Dobrý deň.
Prosím Vás o pomoc, podarilo sa mi spustiť nechcený súbor, a neviem si rady.
ADWcleaner nedokáže odstrániť súbory zasekne sa... a jeden program nedokážem odinštalovať.
Logfile of random's system information tool 1.16 (written by random/random)
Run by NB-Robert at 2017-12-02 16:05:56
Microsoft Windows 10 Home
System drive C: has 76 GB (67%) free of 113 GB
Total RAM: 3959 MB (50% free)
X64
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:06:02, on 2.12.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Users\NB-Robert\Desktop\adwcleaner_7.0.5.0.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\trend micro\NB-Robert_RSITx64.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [OneDrive] "C:\Users\NB-Robert\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Startup: Browge.vbs
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)
--
End of file - 6865 bytes
====== Enumerating Processes ======
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\winlogon.exe
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
C:\WINDOWS\system32\dwm.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s gpsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k localservice -p -s SEMgrSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localservice -p -s nsi
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
C:\WINDOWS\system32\AUDIODG.EXE 0x410
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
C:\WINDOWS\system32\dashost.exe
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
c:\windows\system32\sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
"C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
c:\windows\system32\taskhostw.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s WdiSystemHost
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
C:\WINDOWS\Explorer.EXE
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Windows\System32\smartscreen.exe -Embedding
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
"C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe"
c:\windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s NgcCtnrSvc
"C:\Users\NB-Robert\Desktop\adwcleaner_7.0.5.0.exe"
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s lmhosts
c:\windows\system32\svchost.exe -k localservice -p -s fdPHost
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s NcdAutoSetup
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s FDResPub
c:\windows\system32\svchost.exe -k netsvcs -p -s Browser
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s HomeGroupProvider
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s HomeGroupListener
c:\windows\system32\svchost.exe -k localservicepeernet -s p2pimsvc
c:\windows\system32\svchost.exe -k localservicepeernet -s PNRPsvc
c:\windows\system32\svchost.exe -k localservicepeernet -s p2psvc
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files\CCleaner\CCleaner64.exe" /monitor
c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "https://www.malwarebytes.com/premium/?ref=adw"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="8936.0.1911796882\1277218002" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" "C:\Users\NB-Robert\AppData\LocalLow\Mozilla\Temp-{78762a33-cff2-47af-a04c-6cffec2d6205}" 8936 "\\.\pipe\gecko-crash-server-pipe.8936" gpu
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="8936.3.415813717\766917758" -childID 1 -isForBrowser -intPrefs 5:50|6:-1|28:1000|34:20|35:5|36:10|45:128|46:10000|51:0|53:400|54:1|55:0|56:0|61:0|62:120|63:120|98:2|99:1|114:5000|124:0|126:0|137:10000|149:-1|154:128|155:10000|156:0|162:24|163:32768|165:0|166:0|174:5|178:1048576|179:100|180:5000|182:600|184:1|193:3|197:0|206:60000| -boolPrefs 1:0|2:0|4:0|26:1|27:1|30:0|33:1|37:1|38:0|39:0|40:0|43:1|44:1|47:0|48:0|49:0|50:0|52:0|57:1|58:1|59:0|60:1|64:1|65:1|66:0|67:1|68:1|69:0|70:1|73:0|74:0|77:1|78:1|82:1|83:1|84:1|85:0|86:0|88:0|89:0|90:1|91:0|92:1|95:1|97:0|100:1|101:0|108:0|113:0|116:1|119:1|121:1|125:0|128:1|131:1|132:1|138:1|139:0|140:1|142:0|148:0|150:1|151:0|152:1|153:1|160:0|161:0|164:1|167:0|169:1|171:1|172:0|177:0|181:1|186:0|187:0|188:0|189:1|190:0|191:1|192:1|195:0|198:0|199:0|200:1|201:1|202:0|203:1|204:1|205:1|207:0|208:0|210:0|218:1|219:1|220:0|221:0|222:0| -stringPrefs "3:7;release|96:0;|141:3;1.0|158:332; ¼½¾ǃː̷̸։֊׃״؉؊٪۔܁܂܃܄ᅟᅠ᜵ ‐’․‧
‹›⁁⁄⁒ ⅓⅔⅕⅖⅗⅘⅙⅚⅛⅜⅝⅞⅟∕∶⎮╱⧶⧸⫻⫽⿰⿱⿲⿳⿴⿵⿶⿷⿸⿹⿺⿻ 。〔〕〳゠ㅤ㈝㈞㎮㎯㏆㏟꞉︔︕︿﹝﹞./。ᅠ�|159:4;high|194:38;{78762a33-cff2-47af-a04c-6cffec2d6205}|" -schedulerPrefs 0001,2 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" 8936 "\\.\pipe\gecko-crash-server-pipe.8936" tab
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="8936.13.1725042324\1682816786" -childID 2 -isForBrowser -intPrefs 5:50|6:-1|28:1000|34:20|35:5|36:10|45:128|46:10000|51:0|53:400|54:1|55:0|56:0|61:0|62:120|63:120|98:2|99:1|114:5000|124:0|126:0|137:10000|149:-1|154:128|155:10000|156:0|162:24|163:32768|165:0|166:0|174:5|178:1048576|179:100|180:5000|182:600|184:1|193:3|197:0|206:60000| -boolPrefs 1:0|2:0|4:0|26:1|27:1|30:0|33:1|37:1|38:0|39:0|40:0|43:1|44:1|47:0|48:0|49:0|50:0|52:0|57:1|58:1|59:0|60:1|64:1|65:1|66:0|67:1|68:1|69:0|70:1|73:0|74:0|77:1|78:1|82:1|83:1|84:1|85:0|86:0|88:0|89:0|90:1|91:0|92:1|95:1|97:0|100:1|101:0|108:0|113:0|116:1|119:1|121:1|125:0|128:1|131:1|132:1|138:1|139:0|140:1|142:0|148:0|150:1|151:0|152:1|153:1|160:0|161:0|164:1|167:0|169:1|171:1|172:0|177:0|181:1|186:0|187:0|188:0|189:1|190:0|191:1|192:1|195:0|198:0|199:0|200:1|201:1|202:0|203:1|204:1|205:1|207:0|208:0|210:0|218:1|219:1|220:0|221:0|222:0| -stringPrefs "3:7;release|96:0;|141:3;1.0|158:332; ¼½¾ǃː̷̸։֊׃״؉؊٪۔܁܂܃܄ᅟᅠ᜵ ‐’․‧
‹›⁁⁄⁒ ⅓⅔⅕⅖⅗⅘⅙⅚⅛⅜⅝⅞⅟∕∶⎮╱⧶⧸⫻⫽⿰⿱⿲⿳⿴⿵⿶⿷⿸⿹⿺⿻ 。〔〕〳゠ㅤ㈝㈞㎮㎯㏆㏟꞉︔︕︿﹝﹞./。ᅠ�|159:4;high|194:38;{78762a33-cff2-47af-a04c-6cffec2d6205}|" -schedulerPrefs 0001,2 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" 8936 "\\.\pipe\gecko-crash-server-pipe.8936" tab
c:\windows\system32\svchost.exe -k netsvcs -p -s wisvc
C:\WINDOWS\system32\svchost.exe -k appmodel -p -s tiledatamodelsvc
"C:\Users\NB-Robert\Desktop\RSITx64.exe"
\\?\C:\WINDOWS\system32\wbem\WMIADAP.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\servicing\TrustedInstaller.exe
C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.15_none_2c4b8d3b386eed8e\TiWorker.exe -Embedding
====== Scheduled tasks folder ======
C:\WINDOWS\system32\tasks\Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\system32\tasks\Batman TV Feed - C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Batman TV Feed\Batman TV Feed.dll",EZpYrjK
C:\WINDOWS\system32\tasks\CCleaner Update - C:\Program Files\CCleaner\CCUpdate.exe
C:\WINDOWS\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\WINDOWS\system32\tasks\klcp_update - "%ProgramFiles(x86)%\K-Lite Codec Pack\Tools\CodecTweakTool.exe" /verysilent /update /freq=30
C:\WINDOWS\system32\tasks\OneDrive Standalone Update Task-S-1-5-21-4219786783-652543997-2663473789-1001 - %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
C:\WINDOWS\system32\tasks\{C9A6A961-74CD-48C2-AE01-F25356042119} - C:\Windows\system32\pcalua.exe -a "D:\#PREVZATE SUBORY\dotnetfx.exe" -d "D:\#PREVZATE SUBORY"
C:\WINDOWS\system32\tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization - "C:\Program Files (x86)\Spybot Anti-Beacon\SDAntiBeacon.exe" /apply /silent /atlogon
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTask - %windir%\System32\XblGameSaveTask.exe standby
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon - %windir%\System32\XblGameSaveTask.exe logon
C:\WINDOWS\system32\tasks\Microsoft\Windows\WwanSvc\NotificationTask - %SystemRoot%\System32\WiFiTask.exe wwan
C:\WINDOWS\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join - %SystemRoot%\System32\dsregcmd.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Workplace Join\Recovery-Check - %SystemRoot%\System32\dsregcmd.exe /checkrecovery
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\WINDOWS\system32\sc.exe start wuauserv
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sih - %systemroot%\System32\sihclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sihboot - %systemroot%\System32\sihclient.exe /boot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -upload
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance - C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup - C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCleanup
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan - C:\Program Files\Windows Defender\MpCmdRun.exe Scan -ScheduleJob -ScanTrigger 55
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification - C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdVerification
C:\WINDOWS\system32\tasks\Microsoft\Windows\WCM\WiFiTask - %SystemRoot%\System32\WiFiTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WaaSMedic\PerformRemediation - %systemroot%\System32\WaaSMedic.exe None
C:\WINDOWS\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval - %systemroot%\system32\MusNotification.exe Display
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Reboot - %systemroot%\system32\MusNotification.exe RebootDialog
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan - %systemroot%\system32\usoclient.exe StartScan
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_Broker_Display - %systemroot%\system32\MusNotification.exe Display
C:\WINDOWS\system32\tasks\Microsoft\Windows\UNP\RunUpdateNotificationMgr - %windir%\System32\UNP\UpdateNotificationMgr.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone - %windir%\system32\tzsync.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\WINDOWS\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation
C:\WINDOWS\system32\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Subscription\EnableLicenseAcquisition - %SystemRoot%\system32\ClipRenew.exe -e
C:\WINDOWS\system32\tasks\Microsoft\Windows\Subscription\LicenseAcquisition - %SystemRoot%\system32\ClipRenew.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization - %windir%\system32\defrag.exe -c -h -g -# -m 8 -i 13500
C:\WINDOWS\system32\tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask - %windir%\system32\speech_onecore\common\SpeechModelDownload.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceManagerTask - %windir%\system32\spaceman.exe /Work
C:\WINDOWS\system32\tasks\Microsoft\Windows\SMB\UninstallSMB1ClientTask - %windir%\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& %windir%\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Client"
C:\WINDOWS\system32\tasks\Microsoft\Windows\SMB\UninstallSMB1ServerTask - %windir%\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& %windir%\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Server"
C:\WINDOWS\system32\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - %windir%\System32\wpcmon.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SharedPC\Account Cleanup - %windir%\System32\rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\PushToInstall\LoginCheck - %windir%\system32\sc.exe start pushtoinstall login
C:\WINDOWS\system32\tasks\Microsoft\Windows\PushToInstall\Registration - %windir%\system32\sc.exe start pushtoinstall registration
C:\WINDOWS\system32\tasks\Microsoft\Windows\Printing\EduPrintProv - %windir%\system32\eduprintprov.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\WINDOWS\system32\tasks\Microsoft\Windows\NlaSvc\WiFiTask - %SystemRoot%\System32\WiFiTask.exe nla
C:\WINDOWS\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\WINDOWS\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - %SystemRoot%\System32\MbaeParserTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Management\Provisioning\Cellular - %windir%\system32\ProvTool.exe /turn 7 /source CellStateChangeTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Management\Provisioning\Logon - %windir%\system32\ProvTool.exe /turn 5 /source LogonIdleTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotificationWindows.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\WindowsActionDialog - %windir%\System32\WindowsActionDialog.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClient - %windir%\system32\dmclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload - %windir%\system32\dmclient.exe utcwnf
C:\WINDOWS\system32\tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask - %windir%\system32\MDMAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DUSM\dusmtask - %SystemRoot%\System32\dusmtask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskFootprint\Diagnostics - %windir%\system32\disksnapshot.exe -z
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskCleanup\SilentCleanup - %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive%
C:\WINDOWS\system32\tasks\Microsoft\Windows\Device Information\Device - %windir%\system32\devicecensus.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -o -$
C:\WINDOWS\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Clip\License Validation - %SystemRoot%\system32\ClipUp.exe -p -s -o
C:\WINDOWS\system32\tasks\Microsoft\Windows\Chkdsk\SyspartRepair - %windir%\system32\bcdboot.exe %windir% /sysrepair
