Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Preventivka – co kdyby

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
MrPierc
Návštěvník
Návštěvník
Příspěvky: 45
Registrován: 16 dub 2009 07:11

Preventivka – co kdyby

#1 Příspěvek od MrPierc »

Dobrý dem, prosím o kontrolu z logu RSIT. Děkuji!

-----------------------------------------------------------------------

Logfile of random's system information tool 1.16 (written by random/random)
Run by MrPierc at 2018-03-10 19:55:14
Microsoft Windows 10 Home
System drive C: has 146 GB (62%) free of 238 GB
Total RAM: 16367 MB (82% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:55:17, on 10.03.2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.16299.0015)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\MrPierc\AppData\Roaming\uTorrent\utorrent.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
C:\Users\MrPierc\AppData\Roaming\uTorrent\updates\3.5.3_44358\utorrentie.exe
C:\Users\MrPierc\AppData\Roaming\uTorrent\updates\3.5.3_44358\utorrentie.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Adobe\Adobe Sync\Coresync\Coresync.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
H:\Program Files (x86)\Steam\Steam.exe
H:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
H:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
H:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files\trend micro\MrPierc_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo.com/yhs/web?hspart ... 0223__yaie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: (no name) - {13D67BB7-DB5F-48AA-884D-7A5D94168509} - (no file)
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office16\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
O4 - HKCU\..\Run: [uTorrent] "C:\Users\MrPierc\AppData\Roaming\uTorrent\utorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Startup: Volume_ovladani.ahk
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\PROGRA~1\MICROS~1\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Poslat do On&eNotu - res://C:\PROGRA~1\MICROS~1\Office16\ONBttnIE.dll/105
O9 - Extra button: Poslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Poslat do On&eNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: @%CommonProgramFiles%\Microsoft Shared\Office16\oregres.dll,-430 - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: @%CommonProgramFiles%\Microsoft Shared\Office16\oregres.dll,-430 - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.webcompanion.com
O18 - Protocol: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\WINDOWS\system32\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: Origin Web Helper Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginWebHelperService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)

--
End of file - 12853 bytes

====== Enumerating Processes ======

C:\WINDOWS\system32\lsass.exe
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
c:\windows\system32\svchost.exe -k localservice -p -s nsi
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-071bb213-b557-4ddd-ab2d-72249ef64e89 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-9bdeeccf-24fa-4726-9d87-01635d996145 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-839e908b-dcd8-40e5-ae61-8ad7d87d6b78 -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-32e4c135-469f-41cd-bdc0-e8b48da9b1c5 -LifetimeId:5656678f-024a-4ebb-951e-84367ace535a -DeviceGroupId:WpdFsGroup
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
"C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winwfpmonitor.exe"
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
c:\windows\system32\svchost.exe -k localservice -p -s SEMgrSvc
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s WwanSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
c:\windows\system32\svchost.exe -k localservicenonetwork -p
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
"C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll"
"C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe"
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe"
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\SysWOW64\PnkBstrA.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
"C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s FDResPub
c:\windows\system32\svchost.exe -k networkservice -p -s TapiSrv
"C:\Program Files (x86)\Origin\OriginWebHelperService.exe"
c:\windows\system32\svchost.exe -k localservice -p -s fdPHost
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
C:\WINDOWS\system32\dashost.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s HomeGroupProvider
\??\C:\WINDOWS\system32\conhost.exe 0x4
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SmsRouter
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DsSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s seclogon
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s Netman
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
C:\WINDOWS\System32\WinLogon.exe -SpecialSession
C:\WINDOWS\System32\fontdrvhost.exe
C:\WINDOWS\System32\dwm.exe
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -f "C:\ProgramData\NVIDIA\DisplaySessionContainer%d.log" -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\Session" -r -l 3 -p 30000 -c
"C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe" -f "C:\ProgramData\NVIDIA\NvContainerUser%d.log" -d "C:\Program Files (x86)\NVIDIA Corporation\NvContainer\plugins\User" -r -l 3 -p 30000 -st "C:\Program Files (x86)\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll" -c
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
C:\WINDOWS\Explorer.EXE
"C:\Program Files (x86)\TeamViewer\TeamViewer.exe"
c:\windows\system32\taskhostw.exe
"C:\Program Files (x86)\TeamViewer\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log
"C:\Program Files (x86)\TeamViewer\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s wlidsvc
"C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe" index.js
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p -s NcdAutoSetup
"C:\Program Files\Windows Defender\MSASCuiL.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Users\MrPierc\AppData\Roaming\uTorrent\utorrent.exe" /MINIMIZED
"C:\Program Files\AutoHotkey\AutoHotkey.exe" "C:\Users\MrPierc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Volume_ovladani.ahk"
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe" "-launchedbyvulcan-9368 C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe"
"C:\Users\MrPierc\AppData\Roaming\uTorrent\updates\3.5.3_44358\utorrentie.exe" uTorrent_1524_0518F5D0_499879112 µTorrent4823DF041B09 uTorrent
"C:\Users\MrPierc\AppData\Roaming\uTorrent\updates\3.5.3_44358\utorrentie.exe" uTorrent_1524_0518F700_483960617 µTorrent4823DF041B09 uTorrent
"C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe" --onOSstartup=true --showwindow=false --waitForRegistration=true
"C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe" --type=renderer --disable-3d-apis --disable-pinch --no-sandbox --disable-databases --primordial-pipe-token=9D1883A7CFFA58FC7D96EE226B53B9BF --lang=en-US --lang=en-US --locales-dir-path="C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\locales" --log-file="C:\Users\MrPierc\AppData\Local\Temp\CreativeCloud\ACC\CEF.log" --log-severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/537.36 CreativeCloud/4.3.0.256" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-accelerated-video-decode --disable-webrtc-hw-vp8-encoding --disable-gpu-compositing --service-request-channel-token=9D1883A7CFFA58FC7D96EE226B53B9BF --renderer-client-id=2 --mojo-platform-channel-handle=2776 /prefetch:1
"C:\Program Files (x86)\Adobe\Adobe Sync\Coresync\Coresync.exe"
"C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe" --type=renderer --disable-3d-apis --disable-pinch --no-sandbox --disable-databases --primordial-pipe-token=264456D53BE5383BAF4242E09CC2F5DB --lang=en-US --lang=en-US --locales-dir-path="C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\locales" --log-file="C:\Users\MrPierc\AppData\Local\Temp\CreativeCloud\ACC\CEF.log" --log-severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/537.36 CreativeCloud/4.3.0.256" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-accelerated-video-decode --disable-webrtc-hw-vp8-encoding --disable-gpu-compositing --service-request-channel-token=264456D53BE5383BAF4242E09CC2F5DB --renderer-client-id=3 --mojo-platform-channel-handle=3188 /prefetch:1
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.WindowsStore_11802.1001.8.0_x64__8wekyb3d8bbwe\WinStore.App.exe" -ServerName:App.AppXc75wvwned5vhz4xyxxecvgdjhdkgsdza.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1802.311.0_x64__8wekyb3d8bbwe\Calculator.exe" -ServerName:App.AppXsm3pg4n7er43kdh1qp4e79f1j7am68r8.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel
c:\windows\system32\svchost.exe -k unistacksvcgroup
"C:\totalcmd\TOTALCMD64.EXE"
"H:\Program Files (x86)\Steam\Steam.exe"
"H:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\MrPierc\AppData\Local\Steam\htmlcache" "-steampid=2268" "-buildid=1513371133" "-steamid=0" "-clientui=H:\Program Files (x86)\Steam\clientui" --disable-spell-checking --disable-out-of-process-pac --enable-blink-features=ResizeObserver --disable-smooth-scrolling --disable-gpu-compositing --disable-gpu --enable-direct-write "--log-file=H:\Program Files (x86)\Steam\logs\cef_log.txt"
"H:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\MrPierc\AppData\Local\CEF\User Data\Crashpad" "--metrics-dir=C:\Users\MrPierc\AppData\Local\CEF\User Data" --url=http://crash.steampowered.com/submit --annotation=platform=win32 --annotation=product=cefwebhelper --annotation=version=1.0 --initial-client-data=0x320,0x324,0x328,0x31c,0x32c,0x67d481a4,0x67d481b4,0x67d481c4
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
"H:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe" --type=renderer --disable-gpu-compositing --disable-smooth-scrolling --enable-pinch --service-pipe-token=EBBAF4FED2616DC901F3FE37465C33B3 --enable-blink-features=ResizeObserver --lang=en-US --lang=cs-CZ --log-file="H:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --webview-urls=http://localhost/*,http://steamloopback.host/* --disable-spell-checking --buildid=1513371133 --steamid=0 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=EBBAF4FED2616DC901F3FE37465C33B3 --renderer-client-id=2 --mojo-platform-channel-handle=1900 /prefetch:1
C:\WINDOWS\system32\AUDIODG.EXE 0x4b0
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe30_ Global\UsGthrCtrlFltPipeMssGthrPipe30 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 736 740 748 8192 744
C:\WINDOWS\system32\svchost.exe -k appmodel -p -s tiledatamodelsvc
"C:\Users\MrPierc\Desktop\RSITx64.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe

