Prosím o kontrolu
Napsal: 07 čer 2017 07:50
Na 4 počítačích mi několikrát denně problikne okno. Vše proběhne tak rychle, že nejde zjistit o jaké okno jde. Prosím o kontrolu.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-06-2017
Ran by administrator (administrator) on SUSTR (07-06-2017 08:40:14)
Running from C:\Users\radek.sustr\Downloads
Loaded Profiles: radek.sustr & administrator & admin (Available Profiles: radek.sustr & administrator & admin)
Platform: Windows 10 Pro Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ESET) C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe
(SolarWinds) C:\Windows\dwrcs\DWRCS.EXE
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe
(ALVAO s.r.o.) C:\Program Files (x86)\ALVAO\Asset Management Agent\AMAgentService.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Kerio Technologies Inc.) C:\Program Files (x86)\Kerio\UpdaterService\ktupdaterservice.exe
(SolarWinds) C:\Windows\dwrcs\DWRCST.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(Kerio Technologies Inc.) C:\Program Files (x86)\Kerio\Outlook Connector (Offline Edition)\KoffBackend.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1705.1301.0_x64__8wekyb3d8bbwe\Calculator.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Kerio Technologies Inc.) C:\Program Files (x86)\Kerio\Outlook Connector (Offline Edition)\KoffRtfWrapper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8712960 2015-10-08] (Realtek Semiconductor)
HKLM\...\Run: [DameWare MRC Agent] => C:\WINDOWS\dwrcs\DWRCST.exe [665016 2016-04-01] (SolarWinds)
HKU\S-1-5-21-2024800775-3620911262-1850533389-3668\...\RunOnce: [Uninstall C:\Users\radek.sustr\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\radek.sustr\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-2024800775-3620911262-1850533389-3668\...\MountPoints2: {7f850551-6837-11e6-a620-408d5cc49f56} - "E:\AutoRun.exe"
GroupPolicy: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 172.16.4.25 172.16.4.26
Tcpip\..\Interfaces\{cc2bb52f-653d-499d-995f-c7066b475438}: [DhcpNameServer] 172.16.4.25 172.16.4.26
Internet Explorer:
==================
HKU\S-1-5-21-2024800775-3620911262-1850533389-3668\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-30] (Microsoft Corporation)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-30] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-30] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-30] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-30] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-30] (Microsoft Corporation)
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-30] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2017-01-17]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-17]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-17]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-17]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-17]
CHR Extension: (Adobe Acrobat) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-17]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-17]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-17]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-17]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-17]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ALVAO Asset Agent; C:\Program Files (x86)\ALVAO\Asset Management Agent\AMAgentService.exe [35336 2015-04-14] (ALVAO s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3971264 2017-05-14] (Microsoft Corporation)
R2 dwmrcs; C:\WINDOWS\dwrcs\DWRCS.EXE [3785656 2016-04-01] (SolarWinds)
S3 EHttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\ehttpsrv.exe [43208 2015-11-27] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe [1612000 2015-11-27] (ESET)
R2 EraAgentSvc; C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe [1693896 2016-01-12] (ESET)
S3 eshasrv; C:\Program Files\ESET\ESET Endpoint Antivirus\eshasrv.exe [185032 2015-11-27] (ESET)
R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2015-11-12] (Firebird Project) [File not signed]
R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3821568 2015-11-12] (Firebird Project) [File not signed]
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373160 2015-12-19] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-09-18] (Intel Corporation)
R2 ktupdaterservice; C:\Program Files (x86)\Kerio\UpdaterService\ktupdaterservice.exe [982224 2017-04-24] (Kerio Technologies Inc.)
