI 00000009 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:13:35, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2016-11-22 03:13:37, Info CSI 0000000c [SR] Verify complete
2016-11-22 03:13:38, Info CSI 0000000d [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:13:38, Info CSI 0000000e [SR] Beginning Verify and Repair transaction
2016-11-22 03:13:41, Info CSI 00000010 [SR] Verify complete
2016-11-22 03:13:42, Info CSI 00000011 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:13:42, Info CSI 00000012 [SR] Beginning Verify and Repair transaction
2016-11-22 03:13:44, Info CSI 00000014 [SR] Verify complete
2016-11-22 03:13:45, Info CSI 00000015 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:13:45, Info CSI 00000016 [SR] Beginning Verify and Repair transaction
2016-11-22 03:13:48, Info CSI 00000018 [SR] Verify complete
2016-11-22 03:13:49, Info CSI 00000019 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:13:49, Info CSI 0000001a [SR] Beginning Verify and Repair transaction
2016-11-22 03:13:51, Info CSI 0000001c [SR] Verify complete
2016-11-22 03:13:52, Info CSI 0000001d [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:13:52, Info CSI 0000001e [SR] Beginning Verify and Repair transaction
2016-11-22 03:13:55, Info CSI 00000020 [SR] Verify complete
2016-11-22 03:13:56, Info CSI 00000021 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:13:56, Info CSI 00000022 [SR] Beginning Verify and Repair transaction
2016-11-22 03:13:58, Info CSI 00000024 [SR] Verify complete
2016-11-22 03:13:59, Info CSI 00000025 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:13:59, Info CSI 00000026 [SR] Beginning Verify and Repair transaction
2016-11-22 03:14:01, Info CSI 00000028 [SR] Verify complete
2016-11-22 03:14:02, Info CSI 00000029 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:14:02, Info CSI 0000002a [SR] Beginning Verify and Repair transaction
2016-11-22 03:14:04, Info CSI 0000002c [SR] Verify complete
2016-11-22 03:14:05, Info CSI 0000002d [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:14:05, Info CSI 0000002e [SR] Beginning Verify and Repair transaction
2016-11-22 03:14:08, Info CSI 00000030 [SR] Verify complete
2016-11-22 03:14:08, Info CSI 00000031 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:14:08, Info CSI 00000032 [SR] Beginning Verify and Repair transaction
2016-11-22 03:14:11, Info CSI 00000034 [SR] Verify complete
2016-11-22 03:14:12, Info CSI 00000035 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:14:12, Info CSI 00000036 [SR] Beginning Verify and Repair transaction
2016-11-22 03:14:14, Info CSI 00000038 [SR] Verify complete
2016-11-22 03:14:15, Info CSI 00000039 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:14:15, Info CSI 0000003a [SR] Beginning Verify and Repair transaction
2016-11-22 03:14:17, Info CSI 0000003c [SR] Verify complete
2016-11-22 03:14:18, Info CSI 0000003d [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:14:18, Info CSI 0000003e [SR] Beginning Verify and Repair transaction
2016-11-22 03:14:20, Info CSI 00000040 [SR] Verify complete
2016-11-22 03:14:21, Info CSI 00000041 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:14:21, Info CSI 00000042 [SR] Beginning Verify and Repair transaction
2016-11-22 03:14:23, Info CSI 00000044 [SR] Verify complete
2016-11-22 03:14:24, Info CSI 00000045 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:14:24, Info CSI 00000046 [SR] Beginning Verify and Repair transaction
2016-11-22 03:14:26, Info CSI 00000048 [SR] Verify complete
2016-11-22 03:14:27, Info CSI 00000049 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:14:27, Info CSI 0000004a [SR] Beginning Verify and Repair transaction
2016-11-22 03:14:29, Info CSI 0000004c [SR] Verify complete
2016-11-22 03:14:30, Info CSI 0000004d [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:14:30, Info CSI 0000004e [SR] Beginning Verify and Repair transaction
2016-11-22 03:14:32, Info CSI 00000050 [SR] Verify complete
2016-11-22 03:14:33, Info CSI 00000051 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:14:33, Info CSI 00000052 [SR] Beginning Verify and Repair transaction
2016-11-22 03:14:35, Info CSI 00000054 [SR] Verify complete
2016-11-22 03:14:35, Info CSI 00000055 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:14:35, Info CSI 00000056 [SR] Beginning Verify and Repair transaction
2016-11-22 03:14:38, Info CSI 00000058 [SR] Verify complete
2016-11-22 03:14:38, Info CSI 00000059 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:14:38, Info CSI 0000005a [SR] Beginning Verify and Repair transaction
2016-11-22 03:14:40, Info CSI 0000005c [SR] Verify complete
2016-11-22 03:14:41, Info CSI 0000005d [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:14:41, Info CSI 0000005e [SR] Beginning Verify and Repair transaction
2016-11-22 03:14:43, Info CSI 00000060 [SR] Verify complete
2016-11-22 03:14:44, Info CSI 00000061 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:14:44, Info CSI 00000062 [SR] Beginning Verify and Repair transaction
2016-11-22 03:14:46, Info CSI 00000064 [SR] Verify complete
2016-11-22 03:14:47, Info CSI 00000065 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:14:47, Info CSI 00000066 [SR] Beginning Verify and Repair transaction
2016-11-22 03:14:49, Info CSI 00000068 [SR] Verify complete
2016-11-22 03:14:49, Info CSI 00000069 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:14:49, Info CSI 0000006a [SR] Beginning Verify and Repair transaction
2016-11-22 03:14:51, Info CSI 0000006c [SR] Verify complete
2016-11-22 03:14:52, Info CSI 0000006d [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:14:52, Info CSI 0000006e [SR] Beginning Verify and Repair transaction
2016-11-22 03:14:54, Info CSI 00000070 [SR] Verify complete
2016-11-22 03:14:55, Info CSI 00000071 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:14:55, Info CSI 00000072 [SR] Beginning Verify and Repair transaction
2016-11-22 03:14:57, Info CSI 00000074 [SR] Verify complete
2016-11-22 03:14:58, Info CSI 00000075 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:14:58, Info CSI 00000076 [SR] Beginning Verify and Repair transaction
2016-11-22 03:15:00, Info CSI 00000078 [SR] Verify complete
2016-11-22 03:15:00, Info CSI 00000079 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:15:00, Info CSI 0000007a [SR] Beginning Verify and Repair transaction
2016-11-22 03:15:02, Info CSI 0000007c [SR] Verify complete
2016-11-22 03:15:03, Info CSI 0000007d [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:15:03, Info CSI 0000007e [SR] Beginning Verify and Repair transaction
2016-11-22 03:15:07, Info CSI 00000080 [SR] Verify complete
2016-11-22 03:15:07, Info CSI 00000081 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:15:07, Info CSI 00000082 [SR] Beginning Verify and Repair transaction
2016-11-22 03:15:09, Info CSI 00000084 [SR] Verify complete
2016-11-22 03:15:10, Info CSI 00000085 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:15:10, Info CSI 00000086 [SR] Beginning Verify and Repair transaction
2016-11-22 03:15:13, Info CSI 00000088 [SR] Verify complete
2016-11-22 03:15:13, Info CSI 00000089 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:15:13, Info CSI 0000008a [SR] Beginning Verify and Repair transaction
2016-11-22 03:15:16, Info CSI 0000008c [SR] Verify complete
2016-11-22 03:15:17, Info CSI 0000008d [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:15:17, Info CSI 0000008e [SR] Beginning Verify and Repair transaction
2016-11-22 03:15:19, Info CSI 00000090 [SR] Verify complete
2016-11-22 03:15:19, Info CSI 00000091 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:15:19, Info CSI 00000092 [SR] Beginning Verify and Repair transaction
2016-11-22 03:15:21, Info CSI 00000094 [SR] Verify complete
2016-11-22 03:15:22, Info CSI 00000095 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:15:22, Info CSI 00000096 [SR] Beginning Verify and Repair transaction
2016-11-22 03:15:25, Info CSI 00000098 [SR] Verify complete
2016-11-22 03:15:25, Info CSI 00000099 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:15:25, Info CSI 0000009a [SR] Beginning Verify and Repair transaction
2016-11-22 03:15:27, Info CSI 0000009c [SR] Verify complete
2016-11-22 03:15:28, Info CSI 0000009d [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:15:28, Info CSI 0000009e [SR] Beginning Verify and Repair transaction
2016-11-22 03:15:29, Info CSI 000000a0 [SR] Verify complete
2016-11-22 03:15:30, Info CSI 000000a1 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:15:30, Info CSI 000000a2 [SR] Beginning Verify and Repair transaction
2016-11-22 03:15:33, Info CSI 000000a4 [SR] Verify complete
2016-11-22 03:15:33, Info CSI 000000a5 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:15:33, Info CSI 000000a6 [SR] Beginning Verify and Repair transaction
2016-11-22 03:15:35, Info CSI 000000a8 [SR] Verify complete
2016-11-22 03:15:36, Info CSI 000000a9 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:15:36, Info CSI 000000aa [SR] Beginning Verify and Repair transaction
2016-11-22 03:15:37, Info CSI 000000ac [SR] Verify complete
2016-11-22 03:15:38, Info CSI 000000ad [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:15:38, Info CSI 000000ae [SR] Beginning Verify and Repair transaction
2016-11-22 03:15:40, Info CSI 000000b0 [SR] Verify complete
2016-11-22 03:15:41, Info CSI 000000b1 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:15:41, Info CSI 000000b2 [SR] Beginning Verify and Repair transaction
2016-11-22 03:15:42, Info CSI 000000b4 [SR] Verify complete
2016-11-22 03:15:43, Info CSI 000000b5 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:15:43, Info CSI 000000b6 [SR] Beginning Verify and Repair transaction
2016-11-22 03:15:45, Info CSI 000000b8 [SR] Verify complete
2016-11-22 03:15:45, Info CSI 000000b9 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:15:45, Info CSI 000000ba [SR] Beginning Verify and Repair transaction
2016-11-22 03:15:50, Info CSI 000000bc [SR] Verify complete
2016-11-22 03:15:50, Info CSI 000000bd [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:15:50, Info CSI 000000be [SR] Beginning Verify and Repair transaction
2016-11-22 03:15:53, Info CSI 000000c0 [SR] Verify complete
2016-11-22 03:15:54, Info CSI 000000c1 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:15:54, Info CSI 000000c2 [SR] Beginning Verify and Repair transaction
2016-11-22 03:15:56, Info CSI 000000c4 [SR] Verify complete
2016-11-22 03:15:57, Info CSI 000000c5 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:15:57, Info CSI 000000c6 [SR] Beginning Verify and Repair transaction
2016-11-22 03:16:02, Info CSI 000000c8 [SR] Verify complete
2016-11-22 03:16:02, Info CSI 000000c9 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:16:02, Info CSI 000000ca [SR] Beginning Verify and Repair transaction
2016-11-22 03:16:11, Info CSI 000000cd [SR] Verify complete
2016-11-22 03:16:12, Info CSI 000000ce [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:16:12, Info CSI 000000cf [SR] Beginning Verify and Repair transaction
2016-11-22 03:16:18, Info CSI 000000d4 [SR] Verify complete
2016-11-22 03:16:18, Info CSI 000000d5 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:16:18, Info CSI 000000d6 [SR] Beginning Verify and Repair transaction
2016-11-22 03:16:24, Info CSI 000000d9 [SR] Verify complete
2016-11-22 03:16:24, Info CSI 000000da [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:16:24, Info CSI 000000db [SR] Beginning Verify and Repair transaction
2016-11-22 03:16:30, Info CSI 000000dd [SR] Verify complete
2016-11-22 03:16:31, Info CSI 000000de [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:16:31, Info CSI 000000df [SR] Beginning Verify and Repair transaction
2016-11-22 03:16:39, Info CSI 00000101 [SR] Verify complete
2016-11-22 03:16:40, Info CSI 00000102 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:16:40, Info CSI 00000103 [SR] Beginning Verify and Repair transaction
2016-11-22 03:16:46, Info CSI 00000108 [SR] Verify complete