====== Scheduled tasks folder ======

C:\WINDOWS\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\tasks\Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\system32\tasks\AdobeGCInvoker-1.0-DESKTOP-H9SP7OH-MrPierc - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe
C:\WINDOWS\system32\tasks\FreeDownloadManagerNetworkMonitor - "C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winwfpmonitor.exe"
C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\system32\tasks\klcp_update - "%ProgramFiles(x86)%\K-Lite Codec Pack\Tools\CodecTweakTool.exe" /verysilent /update /freq=30
C:\WINDOWS\system32\tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
C:\WINDOWS\system32\tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe"
C:\WINDOWS\system32\tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe --launcher=TaskScheduler
C:\WINDOWS\system32\tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
C:\WINDOWS\system32\tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
C:\WINDOWS\system32\tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe
C:\WINDOWS\system32\tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe --logon
C:\WINDOWS\system32\tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe
C:\WINDOWS\system32\tasks\OneDrive Standalone Update Task-S-1-5-21-712972925-3502733572-2621328112-1002 - %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTask - %windir%\System32\XblGameSaveTask.exe standby
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon - %windir%\System32\XblGameSaveTask.exe logon
C:\WINDOWS\system32\tasks\Microsoft\Windows\WwanSvc\NotificationTask - %SystemRoot%\System32\WiFiTask.exe wwan
C:\WINDOWS\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join - %SystemRoot%\System32\dsregcmd.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Workplace Join\Recovery-Check - %SystemRoot%\System32\dsregcmd.exe /checkrecovery
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\WINDOWS\system32\sc.exe start wuauserv
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sih - %systemroot%\System32\sihclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sihboot - %systemroot%\System32\sihclient.exe /boot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -upload
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance - C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup - C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe -IdleTask -TaskName WdCleanup
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan - C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe Scan -ScheduleJob -ScanTrigger 55
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification - C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe -IdleTask -TaskName WdVerification
C:\WINDOWS\system32\tasks\Microsoft\Windows\WCM\WiFiTask - %SystemRoot%\System32\WiFiTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WaaSMedic\PerformRemediation - %systemroot%\System32\WaaSMedic.exe None
C:\WINDOWS\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Reboot - %systemroot%\system32\MusNotification.exe Reboot
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan - %systemroot%\system32\usoclient.exe StartScan
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_Broker_Display - %systemroot%\system32\MusNotification.exe Display
C:\WINDOWS\system32\tasks\Microsoft\Windows\UNP\RunUpdateNotificationMgr - %windir%\System32\UNP\UpdateNotificationMgr.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone - %windir%\system32\tzsync.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\WINDOWS\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation
C:\WINDOWS\system32\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Subscription\EnableLicenseAcquisition - %SystemRoot%\system32\ClipRenew.exe -e
C:\WINDOWS\system32\tasks\Microsoft\Windows\Subscription\LicenseAcquisition - %SystemRoot%\system32\ClipRenew.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization - %windir%\system32\defrag.exe -c -h -g -# -m 8 -i 13500
C:\WINDOWS\system32\tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask - %windir%\system32\speech_onecore\common\SpeechModelDownload.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceManagerTask - %windir%\system32\spaceman.exe /Work
C:\WINDOWS\system32\tasks\Microsoft\Windows\SMB\UninstallSMB1ClientTask - %windir%\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& %windir%\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Client"
C:\WINDOWS\system32\tasks\Microsoft\Windows\SMB\UninstallSMB1ServerTask - %windir%\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& %windir%\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Server"
C:\WINDOWS\system32\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - %windir%\System32\wpcmon.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SharedPC\Account Cleanup - %windir%\System32\rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\rempl\shell-usoscan - %ProgramFiles%\rempl\remsh.exe /RunUsoScanOnly
C:\WINDOWS\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\PushToInstall\LoginCheck - %windir%\system32\sc.exe start pushtoinstall login
C:\WINDOWS\system32\tasks\Microsoft\Windows\PushToInstall\Registration - %windir%\system32\sc.exe start pushtoinstall registration
C:\WINDOWS\system32\tasks\Microsoft\Windows\Printing\EduPrintProv - %windir%\system32\eduprintprov.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\WINDOWS\system32\tasks\Microsoft\Windows\NlaSvc\WiFiTask - %SystemRoot%\System32\WiFiTask.exe nla
C:\WINDOWS\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\WINDOWS\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - %SystemRoot%\System32\MbaeParserTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Management\Provisioning\Cellular - %windir%\system32\ProvTool.exe /turn 7 /source CellStateChangeTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Management\Provisioning\Logon - %windir%\system32\ProvTool.exe /turn 5 /source LogonIdleTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotificationWindows.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\WindowsActionDialog - %windir%\System32\WindowsActionDialog.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClient - %windir%\system32\dmclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload - %windir%\system32\dmclient.exe utcwnf
C:\WINDOWS\system32\tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask - %windir%\system32\MDMAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DUSM\dusmtask - %SystemRoot%\System32\dusmtask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskFootprint\Diagnostics - %windir%\system32\disksnapshot.exe -z
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskCleanup\SilentCleanup - %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive%
C:\WINDOWS\system32\tasks\Microsoft\Windows\Device Information\Device - %windir%\system32\devicecensus.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -o -$
C:\WINDOWS\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Clip\License Validation - %SystemRoot%\system32\ClipUp.exe -p -s -o
C:\WINDOWS\system32\tasks\Microsoft\Windows\Chkdsk\SyspartRepair - %windir%\system32\bcdboot.exe %windir% /sysrepair
C:\WINDOWS\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - %windir%\system32\rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierdaily - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierinstall - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup - %windir%\system32\dstokenclean.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattelrunner.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\StartupAppTask - %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\WINDOWS\system32\tasks\Microsoft\Office\Office 15 Subscription Heartbeat - %ProgramFiles%\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
C:\WINDOWS\system32\tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 - "C:\Program Files\Microsoft Office\Office16\msoia.exe" scan upload mininterval:2880
C:\WINDOWS\system32\tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 - "C:\Program Files\Microsoft Office\Office16\msoia.exe" scan upload

=========Mozilla firefox=========

ProfilePath - C:\Users\MrPierc\AppData\Roaming\Mozilla\Firefox\Profiles\p5w1kg24.default-1504294832587

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "https://www.google.cz/"

"web2pdfextension.17@acrobat.adobe.com"=C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 28.0.0.161 Plugin
"Path"=C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.161.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.161.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Skype for Business Plug-in for Firefox
"Path"=C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Acrobat]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 28.0.0.161 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll


C:\Program Files (x86)\Mozilla Firefox\plugins\
npMeetingJoinPluginOC.dll
nppdf32.CZE
nppdf32.dll

C:\Users\MrPierc\AppData\Roaming\Mozilla\Firefox\Profiles\p5w1kg24.default-1504294832587\searchplugins\
yahoo-lavasoft.xml

C:\Users\MrPierc\AppData\Roaming\Mozilla\Firefox\Profiles\p5w1kg24.default-1504294832587\addons.json
All Downloader Professional - extension - alldownloader@link64
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
Tab Session Manager - extension - Tab-Session-Manager@sienori

C:\Users\MrPierc\AppData\Roaming\Mozilla\Firefox\Profiles\p5w1kg24.default-1504294832587\extensions.json
Adblock Plus - webextension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -
Tab Session Manager - webextension - Tab-Session-Manager@sienori -
All Downloader Professional - webextension - alldownloader@link64 -
Application Update Service Helper - extension - aushelper@mozilla.org -
Follow-on Search Telemetry - extension - followonsearch@mozilla.com -
Web Compat - extension - webcompat@mozilla.org -
Pocket - extension - firefox@getpocket.com -
Firefox Screenshots - extension - screenshots@mozilla.org -
Photon onboarding - extension - onboarding@mozilla.org -
Form Autofill - extension - formautofill@mozilla.org -
Activity Stream - extension - activity-stream@mozilla.org -
Shield Recipe Client - extension - shield-recipe-client@mozilla.org -
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} -
Adobe Acrobat - webextension - web2pdfextension.17@acrobat.adobe.com -

C:\Users\MrPierc\AppData\Roaming\Mozilla\Firefox\Profiles\p5w1kg24.default-1504294832587\pluginreg.dat
Plugin - Shockwave Flash - 28.0.0.126 - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll
Plugin - Shockwave Flash - 28.0.0.161 - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll

=========Google Chrome=========

C:\Users\MrPierc\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 1 Prezentace 0.10
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aiimdkdngfcipjohbjenkahhlhccpdbc 1 Flash Video Downloader 31.2.4
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty 0.10
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bbcnbpafconjjigibnhbfmmgdbbkcjfi 1 Session Manager 0.5
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension efaidnbmnnnibpcajpcglclefindmkaj 0 Adobe Acrobat 15.1.0.6
Extension felcaaldnbdncclmgdcncolpebgiejap 1 Tabulky 1.2
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension gighmmpiobklfepjocnamgkkbiglidom 1 AdBlock 3.26.1
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.46
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mfffpogegjflfpflabcdkioaeobkgjik 1 GaiaAuthExtension 0.0.1
Extension mghenlmbmjcpehccoangkdpagbcbkdpc 1 Session Manager 3.5.0
Extension mgndgikekgjfcpckkfioiadnlibdjbkf
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.6
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.3
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 6417.1211.0.0
Homepage: http://www.seznam.cz/
default_search_provider.search_url:
C:\Users\MrPierc\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj]
"Path"=


======Registry dump ======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13D67BB7-DB5F-48AA-884D-7A5D94168509}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31 226984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe Acrobat Create PDF Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-11-27 171704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\PROGRA~1\MICROS~1\Office16\GROOVEEX.DLL [2015-07-31 2165976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
Adobe Acrobat Create PDF from Selection - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-11-27 171704]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13D67BB7-DB5F-48AA-884D-7A5D94168509}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31 161448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-26 474688]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe Acrobat Create PDF Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-11-27 141496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\PROGRA~2\MICROS~1\Office16\GROOVEEX.DLL [2015-07-31 1512152]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-26 188992]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
Adobe Acrobat Create PDF from Selection - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-11-27 141496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe Acrobat Create PDF Toolbar - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-11-27 171704]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe Acrobat Create PDF Toolbar - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-11-27 141496]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\Program Files\Windows Defender\MSASCuiL.exe [2017-09-29 630168]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01 508128]
"AdobeGCInvoker-1.0"=C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05 315880]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2017-10-10 27832264]
"AdobeBridge"= []
"Web Companion"=C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize []
"uTorrent"=C:\Users\MrPierc\AppData\Roaming\uTorrent\utorrent.exe [2018-02-21 2151864]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Creative Cloud"=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2017-10-20 2407008]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-12-19 587288]
"Acrobat Assistant 8.0"=C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [2018-02-22 1871344]
""= []

C:\Users\MrPierc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Volume_ovladani.ahk

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders" = credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=1
"EnableFullTrustStartupTasks"=2
"EnableUIADesktopToggle"=0
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1
"undockwithoutlogon"=1
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe]
"Debugger" = SppExtComObjPatcher.exe


[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"StubPath" = %SystemRoot%\inf\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath" = "C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

====== File associations ======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