S3 OracleOraClient11g_home1CMAdmin; C:\app\Administrator\product\11.2.0\client_1\BIN\CMADMIN.EXE [745472 2010-03-31] (Oracle Corporation) [File not signed]
S3 OracleOraClient11g_home1CMan; C:\app\Administrator\product\11.2.0\client_1\BIN\CMGW.EXE [229376 2010-03-31] (Oracle Corporation) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-07-17] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 DwMirror; C:\WINDOWS\system32\DRIVERS\DamewareMini.sys [5632 2008-03-14] (DameWare Development, LLC)
R1 dwvkbd; C:\WINDOWS\system32\DRIVERS\dwvkbd64.sys [30720 2008-03-13] (DameWare)
R3 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [253752 2015-11-11] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [186272 2015-11-11] (ESET)
R2 epfwwfpr; C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys [169744 2015-11-11] (ESET)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-07 08:40 - 2017-06-07 08:40 - 00013174 _____ C:\Users\radek.sustr\Downloads\FRST.txt
2017-06-07 08:40 - 2017-06-07 08:40 - 00000000 ____D C:\FRST
2017-06-07 08:38 - 2017-06-07 08:39 - 02433536 _____ (Farbar) C:\Users\radek.sustr\Downloads\FRST64.exe
2017-06-07 07:37 - 2017-06-07 07:37 - 00012683 _____ C:\Users\radek.sustr\AppData\Local\recently-used.xbel
2017-06-06 09:38 - 2017-06-06 14:53 - 00000000 ____D C:\Users\radek.sustr\Desktop\chyby netzch
2017-06-05 12:04 - 2017-06-05 12:06 - 00000000 ____D C:\ProgramData\HitmanPro
2017-06-05 07:18 - 2017-06-05 07:21 - 00000000 ____D C:\Users\radek.sustr\Desktop\Nová složka
2017-06-01 10:21 - 2017-06-01 10:34 - 00012204 _____ C:\Users\radek.sustr\Desktop\SILIKON.xlsx
2017-05-30 06:49 - 2017-05-30 06:49 - 00000000 _____ C:\WINDOWS\SysWOW64\kerio-connect-koff-9.2.2-2831-p1-win32.properties
2017-05-30 06:48 - 2017-05-30 06:48 - 00000000 ____D C:\ProgramData\Kerio
2017-05-30 05:58 - 2017-05-30 05:58 - 00000204 ___SH C:\Users\radek.sustr\ntuser.ini
2017-05-24 07:52 - 2017-05-24 07:53 - 00000000 ____D C:\Users\radek.sustr\Desktop\problémy MASA
2017-05-23 12:46 - 2017-05-23 12:47 - 14725904 _____ (TeamViewer GmbH) C:\Users\radek.sustr\Downloads\TeamViewer_Setup (1).exe
2017-05-12 13:37 - 2017-05-12 13:37 - 04574562 _____ C:\Users\radek.sustr\Downloads\4J736975 (1).pdf
2017-05-12 13:32 - 2017-05-12 13:33 - 04574562 _____ C:\Users\radek.sustr\Downloads\4J736975.pdf
2017-05-12 12:08 - 2017-06-07 06:41 - 00000000 ____D C:\Users\radek.sustr\Desktop\R
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-07 08:16 - 2017-01-10 14:20 - 00000000 ____D C:\Users\radek.sustr\Documents\Soubory aplikace Outlook
2017-06-07 08:16 - 2016-08-11 11:55 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-07 07:42 - 2017-04-21 07:19 - 00000000 ____D C:\Users\radek.sustr\AppData\LocalLow\Mozilla
2017-06-07 07:39 - 2016-06-27 14:32 - 00000216 _____ C:\WINDOWS\system32\config\netlogon.ftl
2017-06-07 07:37 - 2016-08-31 07:50 - 00000000 ____D C:\Users\radek.sustr\AppData\Local\gtk-2.0
2017-06-07 07:37 - 2016-08-26 10:58 - 00000000 ____D C:\Users\radek.sustr\.gimp-2.8
2017-06-07 06:56 - 2016-08-24 10:44 - 00002238 ____H C:\Users\radek.sustr\Documents\Default.rdp
2017-06-07 06:55 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-06-07 06:00 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-07 06:00 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-07 05:56 - 2016-08-26 11:05 - 00000000 ____D C:\ProgramData\firebird
2017-06-07 05:55 - 2016-07-17 00:25 - 04703848 _____ C:\WINDOWS\system32\perfh005.dat
2017-06-07 05:55 - 2016-07-17 00:25 - 01398728 _____ C:\WINDOWS\system32\perfc005.dat
2017-06-07 05:55 - 2016-05-19 11:02 - 09833066 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-05 09:04 - 2016-08-11 09:40 - 00000000 ____D C:\Users\radek.sustr\AppData\Local\Packages
2017-06-02 08:14 - 2016-08-25 12:10 - 00016219 _____ C:\Users\radek.sustr\Desktop\postup Radek.odt
2017-05-31 05:41 - 2017-02-16 07:17 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-05-31 05:41 - 2016-08-11 09:40 - 00000000 __SHD C:\Users\radek.sustr\IntelGraphicsProfiles
2017-05-30 06:50 - 2016-08-26 11:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kerio
2017-05-30 06:48 - 2016-08-26 11:04 - 00000000 ____D C:\Program Files (x86)\Kerio
2017-05-30 06:20 - 2016-07-16 13:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-05-30 06:19 - 2016-05-19 10:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-05-30 05:58 - 2016-08-11 11:56 - 00000000 ____D C:\Users\radek.sustr
2017-05-29 05:55 - 2016-08-11 11:59 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-29 05:52 - 2017-04-20 06:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-29 05:52 - 2016-08-26 10:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-29 05:51 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-05-29 05:51 - 2016-07-16 08:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-05-17 06:10 - 2016-08-26 10:47 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-17 06:10 - 2016-08-26 10:47 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-16 06:34 - 2017-04-19 10:21 - 00000000 ____D C:\Users\radek.sustr\Desktop\SOP aktualizace
==================== Files in the root of some directories =======
2016-08-02 09:30 - 2016-08-02 09:30 - 0000001 _____ () C:\Users\Administrator\AppData\Local\RawCopy.1.10.agreement
