Čistá instalace Win 10 = nelze nic instalovat, svchost.com

[MrPierc]

Dobrý den,

udělal jsem zcela čistou instalaci Win 10 přes mediacreation tool z webu Microsft.
Po prvním spuštění do Win 10 začne Windows Defender nesmylsně mnoho položek dávat do karantény.

Defender jsem vypnul a nainstaloval malwarebytes. Ten mi stále hlásí znovu, že mám:

Data registrů: 1
Hijack.ExeFile, HKLM\SOFTWARE\CLASSES\EXEFILE\SHELL\OPEN\COMMAND|, Žádná uživatelská akce, [6427], [293008],1.0.5380

Soubor: 1
Trojan.Agent.SVC.Generic, C:\WINDOWS\SVCHOST.COM

I když jsem dal do karantény apoté smazal, tak se hláška o viru na malware bytes zobrazí znovu. Nejde nic instalovat ani rozbalit rary.
Nechápu, prč je zavirované či nefunkční PC p očisté instalaci Win 10.

Log z RSITx64:


Logfile of random's system information tool 1.10 (written by random/random)
Run by MrPierc at 2018-06-06 18:56:03
Microsoft Windows 10 Home
System drive C: has 216 GB (91%) free of 238 GB
Total RAM: 16317 MB (82% free)


======Listing Processes======








C:\Windows\system32\lsass.exe
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
C:\Windows\system32\svchost.exe -k DcomLaunch -p
"fontdrvhost.exe"
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
c:\windows\system32\svchost.exe -k dcomlaunch -p -s DeviceInstall
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\Windows\system32\SearchIndexer.exe /Embedding
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k localservice -p -s nsi
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
c:\windows\system32\svchost.exe -k localservice -s W32Time
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-b6827139-cc7b-42f2-90b1-05f9f36ee587 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-b7f86925-e5d7-4fbc-8ed1-bf04a77491c8 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-7bc12769-6b60-4765-b9b7-6e9148dc9b18 -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-17b14db7-0d57-4800-91d4-2ce9fc7ca959 -LifetimeId:d4bc0da4-1018-4cc9-8908-1c943618df3c -DeviceGroupId:WpdFsGroup
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
c:\windows\system32\svchost.exe -k localservice -p -s FontCache

c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\Windows\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
C:\Windows\System32\svchost.exe -k utcsvc -p


c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s WdiSystemHost
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
c:\windows\system32\svchost.exe -k netsvcs -p
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV


winlogon.exe
"fontdrvhost.exe"
"dwm.exe"
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
"ctfmon.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\smartscreen.exe -Embedding
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\system32\ApplicationFrameHost.exe -Embedding
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
C:\Windows\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
"C:\Windows\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel
"C:\Program Files\Windows Defender\MSASCuiL.exe"
/setautostart /background
c:\windows\system32\svchost.exe -k unistacksvcgroup
"C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"
"C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe"
c:\windows\system32\svchost.exe -k netsvcs -p -s seclogon
taskhostw.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s lmhosts
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s NcdAutoSetup
dashost.exe {a3a64430-adaa-41e3-a8753b003828d48c}
"C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"
C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc
c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -f "C:\ProgramData\NVIDIA\DisplaySessionContainer%d.log" -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\Session" -r -l 3 -p 30000 -c
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SensorService
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\system32\svchost.exe -k LocalService -p
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8827.22055.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server
c:\windows\system32\svchost.exe -k localservice -p -s PhoneSvc
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-2200800093-3320500566-1142014138-100111_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-2200800093-3320500566-1142014138-100111 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
C:\Windows\system32\AUDIODG.EXE 0x62c
"C:\Windows\system32\SearchFilterHost.exe" 0 736 740 748 8192 744
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\System32\svchost.exe -k netsvcs -p
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.1_none_eedfeda03074e04e\TiWorker.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe


"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe12_ Global\UsGthrCtrlFltPipeMssGthrPipe12 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\MrPierc\Downloads\RSITx64.exe"
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\PROGRA~1\TRENDM~1\MrPierc.exe /silentautolog

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\Program Files\Windows Defender\MSASCuiL.exe [2018-04-12 638872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\MrPierc\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2018-06-06 1504888]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"EnableFullTrustStartupTasks"=2
"EnableUwpStartupTasks"=2
"PromptOnSecureDesktop"=0
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======File associations======

.exe - open - C:\Windows\svchost.com "%1" %*
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2018-06-06 19:29:38 ----D---- C:\Windows\Panther
2018-06-06 18:56:03 ----D---- C:\rsit
2018-06-06 18:56:03 ----D---- C:\Program Files\trend micro
2018-06-06 18:48:11 ----A---- C:\Windows\svchost.com
2018-06-06 18:43:10 ----A---- C:\Windows\SYSWOW64\nvStreaming.exe
2018-06-06 18:43:09 ----D---- C:\Temp
2018-06-06 18:43:09 ----D---- C:\Program Files (x86)\VulkanRT
2018-06-06 18:43:09 ----A---- C:\Windows\SYSWOW64\vulkaninfo.exe
2018-06-06 18:43:09 ----A---- C:\Windows\SYSWOW64\vulkan-1.dll
2018-06-06 18:43:09 ----A---- C:\Windows\system32\vulkaninfo.exe
2018-06-06 18:43:09 ----A---- C:\Windows\system32\vulkan-1.dll
2018-06-06 18:43:07 ----A---- C:\Windows\system32\nvsvcr.dll
2018-06-06 18:43:07 ----A---- C:\Windows\system32\nvsvc64.dll
2018-06-06 18:43:07 ----A---- C:\Windows\system32\nvshext.dll
2018-06-06 18:43:07 ----A---- C:\Windows\system32\nvmctray.dll
2018-06-06 18:43:07 ----A---- C:\Windows\system32\nvcpl.dll
2018-06-06 18:43:07 ----A---- C:\Windows\system32\nv3dappshextr.dll
2018-06-06 18:43:07 ----A---- C:\Windows\system32\nv3dappshext.dll
2018-06-06 18:42:58 ----A---- C:\Windows\NvContainerRecovery.bat
2018-06-06 18:42:57 ----D---- C:\ProgramData\NVIDIA
2018-06-06 18:42:56 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2018-06-06 18:42:56 ----A---- C:\Windows\system32\OpenCL.dll
2018-06-06 18:42:49 ----D---- C:\ProgramData\NVIDIA Corporation
2018-06-06 18:42:48 ----D---- C:\Program Files\NVIDIA Corporation
2018-06-06 18:42:48 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2018-06-06 18:38:14 ----A---- C:\Windows\directx.sys
2018-06-06 18:36:28 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-06-06 18:36:17 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2018-06-06 18:36:14 ----A---- C:\Windows\system32\drivers\mbae64.sys
2018-06-06 18:36:11 ----D---- C:\ProgramData\Malwarebytes
2018-06-06 18:36:11 ----D---- C:\Program Files\Malwarebytes
2018-06-06 18:35:07 ----D---- C:\ProgramData\Microsoft OneDrive
2018-06-06 18:33:51 ----D---- C:\Users\MrPierc\AppData\Roaming\Adobe
2018-06-06 18:33:50 ----D---- C:\ProgramData\USOShared
2018-06-06 18:33:50 ----A---- C:\Windows\SYSWOW64\PrintConfig.dll
2018-06-06 18:33:28 ----SD---- C:\Users\MrPierc\AppData\Roaming\Microsoft
2018-06-06 18:32:44 ----D---- C:\Windows\SoftwareDistribution
2018-06-06 18:31:49 ----SHD---- C:\ProgramData\Šablony
2018-06-06 18:31:49 ----SHD---- C:\ProgramData\Plocha
2018-06-06 18:31:49 ----SHD---- C:\ProgramData\Nabídka Start
2018-06-06 18:31:49 ----SHD---- C:\ProgramData\Dokumenty
2018-06-06 18:31:49 ----SHD---- C:\ProgramData\Data aplikací
2018-06-06 18:31:49 ----SHD---- C:\Documents and Settings
2018-06-06 18:31:42 ----ASH---- C:\hiberfil.sys
2018-06-06 18:31:00 ----SHD---- C:\Recovery
2018-06-06 18:30:56 ----AS---- C:\Windows\bootstat.dat
2018-06-06 18:30:29 ----HD---- C:\Program Files\Uninstall Information
2018-06-06 18:30:26 ----D---- C:\Windows\system32\drivers\wd
2018-06-06 18:30:25 ----D---- C:\Windows\Prefetch
2018-06-06 18:30:19 ----SD---- C:\Windows\system32\Microsoft
2018-06-06 18:30:19 ----D---- C:\Windows\system32\SleepStudy
2018-06-06 18:30:19 ----D---- C:\Windows\ServiceProfiles
2018-06-06 18:30:14 ----ASH---- C:\swapfile.sys
2018-06-06 18:30:14 ----ASH---- C:\pagefile.sys
2018-06-06 18:30:14 ----A---- C:\Windows\system32\FNTCACHE.DAT
2018-06-06 18:30:13 ----SHD---- C:\System Volume Information