====== List of files/folders created in the last 1 month ======

2018-03-10 19:55:14 ----D---- C:\rsit
2018-03-10 19:55:14 ----D---- C:\Program Files\trend micro
2018-03-05 19:40:28 ----D---- C:\ESD
2018-03-05 19:36:51 ----D---- C:\$WINDOWS.~BT
2018-03-05 19:36:49 ----HD---- C:\$Windows.~WS
2018-03-04 19:39:05 ----A---- C:\WINDOWS\SYSWOW64\nvStreaming.exe
2018-03-04 19:38:59 ----A---- C:\WINDOWS\SYSWOW64\vulkaninfo.exe
2018-03-04 19:38:58 ----D---- C:\Program Files (x86)\VulkanRT
2018-03-04 19:38:58 ----A---- C:\WINDOWS\SYSWOW64\vulkan-1.dll
2018-03-04 19:38:58 ----A---- C:\WINDOWS\system32\vulkaninfo.exe
2018-03-04 19:38:58 ----A---- C:\WINDOWS\system32\vulkan-1.dll
2018-03-04 19:37:50 ----D---- C:\WINDOWS\LastGood.Tmp
2018-03-04 19:35:38 ----A---- C:\WINDOWS\SYSWOW64\nvptxJitCompiler.dll
2018-03-04 19:35:38 ----A---- C:\WINDOWS\SYSWOW64\nvopencl.dll
2018-03-04 19:35:38 ----A---- C:\WINDOWS\SYSWOW64\NvIFROpenGL.dll
2018-03-04 19:35:38 ----A---- C:\WINDOWS\SYSWOW64\NvIFR.dll
2018-03-04 19:35:38 ----A---- C:\WINDOWS\SYSWOW64\NvFBC.dll
2018-03-04 19:35:38 ----A---- C:\WINDOWS\SYSWOW64\nvfatbinaryLoader.dll
2018-03-04 19:35:38 ----A---- C:\WINDOWS\SYSWOW64\nvEncodeAPI.dll
2018-03-04 19:35:38 ----A---- C:\WINDOWS\SYSWOW64\nvEncMFThevc.dll
2018-03-04 19:35:38 ----A---- C:\WINDOWS\SYSWOW64\nvEncMFTH264.dll
2018-03-04 19:35:38 ----A---- C:\WINDOWS\SYSWOW64\nvDecMFTMjpeg.dll
2018-03-04 19:35:38 ----A---- C:\WINDOWS\SYSWOW64\nvcuda.dll
2018-03-04 19:35:38 ----A---- C:\WINDOWS\system32\nvptxJitCompiler.dll
2018-03-04 19:35:38 ----A---- C:\WINDOWS\system32\nvopencl.dll
2018-03-04 19:35:38 ----A---- C:\WINDOWS\system32\nvmcumd.dll
2018-03-04 19:35:38 ----A---- C:\WINDOWS\system32\NvIFROpenGL.dll
2018-03-04 19:35:38 ----A---- C:\WINDOWS\system32\NvIFR64.dll
2018-03-04 19:35:38 ----A---- C:\WINDOWS\system32\NvFBC64.dll
2018-03-04 19:35:38 ----A---- C:\WINDOWS\system32\nvfatbinaryLoader.dll
2018-03-04 19:35:38 ----A---- C:\WINDOWS\system32\nvEncodeAPI64.dll
2018-03-04 19:35:38 ----A---- C:\WINDOWS\system32\nvEncMFThevc.dll
2018-03-04 19:35:38 ----A---- C:\WINDOWS\system32\nvEncMFTH264.dll
2018-03-04 19:35:38 ----A---- C:\WINDOWS\system32\nvdispgenco6439101.dll
2018-03-04 19:35:38 ----A---- C:\WINDOWS\system32\nvdispco6439101.dll
2018-03-04 19:35:38 ----A---- C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2018-03-04 19:35:38 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2018-03-04 19:35:38 ----A---- C:\WINDOWS\system32\nvcuda.dll
2018-03-04 19:35:37 ----A---- C:\WINDOWS\SYSWOW64\nvcuvid.dll
2018-03-04 19:35:37 ----A---- C:\WINDOWS\SYSWOW64\nvcompiler.dll
2018-03-04 19:35:37 ----A---- C:\WINDOWS\system32\nvcompiler.dll
2018-03-03 15:04:19 ----D---- C:\Users\MrPierc\AppData\Roaming\uTorrent
2018-02-24 10:14:07 ----D---- C:\Users\MrPierc\AppData\Roaming\.mono
2018-02-23 20:07:22 ----D---- C:\ProgramData\Application Data
2018-02-13 21:03:14 ----D---- C:\WINDOWS\system32\drivers\wd
2018-02-13 19:12:12 ----A---- C:\WINDOWS\SYSWOW64\Windows.Networking.Vpn.dll
2018-02-13 19:12:12 ----A---- C:\WINDOWS\SYSWOW64\SRH.dll
2018-02-13 19:12:12 ----A---- C:\WINDOWS\SYSWOW64\mmc.exe
2018-02-13 19:12:12 ----A---- C:\WINDOWS\SYSWOW64\Magnify.exe
2018-02-13 19:12:12 ----A---- C:\WINDOWS\SYSWOW64\EdgeManager.dll
2018-02-13 19:12:12 ----A---- C:\WINDOWS\system32\wpncore.dll
2018-02-13 19:12:12 ----A---- C:\WINDOWS\system32\WpcMon.exe
2018-02-13 19:12:12 ----A---- C:\WINDOWS\system32\Wpc.dll
2018-02-13 19:12:12 ----A---- C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-02-13 19:12:12 ----A---- C:\WINDOWS\system32\wbiosrvc.dll
2018-02-13 19:12:12 ----A---- C:\WINDOWS\system32\SRH.dll
2018-02-13 19:12:12 ----A---- C:\WINDOWS\system32\Magnify.exe
2018-02-13 19:12:11 ----A---- C:\WINDOWS\SYSWOW64\Wpc.dll
2018-02-13 19:12:11 ----A---- C:\WINDOWS\SYSWOW64\SearchFilterHost.exe
2018-02-13 19:12:11 ----A---- C:\WINDOWS\SYSWOW64\nlaapi.dll
2018-02-13 19:12:11 ----A---- C:\WINDOWS\SYSWOW64\edgeIso.dll
2018-02-13 19:12:11 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-02-13 19:12:11 ----A---- C:\WINDOWS\system32\mspaint.exe
2018-02-13 19:12:11 ----A---- C:\WINDOWS\system32\mmc.exe
2018-02-13 19:12:10 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Xaml.dll
2018-02-13 19:12:10 ----A---- C:\WINDOWS\SYSWOW64\mssrch.dll
2018-02-13 19:12:10 ----A---- C:\WINDOWS\SYSWOW64\msIso.dll
2018-02-13 19:12:10 ----A---- C:\WINDOWS\SYSWOW64\ieproxy.dll
2018-02-13 19:12:10 ----A---- C:\WINDOWS\SYSWOW64\AcGenral.dll
2018-02-13 19:12:09 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Playback.ProxyStub.dll
2018-02-13 19:12:09 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2018-02-13 19:12:09 ----A---- C:\WINDOWS\SYSWOW64\sud.dll
2018-02-13 19:12:09 ----A---- C:\WINDOWS\SYSWOW64\srchadmin.dll
2018-02-13 19:12:09 ----A---- C:\WINDOWS\SYSWOW64\SearchProtocolHost.exe
2018-02-13 19:12:09 ----A---- C:\WINDOWS\SYSWOW64\PCShellCommonProxyStub.dll
2018-02-13 19:12:09 ----A---- C:\WINDOWS\SYSWOW64\mspaint.exe
2018-02-13 19:12:09 ----A---- C:\WINDOWS\SYSWOW64\msfeeds.dll
2018-02-13 19:12:09 ----A---- C:\WINDOWS\SYSWOW64\iedkcs32.dll
2018-02-13 19:12:09 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2018-02-13 19:12:09 ----A---- C:\WINDOWS\SYSWOW64\d3d11.dll
2018-02-13 19:12:09 ----A---- C:\WINDOWS\system32\SearchFilterHost.exe
2018-02-13 19:12:09 ----A---- C:\WINDOWS\system32\mmcndmgr.dll
2018-02-13 19:12:09 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2018-02-13 19:12:08 ----A---- C:\WINDOWS\SYSWOW64\Windows.StateRepositoryBroker.dll
2018-02-13 19:12:08 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Playback.MediaPlayer.dll
2018-02-13 19:12:08 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.BackgroundMediaPlayback.dll
2018-02-13 19:12:08 ----A---- C:\WINDOWS\SYSWOW64\UserLanguagesCpl.dll
2018-02-13 19:12:08 ----A---- C:\WINDOWS\SYSWOW64\tquery.dll
2018-02-13 19:12:08 ----A---- C:\WINDOWS\SYSWOW64\themecpl.dll
2018-02-13 19:12:08 ----A---- C:\WINDOWS\SYSWOW64\SearchIndexer.exe
2018-02-13 19:12:08 ----A---- C:\WINDOWS\SYSWOW64\rastls.dll
2018-02-13 19:12:08 ----A---- C:\WINDOWS\SYSWOW64\OneCoreCommonProxyStub.dll
2018-02-13 19:12:08 ----A---- C:\WINDOWS\SYSWOW64\ntdll.dll
2018-02-13 19:12:08 ----A---- C:\WINDOWS\SYSWOW64\mshtmled.dll
2018-02-13 19:12:08 ----A---- C:\WINDOWS\SYSWOW64\mmcbase.dll
2018-02-13 19:12:08 ----A---- C:\WINDOWS\SYSWOW64\jscript9diag.dll
2018-02-13 19:12:08 ----A---- C:\WINDOWS\SYSWOW64\D3D12.dll
2018-02-13 19:12:08 ----A---- C:\WINDOWS\SYSWOW64\AppLockerCSP.dll
2018-02-13 19:12:08 ----A---- C:\WINDOWS\system32\srchadmin.dll
2018-02-13 19:12:08 ----A---- C:\WINDOWS\system32\SearchProtocolHost.exe
2018-02-13 19:12:08 ----A---- C:\WINDOWS\system32\PCShellCommonProxyStub.dll
2018-02-13 19:12:08 ----A---- C:\WINDOWS\system32\drivers\dxgmms1.sys
2018-02-13 19:12:07 ----A---- C:\WINDOWS\SYSWOW64\WMVSENCD.DLL
2018-02-13 19:12:07 ----A---- C:\WINDOWS\SYSWOW64\mssprxy.dll
2018-02-13 19:12:07 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2018-02-13 19:12:07 ----A---- C:\WINDOWS\SYSWOW64\mmcndmgr.dll
2018-02-13 19:12:07 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2018-02-13 19:12:07 ----A---- C:\WINDOWS\SYSWOW64\gameux.dll
2018-02-13 19:12:07 ----A---- C:\WINDOWS\SYSWOW64\evr.dll
2018-02-13 19:12:07 ----A---- C:\WINDOWS\SYSWOW64\dxtrans.dll
2018-02-13 19:12:07 ----A---- C:\WINDOWS\system32\urlmon.dll
2018-02-13 19:12:07 ----A---- C:\WINDOWS\system32\sud.dll
2018-02-13 19:12:07 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2018-02-13 19:12:06 ----A---- C:\WINDOWS\SYSWOW64\Windows.StateRepositoryUpgrade.dll
2018-02-13 19:12:06 ----A---- C:\WINDOWS\SYSWOW64\Windows.StateRepositoryClient.dll
2018-02-13 19:12:06 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-02-13 19:12:06 ----A---- C:\WINDOWS\SYSWOW64\webio.dll
2018-02-13 19:12:06 ----A---- C:\WINDOWS\SYSWOW64\TileDataRepository.dll
2018-02-13 19:12:06 ----A---- C:\WINDOWS\SYSWOW64\netlogon.dll
2018-02-13 19:12:06 ----A---- C:\WINDOWS\SYSWOW64\InputService.dll
2018-02-13 19:12:06 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2018-02-13 19:12:06 ----A---- C:\WINDOWS\SYSWOW64\AppXDeploymentClient.dll
2018-02-13 19:12:06 ----A---- C:\WINDOWS\system32\wuuhosdeployment.dll
2018-02-13 19:12:06 ----A---- C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2018-02-13 19:12:06 ----A---- C:\WINDOWS\system32\UserLanguagesCpl.dll
2018-02-13 19:12:06 ----A---- C:\WINDOWS\system32\tquery.dll
2018-02-13 19:12:06 ----A---- C:\WINDOWS\system32\tetheringservice.dll
2018-02-13 19:12:06 ----A---- C:\WINDOWS\system32\StorSvc.dll
2018-02-13 19:12:06 ----A---- C:\WINDOWS\system32\SEMgrSvc.dll
2018-02-13 19:12:06 ----A---- C:\WINDOWS\system32\SearchIndexer.exe
2018-02-13 19:12:06 ----A---- C:\WINDOWS\system32\EdgeManager.dll
2018-02-13 19:12:06 ----A---- C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2018-02-13 19:12:06 ----A---- C:\WINDOWS\system32\D3D12.dll
2018-02-13 19:12:06 ----A---- C:\WINDOWS\system32\audiosrv.dll
2018-02-13 19:12:06 ----A---- C:\WINDOWS\system32\AppLockerCSP.dll
2018-02-13 19:12:05 ----A---- C:\WINDOWS\SYSWOW64\win32kfull.sys
2018-02-13 19:12:05 ----A---- C:\WINDOWS\system32\securekernel.exe
2018-02-13 19:12:05 ----A---- C:\WINDOWS\system32\rdpudd.dll
2018-02-13 19:12:05 ----A---- C:\WINDOWS\system32\OneCoreCommonProxyStub.dll
2018-02-13 19:12:05 ----A---- C:\WINDOWS\system32\ntdll.dll
2018-02-13 19:12:05 ----A---- C:\WINDOWS\system32\ieproxy.dll
2018-02-13 19:12:05 ----A---- C:\WINDOWS\system32\hal.dll
2018-02-13 19:12:05 ----A---- C:\WINDOWS\system32\drivers\pci.sys
2018-02-13 19:12:05 ----A---- C:\WINDOWS\system32\drivers\ks.sys
2018-02-13 19:12:05 ----A---- C:\WINDOWS\system32\drivers\fvevol.sys
2018-02-13 19:12:05 ----A---- C:\WINDOWS\system32\drivers\dxgmms2.sys
2018-02-13 19:12:05 ----A---- C:\WINDOWS\system32\drivers\clfs.sys
2018-02-13 19:12:05 ----A---- C:\WINDOWS\system32\drivers\cldflt.sys
2018-02-13 19:12:04 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2018-02-13 19:12:04 ----A---- C:\WINDOWS\SYSWOW64\dxtmsft.dll
2018-02-13 19:12:04 ----A---- C:\WINDOWS\system32\themecpl.dll
2018-02-13 19:12:04 ----A---- C:\WINDOWS\system32\rastls.dll
2018-02-13 19:12:04 ----A---- C:\WINDOWS\system32\msfeeds.dll
2018-02-13 19:12:04 ----A---- C:\WINDOWS\system32\mmcbase.dll
2018-02-13 19:12:04 ----A---- C:\WINDOWS\system32\jscript9.dll
2018-02-13 19:12:04 ----A---- C:\WINDOWS\system32\gameux.dll
2018-02-13 19:12:04 ----A---- C:\WINDOWS\system32\dxtrans.dll
2018-02-13 19:12:03 ----A---- C:\WINDOWS\SYSWOW64\WMVXENCD.DLL
2018-02-13 19:12:03 ----A---- C:\WINDOWS\SYSWOW64\Windows.StateRepositoryPS.dll