C:\WINDOWS\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - %windir%\system32\rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierdaily - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierinstall - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup - %windir%\system32\dstokenclean.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattelrunner.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\StartupAppTask - %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\WINDOWS\system32\tasks\Abelssoft\StartBackgroundguardWithWindows - C:\Program Files (x86)\CheckDrive\CheckDrive.exe -backgroundGuard
=========Mozilla firefox=========
ProfilePath - C:\Users\NB-Robert\AppData\Roaming\Mozilla\Firefox\Profiles\qeup7wg0.default-1508254555779
prefs.js - "browser.startup.homepage" - "http://www.google.sk/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 27.0.0.187 Plugin
"Path"=C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 27.0.0.187 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
C:\Users\NB-Robert\AppData\Roaming\Mozilla\Firefox\Profiles\qeup7wg0.default-1508254555779\addons.json
AdBlocker Ultimate - extension - adblockultimate@adblockultimate.net
Text Link - extension - {54BB9F3F-07E5-486c-9B39-C7398B99391C}
Linkificator - extension - linkificator@markapola
C:\Users\NB-Robert\AppData\Roaming\Mozilla\Firefox\Profiles\qeup7wg0.default-1508254555779\extensions.json
AdBlocker Ultimate - webextension - adblockultimate@adblockultimate.net -
Linkificator - webextension - linkificator@markapola -
Application Update Service Helper - extension - aushelper@mozilla.org -
Multi-process staged rollout - extension - e10srollout@mozilla.org -
Pocket - extension - firefox@getpocket.com -
Follow-on Search Telemetry - extension - followonsearch@mozilla.com -
Firefox Screenshots - extension - screenshots@mozilla.org -
Shield Recipe Client - extension - shield-recipe-client@mozilla.org -
Web Compat - extension - webcompat@mozilla.org -
Activity Stream - extension - activity-stream@mozilla.org -
Form Autofill - extension - formautofill@mozilla.org -
Photon onboarding - extension - onboarding@mozilla.org -
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} -
C:\Users\NB-Robert\AppData\Roaming\Mozilla\Firefox\Profiles\qeup7wg0.default-1508254555779\pluginreg.dat
Plugin - Shockwave Flash - 27.0.0.187 - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll
======Registry dump ======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\Program Files\Windows Defender\MSASCuiL.exe [2017-09-29 630168]
"ETDCtrl"=C:\Program Files\Elantech\ETDCtrl.exe [2015-10-07 3242696]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2015-06-29 1794888]
"IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2014-04-24 36352]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2017-11-08 10024624]
"OneDrive"=C:\Users\NB-Robert\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2017-11-07 1685704]
C:\Users\NB-Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Browge.vbs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders" = credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=1
"EnableFullTrustStartupTasks"=2
"EnableUIADesktopToggle"=0
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1
"undockwithoutlogon"=1
"ConsentPromptBehaviorAdmin"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
====== File associations ======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
====== List of files/folders created in the last 1 month ======
2017-12-02 16:05:56 ----D---- C:\rsit
2017-12-02 16:05:56 ----D---- C:\Program Files\trend micro
2017-12-02 14:58:41 ----D---- C:\Users\NB-Robert\AppData\Roaming\0982ad82dd194b5baa21caf471d30d57
2017-12-02 14:58:27 ----D---- C:\Users\NB-Robert\AppData\Roaming\pxt5q3r5oeo
2017-12-02 14:58:15 ----D---- C:\Users\NB-Robert\AppData\Roaming\htmta5zhced
2017-12-02 14:58:15 ----D---- C:\Program Files\8727ZDIX0P
2017-12-02 14:56:37 ----D---- C:\Users\NB-Robert\AppData\Roaming\TablacusApp2
2017-12-02 14:56:18 ----D---- C:\Users\NB-Robert\AppData\Roaming\mdyh50bcjkr
2017-12-02 14:56:13 ----D---- C:\Users\NB-Robert\AppData\Roaming\al41qjgvvyk
2017-12-02 14:56:12 ----D---- C:\ProgramData\2434d102aa69428e9f40818d97a013b6
2017-12-02 14:55:52 ----A---- C:\WINDOWS\system32\drivers\MbamChameleon.sys
2017-12-02 14:55:48 ----A---- C:\WINDOWS\system32\drivers\mwac.sys
2017-12-02 14:55:48 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2017-12-02 14:55:48 ----A---- C:\WINDOWS\system32\drivers\farflt.sys
2017-12-02 14:55:47 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2017-12-02 14:55:42 ----D---- C:\Users\NB-Robert\AppData\Roaming\qbmxz5zvzri
2017-12-02 14:55:42 ----D---- C:\Program Files\WMQE3HWEE7
2017-12-02 14:55:28 ----D---- C:\Users\NB-Robert\AppData\Roaming\15kt5tra3xn
2017-12-02 14:55:26 ----D---- C:\Program Files\F0AMS806W5
2017-12-02 14:55:18 ----D---- C:\Users\NB-Robert\AppData\Roaming\server
2017-11-14 20:21:14 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2017-11-14 20:21:14 ----A---- C:\WINDOWS\SYSWOW64\rdrleakdiag.exe
2017-11-14 20:21:14 ----A---- C:\WINDOWS\SYSWOW64\mfmp4srcsnk.dll
2017-11-14 20:21:14 ----A---- C:\WINDOWS\SYSWOW64\mfasfsrcsnk.dll
2017-11-14 20:21:14 ----A---- C:\WINDOWS\SYSWOW64\jscript.dll
2017-11-14 20:21:14 ----A---- C:\WINDOWS\SYSWOW64\AcLayers.dll
2017-11-14 20:21:14 ----A---- C:\WINDOWS\system32\rdrleakdiag.exe
2017-11-14 20:21:14 ----A---- C:\WINDOWS\system32\drivers\UcmCx.sys
2017-11-14 20:21:14 ----A---- C:\WINDOWS\system32\drivers\dumpsd.sys
2017-11-14 20:21:14 ----A---- C:\WINDOWS\system32\devinv.dll
2017-11-14 20:21:14 ----A---- C:\WINDOWS\system32\AcLayers.dll
2017-11-14 20:21:13 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Speech.dll
2017-11-14 20:21:13 ----A---- C:\WINDOWS\SYSWOW64\ntdll.dll
2017-11-14 20:21:13 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2017-11-14 20:21:13 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2017-11-14 20:21:13 ----A---- C:\WINDOWS\SYSWOW64\Chakradiag.dll
2017-11-14 20:21:13 ----A---- C:\WINDOWS\SYSWOW64\AudioEng.dll
2017-11-14 20:21:13 ----A---- C:\WINDOWS\SYSWOW64\AcGenral.dll
2017-11-14 20:21:13 ----A---- C:\WINDOWS\system32\wow64win.dll
2017-11-14 20:21:11 ----A---- C:\WINDOWS\SYSWOW64\win32kfull.sys
2017-11-14 20:21:11 ----A---- C:\WINDOWS\SYSWOW64\user32.dll
2017-11-14 20:21:11 ----A---- C:\WINDOWS\SYSWOW64\mfsrcsnk.dll
2017-11-14 20:21:11 ----A---- C:\WINDOWS\SYSWOW64\AudioSes.dll
2017-11-14 20:21:11 ----A---- C:\WINDOWS\system32\audiodg.exe
2017-11-14 20:21:10 ----A---- C:\WINDOWS\system32\ntdll.dll
2017-11-14 20:21:10 ----A---- C:\WINDOWS\system32\drivers\USBHUB3.SYS
2017-11-14 20:21:10 ----A---- C:\WINDOWS\system32\drivers\sdbus.sys
2017-11-14 20:21:10 ----A---- C:\WINDOWS\system32\ci.dll
2017-11-14 20:21:10 ----A---- C:\WINDOWS\system32\aeinv.dll
2017-11-14 20:21:10 ----A---- C:\WINDOWS\system32\AcSpecfc.dll
2017-11-14 20:21:09 ----A---- C:\WINDOWS\system32\jscript9.dll
2017-11-14 20:21:09 ----A---- C:\WINDOWS\system32\drivers\wcifs.sys
2017-11-14 20:21:09 ----A---- C:\WINDOWS\system32\drivers\rdbss.sys
2017-11-14 20:21:09 ----A---- C:\WINDOWS\system32\drivers\luafv.sys
2017-11-14 20:21:08 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2017-11-14 20:21:08 ----A---- C:\WINDOWS\system32\vbscript.dll
2017-11-14 20:21:08 ----A---- C:\WINDOWS\system32\Chakradiag.dll
2017-11-14 20:21:08 ----A---- C:\WINDOWS\system32\diagtrack.dll
2017-11-14 20:21:08 ----A---- C:\WINDOWS\system32\AudioEng.dll
2017-11-14 20:21:07 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2017-11-14 20:21:07 ----A---- C:\WINDOWS\SYSWOW64\AcSpecfc.dll
2017-11-14 20:21:06 ----A---- C:\WINDOWS\SYSWOW64\mfmpeg2srcsnk.dll
2017-11-14 20:21:05 ----A---- C:\WINDOWS\system32\wuuhext.dll
2017-11-14 20:21:05 ----A---- C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-11-14 20:21:05 ----A---- C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-11-14 20:21:05 ----A---- C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-11-14 20:21:05 ----A---- C:\WINDOWS\system32\drivers\storufs.sys
2017-11-14 20:21:05 ----A---- C:\WINDOWS\system32\AudioSes.dll
2017-11-14 20:21:05 ----A---- C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-11-14 20:21:04 ----A---- C:\WINDOWS\SYSWOW64\PCPKsp.dll
2017-11-14 20:21:04 ----A---- C:\WINDOWS\SYSWOW64\msdtcVSp1res.dll
2017-11-14 20:21:04 ----A---- C:\WINDOWS\SYSWOW64\mispace.dll
2017-11-14 20:21:04 ----A---- C:\WINDOWS\SYSWOW64\dwmcore.dll
2017-11-14 20:21:04 ----A---- C:\WINDOWS\system32\win32kbase.sys
2017-11-14 20:21:04 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2017-11-14 20:21:03 ----A---- C:\WINDOWS\system32\win32kfull.sys
2017-11-14 20:21:03 ----A---- C:\WINDOWS\system32\user32.dll
2017-11-14 20:21:02 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2017-11-14 20:21:02 ----A---- C:\WINDOWS\system32\Chakra.dll
2017-11-14 20:21:02 ----A---- C:\WINDOWS\system32\AcGenral.dll
2017-11-14 20:21:01 ----A---- C:\WINDOWS\system32\jscript9diag.dll
2017-11-14 20:21:01 ----A---- C:\WINDOWS\system32\jscript.dll
2017-11-14 20:20:59 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.dll
2017-11-14 20:20:59 ----A---- C:\WINDOWS\SYSWOW64\mfcore.dll
2017-11-14 20:20:59 ----A---- C:\WINDOWS\system32\mfsrcsnk.dll
2017-11-14 20:20:58 ----A---- C:\WINDOWS\system32\wuaueng.dll
2017-11-14 20:20:58 ----A---- C:\WINDOWS\system32\drivers\storport.sys
2017-11-14 20:20:58 ----A---- C:\WINDOWS\system32\audiosrv.dll
2017-11-14 20:20:57 ----A---- C:\WINDOWS\system32\mispace.dll
2017-11-14 20:20:56 ----A---- C:\WINDOWS\system32\msdtcVSp1res.dll
2017-11-14 20:20:56 ----A---- C:\WINDOWS\system32\dwmcore.dll
2017-11-14 20:20:56 ----A---- C:\WINDOWS\system32\drivers\ntfs.sys
2017-11-14 20:20:55 ----A---- C:\WINDOWS\system32\PCPKsp.dll
2017-11-14 20:20:55 ----A---- C:\WINDOWS\system32\mshtml.dll
2017-11-14 20:20:50 ----A---- C:\WINDOWS\system32\Windows.Media.dll
2017-11-14 20:20:50 ----A---- C:\WINDOWS\system32\mfcore.dll
2017-11-14 20:20:49 ----A---- C:\WINDOWS\system32\edgehtml.dll
2017-11-14 20:20:48 ----A---- C:\WINDOWS\SYSWOW64\msexcl40.dll
2017-11-14 20:20:47 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Input.Inking.dll
2017-11-14 20:20:47 ----A---- C:\WINDOWS\SYSWOW64\Windows.Perception.Stub.dll
2017-11-14 20:20:47 ----A---- C:\WINDOWS\SYSWOW64\TileDataRepository.dll
2017-11-14 20:20:47 ----A---- C:\WINDOWS\SYSWOW64\CloudExperienceHostCommon.dll
2017-11-14 20:20:47 ----A---- C:\WINDOWS\SYSWOW64\CapabilityAccessManagerClient.dll
2017-11-14 20:20:47 ----A---- C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2017-11-14 20:20:47 ----A---- C:\WINDOWS\system32\HolographicRuntimes.dll
2017-11-14 20:20:47 ----A---- C:\WINDOWS\system32\DHolographicDisplay.dll
2017-11-14 20:20:47 ----A---- C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2017-11-14 20:20:46 ----A---- C:\WINDOWS\SYSWOW64\Windows.Mirage.Internal.dll
2017-11-14 20:20:46 ----A---- C:\WINDOWS\SYSWOW64\d3d10warp.dll
2017-11-14 20:20:46 ----A---- C:\WINDOWS\system32\runexehelper.exe
2017-11-14 20:20:46 ----A---- C:\WINDOWS\system32\RDXService.dll
2017-11-14 20:20:46 ----A---- C:\WINDOWS\system32\FaceProcessorCore.dll
2017-11-14 20:20:46 ----A---- C:\WINDOWS\system32\CapabilityAccessManager.dll
2017-11-14 20:20:45 ----A---- C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-11-14 20:20:45 ----A---- C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-11-14 20:20:45 ----A---- C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2017-11-14 20:20:45 ----A---- C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-11-14 20:20:45 ----A---- C:\WINDOWS\system32\vac.exe
2017-11-14 20:20:45 ----A---- C:\WINDOWS\system32\TileDataRepository.dll
2017-11-14 20:20:45 ----A---- C:\WINDOWS\system32\ISM.dll
2017-11-14 20:20:45 ----A---- C:\WINDOWS\system32\HolographicExtensions.dll
2017-11-14 20:20:45 ----A---- C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-11-14 20:20:45 ----A---- C:\WINDOWS\system32\BioIso.exe
2017-11-14 20:20:44 ----A---- C:\WINDOWS\SYSWOW64\Windows.Mirage.dll
2017-11-14 20:20:44 ----A---- C:\WINDOWS\system32\Spectrum.exe
2017-11-14 20:20:43 ----A---- C:\WINDOWS\system32\twinui.pcshell.dll
2017-11-14 20:20:43 ----A---- C:\WINDOWS\system32\FaceProcessor.dll
2017-11-14 20:20:43 ----A---- C:\WINDOWS\system32\d3d10warp.dll
2017-11-14 20:20:42 ----A---- C:\WINDOWS\system32\Windows.Mirage.dll
2017-11-14 20:20:42 ----A---- C:\WINDOWS\system32\HologramCompositor.dll
2017-11-14 20:20:41 ----A---- C:\WINDOWS\system32\Hydrogen.dll
2017-11-14 20:20:30 ----A---- C:\WINDOWS\SYSWOW64\tzres.dll
2017-11-14 20:20:30 ----A---- C:\WINDOWS\system32\tzres.dll
2017-11-10 06:23:48 ----SHD---- C:\found.001
2017-11-03 19:47:54 ----A---- C:\WINDOWS\system32\drivers\mbae64.sys
2017-11-03 19:47:46 ----D---- C:\ProgramData\Malwarebytes
2017-11-03 14:46:17 ----D---- C:\Users\NB-Robert\AppData\Roaming\Obsidium
====== List of files/folders modified in the last 1 month ======
2017-12-02 16:06:02 ----D---- C:\WINDOWS\Prefetch
2017-12-02 16:05:56 ----RD---- C:\Program Files
2017-12-02 16:04:19 ----D---- C:\AdwCleaner