======List of files/folders modified in the last 1 month======

2018-06-06 18:56:03 ----RD---- C:\Program Files
2018-06-06 18:56:02 ----D---- C:\Windows\Temp
2018-06-06 18:56:01 ----HD---- C:\Program Files\WindowsApps
2018-06-06 18:55:59 ----D---- C:\Windows\AppReadiness
2018-06-06 18:55:38 ----D---- C:\Windows\Logs
2018-06-06 18:55:38 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2018-06-06 18:55:31 ----D---- C:\Windows\CbsTemp
2018-06-06 18:53:51 ----D---- C:\Windows
2018-06-06 18:50:29 ----RD---- C:\Users
2018-06-06 18:47:44 ----D---- C:\Windows\INF
2018-06-06 18:44:37 ----D---- C:\Windows\System32
2018-06-06 18:43:27 ----D---- C:\Windows\SysWOW64
2018-06-06 18:43:27 ----D---- C:\Windows\system32\DriverStore
2018-06-06 18:43:27 ----D---- C:\Windows\system32\drivers
2018-06-06 18:43:09 ----RD---- C:\Program Files (x86)
2018-06-06 18:43:07 ----D---- C:\Windows\Help
2018-06-06 18:42:57 ----HD---- C:\ProgramData
2018-06-06 18:42:38 ----D---- C:\Windows\system32\CodeIntegrity
2018-06-06 18:40:56 ----D---- C:\Windows\system32\catroot2
2018-06-06 18:40:51 ----D---- C:\Windows\system32\restore
2018-06-06 18:40:30 ----SD---- C:\ProgramData\Microsoft
2018-06-06 18:35:49 ----D---- C:\Windows\system32\wbem
2018-06-06 18:35:15 ----D---- C:\Windows\system32\Tasks
2018-06-06 18:34:58 ----SHD---- C:\$Recycle.Bin
2018-06-06 18:33:51 ----D---- C:\ProgramData\USOPrivate
2018-06-06 18:33:50 ----D---- C:\Windows\system32\spool
2018-06-06 18:33:50 ----D---- C:\Windows\system32\FxsTmp
2018-06-06 18:33:29 ----D---- C:\Windows\system32\WinBioDatabase
2018-06-06 18:33:25 ----D---- C:\Windows\system32\WDI
2018-06-06 18:31:50 ----D---- C:\Windows\system32\sru
2018-06-06 18:31:49 ----D---- C:\Windows\debug
2018-06-06 18:31:49 ----D---- C:\Program Files\windows nt
2018-06-06 18:31:00 ----D---- C:\Windows\system32\Recovery
2018-06-06 18:30:33 ----RD---- C:\Windows\PrintDialog
2018-06-06 18:30:33 ----RD---- C:\Windows\ImmersiveControlPanel
2018-06-06 18:30:26 ----D---- C:\Windows\system32\drivers\UMDF
2018-06-06 18:30:25 ----D---- C:\Windows\Tasks
2018-06-06 18:30:13 ----D---- C:\Windows\system32\config

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amdpsp;@oem9.inf,%amdpsp.SVCDESC%;AMD PSP Service; C:\Windows\system32\DRIVERS\amdpsp.sys [2017-06-12 243056]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\Windows\system32\drivers\iorate.sys [2018-04-12 58272]
R0 SgrmAgent;@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001; C:\Windows\system32\drivers\SgrmAgent.sys [2018-04-12 63896]
R1 afunix;afunix; C:\Windows\system32\drivers\afunix.sys [2018-04-12 39424]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\Windows\system32\drivers\bam.sys [2018-04-12 60320]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\Windows\system32\drivers\filecrypt.sys [2018-04-12 55808]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\Windows\System32\drivers\gpuenergydrv.sys [2018-04-12 8192]
R2 CldFlt;Windows Cloud Files Filter Driver; C:\Windows\system32\drivers\cldflt.sys [2018-04-12 414208]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\Windows\system32\drivers\mmcss.sys [2018-04-12 43520]
R2 storqosflt;@%SystemRoot%\System32\drivers\storqosflt.sys,-101; C:\Windows\system32\drivers\storqosflt.sys [2018-04-12 82432]
R3 amdgpio2;@oem7.inf,%GPIO.SvcDesc%;AMD GPIO Client Driver; C:\Windows\System32\drivers\amdgpio2.sys [2017-03-01 43400]
R3 amdgpio3;@oem6.inf,%GPIO.SvcDesc%;AMD GPIO Client Driver; C:\Windows\System32\drivers\amdgpio3.sys [2016-08-12 24424]
R3 AMDPCIDev;@oem2.inf,%AMDPCIDev.SVCDESC%;AMD PCI; C:\Windows\System32\drivers\AMDPCIDev.sys [2017-10-10 31112]
R3 MBAMSwissArmy;MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [2018-06-06 253664]
R3 NVHDA;@oem5.inf,%NVHDA.SvcDesc%;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2017-11-09 233904]
R3 nvlddmkm;nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [2017-11-09 16936048]
R3 rt640x64;@rt640x64.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\Windows\System32\drivers\rt640x64.sys [2018-04-12 604160]
R3 RtlWlanu;@netrtwlanu.inf,%RtlWlanu.DeviceDesc.DispName%;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\System32\drivers\rtwlanu.sys [2018-04-12 5707264]
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\Windows\System32\drivers\bttflt.sys [2018-04-12 38304]
S0 cht4iscsi;cht4iscsi; C:\Windows\System32\drivers\cht4sx64.sys [2018-04-12 321432]
S0 iaStorAVC;@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller; C:\Windows\System32\drivers\iaStorAVC.sys [2018-04-12 885144]
S0 ItSas35i;ItSas35i; C:\Windows\System32\drivers\ItSas35i.sys [2018-04-12 145816]
S0 LSI_SAS2i;LSI_SAS2i; C:\Windows\System32\drivers\lsi_sas2i.sys [2018-04-12 124312]
S0 LSI_SAS3i;LSI_SAS3i; C:\Windows\System32\drivers\lsi_sas3i.sys [2018-04-12 128408]
S0 megasas2i;megasas2i; C:\Windows\System32\drivers\MegaSas2i.sys [2018-04-12 75160]
S0 megasas35i;megasas35i; C:\Windows\System32\drivers\megasas35i.sys [2018-04-12 82328]
S0 percsas2i;percsas2i; C:\Windows\System32\drivers\percsas2i.sys [2018-04-12 58776]
S0 percsas3i;percsas3i; C:\Windows\System32\drivers\percsas3i.sys [2018-04-12 61848]
S0 Ramdisk;Windows RAM Disk Driver; C:\Windows\system32\DRIVERS\ramdisk.sys [2018-04-12 39840]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\Windows\System32\drivers\scmbus.sys [2018-04-12 128416]
S0 storufs;@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver; C:\Windows\System32\drivers\storufs.sys [2018-04-12 48544]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\Windows\System32\drivers\AcpiDev.sys [2018-04-12 20480]
S3 amdkmcsp;@oem9.inf,%amdkmcsp.SVCDESC%;AMD Kernel Mode CSP Service; C:\Windows\system32\DRIVERS\amdkmcsp.sys [2017-06-12 101232]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\Windows\system32\drivers\applockerfltr.sys [2018-04-12 18432]
S3 bindflt;@%systemroot%\system32\drivers\bindflt.sys,-100; C:\Windows\system32\drivers\bindflt.sys [2018-04-12 92056]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\Windows\System32\drivers\buttonconverter.sys [2018-04-12 39936]
S3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\Windows\System32\drivers\CAD.sys [2018-04-12 60320]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\Windows\System32\drivers\capimg.sys [2018-04-12 123392]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\Windows\System32\drivers\genericusbfn.sys [2018-04-12 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\Windows\System32\drivers\hidinterrupt.sys [2018-04-12 50592]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\Windows\system32\drivers\hvservice.sys [2018-04-12 73632]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\Windows\System32\Drivers\mshwnclx.sys [2018-04-12 27136]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\Windows\System32\drivers\cht4vx64.sys [2018-04-12 1836952]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\Windows\System32\drivers\iagpio.sys [2018-04-12 36864]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\Windows\System32\drivers\iai2c.sys [2018-04-12 91648]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys [2018-04-12 79360]
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2018-04-12 88576]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [2018-04-12 171520]
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\Windows\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2018-04-12 174592]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\Windows\System32\drivers\ibbus.sys [2018-04-12 526232]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\Windows\System32\drivers\IndirectKmd.sys [2018-04-12 38912]
S3 IPT;IPT; C:\Windows\System32\drivers\ipt.sys [2018-04-12 32256]
S3 irda;IrDA; C:\Windows\system32\drivers\irda.sys [2018-04-12 119808]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\Windows\System32\drivers\mausbhost.sys [2018-04-12 505240]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\Windows\System32\drivers\mausbip.sys [2018-04-12 56736]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\Windows\System32\drivers\mlx4_bus.sys [2018-04-12 842648]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\Windows\System32\drivers\ndfltr.sys [2018-04-12 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\Windows\system32\drivers\NetAdapterCx.sys [2018-04-12 175104]
S3 nvdimm;@nvdimm.inf,%nvdimm.SvcDesc%;Microsoft NVDIMM device driver; C:\Windows\System32\drivers\nvdimm.sys [2018-04-12 104448]
S3 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\Windows\System32\drivers\pmem.sys [2018-04-12 105984]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\Windows\System32\drivers\pnpmem.sys [2018-04-12 16896]
S3 ReFSv1;ReFSv1; C:\Windows\system32\drivers\ReFSv1.sys [2018-04-12 945560]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\Windows\System32\drivers\rhproxy.sys [2018-04-12 104448]
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\Windows\System32\drivers\SDFRd.sys [2018-04-12 33176]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter; C:\Windows\System32\drivers\SpatialGraphFilter.sys [2018-04-12 57752]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension; C:\Windows\System32\Drivers\UcmCx.sys [2018-04-12 128512]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension; C:\Windows\System32\Drivers\UcmTcpciCx.sys [2018-04-12 152576]
S3 UcmUcsi;@UcmUcsi.inf,%UcmUcsi.ServiceName%;USB Connector Manager UCSI Client; C:\Windows\System32\drivers\UcmUcsi.sys [2018-04-12 57856]
S3 UdeCx;USB Device Emulation Support Library; C:\Windows\system32\drivers\udecx.sys [2018-04-12 45056]
S3 Ufx01000;USB Function Class Extension; C:\Windows\system32\drivers\ufx01000.sys [2018-04-12 282008]
S3 UfxChipidea;@ufxchipidea.inf,%UfxChipidea.ServiceName%;USB Chipidea Controller; C:\Windows\System32\drivers\UfxChipidea.sys [2018-04-12 98200]
S3 ufxsynopsys;@ufxsynopsys.inf,%ufxsynopsys.ServiceName%;USB Synopsys Controller; C:\Windows\System32\drivers\ufxsynopsys.sys [2018-04-12 144288]
S4 hvcrash;hvcrash; C:\Windows\System32\drivers\hvcrash.sys [2018-04-12 33184]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\Windows\system32\svchost.exe [2018-04-12 51288]
R2 CDPUserSvc_cd6bd;Uživatelská služba platformy připojených zařízení_cd6bd; C:\Windows\system32\svchost.exe [2018-04-12 51288]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\Windows\system32\svchost.exe [2018-04-12 51288]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\Windows\System32\svchost.exe [2018-04-12 51288]
R2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\Windows\System32\svchost.exe [2018-04-12 51288]
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; C:\Windows\System32\svchost.exe [2018-04-12 51288]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2017-10-27 462968]
R2 OneSyncSvc_cd6bd;Hostitel synchronizace_cd6bd; C:\Windows\system32\svchost.exe [2018-04-12 51288]
R2 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\Windows\system32\SecurityHealthService.exe [2018-04-12 761440]
R2 SgrmBroker;@%SystemRoot%\System32\SgrmBroker.exe,-100; C:\Windows\system32\SgrmBroker.exe [2018-04-12 163336]
R3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; C:\Windows\system32\svchost.exe [2018-04-12 51288]
R3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\Windows\System32\svchost.exe [2018-04-12 51288]
R3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; C:\Windows\System32\svchost.exe [2018-04-12 51288]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\Windows\System32\svchost.exe [2018-04-12 51288]
R3 MBAMService;Malwarebytes Service; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2018-05-09 6541008]
R3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\Windows\system32\svchost.exe [2018-04-12 51288]
R3 PimIndexMaintenanceSvc_cd6bd;Data kontaktů_cd6bd; C:\Windows\system32\svchost.exe [2018-04-12 51288]
R3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\Windows\System32\svchost.exe [2018-04-12 51288]
R3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; C:\Windows\system32\svchost.exe [2018-04-12 51288]
R3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\Windows\system32\svchost.exe [2018-04-12 51288]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\Windows\system32\svchost.exe [2018-04-12 51288]
R3 TimeBrokerSvc;@%windir%\system32\TimeBrokerServer.dll,-1001; C:\Windows\system32\svchost.exe [2018-04-12 51288]
R3 TokenBroker;@%systemroot%\system32\tokenbroker.dll,-100; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\Windows\System32\svchost.exe [2018-04-12 51288]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 BcastDVRUserService;@%SystemRoot%\system32\BcastDVRUserService.dll,-100; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 BcastDVRUserService_cd6bd;Uživatelská služba pro GameDVR a vysílání her_cd6bd; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 BluetoothUserService;@%SystemRoot%\system32\Microsoft.Bluetooth.UserService.dll,-101; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 BluetoothUserService_cd6bd;Služba pro podporu uživatelů Bluetooth_cd6bd; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 BTAGService;@%SystemRoot%\system32\BTAGService.dll,-101; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 BthAvctpSvc;@%SystemRoot%\system32\BthAvctpSvc.dll,-101; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 DevicePickerUserSvc;@%SystemRoot%\system32\Windows.Devices.Picker.dll,-1006; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 DevicePickerUserSvc_cd6bd;DevicePicker_cd6bd; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 DevicesFlowUserSvc_cd6bd;Tok zařízení_cd6bd; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2018-04-12 90624]
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; C:\Windows\System32\svchost.exe [2018-04-12 51288]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\Windows\System32\svchost.exe [2018-04-12 51288]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\Windows\System32\svchost.exe [2018-04-12 51288]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\Windows\System32\svchost.exe [2018-04-12 51288]
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; C:\Windows\System32\svchost.exe [2018-04-12 51288]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; C:\Windows\System32\svchost.exe [2018-04-12 51288]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 LxpSvc;@%SystemRoot%\system32\LanguageOverlayServer.dll,-100; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 MessagingService_cd6bd;Služba zasílání zpráv_cd6bd; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\Windows\System32\svchost.exe [2018-04-12 51288]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 PrintWorkflowUserSvc_cd6bd;PrintWorkflow_cd6bd; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; C:\Windows\System32\svchost.exe [2018-04-12 51288]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\Windows\System32\svchost.exe [2018-04-12 51288]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\Windows\System32\SensorDataService.exe [2018-04-12 1273344]
S3 SharedRealitySvc;@%SystemRoot%\system32\SharedRealitySvc.dll,-100; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 spectrum;@%systemroot%\system32\spectrum.exe,-101; C:\Windows\system32\spectrum.exe [2018-04-12 976384]
S3 ssh-agent;OpenSSH Authentication Agent; C:\Windows\System32\OpenSSH\ssh-agent.exe [2018-03-10 495616]
S3 TieringEngineService;@%SystemRoot%\system32\TieringEngineService.exe,-702; C:\Windows\system32\TieringEngineService.exe [2018-04-12 303616]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\Windows\System32\svchost.exe [2018-04-12 51288]
S4 tzautoupdate;@%SystemRoot%\system32\tzautoupdate.dll,-200; C:\Windows\system32\svchost.exe [2018-04-12 51288]