2016-11-22 03:16:47, Info CSI 00000109 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:16:47, Info CSI 0000010a [SR] Beginning Verify and Repair transaction
2016-11-22 03:16:54, Info CSI 0000010c [SR] Verify complete
2016-11-22 03:16:54, Info CSI 0000010d [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:16:54, Info CSI 0000010e [SR] Beginning Verify and Repair transaction
2016-11-22 03:17:00, Info CSI 00000110 [SR] Verify complete
2016-11-22 03:17:00, Info CSI 00000111 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:17:00, Info CSI 00000112 [SR] Beginning Verify and Repair transaction
2016-11-22 03:17:07, Info CSI 00000114 [SR] Verify complete
2016-11-22 03:17:08, Info CSI 00000115 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:17:08, Info CSI 00000116 [SR] Beginning Verify and Repair transaction
2016-11-22 03:17:12, Info CSI 00000117 [SR] Cannot verify component files for Microsoft-Windows-ehome-MCEWMDRMNDBootstrap, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral, manifest is damaged (FALSE)
2016-11-22 03:17:14, Info CSI 00000119 [SR] Verify complete
2016-11-22 03:17:14, Info CSI 0000011a [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:17:14, Info CSI 0000011b [SR] Beginning Verify and Repair transaction
2016-11-22 03:17:21, Info CSI 0000011d [SR] Verify complete
2016-11-22 03:17:21, Info CSI 0000011e [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:17:21, Info CSI 0000011f [SR] Beginning Verify and Repair transaction
2016-11-22 03:17:32, Info CSI 00000142 [SR] Verify complete
2016-11-22 03:17:32, Info CSI 00000143 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:17:32, Info CSI 00000144 [SR] Beginning Verify and Repair transaction
2016-11-22 03:17:40, Info CSI 00000146 [SR] Verify complete
2016-11-22 03:17:40, Info CSI 00000147 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:17:40, Info CSI 00000148 [SR] Beginning Verify and Repair transaction
2016-11-22 03:17:56, Info CSI 0000014a [SR] Verify complete
2016-11-22 03:17:56, Info CSI 0000014b [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:17:56, Info CSI 0000014c [SR] Beginning Verify and Repair transaction
2016-11-22 03:18:06, Info CSI 00000150 [SR] Verify complete
2016-11-22 03:18:06, Info CSI 00000151 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:18:06, Info CSI 00000152 [SR] Beginning Verify and Repair transaction
2016-11-22 03:18:09, Info CSI 00000154 [SR] Verify complete
2016-11-22 03:18:10, Info CSI 00000155 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:18:10, Info CSI 00000156 [SR] Beginning Verify and Repair transaction
2016-11-22 03:18:11, Info CSI 00000158 [SR] Verify complete
2016-11-22 03:18:11, Info CSI 00000159 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:18:11, Info CSI 0000015a [SR] Beginning Verify and Repair transaction
2016-11-22 03:18:17, Info CSI 0000015c [SR] Verify complete
2016-11-22 03:18:18, Info CSI 0000015d [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:18:18, Info CSI 0000015e [SR] Beginning Verify and Repair transaction
2016-11-22 03:18:26, Info CSI 00000171 [SR] Verify complete
2016-11-22 03:18:26, Info CSI 00000172 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:18:26, Info CSI 00000173 [SR] Beginning Verify and Repair transaction
2016-11-22 03:18:28, Info CSI 00000175 [SR] Verify complete
2016-11-22 03:18:29, Info CSI 00000176 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:18:29, Info CSI 00000177 [SR] Beginning Verify and Repair transaction
2016-11-22 03:18:33, Info CSI 00000179 [SR] Verify complete
2016-11-22 03:18:33, Info CSI 0000017a [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:18:33, Info CSI 0000017b [SR] Beginning Verify and Repair transaction
2016-11-22 03:18:36, Info CSI 0000017d [SR] Verify complete
2016-11-22 03:18:37, Info CSI 0000017e [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:18:37, Info CSI 0000017f [SR] Beginning Verify and Repair transaction
2016-11-22 03:18:43, Info CSI 00000182 [SR] Verify complete
2016-11-22 03:18:44, Info CSI 00000183 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:18:44, Info CSI 00000184 [SR] Beginning Verify and Repair transaction
2016-11-22 03:18:58, Info CSI 00000187 [SR] Verify complete
2016-11-22 03:18:59, Info CSI 00000188 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:18:59, Info CSI 00000189 [SR] Beginning Verify and Repair transaction
2016-11-22 03:19:04, Info CSI 0000018b [SR] Verify complete
2016-11-22 03:19:04, Info CSI 0000018c [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:19:04, Info CSI 0000018d [SR] Beginning Verify and Repair transaction
2016-11-22 03:19:05, Info CSI 0000018e [SR] Cannot verify component files for Microsoft-Windows-License-Default-ProfessionalE.Resources, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture = [l:10{5}]"cs-CZ", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral, manifest is damaged (FALSE)
2016-11-22 03:19:07, Info CSI 00000190 [SR] Verify complete
2016-11-22 03:19:08, Info CSI 00000191 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:19:08, Info CSI 00000192 [SR] Beginning Verify and Repair transaction
2016-11-22 03:19:16, Info CSI 00000194 [SR] Verify complete
2016-11-22 03:19:16, Info CSI 00000195 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:19:16, Info CSI 00000196 [SR] Beginning Verify and Repair transaction
2016-11-22 03:19:24, Info CSI 00000198 [SR] Verify complete
2016-11-22 03:19:24, Info CSI 00000199 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:19:24, Info CSI 0000019a [SR] Beginning Verify and Repair transaction
2016-11-22 03:19:30, Info CSI 0000019c [SR] Verify complete
2016-11-22 03:19:30, Info CSI 0000019d [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:19:30, Info CSI 0000019e [SR] Beginning Verify and Repair transaction
2016-11-22 03:19:43, Info CSI 000001b6 [SR] Verify complete
2016-11-22 03:19:43, Info CSI 000001b7 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:19:43, Info CSI 000001b8 [SR] Beginning Verify and Repair transaction
2016-11-22 03:19:49, Info CSI 000001b9 [SR] Cannot verify component files for Microsoft-Windows-NETFX35LinqComp.Resources, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture = [l:10{5}]"cs-cz", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral, manifest is damaged (FALSE)
2016-11-22 03:19:50, Info CSI 000001bb [SR] Verify complete
2016-11-22 03:19:51, Info CSI 000001bc [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:19:51, Info CSI 000001bd [SR] Beginning Verify and Repair transaction
2016-11-22 03:20:10, Info CSI 000001bf [SR] Verify complete
2016-11-22 03:20:11, Info CSI 000001c0 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:20:11, Info CSI 000001c1 [SR] Beginning Verify and Repair transaction
2016-11-22 03:20:23, Info CSI 000001c4 [SR] Verify complete
2016-11-22 03:20:23, Info CSI 000001c5 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:20:23, Info CSI 000001c6 [SR] Beginning Verify and Repair transaction
2016-11-22 03:20:31, Info CSI 000001c7 [SR] Cannot verify component files for Microsoft-Windows-Printing-PrintTicket-Win32, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral, manifest is damaged (FALSE)
2016-11-22 03:20:31, Info CSI 000001c8 [SR] Cannot verify component files for Microsoft-Windows-Printing-XpsDocumentWriter, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral, manifest is damaged (FALSE)
2016-11-22 03:20:33, Info CSI 000001ca [SR] Verify complete
2016-11-22 03:20:34, Info CSI 000001cb [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:20:34, Info CSI 000001cc [SR] Beginning Verify and Repair transaction
2016-11-22 03:20:42, Info CSI 000001cf [SR] Verify complete
2016-11-22 03:20:43, Info CSI 000001d0 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:20:43, Info CSI 000001d1 [SR] Beginning Verify and Repair transaction
2016-11-22 03:20:50, Info CSI 000001d3 [SR] Verify complete
2016-11-22 03:20:51, Info CSI 000001d4 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:20:51, Info CSI 000001d5 [SR] Beginning Verify and Repair transaction
2016-11-22 03:20:56, Info CSI 000001d7 [SR] Verify complete
2016-11-22 03:20:57, Info CSI 000001d8 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:20:57, Info CSI 000001d9 [SR] Beginning Verify and Repair transaction
2016-11-22 03:21:03, Info CSI 000001dd [SR] Verify complete
2016-11-22 03:21:04, Info CSI 000001de [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:21:04, Info CSI 000001df [SR] Beginning Verify and Repair transaction
2016-11-22 03:21:11, Info CSI 000001e1 [SR] Verify complete
2016-11-22 03:21:12, Info CSI 000001e2 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:21:12, Info CSI 000001e3 [SR] Beginning Verify and Repair transaction
2016-11-22 03:21:21, Info CSI 000001e6 [SR] Verify complete
2016-11-22 03:21:22, Info CSI 000001e7 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:21:22, Info CSI 000001e8 [SR] Beginning Verify and Repair transaction
2016-11-22 03:21:28, Info CSI 000001ea [SR] Verify complete
2016-11-22 03:21:28, Info CSI 000001eb [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:21:28, Info CSI 000001ec [SR] Beginning Verify and Repair transaction
2016-11-22 03:21:36, Info CSI 000001ef [SR] Verify complete
2016-11-22 03:21:36, Info CSI 000001f0 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:21:36, Info CSI 000001f1 [SR] Beginning Verify and Repair transaction
2016-11-22 03:21:46, Info CSI 000001f3 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:26{13}]"sppcomapi.dll" from store
2016-11-22 03:21:47, Info CSI 000001f5 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:18{9}]"slmgr.vbs" from store
2016-11-22 03:21:47, Info CSI 000001f8 [SR] Verify complete
2016-11-22 03:21:48, Info CSI 000001f9 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:21:48, Info CSI 000001fa [SR] Beginning Verify and Repair transaction
2016-11-22 03:21:56, Info CSI 000001fc [SR] Verify complete
2016-11-22 03:21:56, Info CSI 000001fd [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:21:56, Info CSI 000001fe [SR] Beginning Verify and Repair transaction
2016-11-22 03:22:03, Info CSI 00000200 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:26{13}]"systemcpl.dll" from store
2016-11-22 03:22:03, Info CSI 00000202 [SR] Verify complete
2016-11-22 03:22:04, Info CSI 00000203 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:22:04, Info CSI 00000204 [SR] Beginning Verify and Repair transaction
2016-11-22 03:22:11, Info CSI 00000206 [SR] Verify complete
2016-11-22 03:22:12, Info CSI 00000207 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:22:12, Info CSI 00000208 [SR] Beginning Verify and Repair transaction
2016-11-22 03:22:19, Info CSI 0000020b [SR] Verify complete
2016-11-22 03:22:20, Info CSI 0000020c [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:22:20, Info CSI 0000020d [SR] Beginning Verify and Repair transaction
2016-11-22 03:22:30, Info CSI 0000020f [SR] Verify complete
2016-11-22 03:22:30, Info CSI 00000210 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:22:30, Info CSI 00000211 [SR] Beginning Verify and Repair transaction
2016-11-22 03:22:36, Info CSI 00000214 [SR] Verify complete
2016-11-22 03:22:36, Info CSI 00000215 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:22:36, Info CSI 00000216 [SR] Beginning Verify and Repair transaction
2016-11-22 03:22:43, Info CSI 00000219 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"user32.dll" from store
2016-11-22 03:22:43, Info CSI 0000021b [SR] Verify complete
2016-11-22 03:22:44, Info CSI 0000021c [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:22:44, Info CSI 0000021d [SR] Beginning Verify and Repair transaction
2016-11-22 03:22:52, Info CSI 00000220 [SR] Verify complete
2016-11-22 03:22:53, Info CSI 00000221 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:22:53, Info CSI 00000222 [SR] Beginning Verify and Repair transaction
2016-11-22 03:23:01, Info CSI 00000225 [SR] Verify complete