MrPierc
Návštěvník
Návštěvník
Příspěvky: 45
Registrován: 16 dub 2009 07:11

Re: Preventivka – co kdyby

#2 Příspěvek od MrPierc »

2. část:

2018-02-13 19:12:03 ----A---- C:\WINDOWS\SYSWOW64\Windows.StateRepository.dll
2018-02-13 19:12:03 ----A---- C:\WINDOWS\SYSWOW64\winbrand.dll
2018-02-13 19:12:03 ----A---- C:\WINDOWS\SYSWOW64\StateRepository.Core.dll
2018-02-13 19:12:03 ----A---- C:\WINDOWS\SYSWOW64\remoteaudioendpoint.dll
2018-02-13 19:12:03 ----A---- C:\WINDOWS\SYSWOW64\mfsvr.dll
2018-02-13 19:12:03 ----A---- C:\WINDOWS\SYSWOW64\mfps.dll
2018-02-13 19:12:03 ----A---- C:\WINDOWS\SYSWOW64\MFMediaEngine.dll
2018-02-13 19:12:03 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2018-02-13 19:12:03 ----A---- C:\WINDOWS\SYSWOW64\FSClient.dll
2018-02-13 19:12:03 ----A---- C:\WINDOWS\SYSWOW64\AUDIOKSE.dll
2018-02-13 19:12:03 ----A---- C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2018-02-13 19:12:03 ----A---- C:\WINDOWS\system32\Windows.Media.Playback.ProxyStub.dll
2018-02-13 19:12:03 ----A---- C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-02-13 19:12:03 ----A---- C:\WINDOWS\system32\hvloader.dll
2018-02-13 19:12:03 ----A---- C:\WINDOWS\system32\evr.dll
2018-02-13 19:12:03 ----A---- C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-02-13 19:12:02 ----A---- C:\WINDOWS\SYSWOW64\Windows.Data.Pdf.dll
2018-02-13 19:12:02 ----A---- C:\WINDOWS\SYSWOW64\vssapi.dll
2018-02-13 19:12:02 ----A---- C:\WINDOWS\SYSWOW64\dwmcore.dll
2018-02-13 19:12:02 ----A---- C:\WINDOWS\SYSWOW64\dnsapi.dll
2018-02-13 19:12:02 ----A---- C:\WINDOWS\SYSWOW64\dbgeng.dll
2018-02-13 19:12:02 ----A---- C:\WINDOWS\SYSWOW64\AudioSes.dll
2018-02-13 19:12:02 ----A---- C:\WINDOWS\system32\wuuhext.dll
2018-02-13 19:12:02 ----A---- C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2018-02-13 19:12:02 ----A---- C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-02-13 19:12:02 ----A---- C:\WINDOWS\system32\VSSVC.exe
2018-02-13 19:12:02 ----A---- C:\WINDOWS\system32\TextInputFramework.dll
2018-02-13 19:12:02 ----A---- C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-02-13 19:12:02 ----A---- C:\WINDOWS\system32\nshhttp.dll
2018-02-13 19:12:02 ----A---- C:\WINDOWS\system32\netlogon.dll
2018-02-13 19:12:02 ----A---- C:\WINDOWS\system32\DbgModel.dll
2018-02-13 19:12:02 ----A---- C:\WINDOWS\system32\authz.dll
2018-02-13 19:12:02 ----A---- C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-02-13 19:12:02 ----A---- C:\WINDOWS\system32\audiodg.exe
2018-02-13 19:12:01 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2018-02-13 19:12:01 ----A---- C:\WINDOWS\system32\WebRuntimeManager.dll
2018-02-13 19:12:01 ----A---- C:\WINDOWS\system32\webio.dll
2018-02-13 19:12:01 ----A---- C:\WINDOWS\system32\mssrch.dll
2018-02-13 19:12:01 ----A---- C:\WINDOWS\system32\InputService.dll
2018-02-13 19:12:01 ----A---- C:\WINDOWS\system32\iertutil.dll
2018-02-13 19:12:01 ----A---- C:\WINDOWS\system32\edgeIso.dll
2018-02-13 19:12:01 ----A---- C:\WINDOWS\system32\drivers\winnat.sys
2018-02-13 19:12:01 ----A---- C:\WINDOWS\system32\drivers\mrxsmb.sys
2018-02-13 19:12:01 ----A---- C:\WINDOWS\system32\d3d11.dll
2018-02-13 19:12:00 ----A---- C:\WINDOWS\SYSWOW64\ieapfltr.dll
2018-02-13 19:12:00 ----A---- C:\WINDOWS\system32\win32kfull.sys
2018-02-13 19:12:00 ----A---- C:\WINDOWS\system32\win32kbase.sys
2018-02-13 19:12:00 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2018-02-13 19:12:00 ----A---- C:\WINDOWS\system32\ieframe.dll
2018-02-13 19:12:00 ----A---- C:\WINDOWS\system32\AcGenral.dll
2018-02-13 19:11:59 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.dll
2018-02-13 19:11:59 ----A---- C:\WINDOWS\SYSWOW64\mfcore.dll
2018-02-13 19:11:59 ----A---- C:\WINDOWS\system32\WMVXENCD.DLL
2018-02-13 19:11:59 ----A---- C:\WINDOWS\system32\Windows.StateRepositoryPS.dll
2018-02-13 19:11:59 ----A---- C:\WINDOWS\system32\mshtmled.dll
2018-02-13 19:11:59 ----A---- C:\WINDOWS\system32\mfsvr.dll
2018-02-13 19:11:59 ----A---- C:\WINDOWS\system32\jscript9diag.dll
2018-02-13 19:11:59 ----A---- C:\WINDOWS\system32\Chakra.dll
2018-02-13 19:11:59 ----A---- C:\WINDOWS\system32\hvax64.exe
2018-02-13 19:11:59 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2018-02-13 19:11:59 ----A---- C:\WINDOWS\system32\drivers\sdstor.sys
2018-02-13 19:11:59 ----A---- C:\WINDOWS\system32\drivers\msiscsi.sys
2018-02-13 19:11:59 ----A---- C:\WINDOWS\system32\drivers\afd.sys
2018-02-13 19:11:58 ----A---- C:\WINDOWS\SYSWOW64\msmpeg2vdec.dll
2018-02-13 19:11:58 ----A---- C:\WINDOWS\system32\wuaueng.dll
2018-02-13 19:11:58 ----A---- C:\WINDOWS\system32\WpAXHolder.dll
2018-02-13 19:11:58 ----A---- C:\WINDOWS\system32\Windows.StateRepository.dll
2018-02-13 19:11:58 ----A---- C:\WINDOWS\system32\StateRepository.Core.dll
2018-02-13 19:11:58 ----A---- C:\WINDOWS\system32\rdpcorets.dll
2018-02-13 19:11:58 ----A---- C:\WINDOWS\system32\lsasrv.dll
2018-02-13 19:11:58 ----A---- C:\WINDOWS\system32\dnsapi.dll
2018-02-13 19:11:58 ----A---- C:\WINDOWS\system32\AUDIOKSE.dll
2018-02-13 19:11:57 ----A---- C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-02-13 19:11:57 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2018-02-13 19:11:57 ----A---- C:\WINDOWS\system32\dbgeng.dll
2018-02-13 19:11:57 ----A---- C:\WINDOWS\system32\bisrv.dll
2018-02-13 19:11:57 ----A---- C:\WINDOWS\system32\AudioSes.dll
2018-02-13 19:11:56 ----A---- C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2018-02-13 19:11:56 ----A---- C:\WINDOWS\system32\vssapi.dll
2018-02-13 19:11:56 ----A---- C:\WINDOWS\system32\uDWM.dll
2018-02-13 19:11:56 ----A---- C:\WINDOWS\system32\twinapi.dll
2018-02-13 19:11:56 ----A---- C:\WINDOWS\system32\ncsi.dll
2018-02-13 19:11:56 ----A---- C:\WINDOWS\system32\dwmcore.dll
2018-02-13 19:11:55 ----A---- C:\WINDOWS\system32\wininet.dll
2018-02-13 19:11:55 ----A---- C:\WINDOWS\system32\msIso.dll
2018-02-13 19:11:55 ----A---- C:\WINDOWS\system32\drivers\tcpip.sys
2018-02-13 19:11:55 ----A---- C:\WINDOWS\system32\drivers\ntfs.sys
2018-02-13 19:11:55 ----A---- C:\WINDOWS\system32\drivers\ndis.sys
2018-02-13 19:11:54 ----A---- C:\WINDOWS\system32\mshtml.dll
2018-02-13 19:11:54 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2018-02-13 19:11:54 ----A---- C:\WINDOWS\system32\drivers\vhdmp.sys
2018-02-13 19:11:53 ----A---- C:\WINDOWS\system32\WMVSENCD.DLL
2018-02-13 19:11:53 ----A---- C:\WINDOWS\system32\Windows.Media.dll
2018-02-13 19:11:53 ----A---- C:\WINDOWS\system32\msmpeg2vdec.dll
2018-02-13 19:11:53 ----A---- C:\WINDOWS\system32\MFMediaEngine.dll
2018-02-13 19:11:53 ----A---- C:\WINDOWS\system32\mfcore.dll
2018-02-13 19:11:53 ----A---- C:\WINDOWS\system32\hvix64.exe
2018-02-13 19:11:53 ----A---- C:\WINDOWS\system32\drivers\http.sys
2018-02-13 19:11:52 ----A---- C:\WINDOWS\SYSWOW64\Search.ProtocolHandler.MAPI2.dll
2018-02-13 19:11:52 ----A---- C:\WINDOWS\SYSWOW64\rasapi32.dll
2018-02-13 19:11:52 ----A---- C:\WINDOWS\SYSWOW64\nshhttp.dll
2018-02-13 19:11:52 ----A---- C:\WINDOWS\SYSWOW64\bcastdvr.exe
2018-02-13 19:11:52 ----A---- C:\WINDOWS\SYSWOW64\AppCapture.dll
2018-02-13 19:11:52 ----A---- C:\WINDOWS\system32\SharedPCCSP.dll
2018-02-13 19:11:52 ----A---- C:\WINDOWS\system32\SettingSync.dll
2018-02-13 19:11:52 ----A---- C:\WINDOWS\system32\SettingMonitor.dll
2018-02-13 19:11:52 ----A---- C:\WINDOWS\system32\rascustom.dll
2018-02-13 19:11:52 ----A---- C:\WINDOWS\system32\NetSetupSvc.dll
2018-02-13 19:11:52 ----A---- C:\WINDOWS\system32\ipnathlp.dll
2018-02-13 19:11:52 ----A---- C:\WINDOWS\system32\edgehtml.dll
2018-02-13 19:11:52 ----A---- C:\WINDOWS\system32\CloudExperienceHost.dll
2018-02-13 19:11:52 ----A---- C:\WINDOWS\system32\bcastdvr.exe
2018-02-13 19:11:51 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Search.dll
2018-02-13 19:11:51 ----A---- C:\WINDOWS\SYSWOW64\twinapi.dll
2018-02-13 19:11:51 ----A---- C:\WINDOWS\SYSWOW64\stobject.dll
2018-02-13 19:11:51 ----A---- C:\WINDOWS\SYSWOW64\setupapi.dll
2018-02-13 19:11:51 ----A---- C:\WINDOWS\SYSWOW64\SettingSync.dll
2018-02-13 19:11:51 ----A---- C:\WINDOWS\SYSWOW64\mssvp.dll
2018-02-13 19:11:51 ----A---- C:\WINDOWS\SYSWOW64\LockAppBroker.dll
2018-02-13 19:11:51 ----A---- C:\WINDOWS\SYSWOW64\InputSwitch.dll
2018-02-13 19:11:51 ----A---- C:\WINDOWS\SYSWOW64\hgcpl.dll
2018-02-13 19:11:51 ----A---- C:\WINDOWS\SYSWOW64\CloudNotifications.exe
2018-02-13 19:11:51 ----A---- C:\WINDOWS\system32\wuauclt.exe
2018-02-13 19:11:51 ----A---- C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-02-13 19:11:51 ----A---- C:\WINDOWS\system32\SettingsHandlers_User.dll
2018-02-13 19:11:51 ----A---- C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-02-13 19:11:51 ----A---- C:\WINDOWS\system32\ISM.dll
2018-02-13 19:11:51 ----A---- C:\WINDOWS\system32\HolographicExtensions.dll
2018-02-13 19:11:51 ----A---- C:\WINDOWS\system32\convertvhd.exe
2018-02-13 19:11:50 ----A---- C:\WINDOWS\SYSWOW64\themeui.dll
2018-02-13 19:11:50 ----A---- C:\WINDOWS\SYSWOW64\SyncCenter.dll
2018-02-13 19:11:50 ----A---- C:\WINDOWS\SYSWOW64\rasdlg.dll
2018-02-13 19:11:50 ----A---- C:\WINDOWS\SYSWOW64\ntshrui.dll
2018-02-13 19:11:50 ----A---- C:\WINDOWS\SYSWOW64\ExplorerFrame.dll
2018-02-13 19:11:50 ----A---- C:\WINDOWS\SYSWOW64\comdlg32.dll
2018-02-13 19:11:50 ----A---- C:\WINDOWS\system32\Windows.UI.Search.dll
2018-02-13 19:11:50 ----A---- C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2018-02-13 19:11:50 ----A---- C:\WINDOWS\system32\twinui.pcshell.dll
2018-02-13 19:11:50 ----A---- C:\WINDOWS\system32\TokenBroker.dll
2018-02-13 19:11:50 ----A---- C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-02-13 19:11:50 ----A---- C:\WINDOWS\system32\rasmans.dll
2018-02-13 19:11:50 ----A---- C:\WINDOWS\system32\rasapi32.dll
2018-02-13 19:11:50 ----A---- C:\WINDOWS\system32\nlaapi.dll
2018-02-13 19:11:50 ----A---- C:\WINDOWS\system32\LockAppBroker.dll
2018-02-13 19:11:50 ----A---- C:\WINDOWS\system32\InputSwitch.dll
2018-02-13 19:11:49 ----A---- C:\WINDOWS\SYSWOW64\zipfldr.dll
2018-02-13 19:11:49 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Immersive.dll
2018-02-13 19:11:49 ----A---- C:\WINDOWS\SYSWOW64\twinui.dll
2018-02-13 19:11:49 ----A---- C:\WINDOWS\SYSWOW64\Taskmgr.exe
2018-02-13 19:11:49 ----A---- C:\WINDOWS\SYSWOW64\fontext.dll
2018-02-13 19:11:49 ----A---- C:\WINDOWS\SYSWOW64\explorer.exe
2018-02-13 19:11:49 ----A---- C:\WINDOWS\SYSWOW64\DevicePairing.dll
2018-02-13 19:11:49 ----A---- C:\WINDOWS\SYSWOW64\aclui.dll
2018-02-13 19:11:49 ----A---- C:\WINDOWS\system32\winbrand.dll
2018-02-13 19:11:49 ----A---- C:\WINDOWS\system32\stobject.dll
2018-02-13 19:11:49 ----A---- C:\WINDOWS\system32\rstrui.exe
2018-02-13 19:11:49 ----A---- C:\WINDOWS\system32\mssvp.dll
2018-02-13 19:11:49 ----A---- C:\WINDOWS\system32\hgcpl.dll
2018-02-13 19:11:49 ----A---- C:\WINDOWS\system32\ClipSVC.dll
2018-02-13 19:11:48 ----A---- C:\WINDOWS\system32\winsrv.dll
2018-02-13 19:11:48 ----A---- C:\WINDOWS\system32\windows.storage.dll
2018-02-13 19:11:48 ----A---- C:\WINDOWS\system32\setupapi.dll
2018-02-13 19:11:48 ----A---- C:\WINDOWS\system32\rasdlg.dll
2018-02-13 19:11:48 ----A---- C:\WINDOWS\system32\nlasvc.dll
2018-02-13 19:11:48 ----A---- C:\WINDOWS\system32\modernexecserver.dll
2018-02-13 19:11:48 ----A---- C:\WINDOWS\system32\ExplorerFrame.dll
2018-02-13 19:11:47 ----A---- C:\WINDOWS\system32\twinui.dll
2018-02-13 19:11:47 ----A---- C:\WINDOWS\system32\themeui.dll
2018-02-13 19:11:47 ----A---- C:\WINDOWS\system32\SyncCenter.dll
2018-02-13 19:11:47 ----A---- C:\WINDOWS\system32\sppsvc.exe
2018-02-13 19:11:47 ----A---- C:\WINDOWS\system32\ntshrui.dll
2018-02-13 19:11:47 ----A---- C:\WINDOWS\system32\lsm.dll
2018-02-13 19:11:47 ----A---- C:\WINDOWS\system32\comdlg32.dll
2018-02-13 19:11:46 ----A---- C:\WINDOWS\system32\zipfldr.dll
2018-02-13 19:11:46 ----A---- C:\WINDOWS\system32\wow64.dll
2018-02-13 19:11:46 ----A---- C:\WINDOWS\system32\Windows.UI.Immersive.dll
2018-02-13 19:11:46 ----A---- C:\WINDOWS\system32\Taskmgr.exe
2018-02-13 19:11:46 ----A---- C:\WINDOWS\system32\LogonController.dll
2018-02-13 19:11:46 ----A---- C:\WINDOWS\system32\DevicePairing.dll
2018-02-13 19:11:46 ----A---- C:\WINDOWS\system32\bootux.dll
2018-02-13 19:11:46 ----A---- C:\WINDOWS\system32\aclui.dll
2018-02-13 19:11:45 ----A---- C:\WINDOWS\system32\srcore.dll
2018-02-13 19:11:45 ----A---- C:\WINDOWS\system32\shell32.dll