-----------------EOF-----------------




Děkuji.

[Rudy]

Zdravím!
Instalační médium je orig., nebo jste ho sehnal nějak jinak? Dejte log FRST: https://forum.viry.cz/viewtopic.php?f=13&t=152707 .

[MrPierc]

Instalační USB program jsem stáhnul klasicky odtud = https://www.microsoft.com/cs-cz/softwar ... /windows10

Děkuji.

FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by MrPierc (administrator) on DESKTOP-LFVGDRU (06-06-2018 19:01:31)
Running from C:\Users\MrPierc\Desktop
Loaded Profiles: MrPierc (Available Profiles: MrPierc)
Platform: Windows 10 Home Version 1803 17134.1 (X64) Language: Čeština (Česko)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(forum.viry.cz) C:\Users\MrPierc\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{839785bc-e006-4357-bad3-4a50ae82a8af}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================

FireFox:
========
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
S3 ssh-agent; C:\Windows\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105344 2018-04-12] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdgpio2; C:\Windows\System32\drivers\amdgpio2.sys [43400 2017-03-01] (Advanced Micro Devices, Inc)
R3 amdgpio3; C:\Windows\System32\drivers\amdgpio3.sys [24424 2016-08-12] (Advanced Micro Devices, Inc)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-12] (Advanced Micro Devices, Inc. )
R3 AMDPCIDev; C:\Windows\System32\drivers\AMDPCIDev.sys [31112 2017-10-10] (Advanced Micro Devices)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [243056 2017-06-12] (Advanced Micro Devices, Inc. )
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-06-06] (Malwarebytes)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2018-04-12] (Realtek )
R3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [5707264 2018-04-12] (Realtek Semiconductor Corporation )
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-06 19:29 - 2018-06-06 18:31 - 000000000 ____D C:\Windows\Panther
2018-06-06 19:01 - 2018-06-06 19:01 - 000006738 _____ C:\Users\MrPierc\Desktop\FRST.txt
2018-06-06 19:00 - 2018-06-06 19:01 - 000000000 ____D C:\FRST
2018-06-06 19:00 - 2018-06-06 18:59 - 002413056 _____ (Farbar) C:\Users\MrPierc\Desktop\FRST64.exe
2018-06-06 19:00 - 2018-06-06 18:59 - 000112640 _____ (forum.viry.cz) C:\Users\MrPierc\Desktop\FRSTLauncher.exe
2018-06-06 18:59 - 2018-06-06 18:59 - 002413056 _____ (Farbar) C:\Users\MrPierc\Downloads\FRST64.exe
2018-06-06 18:59 - 2018-06-06 18:59 - 000112640 _____ (forum.viry.cz) C:\Users\MrPierc\Downloads\FRSTLauncher.exe
2018-06-06 18:56 - 2018-06-06 19:01 - 000000000 ____D C:\Program Files\trend micro
2018-06-06 18:56 - 2018-06-06 18:56 - 000000000 ____D C:\rsit
2018-06-06 18:55 - 2018-06-06 18:55 - 001222144 _____ C:\Users\MrPierc\Downloads\RSITx64.exe
2018-06-06 18:50 - 2018-06-06 18:50 - 000000000 ____D C:\Users\MrPierc\AppData\Local\Comms
2018-06-06 18:44 - 2018-06-06 18:44 - 000000000 ___HD C:\Users\MrPierc\MicrosoftEdgeBackups
2018-06-06 18:43 - 2018-06-06 18:43 - 000002134 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2018-06-06 18:43 - 2018-06-06 18:43 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_amdpsp_01011.Wdf
2018-06-06 18:43 - 2018-06-06 18:43 - 000000000 ____D C:\Temp
2018-06-06 18:43 - 2018-06-06 18:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-06-06 18:43 - 2018-06-06 18:43 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-06-06 18:43 - 2017-10-27 18:12 - 005960824 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2018-06-06 18:43 - 2017-10-27 18:12 - 002587768 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2018-06-06 18:43 - 2017-10-27 18:12 - 001766520 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2018-06-06 18:43 - 2017-10-27 18:12 - 000607168 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2018-06-06 18:43 - 2017-10-27 18:12 - 000449656 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2018-06-06 18:43 - 2017-10-27 18:12 - 000123000 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2018-06-06 18:43 - 2017-10-27 18:12 - 000081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2018-06-06 18:43 - 2017-10-27 18:06 - 000136312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2018-06-06 18:43 - 2017-10-25 12:33 - 007802921 _____ C:\Windows\system32\nvcoproc.bin
2018-06-06 18:43 - 2017-09-14 01:20 - 000798008 _____ C:\Windows\SysWOW64\vulkan-1.dll
2018-06-06 18:43 - 2017-09-14 01:20 - 000490296 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2018-06-06 18:43 - 2017-09-14 01:19 - 000927544 _____ C:\Windows\system32\vulkan-1.dll
2018-06-06 18:43 - 2017-09-14 01:19 - 000591160 _____ C:\Windows\system32\vulkaninfo.exe
2018-06-06 18:42 - 2018-06-06 18:43 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-06-06 18:42 - 2018-06-06 18:43 - 000000000 ____D C:\ProgramData\NVIDIA
2018-06-06 18:42 - 2018-06-06 18:43 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-06-06 18:42 - 2018-06-06 18:43 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-06-06 18:42 - 2017-11-09 04:43 - 000540784 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2018-06-06 18:42 - 2017-11-09 04:43 - 000446392 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2018-06-06 18:42 - 2017-10-27 18:36 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2018-06-06 18:41 - 2018-06-06 18:59 - 000000000 ____D C:\Users\MrPierc\AppData\Local\PlaceholderTileLogoFolder
2018-06-06 18:38 - 2018-06-06 18:56 - 000000069 _____ C:\Windows\directx.sys
2018-06-06 18:36 - 2018-06-06 18:44 - 001601516 _____ C:\Windows\system32\PerfStringBackup.INI
2018-06-06 18:36 - 2018-06-06 18:36 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-06-06 18:36 - 2018-06-06 18:36 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-06-06 18:36 - 2018-06-06 18:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-06-06 18:36 - 2018-06-06 18:36 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-06-06 18:36 - 2018-06-06 18:36 - 000000000 ____D C:\Program Files\Malwarebytes
2018-06-06 18:36 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-06-06 18:35 - 2018-06-06 18:35 - 000003294 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2018-06-06 18:35 - 2018-06-06 18:35 - 000000000 ___RD C:\Users\MrPierc\OneDrive
2018-06-06 18:35 - 2018-06-06 18:35 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-06-06 18:34 - 2018-06-06 18:44 - 000000000 ____D C:\Users\MrPierc\AppData\Local\MicrosoftEdge
2018-06-06 18:34 - 2018-06-06 18:34 - 000001417 _____ C:\Users\MrPierc\Desktop\Microsoft Edge.lnk
2018-06-06 18:33 - 2018-06-06 18:59 - 000000000 ____D C:\Users\MrPierc\AppData\Local\Packages
2018-06-06 18:33 - 2018-06-06 18:58 - 000000000 ____D C:\Users\MrPierc\AppData\Local\Publishers
2018-06-06 18:33 - 2018-06-06 18:44 - 000000000 ____D C:\Users\MrPierc
2018-06-06 18:33 - 2018-06-06 18:35 - 000002397 _____ C:\Users\MrPierc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-06-06 18:33 - 2018-06-06 18:34 - 000000000 ____D C:\Users\MrPierc\AppData\Local\ConnectedDevicesPlatform
2018-06-06 18:33 - 2018-06-06 18:33 - 000000020 ___SH C:\Users\MrPierc\ntuser.ini
2018-06-06 18:33 - 2018-06-06 18:33 - 000000000 _SHDL C:\Users\MrPierc\Šablony
2018-06-06 18:33 - 2018-06-06 18:33 - 000000000 _SHDL C:\Users\MrPierc\Soubory cookie
2018-06-06 18:33 - 2018-06-06 18:33 - 000000000 _SHDL C:\Users\MrPierc\Poslední
2018-06-06 18:33 - 2018-06-06 18:33 - 000000000 _SHDL C:\Users\MrPierc\Okolní tiskárny
2018-06-06 18:33 - 2018-06-06 18:33 - 000000000 _SHDL C:\Users\MrPierc\Okolní síť
2018-06-06 18:33 - 2018-06-06 18:33 - 000000000 _SHDL C:\Users\MrPierc\Nabídka Start
2018-06-06 18:33 - 2018-06-06 18:33 - 000000000 _SHDL C:\Users\MrPierc\Dokumenty
2018-06-06 18:33 - 2018-06-06 18:33 - 000000000 _SHDL C:\Users\MrPierc\Documents\Obrázky
2018-06-06 18:33 - 2018-06-06 18:33 - 000000000 _SHDL C:\Users\MrPierc\Documents\Hudba
2018-06-06 18:33 - 2018-06-06 18:33 - 000000000 _SHDL C:\Users\MrPierc\Documents\Filmy
2018-06-06 18:33 - 2018-06-06 18:33 - 000000000 _SHDL C:\Users\MrPierc\Data aplikací
2018-06-06 18:33 - 2018-06-06 18:33 - 000000000 _SHDL C:\Users\MrPierc\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2018-06-06 18:33 - 2018-06-06 18:33 - 000000000 _SHDL C:\Users\MrPierc\AppData\Local\Data aplikací
2018-06-06 18:33 - 2018-06-06 18:33 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-06-06 18:33 - 2018-06-06 18:33 - 000000000 ___RD C:\Users\MrPierc\3D Objects
2018-06-06 18:33 - 2018-06-06 18:33 - 000000000 ____D C:\Users\MrPierc\AppData\Roaming\Adobe
2018-06-06 18:33 - 2018-06-06 18:33 - 000000000 ____D C:\Users\MrPierc\AppData\Local\VirtualStore
2018-06-06 18:33 - 2018-06-06 18:33 - 000000000 ____D C:\ProgramData\USOShared
2018-06-06 18:33 - 2018-04-12 01:33 - 002752000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\Users\Public\Documents\Obrázky
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\Users\Public\Documents\Hudba
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\Users\Public\Documents\Filmy
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\Users\Default\Šablony
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\Users\Default\Soubory cookie
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\Users\Default\Poslední
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\Users\Default\Okolní tiskárny
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\Users\Default\Okolní síť
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\Users\Default\Nabídka Start
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\Users\Default\Dokumenty
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\Users\Default\Documents\Obrázky
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\Users\Default\Documents\Hudba
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\Users\Default\Documents\Filmy
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\Users\Default\Data aplikací
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\Users\Default\AppData\Local\Data aplikací
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\Users\Default User\Documents\Obrázky
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\Users\Default User\Documents\Hudba
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\Users\Default User\Documents\Filmy
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\Users\Default User\AppData\Local\Data aplikací
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\ProgramData\Šablony
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\ProgramData\Plocha
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\ProgramData\Nabídka Start
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programy
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\ProgramData\Dokumenty
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\ProgramData\Data aplikací
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\Documents and Settings
2018-06-06 18:30 - 2018-06-06 18:31 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-06 18:30 - 2018-06-06 18:30 - 000234120 _____ C:\Windows\system32\FNTCACHE.DAT
2018-06-06 18:30 - 2018-06-06 18:30 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2018-06-06 18:30 - 2018-06-06 18:30 - 000000000 ____D C:\Windows\system32\SleepStudy
2018-06-06 18:30 - 2018-06-06 18:30 - 000000000 ____D C:\Windows\system32\Drivers\wd
2018-06-06 18:30 - 2018-06-06 18:30 - 000000000 ____D C:\Windows\ServiceProfiles

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-06 19:29 - 2018-04-12 01:38 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2018-06-06 18:59 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-06-06 18:59 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\AppReadiness
2018-06-06 18:55 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-06-06 18:55 - 2018-04-12 01:30 - 000000000 ____D C:\Windows\CbsTemp
2018-06-06 18:47 - 2018-04-12 01:36 - 000000000 ____D C:\Windows\INF
2018-06-06 18:44 - 2018-04-12 17:50 - 000680616 _____ C:\Windows\system32\perfh005.dat
2018-06-06 18:44 - 2018-04-12 17:50 - 000136548 _____ C:\Windows\system32\perfc005.dat
2018-06-06 18:43 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\Help
2018-06-06 18:33 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2018-06-06 18:33 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\system32\spool
2018-06-06 18:33 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\system32\FxsTmp
2018-06-06 18:33 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\USOPrivate
2018-06-06 18:31 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files\windows nt
2018-06-06 18:31 - 2018-04-11 23:04 - 000262144 _____ C:\Windows\system32\config\BBI
2018-06-06 18:30 - 2018-04-12 01:38 - 000000000 ___RD C:\Windows\PrintDialog
2018-06-06 18:30 - 2018-04-12 01:38 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2018-06-06 18:30 - 2018-04-11 23:04 - 000032768 _____ C:\Windows\system32\config\ELAM