2017-12-02 16:01:56 ----D---- C:\WINDOWS\Temp
2017-12-02 16:01:54 ----D---- C:\WINDOWS\system32\sru
2017-12-02 16:01:50 ----D---- C:\ProgramData\NVIDIA
2017-12-02 16:01:25 ----D---- C:\WINDOWS\system32\catroot2
2017-12-02 15:26:46 ----D---- C:\WINDOWS\System32
2017-12-02 15:26:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-02 15:17:43 ----AD---- C:\Program Files\Mozilla Firefox
2017-12-02 15:17:38 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-02 15:07:16 ----D---- C:\WINDOWS\system32\drivers
2017-12-02 15:07:03 ----RD---- C:\Program Files (x86)
2017-12-02 15:07:03 ----HD---- C:\ProgramData
2017-12-02 15:04:32 ----D---- C:\WINDOWS\Tasks
2017-12-02 15:04:28 ----D---- C:\WINDOWS\system32\Tasks
2017-12-02 15:00:16 ----D---- C:\Program Files\Batman TV Feed
2017-12-02 14:55:56 ----RSD---- C:\WINDOWS\assembly
2017-12-02 14:55:44 ----D---- C:\Program Files\Windows Mail
2017-12-02 14:55:40 ----AD---- C:\Program Files\UNP
2017-12-02 14:27:58 ----D---- C:\WINDOWS\system32\config
2017-12-02 14:27:21 ----D---- C:\WINDOWS\DeliveryOptimization
2017-12-02 14:25:58 ----D---- C:\WINDOWS\CbsTemp
2017-12-02 14:22:35 ----D---- C:\WINDOWS\Logs
2017-12-02 14:21:11 ----D---- C:\WINDOWS\SoftwareDistribution
2017-12-02 14:21:07 ----D---- C:\Windows
2017-12-02 14:14:40 ----D---- C:\Users\NB-Robert\AppData\Roaming\MPC-HC
2017-12-02 11:11:49 ----D---- C:\WINDOWS\system32\SleepStudy
2017-12-02 11:10:05 ----D---- C:\WINDOWS\WinSxS
2017-12-01 18:36:07 ----D---- C:\WINDOWS\system32\LogFiles
2017-12-01 18:35:18 ----RD---- C:\WINDOWS\Microsoft.NET
2017-12-01 08:30:22 ----AD---- C:\Program Files (x86)\Mozilla Firefox
2017-11-30 22:37:09 ----D---- C:\WINDOWS\INF
2017-11-29 16:29:55 ----SHDC---- C:\WINDOWS\Installer
2017-11-29 16:29:55 ----D---- C:\ProgramData\Microsoft Help
2017-11-28 21:50:32 ----HD---- C:\Program Files\WindowsApps
2017-11-28 21:50:30 ----D---- C:\WINDOWS\AppReadiness
2017-11-27 20:52:08 ----D---- C:\Users\NB-Robert\AppData\Roaming\Mp3tag
2017-11-27 19:07:37 ----D---- C:\Users\NB-Robert\AppData\Roaming\BitTorrent
2017-11-21 07:05:23 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2017-11-19 12:44:04 ----SHD---- C:\System Volume Information
2017-11-17 23:13:32 ----D---- C:\WINDOWS\Minidump
2017-11-17 18:59:56 ----D---- C:\WINDOWS\system32\DriverStore
2017-11-17 18:59:43 ----D---- C:\WINDOWS\rescache
2017-11-15 21:58:02 ----SD---- C:\WINDOWS\SYSWOW64\F12
2017-11-15 21:58:02 ----SD---- C:\WINDOWS\system32\F12
2017-11-15 21:58:02 ----D---- C:\WINDOWS\TextInput
2017-11-15 21:58:02 ----D---- C:\WINDOWS\SYSWOW64\Dism
2017-11-15 21:58:02 ----D---- C:\WINDOWS\SysWOW64
2017-11-15 21:58:02 ----D---- C:\WINDOWS\system32\WinBioPlugIns
2017-11-15 21:58:02 ----D---- C:\WINDOWS\system32\migration
2017-11-15 21:58:02 ----D---- C:\WINDOWS\system32\drivers\UMDF
2017-11-15 21:58:02 ----D---- C:\WINDOWS\system32\Dism
2017-11-15 21:58:02 ----D---- C:\WINDOWS\system32\appraiser
2017-11-15 21:58:01 ----D---- C:\WINDOWS\apppatch
2017-11-15 17:36:16 ----D---- C:\WINDOWS\system32\Macromed
2017-11-15 17:36:11 ----D---- C:\WINDOWS\SYSWOW64\Macromed
2017-11-15 07:09:11 ----D---- C:\WINDOWS\debug
2017-11-14 20:37:17 ----D---- C:\WINDOWS\system32\MRT
2017-11-14 20:26:04 ----AC---- C:\WINDOWS\system32\MRT-KB890830.exe
2017-11-14 20:25:59 ----AC---- C:\WINDOWS\system32\MRT.exe
2017-11-14 18:48:04 ----D---- C:\Users\NB-Robert\AppData\Roaming\Mozilla
2017-11-04 02:25:40 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
2017-11-03 19:48:25 ----D---- C:\WINDOWS\system32\WDI
2017-11-03 19:47:46 ----D---- C:\Program Files\Malwarebytes
File C:\WINDOWS\system32\winlogon.exe is digitally signed
File C:\WINDOWS\system32\wininit.exe is digitally signed
File C:\WINDOWS\explorer.exe is digitally signed
File C:\WINDOWS\SysWOW64\explorer.exe is digitally signed
File C:\WINDOWS\system32\svchost.exe is digitally signed
File C:\WINDOWS\SysWOW64\svchost.exe is digitally signed
File C:\WINDOWS\system32\services.exe is digitally signed
File C:\WINDOWS\system32\User32.dll is digitally signed
File C:\WINDOWS\SysWOW64\User32.dll is digitally signed
File C:\WINDOWS\system32\userinit.exe is digitally signed
File C:\WINDOWS\SysWOW64\userinit.exe is digitally signed
File C:\WINDOWS\system32\rpcss.dll is digitally signed
File C:\WINDOWS\system32\Drivers\volsnap.sys is digitally signed
====== List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======
R0 iaStorA;iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [2014-04-24 633704]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\WINDOWS\system32\drivers\iorate.sys [2017-09-29 56728]
R0 MBAMSwissArmy;MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [2017-12-02 253880]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\WINDOWS\system32\drivers\bam.sys [2017-09-29 60312]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit; \??\C:\WINDOWS\system32\drivers\mbae64.sys [2017-11-01 77432]
R2 CldFlt;Windows Cloud Files Filter Driver; C:\WINDOWS\system32\drivers\cldflt.sys [2017-09-29 384000]
R2 MBAMChameleon;MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [2017-12-02 193464]
R3 ACPIVPC;@oem6.inf,%ACPIVPC.SvcDesc%;Lenovo Virtual Power Controller Driver; C:\WINDOWS\System32\drivers\AcpiVpc.sys [2015-06-04 42328]
R3 BCM43XX;@oem2.inf,%BCM43XX_Service_DispName%;Broadcom 802.11 - ovládač sieťového adaptéru; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [2014-10-02 7570136]
R3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\WINDOWS\System32\drivers\CAD.sys [2017-09-29 60312]
R3 ETD;@oem11.inf,%PS2.DeviceDesc%;ELAN Input Device; C:\WINDOWS\system32\DRIVERS\ETD.sys [2015-10-07 525512]
R3 HECIx64;@oem14.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface; C:\WINDOWS\System32\drivers\HECIx64.sys [2009-09-17 56344]
R3 NVHDA;@oem0.inf,%NVHDA.SvcDesc%;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda64v.sys [2016-12-09 206776]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys [2016-12-09 12914360]
R3 rt640x64;@oem13.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2016-08-23 943112]
R3 RTSUER;@oem8.inf,%RtsUER%;Realtek USB Card Reader - UER; C:\WINDOWS\system32\Drivers\RtsUer.sys [2016-05-17 416472]
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\WINDOWS\System32\drivers\bttflt.sys [2017-09-29 37784]
S0 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2017-09-29 357272]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-09-29 63520]
S0 Ramdisk;Windows RAM Disk Driver; C:\WINDOWS\system32\DRIVERS\ramdisk.sys [2017-09-29 39832]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2017-09-29 118168]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2017-09-29 20480]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2017-09-29 18432]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2017-09-29 73112]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\WINDOWS\System32\Drivers\mshwnclx.sys [2017-09-29 27136]
S3 HyperVideo;HyperVideo; C:\WINDOWS\System32\drivers\HyperVideo.sys [2017-09-29 28160]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2017-09-29 1723288]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2017-09-29 36864]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2017-09-29 79360]
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2017-09-29 88576]
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2017-09-29 174592]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2017-09-29 39424]
S3 invdimm;@invdimm.inf,%invdimm.SvcDesc%;Microsoft iNVDIMM device driver; C:\WINDOWS\System32\drivers\invdimm.sys [2017-09-29 38912]
S3 IPT;IPT; C:\WINDOWS\System32\drivers\ipt.sys [2017-09-29 26112]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2017-09-29 119808]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\WINDOWS\System32\drivers\mausbhost.sys [2017-09-29 505240]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\WINDOWS\System32\drivers\mausbip.sys [2017-09-29 55840]
S3 MBAMFarflt;MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [2017-12-02 110016]
S3 MBAMProtection;MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [2017-12-02 46008]
S3 MBAMWebProtection;MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [2017-12-02 94144]
S3 MDA_NTDRV;MDA_NTDRV; \??\C:\WINDOWS\system32\MDA_NTDRV.sys [2013-02-25 21208]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2017-09-29 132608]
S3 netvsc;netvsc; C:\WINDOWS\System32\drivers\netvsc.sys [2017-09-29 192512]
S3 nvdimmn;@nvdimmn.inf,%nvdimmn.SvcDesc%;Microsoft NVDIMM-N device driver; C:\WINDOWS\System32\drivers\nvdimmn.sys [2017-09-29 88576]
S3 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\WINDOWS\System32\drivers\pmem.sys [2017-09-29 100352]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\WINDOWS\System32\drivers\pnpmem.sys [2017-09-29 16896]
S3 ReFS;ReFS; C:\WINDOWS\system32\drivers\ReFS.sys [2017-09-29 1849752]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\WINDOWS\System32\drivers\rhproxy.sys [2017-09-29 103936]
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\WINDOWS\System32\drivers\SDFRd.sys [2017-09-29 33176]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter; C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2017-09-30 56216]
====== List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======
R2 CDPUserSvc_242b0;CDPUserSvc_242b0; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p;"ServiceDll" = %SystemRoot%\System32\dusmsvc.dll
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2014-04-24 15720]
R2 MBAMService;Malwarebytes Service; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2017-11-01 6234056]
R2 OneSyncSvc_242b0;OneSyncSvc_242b0; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
R2 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\WINDOWS\system32\SecurityHealthService.exe [2017-09-29 518640]
R3 PimIndexMaintenanceSvc_242b0;PimIndexMaintenanceSvc_242b0; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
R3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\RMapi.dll
R3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; %SystemRoot%\system32\svchost.exe -k LocalService -p;"ServiceDll" = %SystemRoot%\system32\SEMgrSvc.dll
R3 TimeBrokerSvc;@%windir%\system32\TimeBrokerServer.dll,-1001; %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p;"ServiceDll" = %SystemRoot%\System32\TimeBrokerServer.dll
R3 TokenBroker;@%systemroot%\system32\tokenbroker.dll,-100; %SystemRoot%\system32\svchost.exe -k netsvcs -p;"ServiceDll" = %SystemRoot%\System32\TokenBroker.dll
S2 AGSService;Adobe Genuine Software Integrity Service; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2017-08-23 2257016]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" = %SystemRoot%\System32\CDPUserSvc.dll
S2 ETDService;Elan Service; C:\Program Files\Elantech\ETDService.exe [2015-10-07 144072]
S2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvvsvc.exe [2016-11-14 932728]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2016-11-14 426040]
S3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; %SystemRoot%\system32\svchost.exe -k appmodel -p;"ServiceDll" = %SystemRoot%\system32\CapabilityAccessManager.dll
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; %SystemRoot%\system32\svchost.exe -k DevicesFlow;"ServiceDll" = %SystemRoot%\System32\DevicesFlowBroker.dll
S3 DevicesFlowUserSvc_242b0;DevicesFlowUserSvc_242b0; C:\WINDOWS\system32\svchost.exe -k DevicesFlow;"ServiceDll" =
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; %SystemRoot%\System32\svchost.exe -k diagnostics;"ServiceDll" = %systemroot%\system32\DiagSvc.dll
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2017-09-28 43648]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; %SystemRoot%\System32\svchost.exe -k Camera;"ServiceDll" = %SystemRoot%\system32\FrameServer.dll
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; %SystemRoot%\System32\svchost.exe -k GraphicsPerfSvcGroup;"ServiceDll" = %SystemRoot%\System32\GraphicsPerfSvc.dll
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p;"ServiceDll" = %SystemRoot%\System32\hvhostsvc.dll
S3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; %SystemRoot%\System32\svchost.exe -k netsvcs -p;"ServiceDll" = %SystemRoot%\system32\InstallService.dll
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p;"ServiceDll" = %SystemRoot%\System32\IpxlatCfg.dll
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p;"ServiceDll" = %SystemRoot%\System32\irmon.dll
S3 MessagingService_242b0;MessagingService_242b0; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2017-12-01 194000]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; %SystemRoot%\system32\svchost.exe -k netsvcs -p;"ServiceDll" = %SystemRoot%\System32\NaturalAuth.dll
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; %SystemRoot%\system32\svchost.exe -k PrintWorkflow;"ServiceDll" = %SystemRoot%\System32\PrintWorkflowService.dll
S3 PrintWorkflowUserSvc_242b0;PrintWorkflowUserSvc_242b0; C:\WINDOWS\system32\svchost.exe -k PrintWorkflow;"ServiceDll" =
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; %SystemRoot%\System32\svchost.exe -k netsvcs -p;"ServiceDll" = %SystemRoot%\system32\PushToInstall.dll