2016-11-22 03:23:01, Info CSI 00000226 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:23:01, Info CSI 00000227 [SR] Beginning Verify and Repair transaction
2016-11-22 03:23:09, Info CSI 00000229 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"winver.exe" from store
2016-11-22 03:23:11, Info CSI 0000022c [SR] Verify complete
2016-11-22 03:23:11, Info CSI 0000022d [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:23:11, Info CSI 0000022e [SR] Beginning Verify and Repair transaction
2016-11-22 03:23:14, Info CSI 0000022f [SR] Cannot repair member file [l:14{7}]"sfc.exe" of Microsoft-Windows-WRP-Integrity-Client, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file cannot be checked
2016-11-22 03:23:19, Info CSI 00000230 [SR] Cannot repair member file [l:14{7}]"sfc.exe" of Microsoft-Windows-WRP-Integrity-Client, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file cannot be checked
2016-11-22 03:23:19, Info CSI 00000231 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2016-11-22 03:23:21, Info CSI 00000233 [SR] Verify complete
2016-11-22 03:23:21, Info CSI 00000234 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:23:21, Info CSI 00000235 [SR] Beginning Verify and Repair transaction
2016-11-22 03:23:24, Info CSI 00000237 [SR] Verify complete
2016-11-22 03:23:25, Info CSI 00000238 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:23:25, Info CSI 00000239 [SR] Beginning Verify and Repair transaction
2016-11-22 03:23:30, Info CSI 0000023b [SR] Verify complete
2016-11-22 03:23:30, Info CSI 0000023c [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:23:30, Info CSI 0000023d [SR] Beginning Verify and Repair transaction
2016-11-22 03:23:35, Info CSI 0000023f [SR] Verify complete
2016-11-22 03:23:36, Info CSI 00000240 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:23:36, Info CSI 00000241 [SR] Beginning Verify and Repair transaction
2016-11-22 03:23:43, Info CSI 00000243 [SR] Verify complete
2016-11-22 03:23:44, Info CSI 00000244 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:23:44, Info CSI 00000245 [SR] Beginning Verify and Repair transaction
2016-11-22 03:23:52, Info CSI 00000247 [SR] Verify complete
2016-11-22 03:23:52, Info CSI 00000248 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:23:52, Info CSI 00000249 [SR] Beginning Verify and Repair transaction
2016-11-22 03:23:56, Info CSI 0000024b [SR] Verify complete
2016-11-22 03:23:57, Info CSI 0000024c [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:23:57, Info CSI 0000024d [SR] Beginning Verify and Repair transaction
2016-11-22 03:24:04, Info CSI 0000024f [SR] Verify complete
2016-11-22 03:24:04, Info CSI 00000250 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:24:04, Info CSI 00000251 [SR] Beginning Verify and Repair transaction
2016-11-22 03:24:27, Info CSI 00000253 [SR] Verify complete
2016-11-22 03:24:27, Info CSI 00000254 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:24:27, Info CSI 00000255 [SR] Beginning Verify and Repair transaction
2016-11-22 03:24:41, Info CSI 00000257 [SR] Verify complete
2016-11-22 03:24:42, Info CSI 00000258 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:24:42, Info CSI 00000259 [SR] Beginning Verify and Repair transaction
2016-11-22 03:24:49, Info CSI 0000025b [SR] Verify complete
2016-11-22 03:24:49, Info CSI 0000025c [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:24:49, Info CSI 0000025d [SR] Beginning Verify and Repair transaction
2016-11-22 03:24:52, Info CSI 0000025f [SR] Verify complete
2016-11-22 03:24:53, Info CSI 00000260 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:24:53, Info CSI 00000261 [SR] Beginning Verify and Repair transaction
2016-11-22 03:24:57, Info CSI 00000263 [SR] Verify complete
2016-11-22 03:24:58, Info CSI 00000264 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:24:58, Info CSI 00000265 [SR] Beginning Verify and Repair transaction
2016-11-22 03:25:03, Info CSI 00000267 [SR] Verify complete
2016-11-22 03:25:03, Info CSI 00000268 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:25:03, Info CSI 00000269 [SR] Beginning Verify and Repair transaction
2016-11-22 03:25:08, Info CSI 0000026b [SR] Verify complete
2016-11-22 03:25:09, Info CSI 0000026c [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:25:09, Info CSI 0000026d [SR] Beginning Verify and Repair transaction
2016-11-22 03:25:10, Info CSI 0000026f [SR] Verify complete
2016-11-22 03:25:10, Info CSI 00000270 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:25:10, Info CSI 00000271 [SR] Beginning Verify and Repair transaction
2016-11-22 03:25:12, Info CSI 00000273 [SR] Verify complete
2016-11-22 03:25:13, Info CSI 00000274 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:25:13, Info CSI 00000275 [SR] Beginning Verify and Repair transaction
2016-11-22 03:25:20, Info CSI 0000027d [SR] Verify complete
2016-11-22 03:25:21, Info CSI 0000027e [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:25:21, Info CSI 0000027f [SR] Beginning Verify and Repair transaction
2016-11-22 03:25:27, Info CSI 00000281 [SR] Verify complete
2016-11-22 03:25:28, Info CSI 00000282 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:25:28, Info CSI 00000283 [SR] Beginning Verify and Repair transaction
2016-11-22 03:25:34, Info CSI 00000285 [SR] Verify complete
2016-11-22 03:25:35, Info CSI 00000286 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:25:35, Info CSI 00000287 [SR] Beginning Verify and Repair transaction
2016-11-22 03:25:43, Info CSI 00000289 [SR] Verify complete
2016-11-22 03:25:44, Info CSI 0000028a [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:25:44, Info CSI 0000028b [SR] Beginning Verify and Repair transaction
2016-11-22 03:25:53, Info CSI 0000028e [SR] Verify complete
2016-11-22 03:25:54, Info CSI 0000028f [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:25:54, Info CSI 00000290 [SR] Beginning Verify and Repair transaction
2016-11-22 03:26:00, Info CSI 00000292 [SR] Verify complete
2016-11-22 03:26:01, Info CSI 00000293 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:26:01, Info CSI 00000294 [SR] Beginning Verify and Repair transaction
2016-11-22 03:26:03, Info CSI 00000296 [SR] Verify complete
2016-11-22 03:26:03, Info CSI 00000297 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:26:03, Info CSI 00000298 [SR] Beginning Verify and Repair transaction
2016-11-22 03:26:07, Info CSI 0000029a [SR] Verify complete
2016-11-22 03:26:08, Info CSI 0000029b [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:26:08, Info CSI 0000029c [SR] Beginning Verify and Repair transaction
2016-11-22 03:26:24, Info CSI 000002a1 [SR] Verify complete
2016-11-22 03:26:24, Info CSI 000002a2 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:26:24, Info CSI 000002a3 [SR] Beginning Verify and Repair transaction
2016-11-22 03:26:36, Info CSI 000002a7 [SR] Verify complete
2016-11-22 03:26:37, Info CSI 000002a8 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:26:37, Info CSI 000002a9 [SR] Beginning Verify and Repair transaction
2016-11-22 03:26:45, Info CSI 000002ab [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:26{13}]"sppcomapi.dll" from store
2016-11-22 03:26:46, Info CSI 000002ae [SR] Verify complete
2016-11-22 03:26:47, Info CSI 000002af [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:26:47, Info CSI 000002b0 [SR] Beginning Verify and Repair transaction
2016-11-22 03:26:54, Info CSI 000002b5 [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:20{10}]"user32.dll" from store
2016-11-22 03:26:56, Info CSI 000002bf [SR] Verify complete
2016-11-22 03:26:56, Info CSI 000002c0 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:26:56, Info CSI 000002c1 [SR] Beginning Verify and Repair transaction
2016-11-22 03:27:05, Info CSI 000002c7 [SR] Verify complete
2016-11-22 03:27:05, Info CSI 000002c8 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:27:05, Info CSI 000002c9 [SR] Beginning Verify and Repair transaction
2016-11-22 03:27:12, Info CSI 000002cb [SR] Verify complete
2016-11-22 03:27:12, Info CSI 000002cc [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:27:12, Info CSI 000002cd [SR] Beginning Verify and Repair transaction
2016-11-22 03:27:17, Info CSI 000002d1 [SR] Verify complete
2016-11-22 03:27:18, Info CSI 000002d2 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:27:18, Info CSI 000002d3 [SR] Beginning Verify and Repair transaction
2016-11-22 03:27:23, Info CSI 000002d5 [SR] Verify complete
2016-11-22 03:27:23, Info CSI 000002d6 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:27:23, Info CSI 000002d7 [SR] Beginning Verify and Repair transaction
2016-11-22 03:27:32, Info CSI 000002fc [SR] Verify complete
2016-11-22 03:27:32, Info CSI 000002fd [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:27:32, Info CSI 000002fe [SR] Beginning Verify and Repair transaction
2016-11-22 03:27:38, Info CSI 00000300 [SR] Verify complete
2016-11-22 03:27:38, Info CSI 00000301 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:27:38, Info CSI 00000302 [SR] Beginning Verify and Repair transaction
2016-11-22 03:27:44, Info CSI 00000304 [SR] Verify complete
2016-11-22 03:27:44, Info CSI 00000305 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:27:44, Info CSI 00000306 [SR] Beginning Verify and Repair transaction
2016-11-22 03:27:50, Info CSI 00000308 [SR] Verify complete
2016-11-22 03:27:50, Info CSI 00000309 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:27:50, Info CSI 0000030a [SR] Beginning Verify and Repair transaction
2016-11-22 03:27:56, Info CSI 00000318 [SR] Verify complete
2016-11-22 03:27:56, Info CSI 00000319 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:27:56, Info CSI 0000031a [SR] Beginning Verify and Repair transaction
2016-11-22 03:28:07, Info CSI 0000031c [SR] Verify complete
2016-11-22 03:28:07, Info CSI 0000031d [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:28:07, Info CSI 0000031e [SR] Beginning Verify and Repair transaction
2016-11-22 03:28:14, Info CSI 0000032c [SR] Verify complete
2016-11-22 03:28:16, Info CSI 0000032d [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:28:16, Info CSI 0000032e [SR] Beginning Verify and Repair transaction
2016-11-22 03:28:20, Info CSI 00000330 [SR] Verify complete
2016-11-22 03:28:21, Info CSI 00000331 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:28:21, Info CSI 00000332 [SR] Beginning Verify and Repair transaction
2016-11-22 03:28:27, Info CSI 00000334 [SR] Verify complete
2016-11-22 03:28:28, Info CSI 00000335 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:28:28, Info CSI 00000336 [SR] Beginning Verify and Repair transaction
2016-11-22 03:28:36, Info CSI 00000339 [SR] Verify complete
2016-11-22 03:28:36, Info CSI 0000033a [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:28:36, Info CSI 0000033b [SR] Beginning Verify and Repair transaction
2016-11-22 03:28:40, Info CSI 0000033d [SR] Verify complete
2016-11-22 03:28:40, Info CSI 0000033e [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:28:40, Info CSI 0000033f [SR] Beginning Verify and Repair transaction
2016-11-22 03:28:48, Info CSI 00000341 [SR] Verify complete
2016-11-22 03:28:48, Info CSI 00000342 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:28:48, Info CSI 00000343 [SR] Beginning Verify and Repair transaction
2016-11-22 03:28:55, Info CSI 00000345 [SR] Verify complete
2016-11-22 03:28:55, Info CSI 00000346 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:28:55, Info CSI 00000347 [SR] Beginning Verify and Repair transaction
2016-11-22 03:29:01, Info CSI 00000349 [SR] Verify complete
2016-11-22 03:29:01, Info CSI 0000034a [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:29:01, Info CSI 0000034b [SR] Beginning Verify and Repair transaction
2016-11-22 03:29:10, Info CSI 00000365 [SR] Verify complete
2016-11-22 03:29:11, Info CSI 00000366 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:29:11, Info CSI 00000367 [SR] Beginning Verify and Repair transaction
2016-11-22 03:29:27, Info CSI 00000369 [SR] Verify complete