2018-02-13 19:11:45 ----A---- C:\WINDOWS\system32\localspl.dll
2018-02-13 19:11:45 ----A---- C:\WINDOWS\system32\ListSvc.dll
2018-02-13 19:11:45 ----A---- C:\WINDOWS\system32\fontext.dll
2018-02-13 19:11:45 ----A---- C:\WINDOWS\explorer.exe
2018-02-13 19:11:44 ----A---- C:\WINDOWS\SYSWOW64\windows.storage.dll
2018-02-13 19:11:44 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Protection.PlayReady.dll
2018-02-13 19:11:44 ----A---- C:\WINDOWS\SYSWOW64\user.exe
2018-02-13 19:11:44 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2018-02-13 19:11:44 ----A---- C:\WINDOWS\system32\mssprxy.dll
2018-02-13 19:11:43 ----A---- C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-02-13 19:11:43 ----A---- C:\WINDOWS\system32\mfps.dll
2018-02-13 19:11:41 ----A---- C:\WINDOWS\system32\usocore.dll
2018-02-13 19:11:41 ----A---- C:\WINDOWS\system32\updatepolicy.dll
2018-02-13 19:11:41 ----A---- C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2018-02-13 19:11:41 ----A---- C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-02-13 19:11:41 ----A---- C:\WINDOWS\system32\MusNotification.exe
2018-02-13 19:11:40 ----A---- C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2018-02-13 19:11:40 ----A---- C:\WINDOWS\system32\wcimage.dll
2018-02-13 19:11:40 ----A---- C:\WINDOWS\system32\vac.exe
2018-02-13 19:11:40 ----A---- C:\WINDOWS\system32\AppxSysprep.dll
2018-02-13 19:11:40 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-02-13 19:11:39 ----A---- C:\WINDOWS\system32\winresume.exe
2018-02-13 19:11:39 ----A---- C:\WINDOWS\system32\winload.exe
2018-02-13 19:11:39 ----A---- C:\WINDOWS\system32\TileDataRepository.dll
2018-02-13 19:11:39 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2018-02-13 19:11:39 ----A---- C:\WINDOWS\system32\cldapi.dll
2018-02-13 19:11:39 ----A---- C:\WINDOWS\system32\ci.dll
2018-02-13 19:11:39 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-02-13 19:11:39 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-02-13 19:11:38 ----A---- C:\WINDOWS\SYSWOW64\Windows.Security.Authentication.Web.Core.dll
2018-02-13 19:11:38 ----A---- C:\WINDOWS\SYSWOW64\Windows.Payments.dll
2018-02-13 19:11:38 ----A---- C:\WINDOWS\SYSWOW64\ucrtbase.dll
2018-02-13 19:11:38 ----A---- C:\WINDOWS\SYSWOW64\TokenBroker.dll
2018-02-13 19:11:38 ----A---- C:\WINDOWS\SYSWOW64\cldapi.dll
2018-02-13 19:11:38 ----A---- C:\WINDOWS\SYSWOW64\AudioEng.dll
2018-02-13 19:11:38 ----A---- C:\WINDOWS\system32\winsku.dll
2018-02-13 19:11:38 ----A---- C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-02-13 19:11:38 ----A---- C:\WINDOWS\system32\Windows.Payments.dll
2018-02-13 19:11:38 ----A---- C:\WINDOWS\system32\UpdateAgent.dll
2018-02-13 19:11:38 ----A---- C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-02-13 19:11:38 ----A---- C:\WINDOWS\system32\ucrtbase.dll
2018-02-13 19:11:38 ----A---- C:\WINDOWS\system32\RecoveryDrive.exe
2018-02-13 19:11:38 ----A---- C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2018-02-13 19:11:38 ----A---- C:\WINDOWS\system32\devinv.dll
2018-02-13 19:11:38 ----A---- C:\WINDOWS\system32\CompatTelRunner.exe
2018-02-13 19:11:38 ----A---- C:\WINDOWS\system32\AudioEng.dll
2018-02-13 19:11:38 ----A---- C:\WINDOWS\system32\appraiser.dll
2018-02-13 19:11:38 ----A---- C:\WINDOWS\system32\acmigration.dll
2018-02-13 19:11:37 ----A---- C:\WINDOWS\SYSWOW64\winsku.dll
2018-02-13 19:11:37 ----A---- C:\WINDOWS\SYSWOW64\wimgapi.dll
2018-02-13 19:11:37 ----A---- C:\WINDOWS\SYSWOW64\InstallService.dll
2018-02-13 19:11:37 ----A---- C:\WINDOWS\system32\wimserv.exe
2018-02-13 19:11:37 ----A---- C:\WINDOWS\system32\wimgapi.dll
2018-02-13 19:11:37 ----A---- C:\WINDOWS\system32\sppobjs.dll
2018-02-13 19:11:37 ----A---- C:\WINDOWS\system32\SecurityHealthService.exe
2018-02-13 19:11:37 ----A---- C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-02-13 19:11:37 ----A---- C:\WINDOWS\system32\rshx32.dll
2018-02-13 19:11:37 ----A---- C:\WINDOWS\system32\InstallService.dll
2018-02-13 19:11:37 ----A---- C:\WINDOWS\system32\efscore.dll
2018-02-13 19:11:37 ----A---- C:\WINDOWS\system32\browserbroker.dll
2018-02-13 19:11:36 ----A---- C:\WINDOWS\SYSWOW64\webplatstorageserver.dll
2018-02-13 19:11:36 ----A---- C:\WINDOWS\SYSWOW64\usercpl.dll
2018-02-13 19:11:36 ----A---- C:\WINDOWS\SYSWOW64\updatepolicy.dll
2018-02-13 19:11:36 ----A---- C:\WINDOWS\SYSWOW64\twext.dll
2018-02-13 19:11:36 ----A---- C:\WINDOWS\SYSWOW64\netplwiz.dll
2018-02-13 19:11:36 ----A---- C:\WINDOWS\SYSWOW64\IdCtrls.dll
2018-02-13 19:11:36 ----A---- C:\WINDOWS\SYSWOW64\CloudExperienceHostCommon.dll
2018-02-13 19:11:36 ----A---- C:\WINDOWS\SYSWOW64\authz.dll
2018-02-13 19:11:36 ----A---- C:\WINDOWS\SYSWOW64\authui.dll
2018-02-13 19:11:36 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2018-02-13 19:11:36 ----A---- C:\WINDOWS\system32\usercpl.dll
2018-02-13 19:11:36 ----A---- C:\WINDOWS\system32\twext.dll
2018-02-13 19:11:36 ----A---- C:\WINDOWS\system32\shutdownux.dll
2018-02-13 19:11:36 ----A---- C:\WINDOWS\system32\rtmpltfm.dll
2018-02-13 19:11:36 ----A---- C:\WINDOWS\system32\pcasvc.dll
2018-02-13 19:11:36 ----A---- C:\WINDOWS\system32\netplwiz.dll
2018-02-13 19:11:36 ----A---- C:\WINDOWS\system32\msvcp_win.dll
2018-02-13 19:11:36 ----A---- C:\WINDOWS\system32\LockScreenContent.dll
2018-02-13 19:11:36 ----A---- C:\WINDOWS\system32\IdCtrls.dll
2018-02-13 19:11:36 ----A---- C:\WINDOWS\system32\generaltel.dll
2018-02-13 19:11:36 ----A---- C:\WINDOWS\system32\dsreg.dll
2018-02-13 19:11:36 ----A---- C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2018-02-13 19:11:36 ----A---- C:\WINDOWS\system32\authui.dll
2018-02-13 19:11:36 ----A---- C:\WINDOWS\system32\aeinv.dll
2018-02-13 19:11:35 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Core.TextInput.dll
2018-02-13 19:11:35 ----A---- C:\WINDOWS\SYSWOW64\UserDeviceRegistration.dll
2018-02-13 19:11:35 ----A---- C:\WINDOWS\SYSWOW64\rtmpltfm.dll
2018-02-13 19:11:35 ----A---- C:\WINDOWS\SYSWOW64\MSVP9DEC.dll
2018-02-13 19:11:35 ----A---- C:\WINDOWS\SYSWOW64\msvcp_win.dll
2018-02-13 19:11:35 ----A---- C:\WINDOWS\SYSWOW64\aepic.dll
2018-02-13 19:11:35 ----A---- C:\WINDOWS\system32\xpsrchvw.exe
2018-02-13 19:11:35 ----A---- C:\WINDOWS\system32\win32appinventorycsp.dll
2018-02-13 19:11:35 ----A---- C:\WINDOWS\system32\UserDeviceRegistration.dll
2018-02-13 19:11:35 ----A---- C:\WINDOWS\system32\sppwinob.dll
2018-02-13 19:11:35 ----A---- C:\WINDOWS\system32\rtmpal.dll
2018-02-13 19:11:35 ----A---- C:\WINDOWS\system32\NetworkDesktopSettings.dll
2018-02-13 19:11:35 ----A---- C:\WINDOWS\system32\MSVP9DEC.dll
2018-02-13 19:11:35 ----A---- C:\WINDOWS\system32\mf.dll
2018-02-13 19:11:35 ----A---- C:\WINDOWS\system32\invagent.dll
2018-02-13 19:11:35 ----A---- C:\WINDOWS\system32\FSClient.dll
2018-02-13 19:11:35 ----A---- C:\WINDOWS\system32\dcntel.dll
2018-02-13 19:11:35 ----A---- C:\WINDOWS\system32\aepic.dll
2018-02-13 19:11:34 ----A---- C:\WINDOWS\SYSWOW64\xpsrchvw.exe
2018-02-13 19:11:34 ----A---- C:\WINDOWS\SYSWOW64\StructuredQuery.dll
2018-02-13 19:11:34 ----A---- C:\WINDOWS\SYSWOW64\setup16.exe
2018-02-13 19:11:34 ----A---- C:\WINDOWS\SYSWOW64\sendmail.dll
2018-02-13 19:11:34 ----A---- C:\WINDOWS\SYSWOW64\rtmpal.dll
2018-02-13 19:11:34 ----A---- C:\WINDOWS\SYSWOW64\mf.dll
2018-02-13 19:11:34 ----A---- C:\WINDOWS\SYSWOW64\KernelBase.dll
2018-02-13 19:11:34 ----A---- C:\WINDOWS\SYSWOW64\GdiPlus.dll
2018-02-13 19:11:34 ----A---- C:\WINDOWS\system32\updatehandlers.dll
2018-02-13 19:11:34 ----A---- C:\WINDOWS\system32\StructuredQuery.dll
2018-02-13 19:11:34 ----A---- C:\WINDOWS\system32\rtmcodecs.dll
2018-02-13 19:11:34 ----A---- C:\WINDOWS\system32\policymanager.dll
2018-02-13 19:11:34 ----A---- C:\WINDOWS\system32\pcalua.exe
2018-02-13 19:11:34 ----A---- C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-02-13 19:11:34 ----A---- C:\WINDOWS\system32\MusNotificationUx.exe
2018-02-13 19:11:34 ----A---- C:\WINDOWS\system32\KernelBase.dll
2018-02-13 19:11:34 ----A---- C:\WINDOWS\system32\FntCache.dll
2018-02-13 19:11:34 ----A---- C:\WINDOWS\system32\efswrt.dll
2018-02-13 19:11:34 ----A---- C:\WINDOWS\system32\aitstatic.exe
2018-02-13 19:11:33 ----A---- C:\WINDOWS\SYSWOW64\wldp.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\SYSWOW64\wintrust.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\SYSWOW64\WebClnt.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\SYSWOW64\virtdisk.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\SYSWOW64\tzres.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\SYSWOW64\sppcomapi.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\SYSWOW64\shsetup.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\SYSWOW64\rtmmvrortc.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\SYSWOW64\rtmcodecs.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\SYSWOW64\regsvr32.exe
2018-02-13 19:11:33 ----A---- C:\WINDOWS\SYSWOW64\rasgcw.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\SYSWOW64\policymanager.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\SYSWOW64\ortcengine.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\SYSWOW64\mfsensorgroup.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\SYSWOW64\LicensingWinRT.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\SYSWOW64\IndexedDbLegacy.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\SYSWOW64\Chakradiag.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\SYSWOW64\EnterpriseAppMgmtClient.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\SYSWOW64\efswrt.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\SYSWOW64\edputil.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\SYSWOW64\EditionUpgradeManagerObj.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\SYSWOW64\EditionUpgradeHelper.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\SYSWOW64\DeviceReactivation.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\SYSWOW64\davclnt.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\system32\wups2.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\system32\wow64cpu.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\system32\wldp.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\system32\wintrust.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\system32\webplatstorageserver.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\system32\WebClnt.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\system32\virtdisk.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\system32\tzres.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2018-02-13 19:11:33 ----A---- C:\WINDOWS\system32\shsetup.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\system32\rtmmvrortc.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\system32\regsvr32.exe
2018-02-13 19:11:33 ----A---- C:\WINDOWS\system32\rasgcw.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\system32\ortcengine.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\system32\musdialoghandlers.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\system32\MshtmlDac.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\system32\mfsensorgroup.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\system32\LicensingWinRT.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\system32\Chakradiag.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\system32\FsIso.exe
2018-02-13 19:11:33 ----A---- C:\WINDOWS\system32\FrameServer.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\system32\FontProvider.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\system32\EnterpriseAppMgmtClient.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\system32\edputil.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\system32\EditionUpgradeHelper.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\system32\drivers\npfs.sys
2018-02-13 19:11:33 ----A---- C:\WINDOWS\system32\drivers\netio.sys
2018-02-13 19:11:33 ----A---- C:\WINDOWS\system32\drivers\mskssrv.sys
2018-02-13 19:11:33 ----A---- C:\WINDOWS\system32\drivers\hidparse.sys
2018-02-13 19:11:33 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\system32\DeviceReactivation.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\system32\DeviceCensus.exe
2018-02-13 19:11:33 ----A---- C:\WINDOWS\system32\davclnt.dll
2018-02-13 19:11:33 ----A---- C:\WINDOWS\system32\browserexport.exe