2016-08-02 09:31 - 2016-08-03 08:45 - 0000007 _____ () C:\Users\Administrator\AppData\Local\RawCopy.savedialog.dir
2016-08-02 09:31 - 2016-08-03 08:45 - 0000001 _____ () C:\Users\Administrator\AppData\Local\RawCopy.savedialog.filterindex
2016-08-02 09:30 - 2016-08-03 08:44 - 0000001 _____ () C:\Users\Administrator\AppData\Local\RawCopy.sourcedisk.index
2016-08-11 11:55 - 2016-08-11 11:55 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
2017-06-05 12:07 - 2017-06-05 12:01 - 11584088 _____ (SurfRight B.V.) C:\Users\Administrator\AppData\Local\Temp\HitmanPro.exe
2016-08-26 11:04 - 2017-05-30 06:49 - 0231936 _____ (Kerio Technologies Inc.) C:\Users\Administrator\AppData\Local\Temp\KTOutlk.dll
2017-05-30 06:50 - 2017-05-30 06:50 - 0231936 _____ (Kerio Technologies Inc.) C:\Users\radek.sustr\AppData\Local\Temp\KTOutlk.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-06-05 06:07
==================== End of FRST.txt ============================[/code]
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-06-2017
Ran by administrator (administrator) on SUSTR (07-06-2017 08:40:14)
Running from C:\Users\radek.sustr\Downloads
Loaded Profiles: radek.sustr & administrator & admin (Available Profiles: radek.sustr & administrator & admin)
Platform: Windows 10 Pro Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ESET) C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe
(SolarWinds) C:\Windows\dwrcs\DWRCS.EXE
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe
(ALVAO s.r.o.) C:\Program Files (x86)\ALVAO\Asset Management Agent\AMAgentService.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Kerio Technologies Inc.) C:\Program Files (x86)\Kerio\UpdaterService\ktupdaterservice.exe
(SolarWinds) C:\Windows\dwrcs\DWRCST.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(Kerio Technologies Inc.) C:\Program Files (x86)\Kerio\Outlook Connector (Offline Edition)\KoffBackend.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1705.1301.0_x64__8wekyb3d8bbwe\Calculator.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Kerio Technologies Inc.) C:\Program Files (x86)\Kerio\Outlook Connector (Offline Edition)\KoffRtfWrapper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8712960 2015-10-08] (Realtek Semiconductor)
HKLM\...\Run: [DameWare MRC Agent] => C:\WINDOWS\dwrcs\DWRCST.exe [665016 2016-04-01] (SolarWinds)
HKU\S-1-5-21-2024800775-3620911262-1850533389-3668\...\RunOnce: [Uninstall C:\Users\radek.sustr\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\radek.sustr\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-2024800775-3620911262-1850533389-3668\...\MountPoints2: {7f850551-6837-11e6-a620-408d5cc49f56} - "E:\AutoRun.exe"
GroupPolicy: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 172.16.4.25 172.16.4.26
Tcpip\..\Interfaces\{cc2bb52f-653d-499d-995f-c7066b475438}: [DhcpNameServer] 172.16.4.25 172.16.4.26
Internet Explorer:
==================
HKU\S-1-5-21-2024800775-3620911262-1850533389-3668\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-30] (Microsoft Corporation)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-30] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-30] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-30] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-30] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-30] (Microsoft Corporation)
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-30] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2017-01-17]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-17]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-17]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-17]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-17]
CHR Extension: (Adobe Acrobat) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-17]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-17]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-17]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-17]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-17]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ALVAO Asset Agent; C:\Program Files (x86)\ALVAO\Asset Management Agent\AMAgentService.exe [35336 2015-04-14] (ALVAO s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3971264 2017-05-14] (Microsoft Corporation)
R2 dwmrcs; C:\WINDOWS\dwrcs\DWRCS.EXE [3785656 2016-04-01] (SolarWinds)
S3 EHttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\ehttpsrv.exe [43208 2015-11-27] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe [1612000 2015-11-27] (ESET)
R2 EraAgentSvc; C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe [1693896 2016-01-12] (ESET)
S3 eshasrv; C:\Program Files\ESET\ESET Endpoint Antivirus\eshasrv.exe [185032 2015-11-27] (ESET)
R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2015-11-12] (Firebird Project) [File not signed]
R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3821568 2015-11-12] (Firebird Project) [File not signed]
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373160 2015-12-19] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-09-18] (Intel Corporation)
R2 ktupdaterservice; C:\Program Files (x86)\Kerio\UpdaterService\ktupdaterservice.exe [982224 2017-04-24] (Kerio Technologies Inc.)