==================== Files in the root of some directories =======


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-06 18:30

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:232.35 GB) (Free:207.43 GB) NTFS
Drive d: (2TB_big_zbytek) (Fixed) (Total:146.48 GB) (Free:38.39 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (1TB_Seagate) (Fixed) (Total:931.51 GB) (Free:285.8 GB) NTFS
Drive f: (BIG DADDY_2TB) (Fixed) (Total:1863.01 GB) (Free:448.34 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (Data 3TB) (Fixed) (Total:2794.39 GB) (Free:2185.02 GB) NTFS
Drive h: (2TB_big) (Fixed) (Total:1716.53 GB) (Free:66.6 GB) NTFS
\\?\Volume{16c2b92d-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.54 GB) (Free:0.16 GB) NTFS

Available physical RAM: 12650.89 MB
Total physical RAM: 16316.81 MB
Percentage of memory in use: 22%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 16C2B92D)
Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.3 GB) - (Type=07 NTFS)
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: F30C15A4)
Partition 1: (Active) - (Size=146.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1716.5 GB) - (Type=07 NTFS)
Disk: 2 (Size: 931.5 GB) (Disk ID: 79482394)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 55CAB08E)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
Disk: 4 (Protective MBR) (Size: 2794.5 GB) (Disk ID: 00000000)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\MrPierc\Desktop" je 2 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]


==================== End Of Log ==============================

[MrPierc]

Nechápu, jak mi může po instalaci vzniknout takový nepořádek po čisté instalaci.

Pochybuji, že by z Microsoftu byla instalačka přes MediaCreation tool s virem…

Nechápu to.

[Rudy]

Nechápu, jak mi může po instalaci vzniknout takový nepořádek po čisté instalaci.

Pochybuji, že by z Microsoftu byla instalačka přes MediaCreation tool s virem…

Nechápu to.

Já také ne, proto jsem ptal, zda jste tu instalačku nezískal někde nelegálně. Teď spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

[MrPierc]

Nic to asi nenašlo.
jak jsem ale pustil Win 10, tak Defender byl již zapnutý a hlásil zcela stejné soubory, které dal do karantény:

HKLM\SOFTWARE\CLASSES\EXEFILE\SHELL\OPEN\COMMAND
C:\WINDOWS\SVCHOST.COM





Log Adwcleaner:

# -------------------------------
# Malwarebytes AdwCleaner 7.2.0.0
# -------------------------------
# Build: 06-05-2018
# Database: 2018-06-06.2
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-06-2018
# Duration: 00:00:00
# OS: Windows 10 Home
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1242 octets] - [06/06/2018 20:07:51]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

[Rudy]

Svchost.com je určitě šmejd. Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
C:\WINDOWS\SVCHOST.COM
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[MrPierc]

Použil jsem Váš příkaz na odstranění, ale také jsem našel od AVG avg_remover_neshta.exe (odstranil přes 500 infikovaných souborů virem Neshta).


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by MrPierc (administrator) on DESKTOP-LFVGDRU (07-06-2018 05:44:17)
Running from C:\Users\MrPierc\Desktop
Loaded Profiles: MrPierc (Available Profiles: MrPierc)
Platform: Windows 10 Home Version 1803 17134.48 (X64) Language: Čeština (Česko)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.16.17656.18052-0\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.16.17656.18052-0\NisSrv.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Users\MrPierc\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\FileCoAuth.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9330.20915.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(forum.viry.cz) C:\Users\MrPierc\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{839785bc-e006-4357-bad3-4a50ae82a8af}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================