2016-11-22 03:29:27, Info CSI 0000036a [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:29:27, Info CSI 0000036b [SR] Beginning Verify and Repair transaction
2016-11-22 03:29:33, Info CSI 0000036d [SR] Verify complete
2016-11-22 03:29:34, Info CSI 0000036e [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:29:34, Info CSI 0000036f [SR] Beginning Verify and Repair transaction
2016-11-22 03:29:38, Info CSI 00000371 [SR] Verify complete
2016-11-22 03:29:39, Info CSI 00000372 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:29:39, Info CSI 00000373 [SR] Beginning Verify and Repair transaction
2016-11-22 03:29:43, Info CSI 00000377 [SR] Verify complete
2016-11-22 03:29:43, Info CSI 00000378 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:29:43, Info CSI 00000379 [SR] Beginning Verify and Repair transaction
2016-11-22 03:29:48, Info CSI 0000037b [SR] Verify complete
2016-11-22 03:29:49, Info CSI 0000037c [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:29:49, Info CSI 0000037d [SR] Beginning Verify and Repair transaction
2016-11-22 03:29:55, Info CSI 0000037f [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:18{9}]"slmgr.vbs" from store
2016-11-22 03:29:55, Info CSI 00000381 [SR] Verify complete
2016-11-22 03:29:56, Info CSI 00000382 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:29:56, Info CSI 00000383 [SR] Beginning Verify and Repair transaction
2016-11-22 03:30:00, Info CSI 00000385 [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:26{13}]"systemcpl.dll" from store
2016-11-22 03:30:01, Info CSI 00000387 [SR] Verify complete
2016-11-22 03:30:02, Info CSI 00000388 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:30:02, Info CSI 00000389 [SR] Beginning Verify and Repair transaction
2016-11-22 03:30:07, Info CSI 0000038c [SR] Verify complete
2016-11-22 03:30:07, Info CSI 0000038d [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:30:07, Info CSI 0000038e [SR] Beginning Verify and Repair transaction
2016-11-22 03:30:12, Info CSI 00000390 [SR] Verify complete
2016-11-22 03:30:12, Info CSI 00000391 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:30:12, Info CSI 00000392 [SR] Beginning Verify and Repair transaction
2016-11-22 03:30:19, Info CSI 00000394 [SR] Verify complete
2016-11-22 03:30:19, Info CSI 00000395 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:30:19, Info CSI 00000396 [SR] Beginning Verify and Repair transaction
2016-11-22 03:30:24, Info CSI 00000397 [SR] Cannot repair member file [l:14{7}]"sfc.exe" of Microsoft-Windows-WRP-Integrity-Client, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file cannot be checked
2016-11-22 03:30:26, Info CSI 00000398 [SR] Cannot repair member file [l:14{7}]"sfc.exe" of Microsoft-Windows-WRP-Integrity-Client, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file cannot be checked
2016-11-22 03:30:26, Info CSI 00000399 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2016-11-22 03:30:26, Info CSI 0000039b [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:20{10}]"winver.exe" from store
2016-11-22 03:30:26, Info CSI 0000039d [SR] Verify complete
2016-11-22 03:30:27, Info CSI 0000039e [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:30:27, Info CSI 0000039f [SR] Beginning Verify and Repair transaction
2016-11-22 03:30:34, Info CSI 000003a2 [SR] Verify complete
2016-11-22 03:30:35, Info CSI 000003a3 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:30:35, Info CSI 000003a4 [SR] Beginning Verify and Repair transaction
2016-11-22 03:30:43, Info CSI 000003a6 [SR] Verify complete
2016-11-22 03:30:44, Info CSI 000003a7 [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:30:44, Info CSI 000003a8 [SR] Beginning Verify and Repair transaction
2016-11-22 03:30:50, Info CSI 000003aa [SR] Verify complete
2016-11-22 03:30:51, Info CSI 000003ab [SR] Verifying 100 (0x0000000000000064) components
2016-11-22 03:30:51, Info CSI 000003ac [SR] Beginning Verify and Repair transaction
2016-11-22 03:30:58, Info CSI 000003ae [SR] Verify complete
2016-11-22 03:30:58, Info CSI 000003af [SR] Verifying 76 (0x000000000000004c) components
2016-11-22 03:30:58, Info CSI 000003b0 [SR] Beginning Verify and Repair transaction
2016-11-22 03:31:02, Info CSI 000003b2 [SR] Verify complete
2016-11-22 03:31:02, Info CSI 000003b3 [SR] Repairing 17 (0x0000000000000011) components
2016-11-22 03:31:02, Info CSI 000003b4 [SR] Beginning Verify and Repair transaction
2016-11-22 03:31:02, Info CSI 000003b5 [SR] Cannot verify component files for Microsoft-Windows-ehome-MCEWMDRMNDBootstrap, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral, manifest is damaged (FALSE)
2016-11-22 03:31:02, Info CSI 000003b6 [SR] Cannot verify component files for Microsoft-Windows-License-Default-ProfessionalE.Resources, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture = [l:10{5}]"cs-CZ", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral, manifest is damaged (FALSE)
2016-11-22 03:31:02, Info CSI 000003b7 [SR] Cannot verify component files for Microsoft-Windows-NETFX35LinqComp.Resources, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture = [l:10{5}]"cs-cz", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral, manifest is damaged (FALSE)
2016-11-22 03:31:02, Info CSI 000003b8 [SR] Cannot verify component files for Microsoft-Windows-Printing-PrintTicket-Win32, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral, manifest is damaged (FALSE)
2016-11-22 03:31:02, Info CSI 000003b9 [SR] Cannot verify component files for Microsoft-Windows-Printing-XpsDocumentWriter, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral, manifest is damaged (FALSE)
2016-11-22 03:31:03, Info CSI 000003ba [SR] Cannot repair member file [l:14{7}]"sfc.exe" of Microsoft-Windows-WRP-Integrity-Client, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file cannot be checked
2016-11-22 03:31:03, Info CSI 000003bb [SR] Cannot repair member file [l:14{7}]"sfc.exe" of Microsoft-Windows-WRP-Integrity-Client, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file cannot be checked
2016-11-22 03:31:03, Info CSI 000003bd [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:26{13}]"sppcomapi.dll" from store
2016-11-22 03:31:03, Info CSI 000003bf [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:26{13}]"systemcpl.dll" from store
2016-11-22 03:31:03, Info CSI 000003c1 [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:20{10}]"user32.dll" from store
2016-11-22 03:31:03, Info CSI 000003c3 [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:18{9}]"slmgr.vbs" from store
2016-11-22 03:31:03, Info CSI 000003c5 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:18{9}]"slmgr.vbs" from store
2016-11-22 03:31:03, Info CSI 000003c7 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"winver.exe" from store
2016-11-22 03:31:04, Info CSI 000003c9 [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:26{13}]"sppcomapi.dll" from store
2016-11-22 03:31:04, Info CSI 000003cb [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:26{13}]"systemcpl.dll" from store
2016-11-22 03:31:04, Info CSI 000003cd [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:20{10}]"winver.exe" from store
2016-11-22 03:31:04, Info CSI 000003ce [SR] Cannot repair member file [l:14{7}]"sfc.exe" of Microsoft-Windows-WRP-Integrity-Client, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file cannot be checked
2016-11-22 03:31:04, Info CSI 000003cf [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2016-11-22 03:31:04, Info CSI 000003d0 [SR] Cannot repair member file [l:14{7}]"sfc.exe" of Microsoft-Windows-WRP-Integrity-Client, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file cannot be checked
2016-11-22 03:31:04, Info CSI 000003d1 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2016-11-22 03:31:04, Info CSI 000003d3 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"user32.dll" from store
2016-11-22 03:31:04, Info CSI 000003d5 [SR] Repair complete
2016-11-22 03:31:04, Info CSI 000003d6 [SR] Committing transaction
2016-11-22 03:31:04, Info CSI 000003da [SR] Unable to complete Verify and Repair transaction because some of the files that need to be repaired are in use. A reboot is required to complete this operation.
2016-11-22 03:31:04, Info CSI 000003db [SR] Repairing 17 (0x0000000000000011) components
2016-11-22 03:31:04, Info CSI 000003dc [SR] Beginning Verify and Repair transaction
2016-11-22 03:31:04, Info CSI 000003dd [SR] Cannot verify component files for Microsoft-Windows-ehome-MCEWMDRMNDBootstrap, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral, manifest is damaged (FALSE)
2016-11-22 03:31:04, Info CSI 000003de [SR] Cannot verify component files for Microsoft-Windows-License-Default-ProfessionalE.Resources, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture = [l:10{5}]"cs-CZ", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral, manifest is damaged (FALSE)
2016-11-22 03:31:04, Info CSI 000003df [SR] Cannot verify component files for Microsoft-Windows-NETFX35LinqComp.Resources, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture = [l:10{5}]"cs-cz", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral, manifest is damaged (FALSE)
2016-11-22 03:31:04, Info CSI 000003e0 [SR] Cannot verify component files for Microsoft-Windows-Printing-PrintTicket-Win32, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral, manifest is damaged (FALSE)
2016-11-22 03:31:04, Info CSI 000003e1 [SR] Cannot verify component files for Microsoft-Windows-Printing-XpsDocumentWriter, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral, manifest is damaged (FALSE)
2016-11-22 03:31:04, Info CSI 000003e2 [SR] Cannot repair member file [l:14{7}]"sfc.exe" of Microsoft-Windows-WRP-Integrity-Client, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file cannot be checked
2016-11-22 03:31:05, Info CSI 000003e3 [SR] Cannot repair member file [l:14{7}]"sfc.exe" of Microsoft-Windows-WRP-Integrity-Client, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file cannot be checked
2016-11-22 03:31:05, Info CSI 000003e5 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:26{13}]"sppcomapi.dll" from store
2016-11-22 03:31:05, Info CSI 000003e7 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:26{13}]"systemcpl.dll" from store
2016-11-22 03:31:05, Info CSI 000003e9 [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:20{10}]"user32.dll" from store
2016-11-22 03:31:05, Info CSI 000003eb [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:18{9}]"slmgr.vbs" from store
2016-11-22 03:31:05, Info CSI 000003ed [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:18{9}]"slmgr.vbs" from store
2016-11-22 03:31:05, Info CSI 000003ef [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"winver.exe" from store
2016-11-22 03:31:05, Info CSI 000003f1 [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:26{13}]"sppcomapi.dll" from store
2016-11-22 03:31:05, Info CSI 000003f3 [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:26{13}]"systemcpl.dll" from store
2016-11-22 03:31:05, Info CSI 000003f5 [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:20{10}]"winver.exe" from store
2016-11-22 03:31:05, Info CSI 000003f6 [SR] Cannot repair member file [l:14{7}]"sfc.exe" of Microsoft-Windows-WRP-Integrity-Client, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file cannot be checked
2016-11-22 03:31:05, Info CSI 000003f7 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2016-11-22 03:31:05, Info CSI 000003f8 [SR] Cannot repair member file [l:14{7}]"sfc.exe" of Microsoft-Windows-WRP-Integrity-Client, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file cannot be checked
2016-11-22 03:31:05, Info CSI 000003f9 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2016-11-22 03:31:05, Info CSI 000003fb [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"user32.dll" from store
2016-11-22 03:31:06, Info CSI 000003fd [SR] Repair complete
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7322
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Eset online scaner najde 8 hrozeb, ale nedoběhne-bluescr