S3 OracleOraClient11g_home1CMAdmin; C:\app\Administrator\product\11.2.0\client_1\BIN\CMADMIN.EXE [745472 2010-03-31] (Oracle Corporation) [File not signed]
S3 OracleOraClient11g_home1CMan; C:\app\Administrator\product\11.2.0\client_1\BIN\CMGW.EXE [229376 2010-03-31] (Oracle Corporation) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-07-17] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 DwMirror; C:\WINDOWS\system32\DRIVERS\DamewareMini.sys [5632 2008-03-14] (DameWare Development, LLC)
R1 dwvkbd; C:\WINDOWS\system32\DRIVERS\dwvkbd64.sys [30720 2008-03-13] (DameWare)
R3 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [253752 2015-11-11] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [186272 2015-11-11] (ESET)
R2 epfwwfpr; C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys [169744 2015-11-11] (ESET)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-07 08:40 - 2017-06-07 08:40 - 00013174 _____ C:\Users\radek.sustr\Downloads\FRST.txt
2017-06-07 08:40 - 2017-06-07 08:40 - 00000000 ____D C:\FRST
2017-06-07 08:38 - 2017-06-07 08:39 - 02433536 _____ (Farbar) C:\Users\radek.sustr\Downloads\FRST64.exe
2017-06-07 07:37 - 2017-06-07 07:37 - 00012683 _____ C:\Users\radek.sustr\AppData\Local\recently-used.xbel
2017-06-06 09:38 - 2017-06-06 14:53 - 00000000 ____D C:\Users\radek.sustr\Desktop\chyby netzch
2017-06-05 12:04 - 2017-06-05 12:06 - 00000000 ____D C:\ProgramData\HitmanPro
2017-06-05 07:18 - 2017-06-05 07:21 - 00000000 ____D C:\Users\radek.sustr\Desktop\Nová složka
2017-06-01 10:21 - 2017-06-01 10:34 - 00012204 _____ C:\Users\radek.sustr\Desktop\SILIKON.xlsx
2017-05-30 06:49 - 2017-05-30 06:49 - 00000000 _____ C:\WINDOWS\SysWOW64\kerio-connect-koff-9.2.2-2831-p1-win32.properties
2017-05-30 06:48 - 2017-05-30 06:48 - 00000000 ____D C:\ProgramData\Kerio
2017-05-30 05:58 - 2017-05-30 05:58 - 00000204 ___SH C:\Users\radek.sustr\ntuser.ini
2017-05-24 07:52 - 2017-05-24 07:53 - 00000000 ____D C:\Users\radek.sustr\Desktop\problémy MASA
2017-05-23 12:46 - 2017-05-23 12:47 - 14725904 _____ (TeamViewer GmbH) C:\Users\radek.sustr\Downloads\TeamViewer_Setup (1).exe
2017-05-12 13:37 - 2017-05-12 13:37 - 04574562 _____ C:\Users\radek.sustr\Downloads\4J736975 (1).pdf
2017-05-12 13:32 - 2017-05-12 13:33 - 04574562 _____ C:\Users\radek.sustr\Downloads\4J736975.pdf
2017-05-12 12:08 - 2017-06-07 06:41 - 00000000 ____D C:\Users\radek.sustr\Desktop\R
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-07 08:16 - 2017-01-10 14:20 - 00000000 ____D C:\Users\radek.sustr\Documents\Soubory aplikace Outlook
2017-06-07 08:16 - 2016-08-11 11:55 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-07 07:42 - 2017-04-21 07:19 - 00000000 ____D C:\Users\radek.sustr\AppData\LocalLow\Mozilla
2017-06-07 07:39 - 2016-06-27 14:32 - 00000216 _____ C:\WINDOWS\system32\config\netlogon.ftl
2017-06-07 07:37 - 2016-08-31 07:50 - 00000000 ____D C:\Users\radek.sustr\AppData\Local\gtk-2.0
2017-06-07 07:37 - 2016-08-26 10:58 - 00000000 ____D C:\Users\radek.sustr\.gimp-2.8
2017-06-07 06:56 - 2016-08-24 10:44 - 00002238 ____H C:\Users\radek.sustr\Documents\Default.rdp
2017-06-07 06:55 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-06-07 06:00 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-07 06:00 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-07 05:56 - 2016-08-26 11:05 - 00000000 ____D C:\ProgramData\firebird
2017-06-07 05:55 - 2016-07-17 00:25 - 04703848 _____ C:\WINDOWS\system32\perfh005.dat
2017-06-07 05:55 - 2016-07-17 00:25 - 01398728 _____ C:\WINDOWS\system32\perfc005.dat
2017-06-07 05:55 - 2016-05-19 11:02 - 09833066 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-05 09:04 - 2016-08-11 09:40 - 00000000 ____D C:\Users\radek.sustr\AppData\Local\Packages
2017-06-02 08:14 - 2016-08-25 12:10 - 00016219 _____ C:\Users\radek.sustr\Desktop\postup Radek.odt
2017-05-31 05:41 - 2017-02-16 07:17 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-05-31 05:41 - 2016-08-11 09:40 - 00000000 __SHD C:\Users\radek.sustr\IntelGraphicsProfiles