S3 SharedRealitySvc;@%SystemRoot%\system32\SharedRealitySvc.dll,-100; %SystemRoot%\system32\svchost.exe -k LocalService -p;"ServiceDll" = %SystemRoot%\System32\SharedRealitySvc.dll
S3 spectrum;@%systemroot%\system32\spectrum.exe,-101; C:\WINDOWS\system32\spectrum.exe [2017-10-25 956416]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; %SystemRoot%\System32\svchost.exe -k netsvcs -p;"ServiceDll" = %systemroot%\system32\Windows.SharedPC.AccountManager.dll
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Infikovaný NB
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 118269
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Infikovaný NB
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Infikovaný NB
ADWcleaner nedokáže odstrániť súbory zasekne sa...
https://www.imgup.cz/image/LUFz
https://www.imgup.cz/image/LUFz
-
Rudy
- Site Admin
- Příspěvky: 118269
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Infikovaný NB
Zkuste ho spustit v nouz. režimu. Většinou se to pak poddá.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
Rudy
- Site Admin
- Příspěvky: 118269
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Infikovaný NB
Zkusíme to jinak. Dejte log FRST: https://forum.viry.cz/viewtopic.php?f=13&t=152707 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Infikovaný NB
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017
Ran by NB-Robert (administrator) on NB-ROBERT (02-12-2017 18:59:00)
Running from C:\Users\NB-Robert\Desktop
Loaded Profiles: NB-Robert & (Available Profiles: defaultuser0 & NB-Robert)
Platform: Windows 10 Home Version 1709 16299.64 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Ascora GmbH) C:\Program Files (x86)\CheckDrive\CheckDrive.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(forum.viry.cz) C:\Users\NB-Robert\Desktop\FRSTLauncher(1).exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794888 2015-06-29] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-24] (Intel Corporation)
HKU\S-1-5-21-4219786783-652543997-2663473789-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017182147813\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-4219786783-652543997-2663473789-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10024624 2017-11-08] (Piriform Ltd)
HKU\S-1-5-21-4219786783-652543997-2663473789-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-4219786783-652543997-2663473789-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017182147878\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10024624 2017-11-08] (Piriform Ltd)
HKU\S-1-5-21-4219786783-652543997-2663473789-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017182147878\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\Users\NB-Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Browge.vbs [2017-12-02] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 0.0.0.0 telemetry.malwarebytes.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1cdf77c1-9efd-48f4-a397-4692a6828980}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
FireFox:
========
FF DefaultProfile: qeup7wg0.default-1508254555779
FF ProfilePath: C:\Users\NB-Robert\AppData\Roaming\Mozilla\Firefox\Profiles\qeup7wg0.default-1508254555779 [2017-12-02]
FF Homepage: Mozilla\Firefox\Profiles\qeup7wg0.default-1508254555779 -> hxxp://www.google.sk/
FF Extension: (AdBlocker Ultimate) - C:\Users\NB-Robert\AppData\Roaming\Mozilla\Firefox\Profiles\qeup7wg0.default-1508254555779\Extensions\adblockultimate@adblockultimate.net.xpi [2017-10-17]
FF Extension: (Linkificator) - C:\Users\NB-Robert\AppData\Roaming\Mozilla\Firefox\Profiles\qeup7wg0.default-1508254555779\Extensions\linkificator@markapola.xpi [2017-12-02]
FF Extension: (Disable Media WMF NV12 format) - C:\Users\NB-Robert\AppData\Roaming\Mozilla\Firefox\Profiles\qeup7wg0.default-1508254555779\features\{ccb1260a-bdbf-468a-a75e-78ed80c5cc48}\disable-media-wmf-nv12@mozilla.org.xpi [2017-11-22] [Lagacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-15] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-15] ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-07] (ELAN Microelectronics Corp.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2014-04-24] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [7570136 2014-10-02] (Broadcom Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-01] ()
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193464 2017-12-02] (Malwarebytes)
S3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-12-02] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2017-12-02] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-12-02] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-12-02] (Malwarebytes)
S3 MDA_NTDRV; C:\WINDOWS\system32\MDA_NTDRV.sys [21208 2013-02-25] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-23] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [416472 2016-05-17] (Realsil Semiconductor Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-12-02 18:59 - 2017-12-02 18:59 - 000009749 _____ C:\Users\NB-Robert\Desktop\FRST.txt
2017-12-02 18:58 - 2017-12-02 18:57 - 000112640 _____ (forum.viry.cz) C:\Users\NB-Robert\Desktop\FRSTLauncher(1).exe
2017-12-02 18:57 - 2017-12-02 18:59 - 000000000 ____D C:\FRST
2017-12-02 18:53 - 2017-12-02 18:52 - 002391552 _____ (Farbar) C:\Users\NB-Robert\Desktop\FRST64.exe
2017-12-02 18:02 - 2017-12-02 18:11 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-12-02 16:05 - 2017-12-02 16:06 - 000000000 ____D C:\rsit
2017-12-02 16:05 - 2017-12-02 16:06 - 000000000 ____D C:\Program Files\trend micro
2017-12-02 15:34 - 2017-12-02 15:33 - 001329152 _____ C:\Users\NB-Robert\Desktop\RSITx64.exe
2017-12-02 15:03 - 2017-12-02 15:03 - 000000004 _____ C:\ProgramData\rwi.cgad
2017-12-02 14:58 - 2017-12-02 15:07 - 000000000 ____D C:\Users\NB-Robert\AppData\Roaming\pxt5q3r5oeo
2017-12-02 14:58 - 2017-12-02 15:07 - 000000000 ____D C:\Users\NB-Robert\AppData\Roaming\htmta5zhced
2017-12-02 14:58 - 2017-12-02 15:04 - 000000000 ____D C:\Users\NB-Robert\AppData\Roaming\0982ad82dd194b5baa21caf471d30d57
2017-12-02 14:58 - 2017-12-02 15:04 - 000000000 ____D C:\Program Files\8727ZDIX0P
2017-12-02 14:56 - 2017-12-02 15:07 - 000000000 ____D C:\Users\NB-Robert\AppData\Roaming\mdyh50bcjkr
2017-12-02 14:56 - 2017-12-02 15:07 - 000000000 ____D C:\Users\NB-Robert\AppData\Roaming\al41qjgvvyk
2017-12-02 14:56 - 2017-12-02 14:59 - 000000000 ____D C:\Users\NB-Robert\AppData\Local\572e35828a6a4a92852b69b286a08bf5
2017-12-02 14:56 - 2017-12-02 14:56 - 000140800 _____ C:\Users\NB-Robert\AppData\Local\installer.dat
2017-12-02 14:56 - 2017-12-02 14:56 - 000016816 _____ C:\WINDOWS\System32\Tasks\Batman TV Feed
2017-12-02 14:56 - 2017-12-02 14:56 - 000000000 ____D C:\Users\NB-Robert\AppData\Roaming\TablacusApp2
2017-12-02 14:56 - 2017-12-02 14:56 - 000000000 ____D C:\ProgramData\2434d102aa69428e9f40818d97a013b6
2017-12-02 14:55 - 2017-12-02 18:13 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-12-02 14:55 - 2017-12-02 15:07 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-12-02 14:55 - 2017-12-02 15:07 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-12-02 14:55 - 2017-12-02 15:07 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-12-02 14:55 - 2017-12-02 15:07 - 000000000 ____D C:\Users\NB-Robert\AppData\Roaming\qbmxz5zvzri
2017-12-02 14:55 - 2017-12-02 15:07 - 000000000 ____D C:\Users\NB-Robert\AppData\Roaming\15kt5tra3xn
2017-12-02 14:55 - 2017-12-02 15:04 - 000000000 ____D C:\Users\NB-Robert\AppData\Roaming\server
2017-12-02 14:55 - 2017-12-02 15:04 - 000000000 ____D C:\Program Files\WMQE3HWEE7
2017-12-02 14:55 - 2017-12-02 15:04 - 000000000 ____D C:\Program Files\F0AMS806W5
2017-12-02 14:55 - 2017-12-02 14:55 - 000193464 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2017-12-02 14:54 - 2017-12-02 14:59 - 000000000 ____D C:\Users\NB-Robert\AppData\Local\PCBooster
2017-12-02 14:17 - 2017-12-02 14:17 - 008187336 _____ (Malwarebytes) C:\Users\NB-Robert\Desktop\adwcleaner_7.0.5.0.exe
2017-11-28 21:45 - 2017-11-28 21:45 - 000000000 ____D C:\Users\NB-Robert\AppData\Local\PlaceholderTileLogoFolder
2017-11-15 16:41 - 2017-11-23 07:54 - 000000941 _____ C:\Users\NB-Robert\Desktop\Nový textový dokument (2).txt
2017-11-14 20:21 - 2017-10-25 05:40 - 001634288 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-11-14 20:21 - 2017-10-25 05:40 - 000612760 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-14 20:21 - 2017-10-25 05:39 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-11-14 20:21 - 2017-10-25 05:39 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-11-14 20:21 - 2017-10-25 05:37 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-11-14 20:21 - 2017-10-25 05:37 - 000610712 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-14 20:21 - 2017-10-25 05:36 - 008590744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-11-14 20:21 - 2017-10-25 05:36 - 000187288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-11-14 20:21 - 2017-10-25 05:34 - 002573208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-14 20:21 - 2017-10-25 05:34 - 000710920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-11-14 20:21 - 2017-10-25 05:32 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-11-14 20:21 - 2017-10-25 05:31 - 000045464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2017-11-14 20:21 - 2017-10-25 05:30 - 000555416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-11-14 20:21 - 2017-10-25 05:29 - 001507736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-11-14 20:21 - 2017-10-25 05:29 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-11-14 20:21 - 2017-10-25 05:28 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-11-14 20:21 - 2017-10-25 05:27 - 001970520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-11-14 20:21 - 2017-10-25 05:27 - 001426152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-11-14 20:21 - 2017-10-25 05:24 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-11-14 20:21 - 2017-10-25 05:20 - 002717392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-11-14 20:21 - 2017-10-25 04:52 - 001615720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-11-14 20:21 - 2017-10-25 04:50 - 001528904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-11-14 20:21 - 2017-10-25 04:28 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-11-14 20:21 - 2017-10-25 04:28 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-11-14 20:21 - 2017-10-25 04:27 - 001454568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-11-14 20:21 - 2017-10-25 04:27 - 001377080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-11-14 20:21 - 2017-10-25 04:27 - 001015008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-11-14 20:21 - 2017-10-25 04:22 - 002465848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-11-14 20:21 - 2017-10-25 04:19 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-14 20:21 - 2017-10-25 04:18 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2017-11-14 20:21 - 2017-10-25 04:18 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2017-11-14 20:21 - 2017-10-25 04:18 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2017-11-14 20:21 - 2017-10-25 04:16 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-11-14 20:21 - 2017-10-25 04:15 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-11-14 20:21 - 2017-10-25 04:14 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdrleakdiag.exe
2017-11-14 20:21 - 2017-10-25 04:12 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-11-14 20:21 - 2017-10-25 04:12 - 000599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-11-14 20:21 - 2017-10-25 04:10 - 008099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-11-14 20:21 - 2017-10-25 04:10 - 004742144 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-14 20:21 - 2017-10-25 04:09 - 002106368 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-14 20:21 - 2017-10-25 04:09 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-14 20:21 - 2017-10-25 04:08 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-11-14 20:21 - 2017-10-25 04:08 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-11-14 20:21 - 2017-10-25 04:08 - 002392576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2017-11-14 20:21 - 2017-10-25 04:08 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2017-11-14 20:21 - 2017-10-25 04:08 - 000465408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-11-14 20:21 - 2017-10-25 04:07 - 018914304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-11-14 20:21 - 2017-10-25 04:07 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-11-14 20:21 - 2017-10-25 04:07 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2017-11-14 20:21 - 2017-10-25 04:05 - 019339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-14 20:21 - 2017-10-25 04:05 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-11-14 20:21 - 2017-10-25 04:04 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-14 20:21 - 2017-10-25 04:04 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdrleakdiag.exe