#27 Příspěvek od altrok »

:arrow: Jake problemy na PC pozorujete ted? Vlozte aktualni logy FRST.txt a Addition.txt
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
Bary.Jan
Návštěvník
Návštěvník
Příspěvky: 84
Registrován: 09 pro 2013 15:20

Re: Eset online scaner najde 8 hrozeb, ale nedoběhne-bluescr

#28 Příspěvek od Bary.Jan »

Hláška exploreru již nějakou dobu nenaběhla před vypnutím, počítač je celkem svižnej a plynulej. Akorát na mne dnes po ránu vyskočila hláška o nepravé kopii systemu windows což mne trochu zarazilo... Když s tím počítačem vic jak dva tydny pracuji denně a najednou se to ukázalo...
Nahoru
Bary.Jan
Návštěvník
Návštěvník
Příspěvky: 84
Registrován: 09 pro 2013 15:20

Re: Eset online scaner najde 8 hrozeb, ale nedoběhne-bluescr

#29 Příspěvek od Bary.Jan »

Jinak zde jsou logy---

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-11-2016
Ran by Eliška (administrator) on ELIŠKA-PC (22-11-2016 12:34:10)
Running from C:\Users\Eliška\Desktop
Loaded Profiles: Eliška (Available Profiles: Eliška)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security Premium\ekrn.exe
(AuthenTec, Inc.) C:\Program Files (x86)\Fingerprint Sensor\AtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ESET) C:\Program Files\ESET\ESET Smart Security Premium\egui.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Samsung) C:\Program Files (x86)\SAMSUNG\Kies\Kies.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ZTE) C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
() C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\dbus-daemon.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
() C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\db_daemon.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\SAMSUNG\Kies\KiesTrayAgent.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [342528 2009-06-19] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [4119552 2008-11-17] (Dell Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-05-28] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282632 2013-04-02] (CANON INC.)
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1563440 2014-05-28] (Samsung)
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8944344 2016-09-28] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\mcserver.lnk [2016-11-13]
ShortcutTarget: mcserver.lnk -> C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exe (ZTE)
Startup: C:\Users\Eliška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk [2016-11-13]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 212.33.36.155 212.33.55.5
Tcpip\..\Interfaces\{52C58F0C-8388-455D-B348-F367F1635E90}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{76DE49D9-1C51-40BD-9DC7-DF7FC9753243}: [DhcpNameServer] 212.33.36.155 212.33.55.5