2017-05-30 06:50 - 2016-08-26 11:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kerio
2017-05-30 06:48 - 2016-08-26 11:04 - 00000000 ____D C:\Program Files (x86)\Kerio
2017-05-30 06:20 - 2016-07-16 13:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-05-30 06:19 - 2016-05-19 10:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-05-30 05:58 - 2016-08-11 11:56 - 00000000 ____D C:\Users\radek.sustr
2017-05-29 05:55 - 2016-08-11 11:59 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-29 05:52 - 2017-04-20 06:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-29 05:52 - 2016-08-26 10:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-29 05:51 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-05-29 05:51 - 2016-07-16 08:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-05-17 06:10 - 2016-08-26 10:47 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-17 06:10 - 2016-08-26 10:47 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-16 06:34 - 2017-04-19 10:21 - 00000000 ____D C:\Users\radek.sustr\Desktop\SOP aktualizace
==================== Files in the root of some directories =======
2016-08-02 09:30 - 2016-08-02 09:30 - 0000001 _____ () C:\Users\Administrator\AppData\Local\RawCopy.1.10.agreement
2016-08-02 09:31 - 2016-08-03 08:45 - 0000007 _____ () C:\Users\Administrator\AppData\Local\RawCopy.savedialog.dir
2016-08-02 09:31 - 2016-08-03 08:45 - 0000001 _____ () C:\Users\Administrator\AppData\Local\RawCopy.savedialog.filterindex
2016-08-02 09:30 - 2016-08-03 08:44 - 0000001 _____ () C:\Users\Administrator\AppData\Local\RawCopy.sourcedisk.index
2016-08-11 11:55 - 2016-08-11 11:55 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
2017-06-05 12:07 - 2017-06-05 12:01 - 11584088 _____ (SurfRight B.V.) C:\Users\Administrator\AppData\Local\Temp\HitmanPro.exe
2016-08-26 11:04 - 2017-05-30 06:49 - 0231936 _____ (Kerio Technologies Inc.) C:\Users\Administrator\AppData\Local\Temp\KTOutlk.dll
2017-05-30 06:50 - 2017-05-30 06:50 - 0231936 _____ (Kerio Technologies Inc.) C:\Users\radek.sustr\AppData\Local\Temp\KTOutlk.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-06-05 06:07
==================== End of FRST.txt ============================[/code]
Kód: Vybrat vše
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-06-2017
Ran by administrator (07-06-2017 08:40:34)
Running from C:\Users\radek.sustr\Downloads
Windows 10 Pro Version 1607 (X64) (2016-08-11 10:01:22)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
admin (S-1-5-21-2149448900-1563064864-2727187972-1001 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-2149448900-1563064864-2727187972-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2149448900-1563064864-2727187972-503 - Limited - Disabled)
Guest (S-1-5-21-2149448900-1563064864-2727187972-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET Endpoint Antivirus 6.3.2016.1 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Endpoint Antivirus 6.3.2016.1 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
ALVAO Asset Management Agent 8.1.702 (HKLM-x32\...\{B75FFC5E-B65C-46A5-B825-4EA90866369B}) (Version: 8.1.702 - ALVAO s.r.o.)
DameWare Development Mirror Driver 64 Uninstall (HKLM\...\DamewareMirror) (Version: - )
Doffing_Forecast (HKLM-x32\...\ST6UNST #2) (Version: - )
ESET Endpoint Antivirus (HKLM\...\{023201FF-53B9-48C8-9DBA-A7B81A3975C8}) (Version: 6.3.2016.1 - ESET, spol. s r.o.)
ESET Remote Administrator Agent (HKLM\...\{0CD2A039-5983-4512-902B-483128D459A8}) (Version: 6.3.136.0 - ESET, spol. s r.o.)
Firebird 2.5.5.26952 (Win32) (HKLM-x32\...\FBDBServer_2_5_is1) (Version: 2.5.5.26952 - Firebird Project)
Firebird ODBC driver 2.0.3.154 (HKLM-x32\...\Firebird ODBC Driver_is1) (Version: 2.0.3.154 - Firebird Project)
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1169 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4312 - Intel Corporation)
Intel® Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Kerio Outlook Connector (Offline Edition) (HKLM-x32\...\{589DA8A6-47F6-4B6E-87C5-17715826B76D}) (Version: 9.2.2929 - Kerio Technologies Inc.)