2017-11-14 20:21 - 2017-10-25 04:02 - 000591872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-11-14 20:21 - 2017-10-25 04:01 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-11-14 20:21 - 2017-10-25 03:59 - 003679232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-14 20:21 - 2017-10-25 03:59 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-14 20:21 - 2017-10-25 03:58 - 002467840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-11-14 20:21 - 2017-10-25 03:58 - 001280000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-11-14 20:21 - 2017-10-25 03:57 - 006035968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-11-14 20:21 - 2017-10-25 03:55 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-11-14 20:21 - 2017-10-25 03:54 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcVSp1res.dll
2017-11-14 20:20 - 2017-10-25 10:11 - 017083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2017-11-14 20:20 - 2017-10-25 10:11 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicRuntimes.dll
2017-11-14 20:20 - 2017-10-25 10:09 - 021753344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2017-11-14 20:20 - 2017-10-25 09:57 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2017-11-14 20:20 - 2017-10-25 09:57 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2017-11-14 20:20 - 2017-10-25 09:56 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2017-11-14 20:20 - 2017-10-25 07:36 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2017-11-14 20:20 - 2017-10-25 05:41 - 000362176 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2017-11-14 20:20 - 2017-10-25 05:40 - 000269696 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2017-11-14 20:20 - 2017-10-25 05:39 - 007831248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-11-14 20:20 - 2017-10-25 05:36 - 002400664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-14 20:20 - 2017-10-25 05:34 - 000839928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-11-14 20:20 - 2017-10-25 05:32 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-14 20:20 - 2017-10-25 05:31 - 000436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-11-14 20:20 - 2017-10-25 05:30 - 004487968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-11-14 20:20 - 2017-10-25 05:29 - 002269080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-11-14 20:20 - 2017-10-25 05:27 - 006791472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-11-14 20:20 - 2017-10-25 05:27 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2017-11-14 20:20 - 2017-10-25 04:36 - 025246208 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-11-14 20:20 - 2017-10-25 04:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-11-14 20:20 - 2017-10-25 04:30 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-11-14 20:20 - 2017-10-25 04:28 - 004648528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-11-14 20:20 - 2017-10-25 04:24 - 000506256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2017-11-14 20:20 - 2017-10-25 04:22 - 006015200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-11-14 20:20 - 2017-10-25 04:19 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
2017-11-14 20:20 - 2017-10-25 04:18 - 000975872 _____ C:\WINDOWS\system32\FaceProcessor.dll
2017-11-14 20:20 - 2017-10-25 04:18 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2017-11-14 20:20 - 2017-10-25 04:18 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2017-11-14 20:20 - 2017-10-25 04:16 - 023658496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-14 20:20 - 2017-10-25 04:16 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2017-11-14 20:20 - 2017-10-25 04:16 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-11-14 20:20 - 2017-10-25 04:14 - 000541184 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2017-11-14 20:20 - 2017-10-25 04:13 - 002972672 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-11-14 20:20 - 2017-10-25 04:12 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-11-14 20:20 - 2017-10-25 04:11 - 000768512 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-11-14 20:20 - 2017-10-25 04:10 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-11-14 20:20 - 2017-10-25 04:09 - 002862080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-11-14 20:20 - 2017-10-25 04:09 - 001806336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-11-14 20:20 - 2017-10-25 04:08 - 002781696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-14 20:20 - 2017-10-25 04:08 - 001667584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-11-14 20:20 - 2017-10-25 04:08 - 000654848 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-11-14 20:20 - 2017-10-25 04:07 - 003478016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-11-14 20:20 - 2017-10-25 04:07 - 001485824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-11-14 20:20 - 2017-10-25 04:07 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2017-11-14 20:20 - 2017-10-25 04:06 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-11-14 20:20 - 2017-10-25 04:05 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcVSp1res.dll
2017-11-14 20:20 - 2017-10-25 04:03 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2017-11-14 20:20 - 2017-10-25 03:58 - 001322496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-11-14 20:20 - 2017-10-21 13:25 - 003313968 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2017-11-14 20:20 - 2017-10-20 15:17 - 002474584 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2017-11-14 20:20 - 2017-10-20 06:08 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-10 06:23 - 2017-11-10 06:23 - 000000000 __SHD C:\found.001
2017-11-03 19:48 - 2017-11-03 19:48 - 000000025 _____ C:\Users\NB-Robert\Desktop\mb-licenseinfo.txt
2017-11-03 19:47 - 2017-11-03 19:47 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-03 19:47 - 2017-11-03 19:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-03 19:47 - 2017-11-03 19:47 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-03 19:47 - 2017-11-01 08:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-11-03 14:46 - 2017-11-03 14:46 - 000000000 ____D C:\Users\NB-Robert\AppData\Roaming\Obsidium
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-12-02 18:19 - 2017-10-18 21:45 - 005002908 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-02 18:19 - 2017-04-05 19:40 - 002709824 _____ C:\WINDOWS\system32\perfh01B.dat
2017-12-02 18:19 - 2017-04-05 19:40 - 000804926 _____ C:\WINDOWS\system32\perfc01B.dat
2017-12-02 18:13 - 2017-10-18 21:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-02 18:13 - 2017-04-11 22:31 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-02 18:13 - 2017-04-01 18:07 - 000000000 ____D C:\Users\NB-Robert\AppData\LocalLow\Mozilla
2017-12-02 18:12 - 2017-09-29 09:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-12-02 18:05 - 2017-03-20 22:44 - 000000000 ____D C:\AdwCleaner
2017-12-02 17:58 - 2017-10-18 21:39 - 000000000 ____D C:\Users\NB-Robert
2017-12-02 17:24 - 2017-10-18 21:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-02 16:07 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2017-12-02 15:17 - 2017-10-06 21:57 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-12-02 15:17 - 2017-04-01 18:07 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-02 15:00 - 2017-09-29 14:46 - 000000000 ____D C:\Program Files\Batman TV Feed
2017-12-02 14:55 - 2017-04-11 19:22 - 000000000 ____D C:\Program Files\UNP
2017-12-02 14:25 - 2017-09-29 14:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-12-02 14:14 - 2017-08-31 10:35 - 000000000 ____D C:\Users\NB-Robert\AppData\Roaming\MPC-HC
2017-12-01 08:30 - 2017-05-19 18:55 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-12-01 08:30 - 2017-04-01 18:07 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-11-30 22:37 - 2017-09-29 14:44 - 000000000 ____D C:\WINDOWS\INF
2017-11-28 21:50 - 2017-10-18 21:39 - 000000000 ____D C:\Users\NB-Robert\AppData\Local\Packages
2017-11-28 21:50 - 2017-09-29 14:46 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-28 21:50 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-27 20:52 - 2017-05-08 19:44 - 000000000 ____D C:\Users\NB-Robert\AppData\Roaming\Mp3tag
2017-11-27 19:07 - 2017-04-17 14:26 - 000000000 ____D C:\Users\NB-Robert\AppData\Roaming\BitTorrent
2017-11-21 07:05 - 2017-03-20 19:24 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-11-20 22:51 - 2017-03-20 19:09 - 000001270 _____ C:\Users\NB-Robert\Desktop\pc full.txt
2017-11-20 09:31 - 2017-03-20 19:09 - 000005718 _____ C:\Users\NB-Robert\Desktop\PREMIUM.txt
2017-11-18 21:05 - 2017-10-26 21:59 - 000003938 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2017-11-18 21:05 - 2017-03-20 19:17 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-11-17 23:13 - 2017-10-22 10:52 - 000000000 ____D C:\WINDOWS\Minidump
2017-11-17 18:59 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\rescache
2017-11-15 21:58 - 2017-10-18 21:35 - 000248576 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-15 21:58 - 2017-09-29 14:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-11-15 21:58 - 2017-09-29 14:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-11-15 21:58 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\TextInput
2017-11-15 21:58 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-11-15 21:58 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-11-15 21:58 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-15 21:58 - 2017-09-29 09:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-11-15 17:36 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-11-15 17:36 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-11-15 17:36 - 2017-03-20 20:17 - 000000000 ____D C:\Users\NB-Robert\AppData\Local\Adobe
2017-11-14 22:11 - 2017-04-27 18:32 - 000002840 _____ C:\Users\NB-Robert\AppData\Local\config.dat
2017-11-14 20:37 - 2017-03-20 19:28 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-11-14 20:26 - 2017-10-11 16:32 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-11-14 20:25 - 2017-03-20 19:28 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-11-14 18:48 - 2017-04-01 18:07 - 000000000 ____D C:\Users\NB-Robert\AppData\Roaming\Mozilla
2017-11-08 17:46 - 2017-10-18 21:44 - 000004424 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-11-07 20:23 - 2017-10-18 21:51 - 000003372 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4219786783-652543997-2663473789-1001
2017-11-07 20:23 - 2017-04-11 22:43 - 000002418 _____ C:\Users\NB-Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-07 20:23 - 2017-03-20 18:37 - 000000000 ___RD C:\Users\NB-Robert\OneDrive
2017-11-04 02:25 - 2017-09-29 14:49 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-11-04 02:25 - 2017-09-29 14:49 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-03 19:47 - 2017-05-01 15:25 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-02 08:53 - 2017-04-23 17:58 - 000000828 _____ C:\Users\NB-Robert\Desktop\Nový textový dokument.txt
2017-11-02 08:23 - 2017-11-01 09:39 - 000000000 ____D C:\Users\NB-Robert\AppData\Local\Abelssoft
==================== Files in the root of some directories =======
2017-04-27 18:32 - 2017-11-14 22:11 - 000002840 _____ () C:\Users\NB-Robert\AppData\Local\config.dat
2017-12-02 14:56 - 2017-12-02 14:56 - 000140800 _____ () C:\Users\NB-Robert\AppData\Local\installer.dat
2017-09-30 16:50 - 2017-09-30 16:50 - 000007597 _____ () C:\Users\NB-Robert\AppData\Local\Resmon.ResmonCfg
Some files in TEMP:
====================
2017-12-02 14:58 - 2017-12-02 14:58 - 000282624 _____ (iCabanga) C:\Users\NB-Robert\AppData\Local\Temp\1h4a0DTXa0pjriXyXdDf.exe
2017-12-02 14:55 - 2017-12-02 14:55 - 016798357 _____ (coserversX ) C:\Users\NB-Robert\AppData\Local\Temp\bitcom.exe
2017-12-02 14:55 - 2017-12-02 14:55 - 000006656 _____ () C:\Users\NB-Robert\AppData\Local\Temp\Browge.exe
2017-12-02 14:55 - 2017-12-02 14:56 - 000210944 _____ () C:\Users\NB-Robert\AppData\Local\Temp\installer.exe
2017-12-02 14:54 - 2017-12-02 14:55 - 000675051 _____ (Nweysr Efd) C:\Users\NB-Robert\AppData\Local\Temp\installer_campaign_20522.exe
2017-12-02 14:56 - 2017-12-02 14:56 - 005885952 _____ () C:\Users\NB-Robert\AppData\Local\Temp\setup.exe
2017-12-01 15:07 - 2017-12-02 14:55 - 000099892 _____ () C:\Users\NB-Robert\AppData\Local\Temp\Uninstall.exe
2017-12-02 14:56 - 2017-12-02 14:56 - 000282624 _____ (iCabanga) C:\Users\NB-Robert\AppData\Local\Temp\xqmbFQmFyjkAoKsAHdxV.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-11-28 18:44
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:110.81 GB) (Free:73.75 GB) NTFS
Drive d: (Lokálny disk) (Fixed) (Total:683.88 GB) (Free:397.49 GB) NTFS
Available physical RAM: 1186 MB
Total physical RAM: 3958.85 MB
Percentage of memory in use: 70%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 2B56779E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=110.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=450 MB) - (Type=27)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: D0A85558)