FireFox:
========
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
S3 ssh-agent; C:\Windows\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\NisSrv.exe [4682552 2018-06-06] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MsMpEng.exe [101096 2018-06-06] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdgpio2; C:\Windows\System32\drivers\amdgpio2.sys [43400 2017-03-01] (Advanced Micro Devices, Inc)
R3 amdgpio3; C:\Windows\System32\drivers\amdgpio3.sys [24424 2016-08-12] (Advanced Micro Devices, Inc)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-12] (Advanced Micro Devices, Inc. )
R3 AMDPCIDev; C:\Windows\System32\drivers\AMDPCIDev.sys [31112 2017-10-10] (Advanced Micro Devices)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [243056 2017-06-12] (Advanced Micro Devices, Inc. )
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-06-06] (Malwarebytes)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2018-04-12] (Realtek )
R3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [5707264 2018-04-12] (Realtek Semiconductor Corporation )
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46072 2018-06-06] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [313384 2018-06-06] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [61992 2018-06-06] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-07 05:44 - 2018-06-07 05:44 - 000006061 _____ C:\Users\MrPierc\Desktop\FRST.txt
2018-06-07 00:46 - 2018-06-07 00:46 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-06-07 00:46 - 2018-06-07 00:46 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-06-07 00:46 - 2018-06-07 00:46 - 000000000 ____D C:\Windows\system32\MRT
2018-06-07 00:45 - 2018-04-28 16:19 - 021389360 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-06-07 00:45 - 2018-04-28 16:17 - 001634800 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2018-06-07 00:45 - 2018-04-28 16:04 - 012712960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-06-07 00:45 - 2018-04-28 16:03 - 013570560 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-06-07 00:45 - 2018-04-28 16:03 - 000171520 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2018-06-07 00:45 - 2018-04-28 16:03 - 000150528 _____ (Microsoft Corporation) C:\Windows\system32\SharedPCCSP.dll
2018-06-07 00:45 - 2018-04-28 16:02 - 008623104 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2018-06-07 00:45 - 2018-04-28 16:02 - 000584192 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll
2018-06-07 00:45 - 2018-04-28 16:01 - 000256000 _____ (Microsoft Corporation) C:\Windows\system32\MixedReality.Broker.dll
2018-06-07 00:45 - 2018-04-28 16:00 - 000695296 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2018-06-07 00:45 - 2018-04-28 15:59 - 003655168 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2018-06-07 00:45 - 2018-04-28 15:59 - 000392192 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-06-07 00:45 - 2018-04-28 15:58 - 004070400 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2018-06-07 00:45 - 2018-04-28 15:58 - 001855488 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-06-07 00:45 - 2018-04-28 15:58 - 001664512 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2018-06-07 00:45 - 2018-04-28 15:58 - 000758272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-06-07 00:45 - 2018-04-28 15:31 - 001454016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2018-06-07 00:45 - 2018-04-28 15:28 - 020383720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-06-07 00:45 - 2018-04-28 15:18 - 000150016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2018-06-07 00:45 - 2018-04-28 15:17 - 012500992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2018-06-07 00:45 - 2018-04-28 15:16 - 011903488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-06-07 00:45 - 2018-04-28 15:16 - 007987712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2018-06-07 00:45 - 2018-04-28 15:14 - 000668672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-06-07 00:45 - 2018-04-28 15:14 - 000581120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2018-06-07 00:45 - 2018-04-28 15:14 - 000344064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-06-07 00:45 - 2018-04-28 15:13 - 002897408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2018-06-07 00:45 - 2018-04-28 15:13 - 001585664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2018-06-07 00:45 - 2018-04-28 15:12 - 001380864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2018-06-07 00:45 - 2018-04-28 13:20 - 023862272 _____ (Microsoft Corporation) C:\Windows\system32\Hydrogen.dll
2018-06-07 00:45 - 2018-04-28 13:17 - 019525120 _____ (Microsoft Corporation) C:\Windows\system32\HologramCompositor.dll
2018-06-07 00:45 - 2018-04-28 13:04 - 000944640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Mirage.Internal.dll
2018-06-07 00:45 - 2018-04-28 13:02 - 003732800 _____ C:\Windows\system32\Windows.Mirage.dll
2018-06-07 00:45 - 2018-04-28 12:58 - 000976384 _____ (Microsoft Corporation) C:\Windows\system32\Spectrum.exe
2018-06-07 00:45 - 2018-04-28 12:58 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Cortana.Analog.dll
2018-06-07 00:45 - 2018-04-28 11:33 - 000658432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Mirage.Internal.dll
2018-06-07 00:45 - 2018-04-28 11:30 - 002841312 _____ C:\Windows\SysWOW64\Windows.Mirage.dll
2018-06-07 00:45 - 2018-04-28 08:18 - 000705944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2018-06-07 00:45 - 2018-04-28 06:37 - 001034624 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
2018-06-07 00:45 - 2018-04-28 06:35 - 000272288 _____ (Microsoft Corporation) C:\Windows\system32\SgrmEnclave.dll
2018-06-07 00:45 - 2018-04-28 06:35 - 000269216 _____ (Microsoft Corporation) C:\Windows\system32\SgrmEnclave_secure.dll
2018-06-07 00:45 - 2018-04-28 06:31 - 001063320 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2018-06-07 00:45 - 2018-04-28 06:31 - 000473496 _____ (Microsoft Corporation) C:\Windows\system32\dcntel.dll
2018-06-07 00:45 - 2018-04-28 06:30 - 001456616 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-06-07 00:45 - 2018-04-28 06:29 - 009159064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-06-07 00:45 - 2018-04-28 06:29 - 001565592 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll
2018-06-07 00:45 - 2018-04-28 06:29 - 001174424 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2018-06-07 00:45 - 2018-04-28 06:29 - 001012120 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2018-06-07 00:45 - 2018-04-28 06:29 - 000885848 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2018-06-07 00:45 - 2018-04-28 06:29 - 000788216 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2018-06-07 00:45 - 2018-04-28 06:29 - 000776880 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2018-06-07 00:45 - 2018-04-28 06:29 - 000494488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2018-06-07 00:45 - 2018-04-28 06:29 - 000382872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2018-06-07 00:45 - 2018-04-28 06:29 - 000134552 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2018-06-07 00:45 - 2018-04-28 06:28 - 007436624 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2018-06-07 00:45 - 2018-04-28 06:28 - 002753040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-06-07 00:45 - 2018-04-28 06:28 - 000709816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2018-06-07 00:45 - 2018-04-28 06:28 - 000170904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-06-07 00:45 - 2018-04-28 06:27 - 007519992 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2018-06-07 00:45 - 2018-04-28 06:27 - 003283400 _____ (Microsoft Corporation) C:\Windows\system32\CoreUIComponents.dll
2018-06-07 00:45 - 2018-04-28 06:27 - 002835864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-06-07 00:45 - 2018-04-28 06:27 - 002422168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-06-07 00:45 - 2018-04-28 06:27 - 001258280 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-06-07 00:45 - 2018-04-28 06:27 - 001191168 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-06-07 00:45 - 2018-04-28 06:27 - 000733992 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2018-06-07 00:45 - 2018-04-28 06:27 - 000604568 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2018-06-07 00:45 - 2018-04-28 06:14 - 002486976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreUIComponents.dll
2018-06-07 00:45 - 2018-04-28 06:14 - 000434584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2018-06-07 00:45 - 2018-04-28 06:13 - 006569952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-06-07 00:45 - 2018-04-28 06:13 - 006044104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2018-06-07 00:45 - 2018-04-28 06:13 - 001426328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
2018-06-07 00:45 - 2018-04-28 06:13 - 000786168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-06-07 00:45 - 2018-04-28 06:13 - 000665320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2018-06-07 00:45 - 2018-04-28 06:13 - 000559968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2018-06-07 00:45 - 2018-04-28 06:12 - 002242208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-06-07 00:45 - 2018-04-28 06:12 - 000606448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2018-06-07 00:45 - 2018-04-28 06:12 - 000567136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2018-06-07 00:45 - 2018-04-28 06:11 - 025848832 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2018-06-07 00:45 - 2018-04-28 06:05 - 022002688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2018-06-07 00:45 - 2018-04-28 06:04 - 022707712 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-06-07 00:45 - 2018-04-28 06:04 - 008188928 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2018-06-07 00:45 - 2018-04-28 06:04 - 004372992 _____ (Microsoft Corporation) C:\Windows\system32\EdgeContent.dll
2018-06-07 00:45 - 2018-04-28 06:03 - 000585728 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.rs3.dll
2018-06-07 00:45 - 2018-04-28 06:03 - 000444416 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.rs1.dll
2018-06-07 00:45 - 2018-04-28 06:03 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.th.dll
2018-06-07 00:45 - 2018-04-28 06:03 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.win81.dll
2018-06-07 00:45 - 2018-04-28 06:02 - 000613376 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.rs4.dll
2018-06-07 00:45 - 2018-04-28 06:02 - 000474624 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.rs2.dll
2018-06-07 00:45 - 2018-04-28 06:02 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2018-06-07 00:45 - 2018-04-28 06:02 - 000142336 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.win8rtm.dll
2018-06-07 00:45 - 2018-04-28 06:02 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\wcimage.dll
2018-06-07 00:45 - 2018-04-28 06:01 - 004706816 _____ (Microsoft Corporation) C:\Windows\system32\cdp.dll
2018-06-07 00:45 - 2018-04-28 06:01 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-06-07 00:45 - 2018-04-28 06:01 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-06-07 00:45 - 2018-04-28 06:00 - 007583232 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2018-06-07 00:45 - 2018-04-28 06:00 - 004867072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-06-07 00:45 - 2018-04-28 06:00 - 003389952 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2018-06-07 00:45 - 2018-04-28 06:00 - 000143360 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-06-07 00:45 - 2018-04-28 05:59 - 019399168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-06-07 00:45 - 2018-04-28 05:59 - 003392512 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2018-06-07 00:45 - 2018-04-28 05:59 - 003320320 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2018-06-07 00:45 - 2018-04-28 05:59 - 000898560 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebFilter.dll
2018-06-07 00:45 - 2018-04-28 05:59 - 000894464 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2018-06-07 00:45 - 2018-04-28 05:59 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-06-07 00:45 - 2018-04-28 05:59 - 000553984 _____ (Microsoft Corporation) C:\Windows\system32\PerceptionSimulationExtensions.dll
2018-06-07 00:45 - 2018-04-28 05:59 - 000154112 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2018-06-07 00:45 - 2018-04-28 05:58 - 006661632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2018-06-07 00:45 - 2018-04-28 05:58 - 003086336 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2018-06-07 00:45 - 2018-04-28 05:58 - 002366976 _____ (Microsoft Corporation) C:\Windows\system32\WebRuntimeManager.dll
2018-06-07 00:45 - 2018-04-28 05:58 - 000814592 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2018-06-07 00:45 - 2018-04-28 05:58 - 000624128 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
2018-06-07 00:45 - 2018-04-28 05:57 - 005951488 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2018-06-07 00:45 - 2018-04-28 05:57 - 002170368 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2018-06-07 00:45 - 2018-04-28 05:57 - 001534976 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-06-07 00:45 - 2018-04-28 05:57 - 000019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-06-07 00:45 - 2018-04-28 05:56 - 003440640 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-06-07 00:45 - 2018-04-28 05:56 - 002961408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdp.dll