Kerio Updater Service (HKLM-x32\...\{83E4F253-A883-4943-8D08-8129142B6C1F}) (Version: 2.0.2651 - Kerio Technologies, Inc.) <==== ATTENTION
Microsoft Office 2016 pro podnikatele - cs-cz (HKLM\...\HomeBusinessRetail - cs-cz) (Version: 16.0.8067.2115 - Microsoft Corporation)
Microsoft SharePoint Designer 2010 (HKLM-x32\...\Office14.SharePointDesigner) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{57505B29-9D1D-45A3-9C15-D73447D7347D}) (Version: 9.00.4211.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 53.0.3 (x86 cs) (HKLM-x32\...\Mozilla Firefox 53.0.3 (x86 cs)) (Version: 53.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.3.6347 - Mozilla)
MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
Odinstalovat ovladač tiskárny UFR II (HKLM\...\Canon UFR II Printer Driver) (Version: 6, 1, 0, 0 - Canon Inc.)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.8067.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.8067.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.8067.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7967.2073 - Microsoft Corporation) Hidden
OKI Network Extension (HKLM-x32\...\{38ADB9A6-798C-11D6-A855-00105A80791C}) (Version: 1.00.000 - Okidata)
OpenOffice 4.1.2 (HKLM-x32\...\{69D27D4C-36CE-4CB2-A290-C38B0A990955}) (Version: 4.12.9782 - Apache Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7629 - Realtek Semiconductor Corp.)
Test_orders_2 (HKLM-x32\...\ST6UNST #3) (Version: - )
WIS2 (HKLM-x32\...\ST6UNST #1) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {071DC8A0-EF0C-446E-807F-C6A7912E1C9B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-05-30] ()
Task: {487DF4F4-5AC4-43B4-82D5-3EFD05A1C0CB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-26] (Google Inc.)
Task: {564859B2-0BD4-4FC2-B395-C4C4C222E2AD} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-05-30] ()
Task: {618C72BC-74D6-4D69-8F56-62D68CF16CE5} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}
Task: {7A5A2BC9-BE0E-4A16-B93C-2AA48B88ED04} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-14] (Microsoft Corporation)
Task: {8182810D-D9BC-44A4-AC05-B65628245095} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202}
Task: {9E4435F1-31FE-4321-8944-DEF84F215128} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.EXE /NOUACCHECK
Task: {BBCDF22C-F259-40F1-98D0-C4F5FE632D3F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-26] (Google Inc.)
Task: {E16B9EB1-1509-43F2-A046-E555F5AFE3D2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-03] (Adobe Systems Incorporated)
Task: {EADF8C32-EE44-490C-B89A-0F18BFC24F2F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-14] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-08-11 12:03 - 2016-08-11 12:03 - 00959168 _____ () C:\Users\radek.sustr\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\ClientTelemetry.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-08-24 09:25 - 2016-08-06 05:43 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-05-24 09:34 - 2017-05-24 09:34 - 03918848 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1705.1301.0_x64__8wekyb3d8bbwe\Calculator.exe
2017-05-17 06:10 - 2017-05-09 11:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-17 06:10 - 2017-05-09 11:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2016-08-24 09:25 - 2016-08-06 05:28 - 09761280 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-08-24 09:25 - 2016-08-06 05:21 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-08-24 09:25 - 2016-08-06 05:21 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-08-24 09:25 - 2016-08-06 05:23 - 02438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-08-24 09:25 - 2016-08-06 05:23 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-09-18 23:34 - 2015-09-18 23:34 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-04-24 10:27 - 2017-04-24 10:27 - 00073928 _____ () C:\Program Files (x86)\Kerio\UpdaterService\ktzlib100_1.2.8.dll
2017-04-24 10:36 - 2017-04-24 10:36 - 00073928 _____ () C:\Program Files (x86)\Kerio\Outlook Connector (Offline Edition)\ktzlib100_1.2.8.dll
2016-05-19 10:21 - 2017-05-30 06:17 - 01009864 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll
2016-05-19 10:21 - 2017-05-30 06:17 - 00515264 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\msfad.dll
2017-04-24 10:36 - 2017-04-24 10:36 - 00297656 _____ () C:\Program Files (x86)\Kerio\Outlook Connector (Offline Edition)\gmime.dll
2016-05-19 10:21 - 2017-05-30 06:17 - 00164544 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\JitV.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-10-30 09:24 - 2015-10-30 09:21 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2024800775-3620911262-1850533389-3668\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