====== List of files/folders modified in the last 1 month ======

2018-03-10 19:55:14 ----RD---- C:\Program Files
2018-03-10 19:47:06 ----D---- C:\Users\MrPierc\AppData\Roaming\Skype
2018-03-10 19:45:10 ----D---- C:\WINDOWS\Prefetch
2018-03-10 19:36:00 ----D---- C:\WINDOWS\system32\sru
2018-03-10 19:32:07 ----D---- C:\WINDOWS\Temp
2018-03-10 19:32:07 ----D---- C:\WINDOWS\system32\SleepStudy
2018-03-10 19:03:53 ----D---- C:\WINDOWS\system32\LogFiles
2018-03-10 19:03:53 ----D---- C:\WINDOWS\Logs
2018-03-10 19:03:39 ----RD---- C:\WINDOWS\Microsoft.NET
2018-03-10 18:38:14 ----HD---- C:\Program Files\WindowsApps
2018-03-10 18:38:13 ----D---- C:\WINDOWS\AppReadiness
2018-03-10 18:37:57 ----D---- C:\WINDOWS\DeliveryOptimization
2018-03-10 18:37:47 ----D---- C:\ProgramData\NVIDIA
2018-03-10 07:50:09 ----RSD---- C:\WINDOWS\Fonts
2018-03-10 05:29:40 ----AD---- C:\Program Files (x86)\Mozilla Firefox
2018-03-09 19:06:15 ----SHD---- C:\WINDOWS\Installer
2018-03-09 19:06:15 ----SHD---- C:\Config.Msi
2018-03-09 19:05:32 ----D---- C:\WINDOWS\System32
2018-03-09 19:03:05 ----D---- C:\WINDOWS\SysWOW64
2018-03-09 19:00:54 ----D---- C:\WINDOWS\system32\Tasks
2018-03-09 18:44:27 ----D---- C:\Users\MrPierc\AppData\Roaming\Adobe
2018-03-08 17:04:21 ----D---- C:\WINDOWS\system32\config
2018-03-08 09:25:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-07 19:42:10 ----D---- C:\WINDOWS\INF
2018-03-07 19:40:42 ----D---- C:\WINDOWS\system32\DriverStore
2018-03-07 19:39:37 ----D---- C:\ProgramData\Adobe
2018-03-07 19:08:37 ----AD---- C:\Program Files (x86)\TeamViewer
2018-03-07 18:57:05 ----D---- C:\WINDOWS\WinSxS
2018-03-07 18:57:03 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2018-03-07 18:57:02 ----D---- C:\WINDOWS\system32\catroot2
2018-03-07 18:56:08 ----AD---- C:\Program Files (x86)\Adobe
2018-03-07 18:43:43 ----SHD---- C:\System Volume Information
2018-03-06 20:55:34 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2018-03-05 21:03:15 ----D---- C:\Windows
2018-03-05 20:02:09 ----DC---- C:\WINDOWS\Panther
2018-03-04 19:39:46 ----D---- C:\WINDOWS\system32\drivers
2018-03-04 19:39:32 ----D---- C:\ProgramData\NVIDIA Corporation
2018-03-04 19:38:58 ----RD---- C:\Program Files (x86)
2018-03-04 07:41:35 ----D---- C:\Users\MrPierc\AppData\Roaming\CDisplayEx
2018-03-02 17:20:07 ----RD---- C:\Program Files\Windows Defender
2018-02-26 04:42:08 ----A---- C:\WINDOWS\system32\nvapi64.dll
2018-02-26 04:42:04 ----A---- C:\WINDOWS\SYSWOW64\nvapi.dll
2018-02-25 08:16:49 ----D---- C:\WINDOWS\debug
2018-02-23 21:01:01 ----A---- C:\WINDOWS\NvContainerRecovery.bat
2018-02-23 20:22:35 ----A---- C:\WINDOWS\system32\nvsvc64.dll
2018-02-23 20:22:35 ----A---- C:\WINDOWS\system32\nvcpl.dll
2018-02-23 20:22:25 ----A---- C:\WINDOWS\system32\nvsvcr.dll
2018-02-23 20:22:25 ----A---- C:\WINDOWS\system32\nvshext.dll
2018-02-23 20:22:25 ----A---- C:\WINDOWS\system32\nvmctray.dll
2018-02-23 20:22:25 ----A---- C:\WINDOWS\system32\nv3dappshextr.dll
2018-02-23 20:22:25 ----A---- C:\WINDOWS\system32\nv3dappshext.dll
2018-02-23 20:12:15 ----HD---- C:\ProgramData
2018-02-23 20:07:46 ----SD---- C:\Users\MrPierc\AppData\Roaming\Microsoft
2018-02-23 20:07:29 ----RSD---- C:\WINDOWS\assembly
2018-02-19 18:55:33 ----D---- C:\WINDOWS\LiveKernelReports
2018-02-17 07:16:20 ----D---- C:\Program Files (x86)\Common Files
2018-02-17 07:16:06 ----D---- C:\ProgramData\Package Cache
2018-02-17 06:26:50 ----D---- C:\WINDOWS\rescache
2018-02-13 21:02:15 ----D---- C:\WINDOWS\TextInput
2018-02-13 21:02:15 ----D---- C:\WINDOWS\SYSWOW64\wbem
2018-02-13 21:02:15 ----D---- C:\WINDOWS\SYSWOW64\migration
2018-02-13 21:02:15 ----D---- C:\WINDOWS\system32\wbem
2018-02-13 21:02:15 ----D---- C:\WINDOWS\system32\oobe
2018-02-13 21:02:15 ----D---- C:\WINDOWS\system32\migration
2018-02-13 21:02:15 ----D---- C:\WINDOWS\system32\Boot
2018-02-13 21:02:15 ----D---- C:\WINDOWS\system32\appraiser
2018-02-13 21:02:14 ----D---- C:\WINDOWS\ShellExperiences
2018-02-13 21:02:14 ----D---- C:\WINDOWS\bcastdvr
2018-02-13 21:02:14 ----D---- C:\WINDOWS\apppatch
2018-02-13 21:02:10 ----D---- C:\WINDOWS\system32\drivers\UMDF
2018-02-13 19:15:11 ----D---- C:\WINDOWS\system32\MRT
2018-02-13 19:15:09 ----AC---- C:\WINDOWS\system32\MRT-KB890830.exe
2018-02-13 19:15:05 ----AC---- C:\WINDOWS\system32\MRT.exe
2018-02-13 19:12:58 ----A---- C:\WINDOWS\SYSWOW64\MshtmlDac.dll