2018-06-07 00:45 - 2018-04-28 05:56 - 002902528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-06-07 00:45 - 2018-04-28 05:56 - 002700800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2018-06-07 00:45 - 2018-04-28 05:56 - 002236928 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2018-06-07 00:45 - 2018-04-28 05:56 - 001817088 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-06-07 00:45 - 2018-04-28 05:56 - 001550848 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2018-06-07 00:45 - 2018-04-28 05:56 - 000933376 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2018-06-07 00:45 - 2018-04-28 05:56 - 000917504 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2018-06-07 00:45 - 2018-04-28 05:56 - 000775680 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-06-07 00:45 - 2018-04-28 05:56 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-06-07 00:45 - 2018-04-28 05:55 - 003712000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-06-07 00:45 - 2018-04-28 05:55 - 002900992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2018-06-07 00:45 - 2018-04-28 05:55 - 001586176 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-06-07 00:45 - 2018-04-28 05:55 - 001421312 _____ (Microsoft Corporation) C:\Windows\system32\rdpbase.dll
2018-06-07 00:45 - 2018-04-28 05:55 - 001160192 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-06-07 00:45 - 2018-04-28 05:55 - 000960512 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2018-06-07 00:45 - 2018-04-28 05:55 - 000596480 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2018-06-07 00:45 - 2018-04-28 05:55 - 000543744 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-06-07 00:45 - 2018-04-28 05:54 - 005782528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2018-06-07 00:45 - 2018-04-28 05:54 - 000561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-06-07 00:45 - 2018-04-28 05:53 - 004929024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2018-06-07 00:45 - 2018-04-28 05:53 - 001235968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpbase.dll
2018-06-07 00:45 - 2018-04-28 05:53 - 000615424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2018-06-07 00:45 - 2018-04-28 05:53 - 000578560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2018-06-07 00:45 - 2018-04-28 05:53 - 000117760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-06-07 00:45 - 2018-04-28 05:52 - 003015168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-06-07 00:45 - 2018-04-28 05:52 - 001636352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-06-07 00:45 - 2018-04-28 05:52 - 000860160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2018-06-07 00:45 - 2018-04-28 05:52 - 000836608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2018-06-07 00:45 - 2018-04-28 05:52 - 000619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WpcWebFilter.dll
2018-06-07 00:45 - 2018-04-28 05:51 - 001466368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-06-07 00:45 - 2018-04-28 05:51 - 000669184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-06-07 00:45 - 2018-04-28 05:51 - 000524800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-06-07 00:45 - 2018-04-28 04:43 - 001953280 _____ C:\Windows\system32\rdpnano.dll
2018-06-07 00:45 - 2018-04-28 04:42 - 000001312 _____ C:\Windows\system32\tcbres.wim
2018-06-06 21:31 - 2018-06-06 21:31 - 000548000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-06-06 21:20 - 2018-06-06 21:20 - 000001844 _____ C:\Users\MrPierc\Desktop\Fixlog.txt
2018-06-06 20:41 - 2018-06-06 20:41 - 003629536 _____ (AVG Technologies CZ) C:\Users\MrPierc\Downloads\avg_remover_neshta.exe
2018-06-06 20:07 - 2018-06-06 20:07 - 000000000 ____D C:\AdwCleaner
2018-06-06 20:04 - 2018-06-06 20:04 - 007372496 _____ (Malwarebytes) C:\Users\MrPierc\Downloads\adwcleaner_7.2.0.exe
2018-06-06 19:47 - 2018-06-06 19:47 - 000000000 ___HD C:\$Windows.~WS
2018-06-06 19:29 - 2018-06-06 20:03 - 000000000 ____D C:\Windows\Panther
2018-06-06 19:18 - 2018-06-06 20:03 - 000000000 ____D C:\ESD
2018-06-06 19:17 - 2018-06-06 19:17 - 000000000 ____D C:\$WINDOWS.~BT
2018-06-06 19:16 - 2018-06-06 19:16 - 019119064 _____ (Microsoft Corporation) C:\Users\MrPierc\Downloads\MediaCreationTool1803.exe
2018-06-06 19:04 - 2018-06-06 19:04 - 000004340 _____ C:\Users\MrPierc\Desktop\Addition.rar
2018-06-06 19:04 - 2018-06-06 19:04 - 000000000 ____D C:\Users\MrPierc\AppData\Roaming\WinRAR
2018-06-06 19:04 - 2018-06-06 19:04 - 000000000 ____D C:\Users\MrPierc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-06-06 19:04 - 2018-06-06 19:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-06-06 19:04 - 2018-06-06 19:04 - 000000000 ____D C:\Program Files\WinRAR
2018-06-06 19:00 - 2018-06-07 05:44 - 000000000 ____D C:\FRST
2018-06-06 19:00 - 2018-06-06 18:59 - 002413056 _____ (Farbar) C:\Users\MrPierc\Desktop\FRST64.exe
2018-06-06 19:00 - 2018-06-06 18:59 - 000112640 _____ (forum.viry.cz) C:\Users\MrPierc\Desktop\FRSTLauncher.exe
2018-06-06 18:59 - 2018-06-06 18:59 - 002413056 _____ (Farbar) C:\Users\MrPierc\Downloads\FRST64.exe
2018-06-06 18:59 - 2018-06-06 18:59 - 000112640 _____ (forum.viry.cz) C:\Users\MrPierc\Downloads\FRSTLauncher.exe
2018-06-06 18:56 - 2018-06-06 19:01 - 000000000 ____D C:\Program Files\trend micro
2018-06-06 18:56 - 2018-06-06 18:56 - 000000000 ____D C:\rsit
2018-06-06 18:55 - 2018-06-06 18:55 - 001222144 _____ C:\Users\MrPierc\Downloads\RSITx64.exe
2018-06-06 18:50 - 2018-06-06 18:50 - 000000000 ____D C:\Users\MrPierc\AppData\Local\Comms
2018-06-06 18:44 - 2018-06-06 18:44 - 000000000 ___HD C:\Users\MrPierc\MicrosoftEdgeBackups
2018-06-06 18:43 - 2018-06-06 18:43 - 000002134 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2018-06-06 18:43 - 2018-06-06 18:43 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_amdpsp_01011.Wdf
2018-06-06 18:43 - 2018-06-06 18:43 - 000000000 ____D C:\Temp
2018-06-06 18:43 - 2018-06-06 18:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-06-06 18:43 - 2018-06-06 18:43 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-06-06 18:43 - 2017-10-27 18:12 - 005960824 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2018-06-06 18:43 - 2017-10-27 18:12 - 002587768 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2018-06-06 18:43 - 2017-10-27 18:12 - 001766520 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2018-06-06 18:43 - 2017-10-27 18:12 - 000607168 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2018-06-06 18:43 - 2017-10-27 18:12 - 000449656 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2018-06-06 18:43 - 2017-10-27 18:12 - 000123000 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2018-06-06 18:43 - 2017-10-27 18:12 - 000081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2018-06-06 18:43 - 2017-10-27 18:06 - 000136312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2018-06-06 18:43 - 2017-10-25 12:33 - 007802921 _____ C:\Windows\system32\nvcoproc.bin
2018-06-06 18:43 - 2017-09-14 01:20 - 000798008 _____ C:\Windows\SysWOW64\vulkan-1.dll
2018-06-06 18:43 - 2017-09-14 01:20 - 000490296 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2018-06-06 18:43 - 2017-09-14 01:19 - 000927544 _____ C:\Windows\system32\vulkan-1.dll
2018-06-06 18:43 - 2017-09-14 01:19 - 000591160 _____ C:\Windows\system32\vulkaninfo.exe
2018-06-06 18:42 - 2018-06-07 01:08 - 000000000 ____D C:\ProgramData\NVIDIA
2018-06-06 18:42 - 2018-06-06 18:43 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-06-06 18:42 - 2018-06-06 18:43 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-06-06 18:42 - 2018-06-06 18:43 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-06-06 18:42 - 2017-11-09 04:43 - 000540784 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2018-06-06 18:42 - 2017-11-09 04:43 - 000446392 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2018-06-06 18:42 - 2017-10-27 18:36 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2018-06-06 18:41 - 2018-06-07 01:06 - 000000000 ____D C:\Users\MrPierc\AppData\Local\PlaceholderTileLogoFolder
2018-06-06 18:38 - 2018-06-06 19:04 - 000000068 _____ C:\Windows\directx.sys
2018-06-06 18:36 - 2018-06-07 01:12 - 001601516 _____ C:\Windows\system32\PerfStringBackup.INI
2018-06-06 18:36 - 2018-06-06 18:36 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-06-06 18:36 - 2018-06-06 18:36 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-06-06 18:36 - 2018-06-06 18:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-06-06 18:36 - 2018-06-06 18:36 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-06-06 18:36 - 2018-06-06 18:36 - 000000000 ____D C:\Program Files\Malwarebytes
2018-06-06 18:36 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-06-06 18:35 - 2018-06-06 18:35 - 000003294 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2018-06-06 18:35 - 2018-06-06 18:35 - 000000000 ___RD C:\Users\MrPierc\OneDrive
2018-06-06 18:35 - 2018-06-06 18:35 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-06-06 18:34 - 2018-06-06 18:44 - 000000000 ____D C:\Users\MrPierc\AppData\Local\MicrosoftEdge
2018-06-06 18:34 - 2018-06-06 18:34 - 000001417 _____ C:\Users\MrPierc\Desktop\Microsoft Edge.lnk
2018-06-06 18:33 - 2018-06-07 01:08 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-06-06 18:33 - 2018-06-07 01:08 - 000000000 ___RD C:\Users\MrPierc\3D Objects
2018-06-06 18:33 - 2018-06-07 00:39 - 000000000 ____D C:\Users\MrPierc\AppData\Local\Packages
2018-06-06 18:33 - 2018-06-06 19:02 - 000000000 ____D C:\Users\MrPierc\AppData\Local\Publishers
2018-06-06 18:33 - 2018-06-06 18:44 - 000000000 ____D C:\Users\MrPierc
2018-06-06 18:33 - 2018-06-06 18:35 - 000002397 _____ C:\Users\MrPierc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-06-06 18:33 - 2018-06-06 18:34 - 000000000 ____D C:\Users\MrPierc\AppData\Local\ConnectedDevicesPlatform
2018-06-06 18:33 - 2018-06-06 18:33 - 000000020 ___SH C:\Users\MrPierc\ntuser.ini
2018-06-06 18:33 - 2018-06-06 18:33 - 000000000 _SHDL C:\Users\MrPierc\Šablony
2018-06-06 18:33 - 2018-06-06 18:33 - 000000000 _SHDL C:\Users\MrPierc\Soubory cookie
2018-06-06 18:33 - 2018-06-06 18:33 - 000000000 _SHDL C:\Users\MrPierc\Poslední
2018-06-06 18:33 - 2018-06-06 18:33 - 000000000 _SHDL C:\Users\MrPierc\Okolní tiskárny
2018-06-06 18:33 - 2018-06-06 18:33 - 000000000 _SHDL C:\Users\MrPierc\Okolní síť
2018-06-06 18:33 - 2018-06-06 18:33 - 000000000 _SHDL C:\Users\MrPierc\Nabídka Start
2018-06-06 18:33 - 2018-06-06 18:33 - 000000000 _SHDL C:\Users\MrPierc\Dokumenty
2018-06-06 18:33 - 2018-06-06 18:33 - 000000000 _SHDL C:\Users\MrPierc\Documents\Obrázky
2018-06-06 18:33 - 2018-06-06 18:33 - 000000000 _SHDL C:\Users\MrPierc\Documents\Hudba
2018-06-06 18:33 - 2018-06-06 18:33 - 000000000 _SHDL C:\Users\MrPierc\Documents\Filmy
2018-06-06 18:33 - 2018-06-06 18:33 - 000000000 _SHDL C:\Users\MrPierc\Data aplikací
2018-06-06 18:33 - 2018-06-06 18:33 - 000000000 _SHDL C:\Users\MrPierc\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2018-06-06 18:33 - 2018-06-06 18:33 - 000000000 _SHDL C:\Users\MrPierc\AppData\Local\Data aplikací
2018-06-06 18:33 - 2018-06-06 18:33 - 000000000 ____D C:\Users\MrPierc\AppData\Roaming\Adobe
2018-06-06 18:33 - 2018-06-06 18:33 - 000000000 ____D C:\Users\MrPierc\AppData\Local\VirtualStore
2018-06-06 18:33 - 2018-06-06 18:33 - 000000000 ____D C:\ProgramData\USOShared
2018-06-06 18:33 - 2018-04-12 01:33 - 002752000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\Users\Public\Documents\Obrázky
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\Users\Public\Documents\Hudba
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\Users\Public\Documents\Filmy
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\Users\Default\Šablony
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\Users\Default\Soubory cookie
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\Users\Default\Poslední
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\Users\Default\Okolní tiskárny
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\Users\Default\Okolní síť
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\Users\Default\Nabídka Start
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\Users\Default\Dokumenty
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\Users\Default\Documents\Obrázky
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\Users\Default\Documents\Hudba
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\Users\Default\Documents\Filmy
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\Users\Default\Data aplikací
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\Users\Default\AppData\Local\Data aplikací
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\Users\Default User\Documents\Obrázky
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\Users\Default User\Documents\Hudba
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\Users\Default User\Documents\Filmy
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\Users\Default User\AppData\Local\Data aplikací
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\ProgramData\Šablony
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\ProgramData\Plocha
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\ProgramData\Nabídka Start
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programy
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\ProgramData\Dokumenty
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\ProgramData\Data aplikací
2018-06-06 18:31 - 2018-06-06 18:31 - 000000000 _SHDL C:\Documents and Settings
2018-06-06 18:30 - 2018-06-07 05:36 - 000000000 ____D C:\Windows\system32\SleepStudy
2018-06-06 18:30 - 2018-06-07 01:08 - 000234120 _____ C:\Windows\system32\FNTCACHE.DAT
2018-06-06 18:30 - 2018-06-07 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-06 18:30 - 2018-06-06 22:49 - 000000000 ____D C:\Windows\system32\Drivers\wd
2018-06-06 18:30 - 2018-06-06 18:30 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2018-06-06 18:30 - 2018-06-06 18:30 - 000000000 ____D C:\Windows\ServiceProfiles