Partition 1: (Active) - (Size=683.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=14.8 GB) - (Type=12)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57 [134]
==================== Security Center ==================
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\NB-Robert\Desktop" je 12 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
==================== End Of Log ==============================
Ran by NB-Robert (administrator) on NB-ROBERT (02-12-2017 18:59:00)
Running from C:\Users\NB-Robert\Desktop
Loaded Profiles: NB-Robert & (Available Profiles: defaultuser0 & NB-Robert)
Platform: Windows 10 Home Version 1709 16299.64 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Ascora GmbH) C:\Program Files (x86)\CheckDrive\CheckDrive.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(forum.viry.cz) C:\Users\NB-Robert\Desktop\FRSTLauncher(1).exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794888 2015-06-29] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-24] (Intel Corporation)
HKU\S-1-5-21-4219786783-652543997-2663473789-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017182147813\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-4219786783-652543997-2663473789-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10024624 2017-11-08] (Piriform Ltd)
HKU\S-1-5-21-4219786783-652543997-2663473789-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-4219786783-652543997-2663473789-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017182147878\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10024624 2017-11-08] (Piriform Ltd)
HKU\S-1-5-21-4219786783-652543997-2663473789-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12022017182147878\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\Users\NB-Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Browge.vbs [2017-12-02] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 0.0.0.0 telemetry.malwarebytes.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1cdf77c1-9efd-48f4-a397-4692a6828980}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
FireFox:
========
FF DefaultProfile: qeup7wg0.default-1508254555779
FF ProfilePath: C:\Users\NB-Robert\AppData\Roaming\Mozilla\Firefox\Profiles\qeup7wg0.default-1508254555779 [2017-12-02]
FF Homepage: Mozilla\Firefox\Profiles\qeup7wg0.default-1508254555779 -> hxxp://www.google.sk/
FF Extension: (AdBlocker Ultimate) - C:\Users\NB-Robert\AppData\Roaming\Mozilla\Firefox\Profiles\qeup7wg0.default-1508254555779\Extensions\adblockultimate@adblockultimate.net.xpi [2017-10-17]
FF Extension: (Linkificator) - C:\Users\NB-Robert\AppData\Roaming\Mozilla\Firefox\Profiles\qeup7wg0.default-1508254555779\Extensions\linkificator@markapola.xpi [2017-12-02]
FF Extension: (Disable Media WMF NV12 format) - C:\Users\NB-Robert\AppData\Roaming\Mozilla\Firefox\Profiles\qeup7wg0.default-1508254555779\features\{ccb1260a-bdbf-468a-a75e-78ed80c5cc48}\disable-media-wmf-nv12@mozilla.org.xpi [2017-11-22] [Lagacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-15] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-15] ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-07] (ELAN Microelectronics Corp.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2014-04-24] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [7570136 2014-10-02] (Broadcom Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-01] ()
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193464 2017-12-02] (Malwarebytes)
S3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-12-02] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2017-12-02] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-12-02] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-12-02] (Malwarebytes)
S3 MDA_NTDRV; C:\WINDOWS\system32\MDA_NTDRV.sys [21208 2013-02-25] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-23] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [416472 2016-05-17] (Realsil Semiconductor Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-12-02 18:59 - 2017-12-02 18:59 - 000009749 _____ C:\Users\NB-Robert\Desktop\FRST.txt
2017-12-02 18:58 - 2017-12-02 18:57 - 000112640 _____ (forum.viry.cz) C:\Users\NB-Robert\Desktop\FRSTLauncher(1).exe
2017-12-02 18:57 - 2017-12-02 18:59 - 000000000 ____D C:\FRST
2017-12-02 18:53 - 2017-12-02 18:52 - 002391552 _____ (Farbar) C:\Users\NB-Robert\Desktop\FRST64.exe
2017-12-02 18:02 - 2017-12-02 18:11 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-12-02 16:05 - 2017-12-02 16:06 - 000000000 ____D C:\rsit
2017-12-02 16:05 - 2017-12-02 16:06 - 000000000 ____D C:\Program Files\trend micro
2017-12-02 15:34 - 2017-12-02 15:33 - 001329152 _____ C:\Users\NB-Robert\Desktop\RSITx64.exe
2017-12-02 15:03 - 2017-12-02 15:03 - 000000004 _____ C:\ProgramData\rwi.cgad
2017-12-02 14:58 - 2017-12-02 15:07 - 000000000 ____D C:\Users\NB-Robert\AppData\Roaming\pxt5q3r5oeo
2017-12-02 14:58 - 2017-12-02 15:07 - 000000000 ____D C:\Users\NB-Robert\AppData\Roaming\htmta5zhced
2017-12-02 14:58 - 2017-12-02 15:04 - 000000000 ____D C:\Users\NB-Robert\AppData\Roaming\0982ad82dd194b5baa21caf471d30d57
2017-12-02 14:58 - 2017-12-02 15:04 - 000000000 ____D C:\Program Files\8727ZDIX0P
2017-12-02 14:56 - 2017-12-02 15:07 - 000000000 ____D C:\Users\NB-Robert\AppData\Roaming\mdyh50bcjkr
2017-12-02 14:56 - 2017-12-02 15:07 - 000000000 ____D C:\Users\NB-Robert\AppData\Roaming\al41qjgvvyk
2017-12-02 14:56 - 2017-12-02 14:59 - 000000000 ____D C:\Users\NB-Robert\AppData\Local\572e35828a6a4a92852b69b286a08bf5
2017-12-02 14:56 - 2017-12-02 14:56 - 000140800 _____ C:\Users\NB-Robert\AppData\Local\installer.dat
2017-12-02 14:56 - 2017-12-02 14:56 - 000016816 _____ C:\WINDOWS\System32\Tasks\Batman TV Feed
2017-12-02 14:56 - 2017-12-02 14:56 - 000000000 ____D C:\Users\NB-Robert\AppData\Roaming\TablacusApp2
2017-12-02 14:56 - 2017-12-02 14:56 - 000000000 ____D C:\ProgramData\2434d102aa69428e9f40818d97a013b6
2017-12-02 14:55 - 2017-12-02 18:13 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-12-02 14:55 - 2017-12-02 15:07 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-12-02 14:55 - 2017-12-02 15:07 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-12-02 14:55 - 2017-12-02 15:07 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-12-02 14:55 - 2017-12-02 15:07 - 000000000 ____D C:\Users\NB-Robert\AppData\Roaming\qbmxz5zvzri
2017-12-02 14:55 - 2017-12-02 15:07 - 000000000 ____D C:\Users\NB-Robert\AppData\Roaming\15kt5tra3xn
2017-12-02 14:55 - 2017-12-02 15:04 - 000000000 ____D C:\Users\NB-Robert\AppData\Roaming\server
2017-12-02 14:55 - 2017-12-02 15:04 - 000000000 ____D C:\Program Files\WMQE3HWEE7
2017-12-02 14:55 - 2017-12-02 15:04 - 000000000 ____D C:\Program Files\F0AMS806W5
2017-12-02 14:55 - 2017-12-02 14:55 - 000193464 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2017-12-02 14:54 - 2017-12-02 14:59 - 000000000 ____D C:\Users\NB-Robert\AppData\Local\PCBooster
2017-12-02 14:17 - 2017-12-02 14:17 - 008187336 _____ (Malwarebytes) C:\Users\NB-Robert\Desktop\adwcleaner_7.0.5.0.exe
2017-11-28 21:45 - 2017-11-28 21:45 - 000000000 ____D C:\Users\NB-Robert\AppData\Local\PlaceholderTileLogoFolder
2017-11-15 16:41 - 2017-11-23 07:54 - 000000941 _____ C:\Users\NB-Robert\Desktop\Nový textový dokument (2).txt
2017-11-14 20:21 - 2017-10-25 05:40 - 001634288 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-11-14 20:21 - 2017-10-25 05:40 - 000612760 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-14 20:21 - 2017-10-25 05:39 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-11-14 20:21 - 2017-10-25 05:39 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-11-14 20:21 - 2017-10-25 05:37 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-11-14 20:21 - 2017-10-25 05:37 - 000610712 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-14 20:21 - 2017-10-25 05:36 - 008590744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-11-14 20:21 - 2017-10-25 05:36 - 000187288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-11-14 20:21 - 2017-10-25 05:34 - 002573208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-14 20:21 - 2017-10-25 05:34 - 000710920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-11-14 20:21 - 2017-10-25 05:32 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-11-14 20:21 - 2017-10-25 05:31 - 000045464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2017-11-14 20:21 - 2017-10-25 05:30 - 000555416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-11-14 20:21 - 2017-10-25 05:29 - 001507736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-11-14 20:21 - 2017-10-25 05:29 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-11-14 20:21 - 2017-10-25 05:28 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-11-14 20:21 - 2017-10-25 05:27 - 001970520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-11-14 20:21 - 2017-10-25 05:27 - 001426152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-11-14 20:21 - 2017-10-25 05:24 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-11-14 20:21 - 2017-10-25 05:20 - 002717392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-11-14 20:21 - 2017-10-25 04:52 - 001615720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-11-14 20:21 - 2017-10-25 04:50 - 001528904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-11-14 20:21 - 2017-10-25 04:28 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-11-14 20:21 - 2017-10-25 04:28 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-11-14 20:21 - 2017-10-25 04:27 - 001454568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-11-14 20:21 - 2017-10-25 04:27 - 001377080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-11-14 20:21 - 2017-10-25 04:27 - 001015008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-11-14 20:21 - 2017-10-25 04:22 - 002465848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-11-14 20:21 - 2017-10-25 04:19 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-14 20:21 - 2017-10-25 04:18 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2017-11-14 20:21 - 2017-10-25 04:18 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2017-11-14 20:21 - 2017-10-25 04:18 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2017-11-14 20:21 - 2017-10-25 04:16 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-11-14 20:21 - 2017-10-25 04:15 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-11-14 20:21 - 2017-10-25 04:14 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdrleakdiag.exe
2017-11-14 20:21 - 2017-10-25 04:12 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-11-14 20:21 - 2017-10-25 04:12 - 000599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-11-14 20:21 - 2017-10-25 04:10 - 008099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-11-14 20:21 - 2017-10-25 04:10 - 004742144 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-14 20:21 - 2017-10-25 04:09 - 002106368 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-14 20:21 - 2017-10-25 04:09 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-14 20:21 - 2017-10-25 04:08 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-11-14 20:21 - 2017-10-25 04:08 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-11-14 20:21 - 2017-10-25 04:08 - 002392576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2017-11-14 20:21 - 2017-10-25 04:08 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2017-11-14 20:21 - 2017-10-25 04:08 - 000465408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-11-14 20:21 - 2017-10-25 04:07 - 018914304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-11-14 20:21 - 2017-10-25 04:07 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-11-14 20:21 - 2017-10-25 04:07 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2017-11-14 20:21 - 2017-10-25 04:05 - 019339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-14 20:21 - 2017-10-25 04:05 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-11-14 20:21 - 2017-10-25 04:04 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-14 20:21 - 2017-10-25 04:04 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdrleakdiag.exe
2017-11-14 20:21 - 2017-10-25 04:02 - 000591872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-11-14 20:21 - 2017-10-25 04:01 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-11-14 20:21 - 2017-10-25 03:59 - 003679232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-14 20:21 - 2017-10-25 03:59 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-14 20:21 - 2017-10-25 03:58 - 002467840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-11-14 20:21 - 2017-10-25 03:58 - 001280000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-11-14 20:21 - 2017-10-25 03:57 - 006035968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-11-14 20:21 - 2017-10-25 03:55 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-11-14 20:21 - 2017-10-25 03:54 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcVSp1res.dll
2017-11-14 20:20 - 2017-10-25 10:11 - 017083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2017-11-14 20:20 - 2017-10-25 10:11 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicRuntimes.dll