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE12&ocid=UE12DHP
SearchScopes: HKU\S-1-5-21-2426440832-341668823-1581636725-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97 ... -SearchBox
SearchScopes: HKU\S-1-5-21-2426440832-341668823-1581636725-1000 -> {984F4E3E-CF4D-48B9-B242-50E8083E1828} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_5
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-14] (Oracle Corporation)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-14] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Eliška\AppData\Roaming\Mozilla\Firefox\Profiles\3w1zlmmx.default [2016-11-21]
FF user.js: detected! => C:\Users\Eliška\AppData\Roaming\Mozilla\Firefox\Profiles\3w1zlmmx.default\user.js [2016-11-21]
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\3w1zlmmx.default -> Bing
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-20] [not signed]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-06-20] [not signed]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-06-20] [not signed]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-06-20] [not signed]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-20] [not signed]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\addon
FF Extension: (Bytemobile Optimization Client) - C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\addon [2012-07-25] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [No File]
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2426440832-341668823-1581636725-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Eliška\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2426440832-341668823-1581636725-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Eliška\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-24] (Google Inc.)
FF Plugin HKU\S-1-5-21-2426440832-341668823-1581636725-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Eliška\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-24] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2012-09-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2012-09-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2012-09-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2012-09-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2012-09-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2012-09-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2012-09-19] (Apple Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.msn.com/en-us/?pc=__PARAM__&ocid=__PARAM__DHP
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Eliška\AppData\Local\Google\Chrome\User Data\Default [2016-11-22]
CHR Extension: (YouTube) - C:\Users\Eliška\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Vyhledávání Google) - C:\Users\Eliška\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Kalendář Google) - C:\Users\Eliška\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Eliška\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-07]
CHR Extension: (Gmail) - C:\Users\Eliška\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Eliška\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-31]
CHR Profile: C:\Users\Eliška\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-11-15]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Eliška\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-16]
CHR HKU\S-1-5-21-2426440832-341668823-1581636725-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ATService; C:\Program Files (x86)\Fingerprint Sensor\AtService.exe [1807608 2009-08-16] (AuthenTec, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security Premium\ekrn.exe [2815520 2016-10-11] (ESET)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2016-05-27] (Freemake) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2016-05-27] (Ellora Assets Corp.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [3051520 2008-11-17] (Dell Inc.) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.) [File not signed]
R0 BMLoad; C:\Windows\SysWOW64\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.) [File not signed]
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [129152 2016-04-24] (Samsung Electronics Co., Ltd.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [232072 2016-10-13] (ESET)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [212096 2016-10-13] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [177792 2016-10-13] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [48768 2016-10-13] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [76416 2016-10-13] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59528 2016-10-13] (ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [91784 2016-10-13] (ESET)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
R3 ITECIRfilter; C:\Windows\System32\DRIVERS\ITECIRfilter.sys [36560 2016-03-10] (ITE Tech. Inc. )
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)
S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation)
S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)
S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2008-01-09] (Sony Ericsson Mobile Communications)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [221824 2016-04-24] (Samsung Electronics Co., Ltd.)
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.) [File not signed]
R1 tcpipBM; C:\Windows\SysWOW64\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.) [File not signed]
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 zte_cdc_acm; C:\Windows\System32\DRIVERS\zte_cdc_acm.sys [79872 2011-11-02] (ZTE)
S3 zte_cpo; C:\Windows\System32\DRIVERS\zte_cpo.sys [14336 2011-11-02] (ZTE)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-22 03:39 - 2016-11-22 03:39 - 00067559 _____ C:\Users\Eliška\Desktop\sfcdetails.txt
2016-11-21 22:17 - 2016-11-21 22:17 - 00000000 ____D C:\Users\EliÜka
2016-11-21 22:16 - 2016-11-21 22:35 - 00000000 ___SD C:\32788R22FWJFW
2016-11-21 01:23 - 2016-11-21 01:23 - 00021928 _____ C:\ComboFix.txt
2016-11-19 23:59 - 2016-11-19 23:59 - 00000000 ____D C:\Users\Eliška\Desktop\Pračka
2016-11-19 19:16 - 2016-11-19 21:04 - 00000000 ____D C:\Users\Eliška\Desktop\Prac smlouvy
2016-11-19 18:50 - 2016-11-20 00:48 - 00000000 ____D C:\Users\Eliška\Desktop\Recepty
2016-11-18 20:20 - 2016-11-21 01:24 - 00000000 ____D C:\Qoobox
2016-11-18 20:20 - 2016-11-18 20:47 - 00000000 ____D C:\Windows\erdnt
2016-11-18 20:20 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2016-11-18 20:20 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2016-11-18 20:20 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-11-18 20:20 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-11-18 20:20 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-11-18 20:20 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2016-11-18 20:20 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2016-11-18 20:20 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2016-11-18 20:18 - 2016-11-18 20:19 - 05659276 ____R (Swearware) C:\Uninstall.exe
2016-11-18 20:10 - 2016-11-18 20:15 - 00006960 _____ C:\Users\Eliška\Desktop\Rkill.txt
2016-11-18 20:09 - 2016-11-18 20:10 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Eliška\Desktop\rkill.exe
2016-11-18 19:22 - 2016-11-18 19:22 - 00033689 _____ C:\Users\Eliška\Desktop\Addition.txt
2016-11-18 19:20 - 2016-11-22 12:35 - 00019554 _____ C:\Users\Eliška\Desktop\FRST.txt
2016-11-18 19:20 - 2016-11-22 12:34 - 00000000 ____D C:\FRST
2016-11-18 19:15 - 2016-11-18 19:15 - 02412032 _____ (Farbar) C:\Users\Eliška\Desktop\FRST64.exe
2016-11-17 20:20 - 2016-11-17 20:21 - 00000521 _____ C:\DelFix.txt
2016-11-15 00:16 - 2016-11-15 00:16 - 00002083 _____ C:\Users\Public\Desktop\ESET Ochrana bankovnictví a online plateb.lnk
2016-11-15 00:16 - 2016-11-15 00:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2016-11-15 00:16 - 2016-11-15 00:16 - 00000000 ____D C:\ProgramData\ESET
2016-11-15 00:16 - 2016-11-15 00:16 - 00000000 ____D C:\Program Files\ESET
2016-11-14 01:45 - 2016-11-14 01:45 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-11-13 20:15 - 2016-11-13 20:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-13 19:21 - 2016-11-13 19:23 - 46755096 _____ (Microsoft Corporation) C:\Users\Eliška\Downloads\mpas-feX64.exe
2016-11-13 12:42 - 2016-11-13 14:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Program
2016-11-13 12:42 - 2016-11-13 14:03 - 00000000 ____D C:\Program Files (x86)\My Program
2016-10-28 14:44 - 2016-10-28 14:44 - 00000000 ___HT C:\Windows\wusa.lock
2016-10-28 14:44 - 2016-10-28 14:44 - 00000000 ____D C:\912d2e4e024f32452e1d
2016-10-28 14:43 - 2016-10-28 14:44 - 00159144 _____ (Microsoft Corporation) C:\Users\Eliška\Downloads\WindowsActivationUpdate.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-22 11:58 - 2013-06-11 16:35 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2016-11-22 11:58 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-22 11:58 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing
2016-11-22 03:44 - 2009-07-14 05:45 - 00022784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-22 03:44 - 2009-07-14 05:45 - 00022784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-21 22:25 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2016-11-21 01:39 - 2015-11-29 15:25 - 00000000 ____D C:\Users\Eliška\Desktop\Odpady 2015
2016-11-21 01:13 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2016-11-20 01:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-11-20 00:48 - 2012-01-24 16:00 - 00000000 ____D C:\Users\Eliška
2016-11-19 23:41 - 2015-01-18 16:42 - 00000000 ____D C:\Users\Eliška\Documents\Životopisy
2016-11-19 19:57 - 2014-09-13 14:49 - 00000000 ____D C:\Users\Eliška\Documents\HONZA
2016-11-19 18:25 - 2014-07-02 19:36 - 00000000 ____D C:\Program Files (x86)\JDownloader
2016-11-18 20:35 - 2009-07-14 06:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-11-18 20:33 - 2009-07-14 03:34 - 21233664 _____ C:\Windows\system32\config\SYSTEM.bak
2016-11-18 20:33 - 2009-07-14 03:34 - 101187584 _____ C:\Windows\system32\config\SOFTWARE.bak
2016-11-18 20:33 - 2009-07-14 03:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2016-11-18 20:33 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2016-11-18 20:33 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2016-11-17 23:15 - 2012-04-15 14:00 - 00000000 ____D C:\Users\Eliška\Desktop\zástupci
2016-11-17 17:42 - 2012-01-24 20:04 - 00000000 ____D C:\Users\Eliška\AppData\Local\ESET
2016-11-14 23:53 - 2012-01-24 16:15 - 00002378 _____ C:\Users\Eliška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-14 23:41 - 2013-12-16 13:45 - 00000000 ____D C:\ProgramData\Oracle
2016-11-14 23:39 - 2014-07-30 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-11-14 23:39 - 2012-02-21 13:42 - 00000000 ____D C:\Program Files (x86)\Java
2016-11-14 23:37 - 2014-07-30 15:19 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-11-14 01:54 - 2012-07-23 09:50 - 00000000 ____D C:\Users\Eliška\AppData\Local\CrashDumps
2016-11-14 01:54 - 2012-05-03 21:40 - 00000000 ____D C:\Windows\Minidump
2016-11-14 01:54 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\ModemLogs
2016-11-14 01:46 - 2012-05-06 15:43 - 00000000 ____D C:\Program Files\CCleaner
2016-11-14 01:45 - 2012-05-06 15:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-11-13 20:57 - 2009-07-14 16:18 - 00672424 _____ C:\Windows\system32\perfh005.dat
2016-11-13 20:57 - 2009-07-14 16:18 - 00142988 _____ C:\Windows\system32\perfc005.dat
2016-11-13 20:57 - 2009-07-14 06:13 - 01593374 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-13 20:47 - 2012-01-24 15:52 - 00000000 ____D C:\Windows\Panther
2016-11-13 20:45 - 2016-04-15 18:22 - 00001060 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-11-13 20:45 - 2016-03-19 23:33 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker 2.6.lnk
2016-11-13 20:45 - 2016-02-10 17:58 - 00001326 _____ C:\Users\Public\Desktop\Freemake Video Downloader.lnk
2016-11-13 20:45 - 2016-01-08 00:17 - 00001305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2016-11-13 20:45 - 2016-01-08 00:16 - 00001374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-11-13 20:45 - 2015-04-16 12:41 - 00002015 _____ C:\Users\Public\Desktop\Canon Quick Menu.lnk
2016-11-13 20:45 - 2014-10-06 19:55 - 00000938 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2016-11-13 20:45 - 2014-06-18 10:42 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-11-13 20:45 - 2012-01-27 16:25 - 00001119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk
2016-11-13 20:45 - 2012-01-27 16:23 - 00001207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
2016-11-13 20:45 - 2012-01-27 16:20 - 00001262 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
2016-11-13 20:45 - 2012-01-27 16:20 - 00001169 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
2016-11-13 20:45 - 2012-01-27 16:18 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
2016-11-13 20:45 - 2012-01-27 16:18 - 00001353 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
2016-11-13 20:45 - 2012-01-24 16:09 - 00001150 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-11-13 20:45 - 2012-01-24 15:56 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-11-13 20:45 - 2012-01-24 15:56 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-11-13 20:45 - 2009-07-14 05:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-11-13 20:45 - 2009-07-14 05:57 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-11-13 20:45 - 2009-07-14 05:57 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-11-13 20:45 - 2009-07-14 05:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-11-13 20:45 - 2009-07-14 05:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-11-13 20:44 - 2016-10-01 15:02 - 00000000 ____D C:\Users\Eliška\Desktop\Pečení
2016-11-13 20:44 - 2013-09-13 16:20 - 00000908 _____ C:\Users\Eliška\Desktop\Downloads.lnk
2016-11-13 20:44 - 2013-08-09 15:38 - 00002246 _____ C:\Users\Eliška\Desktop\Internet Manager.lnk
2016-11-13 20:44 - 2012-08-03 12:09 - 00014408 _____ C:\Users\Eliška\Desktop\Stažené soubory.lnk
2016-11-13 20:44 - 2012-01-24 16:02 - 00001393 _____ C:\Users\Eliška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-11-13 20:44 - 2009-07-14 06:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-11-13 20:44 - 2009-07-14 05:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-11-13 13:38 - 2014-12-06 22:05 - 00000000 ____D C:\Users\Eliška\Desktop\Bety dort a fotky
2016-11-13 12:38 - 2013-08-25 22:21 - 00001912 _____ C:\Windows\epplauncher.mif
2016-11-13 12:37 - 2013-08-20 11:58 - 00000000 ____D C:\Windows\system32\MRT
2016-11-13 12:21 - 2012-01-24 20:50 - 144199024 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-31 23:24 - 2012-02-01 23:19 - 00000000 ____D C:\Users\Eliška\AppData\Roaming\Skype
2016-10-28 21:53 - 2012-01-24 16:12 - 00000000 ____D C:\Users\Eliška\AppData\Local\Google
2016-10-28 01:47 - 2012-02-04 21:12 - 00000000 ___RD C:\Program Files (x86)\Skype