File C:\WINDOWS\system32\winlogon.exe is digitally signed
File C:\WINDOWS\system32\wininit.exe is digitally signed
File C:\WINDOWS\explorer.exe is digitally signed
File C:\WINDOWS\SysWOW64\explorer.exe is digitally signed
File C:\WINDOWS\system32\svchost.exe is digitally signed
File C:\WINDOWS\SysWOW64\svchost.exe is digitally signed
File C:\WINDOWS\system32\services.exe is digitally signed
File C:\WINDOWS\system32\User32.dll is digitally signed
File C:\WINDOWS\SysWOW64\User32.dll is digitally signed
File C:\WINDOWS\system32\userinit.exe is digitally signed
File C:\WINDOWS\SysWOW64\userinit.exe is digitally signed
File C:\WINDOWS\system32\rpcss.dll is digitally signed
File C:\WINDOWS\system32\Drivers\volsnap.sys is digitally signed

====== List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======

R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\WINDOWS\system32\drivers\iorate.sys [2017-09-29 56728]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\WINDOWS\system32\drivers\bam.sys [2018-01-01 59800]
R1 MpKsl3d98ee98;MpKsl3d98ee98; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EDC67EF8-D366-45AF-96AF-0022D247DB72}\MpKsl3d98ee98.sys [2018-03-10 58120]
R2 CldFlt;Windows Cloud Files Filter Driver; C:\WINDOWS\system32\drivers\cldflt.sys [2018-02-10 385536]
R3 NVHDA;@oem1.inf,%NVHDA.SvcDesc%;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda64v.sys [2018-01-04 226760]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_048172e9d7cc483d\nvlddmkm.sys [2018-02-26 17524720]
R3 nvvad_WaveExtensible;@oem33.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\WINDOWS\system32\drivers\nvvad64v.sys [2017-12-15 59240]
R3 nvvhci;@oem6.inf,%ServiceDesc%;NVVHCI Enumerator Service; C:\WINDOWS\System32\drivers\nvvhci.sys [2018-01-24 57928]
R3 rt640x64;@rt640x64.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2017-09-29 604160]
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\WINDOWS\System32\drivers\bttflt.sys [2017-09-29 37784]
S0 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2017-09-29 357272]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-09-29 63520]
S0 Ramdisk;Windows RAM Disk Driver; C:\WINDOWS\system32\DRIVERS\ramdisk.sys [2017-09-29 39832]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2017-09-29 118168]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2017-09-29 20480]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2017-09-29 18432]
S3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\WINDOWS\System32\drivers\CAD.sys [2017-09-29 60312]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [2017-06-11 30264]
S3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [2017-06-11 47672]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys [2018-02-10 25640]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2017-09-29 73112]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\WINDOWS\System32\Drivers\mshwnclx.sys [2017-09-29 27136]
S3 HyperVideo;HyperVideo; C:\WINDOWS\System32\drivers\HyperVideo.sys [2017-09-29 28160]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2017-09-29 1723288]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2017-09-29 36864]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2017-09-29 79360]
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2017-09-29 88576]
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2017-09-29 174592]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2017-09-29 39424]
S3 invdimm;@invdimm.inf,%invdimm.SvcDesc%;Microsoft iNVDIMM device driver; C:\WINDOWS\System32\drivers\invdimm.sys [2017-09-29 38912]
S3 IPT;IPT; C:\WINDOWS\System32\drivers\ipt.sys [2017-09-29 26112]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2017-09-29 119808]
S3 MarvinBus;Pinnacle Marvin Bus 64; C:\WINDOWS\System32\drivers\MarvinBus64.sys [2005-09-23 261120]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\WINDOWS\System32\drivers\mausbhost.sys [2017-09-29 505240]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\WINDOWS\System32\drivers\mausbip.sys [2017-09-29 55840]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2017-09-29 132608]
S3 netvsc;netvsc; C:\WINDOWS\System32\drivers\netvsc.sys [2018-01-01 192512]
S3 nvdimmn;@nvdimmn.inf,%nvdimmn.SvcDesc%;Microsoft NVDIMM-N device driver; C:\WINDOWS\System32\drivers\nvdimmn.sys [2017-09-29 88576]
S3 NvStreamKms;NVIDIA KMS; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2018-01-10 31024]
S3 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\WINDOWS\System32\drivers\pmem.sys [2017-09-29 100352]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\WINDOWS\System32\drivers\pnpmem.sys [2017-09-29 16896]
S3 qcusbser;@oem42.inf,%QCUSBSER%;Qualcomm USB Device for Legacy Serial Communication; C:\WINDOWS\system32\DRIVERS\qcusbser.sys [2017-03-15 254520]
S3 qcusbwwan;@oem3.inf,%qcwwan.Service.DispName%;Qualcomm USB-NDIS WWAN miniport; C:\WINDOWS\System32\drivers\qcusbwwan.sys [2017-03-15 557112]
S3 ReFS;ReFS; C:\WINDOWS\system32\drivers\ReFS.sys [2017-09-29 1849752]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\WINDOWS\System32\drivers\rhproxy.sys [2017-09-29 103936]
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\WINDOWS\System32\drivers\SDFRd.sys [2017-09-29 33176]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter; C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2017-09-30 56216]

====== List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======

R2 AdobeUpdateService;AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [2017-09-20 817760]
R2 AGSService;Adobe Genuine Software Integrity Service; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2018-01-05 2319848]
R2 CDPUserSvc_56db79b;Uživatelská služba platformy připojených zařízení_56db79b; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p;"ServiceDll" = %SystemRoot%\System32\dusmsvc.dll
R2 NvContainerLocalSystem;NVIDIA LocalSystem Container; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-01-10 519992]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2018-02-23 462864]
R2 NvTelemetryContainer;NVIDIA Telemetry Container; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [2018-01-10 461616]
R2 OneSyncSvc_56db79b;Hostitel synchronizace_56db79b; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
R2 Origin Web Helper Service;Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2017-09-25 3000168]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\syswow64\PnkBstrA.exe [2017-09-30 76152]
R2 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\WINDOWS\system32\SecurityHealthService.exe [2018-02-10 519144]
R2 TeamViewer;TeamViewer 12; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2017-12-18 10803440]
R3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; %SystemRoot%\system32\svchost.exe -k LocalService -p;"ServiceDll" = %SystemRoot%\system32\SEMgrSvc.dll
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2017-12-15 1644832]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" = %SystemRoot%\System32\CDPUserSvc.dll
S2 MessagingService_56db79b;Služba zasílání zpráv_56db79b; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-10-21 317408]
S3 BEService;BattlEye Service; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2017-12-14 6979080]
S3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; %SystemRoot%\system32\svchost.exe -k appmodel -p;"ServiceDll" = %SystemRoot%\system32\CapabilityAccessManager.dll
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; %SystemRoot%\system32\svchost.exe -k DevicesFlow;"ServiceDll" = %SystemRoot%\System32\DevicesFlowBroker.dll
S3 DevicesFlowUserSvc_56db79b;Tok zařízení_56db79b; C:\WINDOWS\system32\svchost.exe -k DevicesFlow;"ServiceDll" =
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; %SystemRoot%\System32\svchost.exe -k diagnostics;"ServiceDll" = %systemroot%\system32\DiagSvc.dll
S3 EasyAntiCheat;EasyAntiCheat; C:\WINDOWS\syswow64\EasyAntiCheat.exe [2017-05-13 382504]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2018-01-26 43648]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; %SystemRoot%\System32\svchost.exe -k Camera;"ServiceDll" = %SystemRoot%\system32\FrameServer.dll
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; %SystemRoot%\System32\svchost.exe -k GraphicsPerfSvcGroup;"ServiceDll" = %SystemRoot%\System32\GraphicsPerfSvc.dll
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p;"ServiceDll" = %SystemRoot%\System32\hvhostsvc.dll
S3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; %SystemRoot%\System32\svchost.exe -k netsvcs -p;"ServiceDll" = %SystemRoot%\system32\InstallService.dll
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p;"ServiceDll" = %SystemRoot%\System32\IpxlatCfg.dll
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p;"ServiceDll" = %SystemRoot%\System32\irmon.dll
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2018-03-10 194512]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; %SystemRoot%\system32\svchost.exe -k netsvcs -p;"ServiceDll" = %SystemRoot%\System32\NaturalAuth.dll
S3 NvContainerNetworkService;NVIDIA NetworkService Container; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-01-10 519992]
S3 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2017-10-21 2120032]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2015-07-31 242864]
S3 PimIndexMaintenanceSvc_56db79b;Data kontaktů_56db79b; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; %SystemRoot%\system32\svchost.exe -k PrintWorkflow;"ServiceDll" = %SystemRoot%\System32\PrintWorkflowService.dll
S3 PrintWorkflowUserSvc_56db79b;PrintWorkflow_56db79b; C:\WINDOWS\system32\svchost.exe -k PrintWorkflow;"ServiceDll" =
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; %SystemRoot%\System32\svchost.exe -k netsvcs -p;"ServiceDll" = %SystemRoot%\system32\PushToInstall.dll
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\RMapi.dll
S3 SharedRealitySvc;@%SystemRoot%\system32\SharedRealitySvc.dll,-100; %SystemRoot%\system32\svchost.exe -k LocalService -p;"ServiceDll" = %SystemRoot%\System32\SharedRealitySvc.dll
S3 spectrum;@%systemroot%\system32\spectrum.exe,-101; C:\WINDOWS\system32\spectrum.exe [2018-01-01 956416]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; %SystemRoot%\System32\svchost.exe -k netsvcs -p;"ServiceDll" = %systemroot%\system32\Windows.SharedPC.AccountManager.dll