HKU\S-1-5-21-2024800775-3620911262-1850533389-500\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
HKU\S-1-5-21-2149448900-1563064864-2727187972-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 172.16.4.25 - 172.16.4.26
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{7E924F3E-64A0-4591-9BEF-27754162199C}] => (Allow) C:\Program Files (x86)\ALVAO\Asset Management Agent\AMAgentService.exe
FirewallRules: [UDP Query User{55B3916F-BAC4-47A5-B78D-FF8BE4D4E71B}C:\users\administrator\appdata\local\temp\orainstall2016-06-29_08-43-11am\jdk\jre\bin\javaw.exe] => (Allow) C:\users\administrator\appdata\local\temp\orainstall2016-06-29_08-43-11am\jdk\jre\bin\javaw.exe
FirewallRules: [TCP Query User{D5D22E04-72EF-4B95-931B-175916787BEE}C:\users\administrator\appdata\local\temp\orainstall2016-06-29_08-43-11am\jdk\jre\bin\javaw.exe] => (Allow) C:\users\administrator\appdata\local\temp\orainstall2016-06-29_08-43-11am\jdk\jre\bin\javaw.exe
FirewallRules: [UDP Query User{F27C7629-8408-4302-9FFC-3AFA51BA1B02}C:\users\administrator\appdata\local\temp\orainstall2016-06-28_07-32-23am\jdk\jre\bin\javaw.exe] => (Allow) C:\users\administrator\appdata\local\temp\orainstall2016-06-28_07-32-23am\jdk\jre\bin\javaw.exe
FirewallRules: [TCP Query User{72F57129-7D52-42D2-830D-1630AEB188BC}C:\users\administrator\appdata\local\temp\orainstall2016-06-28_07-32-23am\jdk\jre\bin\javaw.exe] => (Allow) C:\users\administrator\appdata\local\temp\orainstall2016-06-28_07-32-23am\jdk\jre\bin\javaw.exe
FirewallRules: [UDP Query User{3401E34E-DFBB-4876-B53D-81CAF559901D}C:\app\administrator\product\11.2.0\client_1\jdk\jre\bin\java.exe] => (Allow) C:\app\administrator\product\11.2.0\client_1\jdk\jre\bin\java.exe
FirewallRules: [TCP Query User{C043007A-CF0F-4664-8282-354BC762CBFA}C:\app\administrator\product\11.2.0\client_1\jdk\jre\bin\java.exe] => (Allow) C:\app\administrator\product\11.2.0\client_1\jdk\jre\bin\java.exe
FirewallRules: [UDP Query User{E9BCB7EC-AFB5-487A-A902-47951B36D4D9}C:\users\administrator\appdata\local\temp\orainstall2016-06-28_07-24-44am\jdk\jre\bin\javaw.exe] => (Allow) C:\users\administrator\appdata\local\temp\orainstall2016-06-28_07-24-44am\jdk\jre\bin\javaw.exe
FirewallRules: [TCP Query User{92921879-98BB-417F-A0F5-D7E8CFABE1B6}C:\users\administrator\appdata\local\temp\orainstall2016-06-28_07-24-44am\jdk\jre\bin\javaw.exe] => (Allow) C:\users\administrator\appdata\local\temp\orainstall2016-06-28_07-24-44am\jdk\jre\bin\javaw.exe
FirewallRules: [{CF424C84-AADB-4AC5-8A84-93D6D0B9A72F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{66C0E55A-B534-4A2F-94AD-8374BDF48A9E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BBA5E971-2E6B-4006-96AA-79584BABB3AA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{BA01ADD1-CFE7-4738-937B-52533890C6BD}] => (Allow) C:\WINDOWS\dwrcs\DWRCS.EXE
FirewallRules: [{C5600515-BC0C-4705-8834-2D513868BC30}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
==================== Restore Points =========================
15-05-2017 06:10:47 Naplánovaný kontrolní bod
22-05-2017 06:14:01 Naplánovaný kontrolní bod
29-05-2017 12:23:08 Naplánovaný kontrolní bod
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/07/2017 05:51:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_wuauserv, verze: 10.0.14393.0, časové razítko: 0x57899b1c
Název chybujícího modulu: ntdll.dll, verze: 10.0.14393.82, časové razítko: 0x57a55744
Kód výjimky: 0xc0000409
Posun chyby: 0x00000000000e3051
ID chybujícího procesu: 0x22e8
Čas spuštění chybující aplikace: 0x01d2de92d749ee08
Cesta k chybující aplikaci: C:\WINDOWS\system32\svchost.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
ID zprávy: d70f797c-c72c-4eec-9b53-56b166bbbf69
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (06/07/2017 05:49:37 AM) (Source: dwmrcs) (EventID: 110) (User: )
Description: Error:
DameWare Mini Remote Control
Error setsockopt (IP_DROP_MEMBERSHIP)
System Error: 10038
System Message: Došlo k pokusu o operaci s něčím, co není soket.
(srv 64 bit)
Error: (06/07/2017 05:49:01 AM) (Source: dwmrcs) (EventID: 110) (User: )
Description: Error:
DameWare Mini Remote Control
Error setsockopt (IP_DROP_MEMBERSHIP)
System Error: 10038
System Message: Došlo k pokusu o operaci s něčím, co není soket.
(srv 64 bit)
Error: (06/07/2017 05:48:32 AM) (Source: dwmrcs) (EventID: 110) (User: )
Description: Error:
DameWare Mini Remote Control
Error setsockopt (IP_DROP_MEMBERSHIP)
System Error: 10038
System Message: Došlo k pokusu o operaci s něčím, co není soket.