==================== Files in the root of some directories =======

2012-02-03 15:13 - 2011-10-21 21:57 - 21073936 _____ () C:\Program Files\vlc-1.1.11-win32.exe
2014-07-30 21:36 - 2016-05-21 08:36 - 0000250 _____ () C:\Users\Eliška\AppData\Roaming\WB.CFG
2016-07-02 21:45 - 2016-07-02 21:45 - 0003584 _____ () C:\Users\Eliška\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-04 16:50 - 2015-03-04 16:50 - 0000849 _____ () C:\Users\Eliška\AppData\Local\recently-used.xbel

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-10-24 23:32

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-11-2016
Ran by Eliška (22-11-2016 12:35:44)
Running from C:\Users\Eliška\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-01-24 15:00:07)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2426440832-341668823-1581636725-500 - Administrator - Disabled)
Elis (S-1-5-21-2426440832-341668823-1581636725-1003 - Limited - Enabled)
Eliška (S-1-5-21-2426440832-341668823-1581636725-1000 - Administrator - Enabled) => C:\Users\Eliška
Guest (S-1-5-21-2426440832-341668823-1581636725-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2426440832-341668823-1581636725-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security Premium 10.0.369.1 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security Premium 10.0.369.1 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personální firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.18) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
AuthenTec Fingerprint Software (HKLM-x32\...\{6B99AF03-2668-4572-BD3D-8C7A5D103065}) (Version: 8.5.3.0 - "AuthenTec,Inc.")
AVS Screen Capture version 2.0.1 (HKLM-x32\...\AVS Screen Capture_is1) (Version: - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Editor 6 (HKLM-x32\...\AVS Video Editor_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Recorder 2.5 (HKLM-x32\...\AVS Video Recorder_is1) (Version: - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)
Balíček ovladače systému Windows - AuthenTec Inc. (ATSwpWDF) Biometric (07/02/2009 8.5.0.251) (HKLM\...\815EB4ED418166EC2BBE3A39EAC38C74AE911A8C) (Version: 07/02/2009 8.5.0.251 - AuthenTec Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG3500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3500_series) (Version: 1.00 - Canon Inc.)
Canon MG3500 series On-screen Manual (HKLM-x32\...\Canon MG3500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.102.101.224 - ALPS ELECTRIC CO., LTD.)
Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11 Application) (Version: 5.10.38.30 - Dell Inc.)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.64 - DivX, LLC)
ESET Smart Security Premium (HKLM\...\{9FD38E7D-4EEC-4057-9D3A-2C48C91D0C12}) (Version: 10.0.369.1 - ESET, spol. s r.o.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Foxit PDF Editor (HKLM-x32\...\Foxit PDF Editor) (Version: - )
Foxit PDF Editor 2.0 Build 1011 + Patch version for Windows (HKLM-x32\...\{BA30BA25-3C41-FFFD-B067-1515F4EAC738}_is1) (Version: for Windows - )
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.8.0 - Ellora Assets Corporation)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Chrome (HKU\S-1-5-21-2426440832-341668823-1581636725-1000\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Internet Manager (HKLM\...\{27D28586-BEF1-4E06-8787-3B1FC3A41489}) (Version: 1.0.0.3 - ZTE CORPORATION)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Microsoft .NET Framework 4.6.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 cs) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 cs)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
My Program version 1.5 (HKLM-x32\...\{11C0B447-2D00-4891-B686-367E63EDAC63}_is1) (Version: 1.5 - My Company, Inc.)
Nero Burning ROM 2014 (HKLM-x32\...\{B0E4ACBC-4CFA-4B6D-9B7B-E13C171BCC23}) (Version: 15.0.05300 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Registrace uživatele zařízení Canon MG3500 series (HKLM-x32\...\Registrace uživatele zařízení Canon MG3500 series) (Version: - ‭Canon Inc.)
RICOH Media Driver ver.2.07.01.00 (HKLM-x32\...\{2B818257-E6C7-4841-8C29-C5C9A982BCE5}) (Version: 2.07.01.00 - RICOH)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
save2pc 5.44 (HKLM-x32\...\save2pc_is1) (Version: - FDRLab, Inc.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.0.127 - PandoraTV)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.10 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2426440832-341668823-1581636725-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Eliška\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2426440832-341668823-1581636725-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Eliška\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {076A80B0-8DC0-4244-BE78-1C9186EE4654} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-09-22] (Oracle Corporation)
Task: {4461739E-AB82-43F3-974A-6D232DFC2C9C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000Core1d1fe3fe3755df4 => C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {4AD3A0A2-7876-4CB1-9A0D-48BD6AD4087A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-19] (Adobe Systems Incorporated)
Task: {56ADCC3F-5D3D-48F0-8DE3-D34C4C9D5559} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000UA => C:\Users\Eliška\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-29] (Facebook Inc.)
Task: {7570F405-69D1-48D1-B3FE-4857EFEB9B1C} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {865D5A61-188C-47F6-9640-ECFD0FB81175} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-10-16] (Nero AG)
Task: {949D3DC8-9FEE-4B4C-8AF2-AA1F487F93F4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000Core => C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {A33F57FD-FC30-4274-A695-2E7963A56365} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000Core => C:\Users\Eliška\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-29] (Facebook Inc.)
Task: {A7F72BA3-C4E8-47B3-8042-B507D4D5F1AE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-28] (Piriform Ltd)
Task: {ADA5A295-A151-44E8-B18A-EC1E90586FBE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {B2859F79-E28B-472C-A6CF-199CF67FAC30} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000UA => C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {C12C4841-312E-47A3-9B13-BC4076B1CB8E} - System32\Tasks\{B523F393-A29A-469A-85C2-320DBBFAB1A4} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/cs/abandoninstall?page=tsMain
Task: {C855205F-3F08-46DF-9BB6-1DB110C9D81F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000UA1d1fe3fe3e4ea46 => C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {CD3DF530-E3EA-4D99-9E78-F5EA6575C4B4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-01] (Adobe Systems Incorporated)
Task: {E2CD6A62-A116-4230-88F7-DAD8A93AD26B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {EF70D17C-2E6C-4A23-AB38-8CD02E591545} - System32\Tasks\Google Updater and Installer => C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {EFE554F8-5220-462E-8F18-30E9B03E59E3} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-01] (Adobe Systems Incorporated)
Task: {F2BF26DB-5BB5-4127-854F-348E3CCDFAB7} - System32\Tasks\{38177F14-8DEA-48AB-ACAA-D6717578CE04} => Chrome.exe hxxp://ui.skype.com/ui/0/6.20.0.104/cs/abandoninstall?page=tsMain