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-07 03:59 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\appcompat
2018-06-07 03:59 - 2018-04-12 01:36 - 000000000 ____D C:\Windows\INF
2018-06-07 02:23 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-06-07 01:12 - 2018-04-12 17:50 - 000680616 _____ C:\Windows\system32\perfh005.dat
2018-06-07 01:12 - 2018-04-12 17:50 - 000136548 _____ C:\Windows\system32\perfc005.dat
2018-06-07 01:08 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\AppReadiness
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\zu-ZA
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\yo-NG
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\xh-ZA
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\wo-SN
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\vi-VN
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\uz-Latn-UZ
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\ur-PK
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\ug-CN
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\tt-RU
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\tn-ZA
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\tk-TM
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\ti-ET
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\tg-Cyrl-TJ
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\te-IN
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\ta-IN
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\sw-KE
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\sr-Cyrl-RS
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\sr-Cyrl-BA
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\sq-AL
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\si-LK
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\sd-Arab-PK
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\rw-RW
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\quz-PE
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\quc-Latn-GT
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\prs-AF
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\pa-IN
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\pa-Arab-PK
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\or-IN
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\nso-ZA
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\nn-NO
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\ne-NP
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\mt-MT
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\mr-IN
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\mn-MN
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\ml-IN
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\mk-MK
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\mi-NZ
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\lo-LA
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\lb-LU
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\ky-KG
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\ku-Arab-IQ
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\kok-IN
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\kn-IN
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\km-KH
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\kk-KZ
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\ka-GE
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\is-IS
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\ig-NG
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\id-ID
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\chr-CHER-US
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\hy-AM
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\ha-Latn-NG
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\gu-IN
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\gd-GB
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\ga-IE
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\fil-PH
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\fa-IR
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\cy-GB
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\ca-ES-valencia
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\bs-Latn-BA
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\bn-IN
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\bn-BD
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\be-BY
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\az-Latn-AZ
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\as-IN
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\am-ET
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\SysWOW64\af-ZA
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\zu-ZA
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\yo-NG
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\xh-ZA
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\wo-SN
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\vi-VN
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\uz-Latn-UZ
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\ur-PK
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\ug-CN
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\tt-RU
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\tn-ZA
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\tk-TM
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\ti-ET
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\tg-Cyrl-TJ
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\te-IN
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\sw-KE
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\sr-Cyrl-RS
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\sr-Cyrl-BA
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\sq-AL
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\sd-Arab-PK
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\rw-RW
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\quz-PE
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\quc-Latn-GT
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\prs-AF
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\pa-IN
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\pa-Arab-PK
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\or-IN
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\nso-ZA
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\nn-NO
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\ne-NP
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\mt-MT
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\mr-IN
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\mn-MN
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\ml-IN
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\mk-MK
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\mi-NZ
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\lo-LA
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\lb-LU
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\ky-KG
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\ku-Arab-IQ
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\kok-IN
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\kn-IN
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\km-KH
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\kk-KZ
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\ka-GE
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\is-IS
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\ig-NG
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\id-ID
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\chr-CHER-US
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\hy-AM
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\ha-Latn-NG
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\gu-IN
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\gd-GB
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\ga-IE
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\fil-PH
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\fa-IR
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\cy-GB
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\ca-ES-valencia
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\bs-Latn-BA
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\bn-IN
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\bn-BD
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\be-BY
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\az-Latn-AZ
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\as-IN
2018-06-07 01:07 - 2018-04-12 17:51 - 000000000 ____D C:\Windows\system32\af-ZA
2018-06-07 01:07 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\TextInput
2018-06-07 01:07 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\SysWOW64\setup
2018-06-07 01:07 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\system32\ta-in
2018-06-07 01:07 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\system32\si-lk
2018-06-07 01:07 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\system32\setup
2018-06-07 01:07 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\system32\oobe
2018-06-07 01:07 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\system32\appraiser
2018-06-07 01:07 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\system32\am-et
2018-06-07 01:07 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\Provisioning
2018-06-07 01:07 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\bcastdvr
2018-06-07 01:07 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-06-07 01:07 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-06-07 01:07 - 2018-04-11 23:04 - 000262144 _____ C:\Windows\system32\config\BBI
2018-06-07 00:46 - 2018-04-12 01:30 - 000000000 ____D C:\Windows\CbsTemp
2018-06-07 00:39 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-06-06 22:49 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files\Windows Defender
2018-06-06 22:24 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\LiveKernelReports
2018-06-06 19:29 - 2018-04-12 01:38 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2018-06-06 18:43 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\Help
2018-06-06 18:33 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2018-06-06 18:33 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\system32\spool
2018-06-06 18:33 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\system32\FxsTmp
2018-06-06 18:33 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\USOPrivate
2018-06-06 18:31 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files\windows nt
2018-06-06 18:30 - 2018-04-12 01:38 - 000000000 ___RD C:\Windows\PrintDialog
2018-06-06 18:30 - 2018-04-12 01:38 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2018-06-06 18:30 - 2018-04-11 23:04 - 000032768 _____ C:\Windows\system32\config\ELAM