-----------------EOF-----------------

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Preventivka – co kdyby

#3 Příspěvek od Conder »

Ahoj :)

:arrow: Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
  • Uloz na plochu a ukonci vsetky programy
  • Spusti AdwCleaner ako spravca
  • Odsuhlas licencne podmienky
  • Klikni na Scan (Skenovanie) a pockaj na dokoncenie
  • Klikni na Clean (Cistenie) a potvrd kliknutim na OK
  • AdwCleaner si vyziada restart PC, potvrd kliknutim na Restart Now (Restartovat teraz)
  • Po dokonceni a restartovani PC vyskoci log, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

MrPierc
Návštěvník
Návštěvník
Příspěvky: 45
Registrován: 16 dub 2009 07:11

Re: Preventivka – co kdyby

#4 Příspěvek od MrPierc »

Log ADW, děkuji:

# AdwCleaner 7.0.8.0 - Logfile created on Sat Mar 10 20:10:43 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\ProgramData\Application Data\lavasoft\web companion
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion


***** [ Files ] *****

Deleted: C:\Users\MrPierc\AppData\Roaming\Mozilla\Firefox\Profiles\p5w1kg24.default-1504294832587\searchplugins\yahoo-lavasoft.xml


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Lavasoft\Web Companion
Deleted: [Key] - HKU\S-1-5-21-712972925-3502733572-2621328112-1002\Software\Lavasoft\Web Companion
Deleted: [Key] - HKCU\Software\Lavasoft\Web Companion
Deleted: [Value] - HKU\S-1-5-21-712972925-3502733572-2621328112-1002\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted: [Value] - HKU\S-1-5-21-712972925-3502733572-2621328112-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted: [Value] - HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted: [Key] - HKLM\SOFTWARE\Conduit
Deleted: [Key] - HKU\S-1-5-21-712972925-3502733572-2621328112-1002\Software\Conduit
Deleted: [Key] - HKCU\Software\Conduit
Deleted: [Value] - HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [2390 B] - [2018/3/10 20:9:56]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Preventivka – co kdyby

#5 Příspěvek od Conder »

:arrow: Poprosim o obidva logy z FRST podla tohto navodu (FRST.txt a Addition.txt): https://forum.viry.cz/viewtopic.php?f=13&t=152707

:arrow: V pripade, ze sa FRSTLauncher nebude dat stiahnut alebo spustit, pouzi iba samotny FRST.

:arrow: Ak sa logy nezmestia do jedneho prispevku, zabal ich do archivu RAR alebo ZIP a posli ako prilohu.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

MrPierc
Návštěvník
Návštěvník
Příspěvky: 45
Registrován: 16 dub 2009 07:11

Re: Preventivka – co kdyby

#6 Příspěvek od MrPierc »

Moc dlouhé, přikládám jako přílohu. Děkuji.
Přílohy
Preventivka – co kdyby.rar
(29.41 KiB) Staženo 69 x

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Preventivka – co kdyby

#7 Příspěvek od Conder »

:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
    CloseProcesses:
    CreateRestorePoint:
    
    CMD: type "C:\Program Files (x86)\mozilla firefox\dsengine.cfg"
    
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-712972925-3502733572-2621328112-1002\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-712972925-3502733572-2621328112-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10444__180223__yaie
    SearchScopes: HKU\S-1-5-21-712972925-3502733572-2621328112-1002 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10444__180223__yaie&p={searchTerms}
    BHO: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
    BHO-x32: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
    FF NewTab: Mozilla\Firefox\Profiles\p5w1kg24.default-1504294832587 -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10444__180223__yaff
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\dsengine.js [2018-02-23] <==== ATTENTION (Points to *.cfg file)
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\dsengine.cfg [2018-02-23] <==== ATTENTION
    2017-06-02 05:13 - 2017-06-02 05:13 - 000000000 ____H () C:\Users\MrPierc\AppData\Local\BIT215E.tmp
    C:\Windows\SysWOW64\abracadabra08092011.exe
    Task: {AA67B78B-283A-496C-9014-F2F8C0F6D919} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    IE trusted site: HKU\S-1-5-21-712972925-3502733572-2621328112-1002\...\localhost -> localhost
    
    Hosts:
    EmptyTemp:
    End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

MrPierc
Návštěvník
Návštěvník
Příspěvky: 45
Registrován: 16 dub 2009 07:11

Re: Preventivka – co kdyby

#8 Příspěvek od MrPierc »

Dobrý den, vkládám:

Fix result of Farbar Recovery Scan Tool (x64) Version: 10.03.2018
Ran by MrPierc (11-03-2018 16:31:01) Run:1
Running from C:\Users\MrPierc\Desktop
Loaded Profiles: MrPierc (Available Profiles: defaultuser0 & MrPierc)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

CMD: type "C:\Program Files (x86)\mozilla firefox\dsengine.cfg"

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-712972925-3502733572-2621328112-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-712972925-3502733572-2621328112-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10444__180223__yaie
SearchScopes: HKU\S-1-5-21-712972925-3502733572-2621328112-1002 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10444__180223__yaie&p={searchTerms}
BHO: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
BHO-x32: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
FF NewTab: Mozilla\Firefox\Profiles\p5w1kg24.default-1504294832587 -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10444__180223__yaff
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\dsengine.js [2018-02-23] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\dsengine.cfg [2018-02-23] <==== ATTENTION
2017-06-02 05:13 - 2017-06-02 05:13 - 000000000 ____H () C:\Users\MrPierc\AppData\Local\BIT215E.tmp
C:\Windows\SysWOW64\abracadabra08092011.exe
Task: {AA67B78B-283A-496C-9014-F2F8C0F6D919} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
IE trusted site: HKU\S-1-5-21-712972925-3502733572-2621328112-1002\...\localhost -> localhost

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= type "C:\Program Files (x86)\mozilla firefox\dsengine.cfg" =========

// This line is ignored. adaware cfg file.
// Import the XPCOM component
var Cu = Components.utils;
Cu.import("resource://gre/modules/Services.jsm");

function addSearch() {
// Check if we have already added our search engine, as we don't want to keep adding it
if (Services.search.getEngines().indexOf(Services.search.getEngineByName("Yahoo! Search Engine")) === -1) {
// let iconURI = "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAIAAACQkWg2AAABGklEQVQoz2NgGB6AnZ1dUlJSXl4eSDIyMhLW4Ovr%2B%2Fr168uXL69Zs4YoG%2BLi4i5dusTExMTGxsbNzd3f37937976%2BnpmZmagbHR09J49e5YvX66kpATVEBYW9ubNm2nTphkbG7e2tp44cQLIuHfvXm5urpaWFlDKysqqu7v73LlzECMYIiIiHj58mJCQoKKicvXq1bS0NKBgW1vbjh074uPjgeqAXE1NzSdPnvDz84M0AEUvXLgAsW379u1z5swBen3jxo2zZ892cHB4%2BvQp0KlAfwI1cHJyghQFBwfv2rULokFXV%2FfixYu7d%2B8GGqGgoMDKyrpu3br9%2B%2FcDuXl5eVA%2FAEWBfoWHAdAYoNuAYQ0XAeoUERFhGDYAAPoUaT2dfWJuAAAAAElFTkSuQmCC";
// Manually define the search, otherwise setting the search won't work as it hasn't downloaded yet.
Services.search.addEngineWithDetails("Yahoo! Search Engine", "http://search.yahoo.com/favicon.ico", "", "", "GET", "https://search.yahoo.com/yhs/search?hsp ... earchTerms}");
// Name of search we're looking for in the search plugin array
let engine = Services.search.getEngineByName("Yahoo! Search Engine");
// If the search isn't set, set it
if (Services.search.currentEngine.name != "Yahoo! Search Engine") {
Services.search.currentEngine = engine;
}
}
}
// Asynchronously initialize the function, as synchronous initialization will be deprecated eventually.
Services.search.init(() => {
addSearch();
});
========= End of CMD: =========

"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-712972925-3502733572-2621328112-1002\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge" => removed successfully
HKU\S-1-5-21-712972925-3502733572-2621328112-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKU\S-1-5-21-712972925-3502733572-2621328112-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}" => removed successfully
HKLM\Software\Classes\CLSID\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13D67BB7-DB5F-48AA-884D-7A5D94168509}" => removed successfully
HKLM\Software\Classes\CLSID\{13D67BB7-DB5F-48AA-884D-7A5D94168509} => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13D67BB7-DB5F-48AA-884D-7A5D94168509}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{13D67BB7-DB5F-48AA-884D-7A5D94168509} => not found
"Firefox newtab" => removed successfully
C:\Program Files (x86)\mozilla firefox\defaults\pref\dsengine.js => moved successfully
C:\Program Files (x86)\mozilla firefox\dsengine.cfg => moved successfully
C:\Users\MrPierc\AppData\Local\BIT215E.tmp => moved successfully
C:\Windows\SysWOW64\abracadabra08092011.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA67B78B-283A-496C-9014-F2F8C0F6D919}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA67B78B-283A-496C-9014-F2F8C0F6D919}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
"HKU\S-1-5-21-712972925-3502733572-2621328112-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 84112128 B
Java, Flash, Steam htmlcache => 548743797 B
Windows/system/drivers => 4165603 B
Edge => 13035889 B
Chrome => 788782444 B
Firefox => 429945111 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 233074 B
defaultuser0.DESKTOP-H9SP7OH => 0 B
MrPierc => 330481509 B

RecycleBin => 1158489284 B
EmptyTemp: => 3.1 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 11-03-2018 16:35:05)


Result of scheduled keys to remove after reboot:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.

==== End of Fixlog 16:35:05 ====

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Preventivka – co kdyby

#9 Příspěvek od Conder »

:arrow: Vyzera to uz OK. Su este s PC nejake problemy?

:arrow: Ak nie, tak este upraceme po pouzitych nastrojoch: :arrow: "Velikost slozky "C:\Users\MrPierc\Desktop" je 629 MB."
  • Toto sice nie je az tak vela, ale aj tak odporucam presunut vsetky subory a zlozky z plochy do dokumentov a na ploche nechat iba odkazy/zastupcov. Prilis velka velkost plochy moze sposobit spomalenie systemu.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

MrPierc
Návštěvník
Návštěvník
Příspěvky: 45
Registrován: 16 dub 2009 07:11

Re: Preventivka – co kdyby

#10 Příspěvek od MrPierc »

Děkuji za pomoc!

PC se jeví OK.
Tu plochu jsem pročistil (měl jsem tam mnoho fotek v jedné složce).

Zde ještě log z Delfix:

# DelFix v1.013 - Logfile created 11/03/2018 at 17:05:12
# Updated 17/04/2016 by Xplode
# Username : MrPierc - DESKTOP-H9SP7OH
# Operating System : Windows 10 Home (64 bits)

~ Removing disinfection tools ...

Deleted : C:\RSIT
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

########## - EOF - ##########

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Preventivka – co kdyby

#11 Příspěvek od Conder »

Nie je zaco, rad som pomohol :)
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Zamčeno