2017-11-14 20:20 - 2017-10-25 10:09 - 021753344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2017-11-14 20:20 - 2017-10-25 09:57 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2017-11-14 20:20 - 2017-10-25 09:57 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2017-11-14 20:20 - 2017-10-25 09:56 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2017-11-14 20:20 - 2017-10-25 07:36 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2017-11-14 20:20 - 2017-10-25 05:41 - 000362176 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2017-11-14 20:20 - 2017-10-25 05:40 - 000269696 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2017-11-14 20:20 - 2017-10-25 05:39 - 007831248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-11-14 20:20 - 2017-10-25 05:36 - 002400664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-14 20:20 - 2017-10-25 05:34 - 000839928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-11-14 20:20 - 2017-10-25 05:32 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-14 20:20 - 2017-10-25 05:31 - 000436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-11-14 20:20 - 2017-10-25 05:30 - 004487968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-11-14 20:20 - 2017-10-25 05:29 - 002269080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-11-14 20:20 - 2017-10-25 05:27 - 006791472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-11-14 20:20 - 2017-10-25 05:27 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2017-11-14 20:20 - 2017-10-25 04:36 - 025246208 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-11-14 20:20 - 2017-10-25 04:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-11-14 20:20 - 2017-10-25 04:30 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-11-14 20:20 - 2017-10-25 04:28 - 004648528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-11-14 20:20 - 2017-10-25 04:24 - 000506256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2017-11-14 20:20 - 2017-10-25 04:22 - 006015200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-11-14 20:20 - 2017-10-25 04:19 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
2017-11-14 20:20 - 2017-10-25 04:18 - 000975872 _____ C:\WINDOWS\system32\FaceProcessor.dll
2017-11-14 20:20 - 2017-10-25 04:18 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2017-11-14 20:20 - 2017-10-25 04:18 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2017-11-14 20:20 - 2017-10-25 04:16 - 023658496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-14 20:20 - 2017-10-25 04:16 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2017-11-14 20:20 - 2017-10-25 04:16 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-11-14 20:20 - 2017-10-25 04:14 - 000541184 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2017-11-14 20:20 - 2017-10-25 04:13 - 002972672 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-11-14 20:20 - 2017-10-25 04:12 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-11-14 20:20 - 2017-10-25 04:11 - 000768512 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-11-14 20:20 - 2017-10-25 04:10 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-11-14 20:20 - 2017-10-25 04:09 - 002862080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-11-14 20:20 - 2017-10-25 04:09 - 001806336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-11-14 20:20 - 2017-10-25 04:08 - 002781696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-14 20:20 - 2017-10-25 04:08 - 001667584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-11-14 20:20 - 2017-10-25 04:08 - 000654848 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-11-14 20:20 - 2017-10-25 04:07 - 003478016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-11-14 20:20 - 2017-10-25 04:07 - 001485824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-11-14 20:20 - 2017-10-25 04:07 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2017-11-14 20:20 - 2017-10-25 04:06 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-11-14 20:20 - 2017-10-25 04:05 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcVSp1res.dll
2017-11-14 20:20 - 2017-10-25 04:03 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2017-11-14 20:20 - 2017-10-25 03:58 - 001322496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-11-14 20:20 - 2017-10-21 13:25 - 003313968 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2017-11-14 20:20 - 2017-10-20 15:17 - 002474584 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2017-11-14 20:20 - 2017-10-20 06:08 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-10 06:23 - 2017-11-10 06:23 - 000000000 __SHD C:\found.001
2017-11-03 19:48 - 2017-11-03 19:48 - 000000025 _____ C:\Users\NB-Robert\Desktop\mb-licenseinfo.txt
2017-11-03 19:47 - 2017-11-03 19:47 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-03 19:47 - 2017-11-03 19:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-03 19:47 - 2017-11-03 19:47 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-03 19:47 - 2017-11-01 08:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-11-03 14:46 - 2017-11-03 14:46 - 000000000 ____D C:\Users\NB-Robert\AppData\Roaming\Obsidium
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-12-02 18:19 - 2017-10-18 21:45 - 005002908 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-02 18:19 - 2017-04-05 19:40 - 002709824 _____ C:\WINDOWS\system32\perfh01B.dat
2017-12-02 18:19 - 2017-04-05 19:40 - 000804926 _____ C:\WINDOWS\system32\perfc01B.dat
2017-12-02 18:13 - 2017-10-18 21:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-02 18:13 - 2017-04-11 22:31 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-02 18:13 - 2017-04-01 18:07 - 000000000 ____D C:\Users\NB-Robert\AppData\LocalLow\Mozilla
2017-12-02 18:12 - 2017-09-29 09:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-12-02 18:05 - 2017-03-20 22:44 - 000000000 ____D C:\AdwCleaner
2017-12-02 17:58 - 2017-10-18 21:39 - 000000000 ____D C:\Users\NB-Robert
2017-12-02 17:24 - 2017-10-18 21:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-02 16:07 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2017-12-02 15:17 - 2017-10-06 21:57 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-12-02 15:17 - 2017-04-01 18:07 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-02 15:00 - 2017-09-29 14:46 - 000000000 ____D C:\Program Files\Batman TV Feed
2017-12-02 14:55 - 2017-04-11 19:22 - 000000000 ____D C:\Program Files\UNP
2017-12-02 14:25 - 2017-09-29 14:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-12-02 14:14 - 2017-08-31 10:35 - 000000000 ____D C:\Users\NB-Robert\AppData\Roaming\MPC-HC
2017-12-01 08:30 - 2017-05-19 18:55 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-12-01 08:30 - 2017-04-01 18:07 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-11-30 22:37 - 2017-09-29 14:44 - 000000000 ____D C:\WINDOWS\INF
2017-11-28 21:50 - 2017-10-18 21:39 - 000000000 ____D C:\Users\NB-Robert\AppData\Local\Packages
2017-11-28 21:50 - 2017-09-29 14:46 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-28 21:50 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-27 20:52 - 2017-05-08 19:44 - 000000000 ____D C:\Users\NB-Robert\AppData\Roaming\Mp3tag
2017-11-27 19:07 - 2017-04-17 14:26 - 000000000 ____D C:\Users\NB-Robert\AppData\Roaming\BitTorrent
2017-11-21 07:05 - 2017-03-20 19:24 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-11-20 22:51 - 2017-03-20 19:09 - 000001270 _____ C:\Users\NB-Robert\Desktop\pc full.txt
2017-11-20 09:31 - 2017-03-20 19:09 - 000005718 _____ C:\Users\NB-Robert\Desktop\PREMIUM.txt
2017-11-18 21:05 - 2017-10-26 21:59 - 000003938 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2017-11-18 21:05 - 2017-03-20 19:17 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-11-17 23:13 - 2017-10-22 10:52 - 000000000 ____D C:\WINDOWS\Minidump
2017-11-17 18:59 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\rescache
2017-11-15 21:58 - 2017-10-18 21:35 - 000248576 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-15 21:58 - 2017-09-29 14:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-11-15 21:58 - 2017-09-29 14:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-11-15 21:58 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\TextInput
2017-11-15 21:58 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-11-15 21:58 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-11-15 21:58 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-15 21:58 - 2017-09-29 09:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-11-15 17:36 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-11-15 17:36 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-11-15 17:36 - 2017-03-20 20:17 - 000000000 ____D C:\Users\NB-Robert\AppData\Local\Adobe
2017-11-14 22:11 - 2017-04-27 18:32 - 000002840 _____ C:\Users\NB-Robert\AppData\Local\config.dat
2017-11-14 20:37 - 2017-03-20 19:28 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-11-14 20:26 - 2017-10-11 16:32 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-11-14 20:25 - 2017-03-20 19:28 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-11-14 18:48 - 2017-04-01 18:07 - 000000000 ____D C:\Users\NB-Robert\AppData\Roaming\Mozilla
2017-11-08 17:46 - 2017-10-18 21:44 - 000004424 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-11-07 20:23 - 2017-10-18 21:51 - 000003372 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4219786783-652543997-2663473789-1001
2017-11-07 20:23 - 2017-04-11 22:43 - 000002418 _____ C:\Users\NB-Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-07 20:23 - 2017-03-20 18:37 - 000000000 ___RD C:\Users\NB-Robert\OneDrive
2017-11-04 02:25 - 2017-09-29 14:49 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-11-04 02:25 - 2017-09-29 14:49 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-03 19:47 - 2017-05-01 15:25 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-02 08:53 - 2017-04-23 17:58 - 000000828 _____ C:\Users\NB-Robert\Desktop\Nový textový dokument.txt
2017-11-02 08:23 - 2017-11-01 09:39 - 000000000 ____D C:\Users\NB-Robert\AppData\Local\Abelssoft
==================== Files in the root of some directories =======
2017-04-27 18:32 - 2017-11-14 22:11 - 000002840 _____ () C:\Users\NB-Robert\AppData\Local\config.dat
2017-12-02 14:56 - 2017-12-02 14:56 - 000140800 _____ () C:\Users\NB-Robert\AppData\Local\installer.dat
2017-09-30 16:50 - 2017-09-30 16:50 - 000007597 _____ () C:\Users\NB-Robert\AppData\Local\Resmon.ResmonCfg
Some files in TEMP:
====================
2017-12-02 14:58 - 2017-12-02 14:58 - 000282624 _____ (iCabanga) C:\Users\NB-Robert\AppData\Local\Temp\1h4a0DTXa0pjriXyXdDf.exe
2017-12-02 14:55 - 2017-12-02 14:55 - 016798357 _____ (coserversX ) C:\Users\NB-Robert\AppData\Local\Temp\bitcom.exe
2017-12-02 14:55 - 2017-12-02 14:55 - 000006656 _____ () C:\Users\NB-Robert\AppData\Local\Temp\Browge.exe
2017-12-02 14:55 - 2017-12-02 14:56 - 000210944 _____ () C:\Users\NB-Robert\AppData\Local\Temp\installer.exe
2017-12-02 14:54 - 2017-12-02 14:55 - 000675051 _____ (Nweysr Efd) C:\Users\NB-Robert\AppData\Local\Temp\installer_campaign_20522.exe
2017-12-02 14:56 - 2017-12-02 14:56 - 005885952 _____ () C:\Users\NB-Robert\AppData\Local\Temp\setup.exe
2017-12-01 15:07 - 2017-12-02 14:55 - 000099892 _____ () C:\Users\NB-Robert\AppData\Local\Temp\Uninstall.exe
2017-12-02 14:56 - 2017-12-02 14:56 - 000282624 _____ (iCabanga) C:\Users\NB-Robert\AppData\Local\Temp\xqmbFQmFyjkAoKsAHdxV.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-11-28 18:44
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:110.81 GB) (Free:73.75 GB) NTFS
Drive d: (Lokálny disk) (Fixed) (Total:683.88 GB) (Free:397.49 GB) NTFS
Available physical RAM: 1186 MB
Total physical RAM: 3958.85 MB
Percentage of memory in use: 70%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 2B56779E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=110.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=450 MB) - (Type=27)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: D0A85558)
Partition 1: (Active) - (Size=683.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=14.8 GB) - (Type=12)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57 [134]
==================== Security Center ==================
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\NB-Robert\Desktop" je 12 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
==================== End Of Log ==============================
-
Rudy
- Site Admin
- Příspěvky: 118269
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Infikovaný NB
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
C:\Users\NB-Robert\AppData\Roaming\pxt5q3r5oeo
C:\Users\NB-Robert\AppData\Roaming\htmta5zhced
C:\Users\NB-Robert\AppData\Roaming\0982ad82dd194b5baa21caf471d30d57
C:\Program Files\8727ZDIX0P
C:\Users\NB-Robert\AppData\Roaming\mdyh50bcjkr
C:\Users\NB-Robert\AppData\Roaming\al41qjgvvyk
C:\Users\NB-Robert\AppData\Local\572e35828a6a4a92852b69b286a08bf5
C:\Users\NB-Robert\AppData\Roaming\qbmxz5zvzri
C:\Users\NB-Robert\AppData\Roaming\15kt5tra3xn