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-11-10 09:58 - 2008-11-17 07:29 - 00032768 _____ () C:\Windows\System32\WLTRYSVC.EXE
2015-11-10 09:58 - 2008-11-17 07:29 - 00057856 _____ () C:\Windows\System32\bcmwlrmt.dll
2012-01-27 15:43 - 2012-01-09 19:44 - 00193536 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2013-08-09 15:37 - 2012-05-23 09:38 - 00221552 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\dbus-daemon.exe
2013-08-09 15:37 - 2012-05-23 09:38 - 00037232 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\db_daemon.exe
2016-01-06 17:41 - 2016-01-06 17:41 - 00062168 _____ () C:\Program Files\CCleaner\branding.dll
2016-09-28 17:25 - 2016-09-28 17:25 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2013-08-09 15:37 - 2011-05-06 04:03 - 00594944 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\dbus-1.dll
2013-08-09 15:37 - 2012-05-23 09:34 - 00099840 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\itapi.dll
2013-08-09 15:37 - 2012-05-23 09:34 - 00027648 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\log.dll
2013-08-09 15:37 - 2010-10-14 10:37 - 00971776 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\libxml2.dll
2013-08-09 15:37 - 2010-10-14 10:37 - 00080688 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\zlib1.dll
2013-08-09 15:37 - 2012-05-23 09:34 - 00058880 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\coder.dll
2013-08-09 15:37 - 2012-05-23 09:34 - 00043520 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\audio.dll
2013-08-09 15:37 - 2012-05-23 09:34 - 00036352 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\libConfig.dll
2013-08-09 15:37 - 2012-05-23 09:34 - 00021504 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\libctlsvr.dll
2013-08-09 15:37 - 2011-12-26 08:41 - 00090624 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\CaptureCrash.dll
2013-08-09 15:37 - 2007-09-09 16:07 - 00151552 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\libexpat.dll
2013-08-09 15:37 - 2011-05-06 04:02 - 00341504 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\sqlite3.dll
2016-11-14 23:53 - 2016-11-08 21:29 - 01819240 _____ () C:\Users\Eliška\AppData\Local\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-14 23:53 - 2016-11-08 21:29 - 00093288 _____ () C:\Users\Eliška\AppData\Local\Google\Chrome\Application\54.0.2840.99\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2016-11-21 01:13 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2426440832-341668823-1581636725-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 212.33.36.155 - 212.33.55.5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Google Update => "C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Sony Ericsson PC Companion => "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /systray /nologon

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{45256570-A8CD-4216-A759-FB9363CDD6E1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{72AC8E75-B99E-44F2-ABFA-AD9366160C3C}C:\users\eliška\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\eliška\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{4BB66A68-47B9-46A9-90C5-7BDA5A2907E8}C:\users\eliška\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\eliška\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{511CBFD0-C27E-4D6A-A995-E6CDA0478C28}E:\skype\phone\skype.exe] => (Block) E:\skype\phone\skype.exe
FirewallRules: [UDP Query User{ADB0BC86-9020-4BB7-9C2B-F73488BA0149}E:\skype\phone\skype.exe] => (Block) E:\skype\phone\skype.exe
FirewallRules: [{A88F2FDE-B95C-4A42-9FD6-7DEF034D37D4}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{E8EBC84A-A62F-4E51-8CE5-38D7EF651879}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [TCP Query User{8B1A6AA0-7F71-42D2-9AFF-4F2300D61433}C:\users\eliška\desktop\zástupci\skype\phone\skype.exe] => (Block) C:\users\eliška\desktop\zástupci\skype\phone\skype.exe
FirewallRules: [UDP Query User{665AF446-3CC1-4409-972E-D1B07242AFBC}C:\users\eliška\desktop\zástupci\skype\phone\skype.exe] => (Block) C:\users\eliška\desktop\zástupci\skype\phone\skype.exe
FirewallRules: [TCP Query User{FF4C2287-5314-4F78-9DF9-EE1A5D3962ED}C:\program files\foxit software\pdf editor\pdfedit.exe] => (Allow) C:\program files\foxit software\pdf editor\pdfedit.exe
FirewallRules: [UDP Query User{43520E64-DC70-4ABD-8615-5820EABFD3F8}C:\program files\foxit software\pdf editor\pdfedit.exe] => (Allow) C:\program files\foxit software\pdf editor\pdfedit.exe
FirewallRules: [TCP Query User{7E2EF2A1-C078-42D6-BAEE-6EF2BB1B64CF}C:\program files\foxit software\pdf editor\pdfedit.exe] => (Allow) C:\program files\foxit software\pdf editor\pdfedit.exe
FirewallRules: [UDP Query User{12C62AE4-7157-4980-8D16-558AB29F6D57}C:\program files\foxit software\pdf editor\pdfedit.exe] => (Allow) C:\program files\foxit software\pdf editor\pdfedit.exe
FirewallRules: [{1651DBAA-47AE-44B4-9002-15C3F684CB2E}] => (Allow) C:\Users\Eliška\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{1893C48A-F7C5-481D-A362-FB8EE5F48111}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2879891B-F842-4353-91D5-AD56632F5ED2}] => (Allow) LPort=2869
FirewallRules: [{9A5C4298-AB99-4F32-8880-40B1FE6B6178}] => (Allow) LPort=1900
FirewallRules: [{8CF901A8-3691-421B-8824-F000F9EA045D}] => (Allow) C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{8055DCCC-E528-4952-BF7A-C64F59EFE3C5}C:\users\eliška\desktop\zástupci\skype\phone\skype.exe] => (Block) C:\users\eliška\desktop\zástupci\skype\phone\skype.exe
FirewallRules: [UDP Query User{46E9FEF9-9E62-492F-B67E-64412EE8EB79}C:\users\eliška\desktop\zástupci\skype\phone\skype.exe] => (Block) C:\users\eliška\desktop\zástupci\skype\phone\skype.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Adaptér tunelového režimu Microsoft Teredo
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/22/2016 12:09:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost (2656) Pokus o otevření souboru C:\Users\Eliška\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat jen pro čtení se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).

Error: (11/21/2016 10:37:05 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Aktivace licence systému Windows se nezdařila. Chyba 0x00000000.

Error: (11/21/2016 10:37:05 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
0x800401F9

Error: (11/21/2016 10:10:10 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Aktivace licence systému Windows se nezdařila. Chyba 0x00000000.

Error: (11/21/2016 10:10:10 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
0x800401F9

Error: (11/21/2016 01:21:01 AM) (Source: ESENT) (EventID: 455) (User: )
Description: CCleaner64 (3492) testing: Při otevírání souboru protokolu C:\Users\Eliška\AppData\Local\Microsoft\Windows\WebCache\V01.log došlo k chybě -1032 (0xfffffbf8).

Error: (11/21/2016 01:21:01 AM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner64 (3492) testing: Pokus o otevření souboru C:\Users\Eliška\AppData\Local\Microsoft\Windows\WebCache\V01.log jen pro čtení se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).

Error: (11/21/2016 01:20:51 AM) (Source: ESENT) (EventID: 455) (User: )
Description: CCleaner64 (3492) testing: Při otevírání souboru protokolu C:\Users\Eliška\AppData\Local\Microsoft\Windows\WebCache\V01.log došlo k chybě -1032 (0xfffffbf8).

Error: (11/21/2016 01:20:51 AM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner64 (3492) testing: Pokus o otevření souboru C:\Users\Eliška\AppData\Local\Microsoft\Windows\WebCache\V01.log jen pro čtení se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).

Error: (11/21/2016 01:13:09 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Aktivace licence systému Windows se nezdařila. Chyba 0x00000000.


System errors:
=============
Error: (11/22/2016 12:26:53 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Hlavní prohledávač přijal oznámení serveru od počítače BARY-PC,
který se považuje za hlavní prohledávač domény pro přenos NetBT_Tcpip_{76DE49D9-1C51-40BD-9DC7-DF7FC9753243}.
Hlavní prohledávač bude ukončen nebo bude vyvolána volba.

Error: (11/22/2016 12:06:54 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Hlavní prohledávač přijal oznámení serveru od počítače BARY-PC,
který se považuje za hlavní prohledávač domény pro přenos NetBT_Tcpip_{76DE49D9-1C51-40BD-9DC7-DF7FC9753243}.
Hlavní prohledávač bude ukončen nebo bude vyvolána volba.

Error: (11/22/2016 12:03:52 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Windows Search přestala během spouštění reagovat.

Error: (11/22/2016 12:02:52 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Hlavní prohledávač přijal oznámení serveru od počítače BARY-PC,
který se považuje za hlavní prohledávač domény pro přenos NetBT_Tcpip_{76DE49D9-1C51-40BD-9DC7-DF7FC9753243}.
Hlavní prohledávač bude ukončen nebo bude vyvolána volba.

Error: (11/22/2016 12:00:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Google Update (gupdate) neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (11/22/2016 12:00:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Služba Google Update (gupdate) bylo dosaženo časového limitu (30000 ms).

Error: (11/22/2016 12:00:52 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Hlavní prohledávač přijal oznámení serveru od počítače BARY-PC,
který se považuje za hlavní prohledávač domény pro přenos NetBT_Tcpip_{76DE49D9-1C51-40BD-9DC7-DF7FC9753243}.
Hlavní prohledávač bude ukončen nebo bude vyvolána volba.

Error: (11/22/2016 11:57:54 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (11/22/2016 11:57:54 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (11/21/2016 10:39:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Google Update (gupdate) neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.


CodeIntegrity:
===================================
Date: 2016-11-22 03:44:04.475
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-22 03:12:52.892
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-22 02:58:24.866
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-21 22:36:43.710
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-21 22:09:13.841
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-21 01:38:22.259
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-21 01:12:52.605
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-21 01:11:18.562
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-21 00:59:41.553
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-21 00:59:41.381
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz
Percentage of memory in use: 59%
Total physical RAM: 4090.89 MB
Available physical RAM: 1640.95 MB
Total Virtual: 8179.96 MB
Available Virtual: 5885.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:139.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 10000000)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7322
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Eset online scaner najde 8 hrozeb, ale nedoběhne-bluescr

#30 Příspěvek od altrok »

Bary.Jan píše:Zkoušel jsem oužít aktivátor, ale po té se počítač ještě více zasekal
S malwarem jsme smazali i cracky na windowsy, takze proto. Dalsi malware v PC nevidim, takze jeste uklidime.
A pokud nejsou dotazy ci jine problemy, je to ode mne vse.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“