(srv 64 bit)
Error: (06/07/2017 05:48:32 AM) (Source: dwmrcs) (EventID: 110) (User: )
Description: Error:
DameWare Mini Remote Control
Error setsockopt (IP_DROP_MEMBERSHIP)
System Error: 10038
System Message: Došlo k pokusu o operaci s něčím, co není soket.
(srv 64 bit)
Error: (06/06/2017 09:02:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_wuauserv, verze: 10.0.14393.0, časové razítko: 0x57899b1c
Název chybujícího modulu: ntdll.dll, verze: 10.0.14393.82, časové razítko: 0x57a55744
Kód výjimky: 0xc0000409
Posun chyby: 0x00000000000e3051
ID chybujícího procesu: 0x193c
Čas spuštění chybující aplikace: 0x01d2de774f4c5a4f
Cesta k chybující aplikaci: C:\WINDOWS\system32\svchost.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
ID zprávy: b61edfa7-dff4-42ec-8466-21fe4c4610f6
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (06/06/2017 05:45:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_wuauserv, verze: 10.0.14393.0, časové razítko: 0x57899b1c
Název chybujícího modulu: wuaueng.dll, verze: 10.0.14393.82, časové razítko: 0x57a5586c
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000011c8fd
ID chybujícího procesu: 0x14b8
Čas spuštění chybující aplikace: 0x01d2dde0d5b99355
Cesta k chybující aplikaci: C:\WINDOWS\system32\svchost.exe
Cesta k chybujícímu modulu: c:\windows\system32\wuaueng.dll
ID zprávy: 2a08330d-716a-4036-859d-fd2b7f858a4f
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (06/06/2017 05:43:47 AM) (Source: dwmrcs) (EventID: 110) (User: )
Description: Error:
DameWare Mini Remote Control
Error setsockopt (IP_DROP_MEMBERSHIP)
System Error: 10038
System Message: Došlo k pokusu o operaci s něčím, co není soket.
(srv 64 bit)
Error: (06/06/2017 05:42:41 AM) (Source: dwmrcs) (EventID: 110) (User: )
Description: Error:
DameWare Mini Remote Control
Error setsockopt (IP_DROP_MEMBERSHIP)
System Error: 10038
System Message: Došlo k pokusu o operaci s něčím, co není soket.
(srv 64 bit)
Error: (06/06/2017 05:42:12 AM) (Source: dwmrcs) (EventID: 110) (User: )
Description: Error:
DameWare Mini Remote Control
Error setsockopt (IP_DROP_MEMBERSHIP)
System Error: 10038
System Message: Došlo k pokusu o operaci s něčím, co není soket.
(srv 64 bit)
System errors:
=============
Error: (06/07/2017 07:38:26 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (06/07/2017 06:43:29 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (06/07/2017 05:51:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Windows Update byla neočekávaně ukončena. Tento stav nastal již 6krát.
Error: (06/07/2017 05:51:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Služba Windows Insider byla neočekávaně ukončena. Tento stav nastal již 12krát.
Error: (06/07/2017 05:51:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Služba WMI byla neočekávaně ukončena. Tento stav nastal již 6krát.
Error: (06/07/2017 05:51:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Aktualizovat službu Orchestrator pro Windows Update byla neočekávaně ukončena. Tento stav nastal již 15krát.
Error: (06/07/2017 05:51:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Správce uživatelů byla neočekávaně ukončena. Tento stav nastal již 15krát.
Error: (06/07/2017 05:51:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Sekundární přihlašování byla nečekaně ukončena. Stalo se to 2 krát. Následující opravná akce bude spuštěna za 300000 milisekund: Restartovat službu.
Error: (06/07/2017 05:51:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Služba Profil uživatele byla neočekávaně ukončena. Tento stav nastal již 6krát.
Error: (06/07/2017 05:51:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba sledování zeměpisné polohy byla nečekaně ukončena. Stalo se to 2 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.
CodeIntegrity:
===================================
Date: 2017-05-19 06:02:56.683
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8107.7600.0_x64__8wekyb3d8bbwe\Office16\OfficeHubWin32.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe that did not meet the Store signing level requirements.
Date: 2017-05-19 06:02:51.845
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8107.7600.0_x64__8wekyb3d8bbwe\Office16\OfficeHubWin32.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe that did not meet the Store signing level requirements.
Date: 2017-05-19 06:02:13.911
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8107.7600.0_x64__8wekyb3d8bbwe\Office16\OfficeHubWin32.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe that did not meet the Store signing level requirements.
Date: 2017-03-21 05:54:04.739
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-03-21 05:54:04.723
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 37%
Total physical RAM: 8066.54 MB
Available physical RAM: 5014.3 MB
Total Virtual: 9346.54 MB
Available Virtual: 6302.62 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:222.81 GB) (Free:143.45 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: B803D023)
Partition: GPT.
==================== End of Addition.txt ============================
[quote="Roli"]Log odstrtaněn z [color=#00BF00]CODE[/color] pro lepší čitelnost[/quote]
Zkuste to zde: 