C:\Program Files\WMQE3HWEE7
C:\Program Files\F0AMS806W5
C:\Users\NB-Robert\AppData\Local\Temp
AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57 [134]
EmptyTemp:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Infikovaný NB
Fix result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by NB-Robert (02-12-2017 19:56:43) Run:2
Running from C:\Users\NB-Robert\Desktop
Loaded Profiles: NB-Robert & (Available Profiles: defaultuser0 & NB-Robert)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
C:\Users\NB-Robert\AppData\Roaming\pxt5q3r5oeo
C:\Users\NB-Robert\AppData\Roaming\htmta5zhced
C:\Users\NB-Robert\AppData\Roaming\0982ad82dd194b5baa21caf471d30d57
C:\Program Files\8727ZDIX0P
C:\Users\NB-Robert\AppData\Roaming\mdyh50bcjkr
C:\Users\NB-Robert\AppData\Roaming\al41qjgvvyk
C:\Users\NB-Robert\AppData\Local\572e35828a6a4a92852b69b286a08bf5
C:\Users\NB-Robert\AppData\Roaming\qbmxz5zvzri
C:\Users\NB-Robert\AppData\Roaming\15kt5tra3xn
C:\Program Files\WMQE3HWEE7
C:\Program Files\F0AMS806W5
C:\Users\NB-Robert\AppData\Local\Temp
AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57 [134]
EmptyTemp:
End
*****************
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect => key removed successfully
C:\Users\NB-Robert\AppData\Roaming\pxt5q3r5oeo => moved successfully
C:\Users\NB-Robert\AppData\Roaming\htmta5zhced => moved successfully
C:\Users\NB-Robert\AppData\Roaming\0982ad82dd194b5baa21caf471d30d57 => moved successfully
C:\Program Files\8727ZDIX0P => moved successfully
C:\Users\NB-Robert\AppData\Roaming\mdyh50bcjkr => moved successfully
C:\Users\NB-Robert\AppData\Roaming\al41qjgvvyk => moved successfully
C:\Users\NB-Robert\AppData\Local\572e35828a6a4a92852b69b286a08bf5 => moved successfully
C:\Users\NB-Robert\AppData\Roaming\qbmxz5zvzri => moved successfully
C:\Users\NB-Robert\AppData\Roaming\15kt5tra3xn => moved successfully
C:\Program Files\WMQE3HWEE7 => moved successfully
C:\Program Files\F0AMS806W5 => moved successfully
C:\Users\NB-Robert\AppData\Local\Temp => moved successfully
C:\ProgramData\TEMP => ":4FC01C57" ADS removed successfully
=========== EmptyTemp: ==========
BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11578688 B
Java, Flash, Steam htmlcache => 988 B
Windows/system/drivers => 436630 B
Edge => 848343 B
Chrome => 0 B
Firefox => 256535413 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 2476 B
NetworkService => 21866 B
defaultuser0 => 0 B
NB-Robert => 1361521 B
RecycleBin => 116 B
EmptyTemp: => 265.3 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 19:57:16 ====
Ran by NB-Robert (02-12-2017 19:56:43) Run:2
Running from C:\Users\NB-Robert\Desktop
Loaded Profiles: NB-Robert & (Available Profiles: defaultuser0 & NB-Robert)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
C:\Users\NB-Robert\AppData\Roaming\pxt5q3r5oeo
C:\Users\NB-Robert\AppData\Roaming\htmta5zhced
C:\Users\NB-Robert\AppData\Roaming\0982ad82dd194b5baa21caf471d30d57
C:\Program Files\8727ZDIX0P
C:\Users\NB-Robert\AppData\Roaming\mdyh50bcjkr
C:\Users\NB-Robert\AppData\Roaming\al41qjgvvyk
C:\Users\NB-Robert\AppData\Local\572e35828a6a4a92852b69b286a08bf5
C:\Users\NB-Robert\AppData\Roaming\qbmxz5zvzri
C:\Users\NB-Robert\AppData\Roaming\15kt5tra3xn
C:\Program Files\WMQE3HWEE7
C:\Program Files\F0AMS806W5
C:\Users\NB-Robert\AppData\Local\Temp
AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57 [134]
EmptyTemp:
End
*****************
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect => key removed successfully
C:\Users\NB-Robert\AppData\Roaming\pxt5q3r5oeo => moved successfully
C:\Users\NB-Robert\AppData\Roaming\htmta5zhced => moved successfully
C:\Users\NB-Robert\AppData\Roaming\0982ad82dd194b5baa21caf471d30d57 => moved successfully
C:\Program Files\8727ZDIX0P => moved successfully
C:\Users\NB-Robert\AppData\Roaming\mdyh50bcjkr => moved successfully
C:\Users\NB-Robert\AppData\Roaming\al41qjgvvyk => moved successfully
C:\Users\NB-Robert\AppData\Local\572e35828a6a4a92852b69b286a08bf5 => moved successfully
C:\Users\NB-Robert\AppData\Roaming\qbmxz5zvzri => moved successfully
C:\Users\NB-Robert\AppData\Roaming\15kt5tra3xn => moved successfully
C:\Program Files\WMQE3HWEE7 => moved successfully
C:\Program Files\F0AMS806W5 => moved successfully
C:\Users\NB-Robert\AppData\Local\Temp => moved successfully
C:\ProgramData\TEMP => ":4FC01C57" ADS removed successfully
=========== EmptyTemp: ==========
BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11578688 B
Java, Flash, Steam htmlcache => 988 B
Windows/system/drivers => 436630 B
Edge => 848343 B
Chrome => 0 B
Firefox => 256535413 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 2476 B
NetworkService => 21866 B
defaultuser0 => 0 B
NB-Robert => 1361521 B
RecycleBin => 116 B
EmptyTemp: => 265.3 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 19:57:16 ====
-
Rudy
- Site Admin
- Příspěvky: 118269
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Infikovaný NB
Protože nefungoval ADW, udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Infikovaný NB
Uz sa to poddalo, odstránil som manuálne súbory čo mi zobrazil adwcleaner "po rozkliknutí ukaze cestu"
Ale v mozille mi ešte pri otvorení otvára nechcené karty.
Typ skenovania: Vyhľadávanie hrozieb
Výsledok: Dokončené
Preskenované objekty: 293492
Zistené hrozby: 1
Hrozby umiestnené do karantény: 1
Uplynulý čas: 1 min, 50 s
-Možnosti skenovania-
Pamäť: Povolené
Spúšťanie: Povolené
Systém súborov: Povolené
Archívy: Povolené
Rootkity: Zakázané
Heuristika: Povolené
PUP: Zistiť
PUM: Zistiť
-Podrobnosti skenovania-
Proces: 0
(Nezistili sa nijaké škodlivé položky)
Modul: 0
(Nezistili sa nijaké škodlivé položky)
Kľúč databázy Registry: 1
PUP.Optional.WiperSoft, HKU\S-1-5-21-4219786783-652543997-2663473789-1001\SOFTWARE\WiperSoft, Umiestené do karantény, [1693], [340919],1.0.3396
Hodnota databázy Registry: 0
(Nezistili sa nijaké škodlivé položky)
Údaje databázy Registry: 0
(Nezistili sa nijaké škodlivé položky)
Prúd údajov: 0
(Nezistili sa nijaké škodlivé položky)
Priečinok: 0
(Nezistili sa nijaké škodlivé položky)
Súbor: 0
(Nezistili sa nijaké škodlivé položky)
Fyzický sektor: 0
(Nezistili sa nijaké škodlivé položky)
(end)
Ale v mozille mi ešte pri otvorení otvára nechcené karty.
Typ skenovania: Vyhľadávanie hrozieb
Výsledok: Dokončené
Preskenované objekty: 293492
Zistené hrozby: 1
Hrozby umiestnené do karantény: 1
Uplynulý čas: 1 min, 50 s
-Možnosti skenovania-
Pamäť: Povolené
Spúšťanie: Povolené
Systém súborov: Povolené
Archívy: Povolené
Rootkity: Zakázané
Heuristika: Povolené
PUP: Zistiť
PUM: Zistiť
-Podrobnosti skenovania-
Proces: 0
(Nezistili sa nijaké škodlivé položky)
Modul: 0
(Nezistili sa nijaké škodlivé položky)
Kľúč databázy Registry: 1
PUP.Optional.WiperSoft, HKU\S-1-5-21-4219786783-652543997-2663473789-1001\SOFTWARE\WiperSoft, Umiestené do karantény, [1693], [340919],1.0.3396
Hodnota databázy Registry: 0
(Nezistili sa nijaké škodlivé položky)
Údaje databázy Registry: 0
(Nezistili sa nijaké škodlivé položky)
Prúd údajov: 0
(Nezistili sa nijaké škodlivé položky)
Priečinok: 0
(Nezistili sa nijaké škodlivé položky)
Súbor: 0
(Nezistili sa nijaké škodlivé položky)
Fyzický sektor: 0
(Nezistili sa nijaké škodlivé položky)
(end)
-
Rudy
- Site Admin
- Příspěvky: 118269
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Infikovaný NB
Nález MBAM smažte, restartujte a pak ještě vyčistíme prohlížeče postupným spuštěním těchto utilit:
1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu
Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize
Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.
a
2. Junkware removal tool: http://www.stahuj.centrum.cz/utility_a_ ... oval-tool/
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu
Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize
autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;
Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.
a
2. Junkware removal tool: http://www.stahuj.centrum.cz/utility_a_ ... oval-tool/
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Infikovaný NB
Zoek.exe v5.0.0.1 Updated 24-October-2017
Tool run by NB-Robert on ne 03.12.2017 at 9:28:27,78.
Microsoft Windows 10 Home 10.0.16299 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\NB-Robert\Desktop\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2017-12-02-213902.log 1813 bytes
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== FireFox Fix ======================
Deleted from C:\Users\NB-ROB~1\AppData\Roaming\Mozilla\Firefox\Profiles\lp8a9q4r.default\prefs.js:
Added to C:\Users\NB-ROB~1\AppData\Roaming\Mozilla\Firefox\Profiles\lp8a9q4r.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\NB-ROB~1\AppData\Roaming\Mozilla\Firefox\Profiles\lp8a9q4r.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions ======================
ProfilePath: C:\Users\NB-ROB~1\AppData\Roaming\Mozilla\Firefox\Profiles\lp8a9q4r.default
- Undetermined - %ProfilePath%\extensions\adblockultimate@adblockultimate.net.xpi
- Undetermined - %ProfilePath%\extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi
AppDir: C:\Program Files\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
==== Firefox Plugins ======================
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
==== All HKLM and HKCU SearchScopes ======================
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IESR02
==== Reset Google Chrome ======================
Nothing found to reset
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\NB-Robert\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\NB-Robert\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
C:\Users\NB-Robert\AppData\Local\Mozilla\Firefox\Profiles\lp8a9q4r.default\cache2 will be emptied at reboot
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=0 folders=0 0 bytes)
==== Empty Temp Folders ======================
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\NB-ROB~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on ne 03.12.2017 at 9:32:45,85 ======================
Tool run by NB-Robert on ne 03.12.2017 at 9:28:27,78.
Microsoft Windows 10 Home 10.0.16299 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\NB-Robert\Desktop\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2017-12-02-213902.log 1813 bytes
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== FireFox Fix ======================
Deleted from C:\Users\NB-ROB~1\AppData\Roaming\Mozilla\Firefox\Profiles\lp8a9q4r.default\prefs.js:
Added to C:\Users\NB-ROB~1\AppData\Roaming\Mozilla\Firefox\Profiles\lp8a9q4r.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\NB-ROB~1\AppData\Roaming\Mozilla\Firefox\Profiles\lp8a9q4r.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions ======================
ProfilePath: C:\Users\NB-ROB~1\AppData\Roaming\Mozilla\Firefox\Profiles\lp8a9q4r.default
- Undetermined - %ProfilePath%\extensions\adblockultimate@adblockultimate.net.xpi
- Undetermined - %ProfilePath%\extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi
AppDir: C:\Program Files\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
==== Firefox Plugins ======================
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
==== All HKLM and HKCU SearchScopes ======================
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IESR02
==== Reset Google Chrome ======================
Nothing found to reset
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\NB-Robert\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\NB-Robert\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
C:\Users\NB-Robert\AppData\Local\Mozilla\Firefox\Profiles\lp8a9q4r.default\cache2 will be emptied at reboot
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=0 folders=0 0 bytes)
==== Empty Temp Folders ======================
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\NB-ROB~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on ne 03.12.2017 at 9:32:45,85 ======================
Re: Infikovaný NB
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by NB-Robert (Administrator) on ne 03.12.2017 at 9:34:19,60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 3
Successfully deleted: C:\ProgramData\2434d102aa69428e9f40818d97a013b6 (Folder)
Successfully deleted: C:\ProgramData\drivergenius (Folder)
Successfully deleted: C:\Users\NB-Robert\AppData\Roaming\driver-soft (Folder)
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 03.12.2017 at 9:35:40,92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by NB-Robert (Administrator) on ne 03.12.2017 at 9:34:19,60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 3
Successfully deleted: C:\ProgramData\2434d102aa69428e9f40818d97a013b6 (Folder)
Successfully deleted: C:\ProgramData\drivergenius (Folder)
Successfully deleted: C:\Users\NB-Robert\AppData\Roaming\driver-soft (Folder)
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 03.12.2017 at 9:35:40,92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
Rudy
- Site Admin
- Příspěvky: 118269
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Infikovaný NB
Zěnilo se něco teď?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?