==================== Files in the root of some directories =======


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-06 18:30

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:232.35 GB) (Free:204.28 GB) NTFS
Drive d: (2TB_big_zbytek) (Fixed) (Total:146.48 GB) (Free:38.39 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (1TB_Seagate) (Fixed) (Total:931.51 GB) (Free:285.8 GB) NTFS
Drive f: (BIG DADDY_2TB) (Fixed) (Total:1863.01 GB) (Free:444.97 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (Data 3TB) (Fixed) (Total:2794.39 GB) (Free:2185.03 GB) NTFS
Drive h: (2TB_big) (Fixed) (Total:1716.53 GB) (Free:66.6 GB) NTFS
\\?\Volume{16c2b92d-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.54 GB) (Free:0.16 GB) NTFS

Available physical RAM: 14579.29 MB
Total physical RAM: 16316.81 MB
Percentage of memory in use: 10%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 16C2B92D)
Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.3 GB) - (Type=07 NTFS)
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: F30C15A4)
Partition 1: (Active) - (Size=146.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1716.5 GB) - (Type=07 NTFS)
Disk: 2 (Size: 931.5 GB) (Disk ID: 79482394)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 55CAB08E)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
Disk: 4 (Protective MBR) (Size: 2794.5 GB) (Disk ID: 00000000)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
Verze podpisu: AV: 1.263.48.0, AS: 1.263.48.0, NIS: 1.263.48.0
Verze podpisu: AV: 1.263.48.0, AS: 1.263.48.0, NIS: 1.263.48.0
Verze podpisu: AV: 1.263.48.0, AS: 1.263.48.0, NIS: 1.263.48.0
Verze podpisu: AV: 1.263.48.0, AS: 1.263.48.0, NIS: 1.263.48.0
Verze podpisu: AV: 1.263.48.0, AS: 1.263.48.0, NIS: 1.263.48.0
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
Verze podpisu: AV: 1.263.48.0, AS: 1.263.48.0, NIS: 1.263.48.0
Verze podpisu: AV: 1.263.48.0, AS: 1.263.48.0, NIS: 1.263.48.0
Verze podpisu: AV: 1.263.48.0, AS: 1.263.48.0, NIS: 1.263.48.0
Verze podpisu: AV: 1.263.48.0, AS: 1.263.48.0, NIS: 1.263.48.0
Verze podpisu: AV: 1.263.48.0, AS: 1.263.48.0, NIS: 1.263.48.0



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\MrPierc\Desktop" je 2 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]


==================== End Of Log ==============================

[MrPierc]

Malwarebytes ale našel po scanu tuto hrozbu:

Data registrů: 1
Hijack.ExeFile, HKLM\SOFTWARE\CLASSES\EXEFILE\SHELL\OPEN\COMMAND|, Nahrazen, [6428], [293008],1.0.5384

[Rudy]

No, nějak nechápu, co se v tom systému vlastně děje a proč tam ty viry jsou. MBAM ještě něco nahradil ze zálohy. Jinak bylo vše smazáno.

[MrPierc]

Dobrý den,

moje teorie je taková, že nyní z jiných disků je již smazán Neshta vir a už se nešíří, protože exe soubory spustit jdou.

Myslím se, že pokud už nelze nic odstranit MBAM ani AVG neshta removerem (2x projeto všechny HDD v PC), tak bych raději zkusil udělat na C: čistou instalaci systému Win. Pokud se již nic šířit nebude, tak je po viru.

Postupoval byste stejně?

[Rudy]

V tomto případě asi ano.

[MrPierc]

Dobrý den, provedl jsem čistou instalaci a nyní již 2. den žádné podivné chování ani vir.

Vyřešeno díky Vám.

Velmi děkuji.

[Rudy]

Rádo se stalo!