Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Poprpsím o preventívku

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
PureHate44
Návštěvník
Návštěvník
Příspěvky: 154
Registrován: 28 čer 2011 17:49

Poprpsím o preventívku

#1 Příspěvek od PureHate44 »

Logfile of random's system information tool 1.10 (written by random/random)
Run by Peter at 2018-03-11 10:31:04
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 38 GB (19%) free of 200 GB
Total RAM: 4095 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:31:13, on 11. 3. 2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18921)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Peter\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe
C:\Users\Peter\AppData\Local\Facebook\Games\FacebookGameroom.exe
C:\Program Files (x86)\OkayFreedom\Notifier.exe
C:\Users\Peter\AppData\Local\Facebook\Games\Facebook Gameroom Browser.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Program Files\trend micro\Peter.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8888;https=127.0.0.1:8888
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [OKAYFREEDOM Notifier] "C:\Program Files (x86)\OkayFreedom\Notifier.exe"
O4 - HKLM\..\Run: [ACSW21EN] "C:\Program Files (x86)\ACD Systems\ACDSee\21.0\acdIDInTouch2.exe"
O4 - HKCU\..\Run: [Spotify Web Helper] C:\Users\Peter\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
O4 - HKCU\..\Run: [OKAYFREEDOM_Agent] "C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe" -agent
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Facebook Gameroom.lnk = Peter\AppData\Local\Facebook\Games\FacebookGameroom.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.webcompanion.com
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - (no file)
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - (no file)
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - (no file)
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - (no file)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CPUMonitor - Unknown owner - C:\Windows\nssm.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Disc Soft Ultra Bus Service - Disc Soft Ltd - C:\Users\Peter\DAEMON Tools Ultra\DiscSoftBusServiceUltra.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: OkayFreedom VPN Starter Service - Steganos Software GmbH - C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015.SP1a\RpcAgentSrv.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WC Assistant (WCAssistantService) - Unknown owner - C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
O23 - Service: WinZip Compression Smart Monitor Service - Unknown owner - C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9015 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe"
C:\Windows\system32\svchost.exe -k GPSvcGroup
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
"C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files\WinZip\WzPreloader.exe"
"C:\Program Files\WinZip\FAHWindow64.exe" register
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Users\Peter\AppData\Roaming\Spotify\SpotifyWebHelper.exe" --autostart
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1"
"C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe" -agent
"C:\Users\Peter\AppData\Local\Facebook\Games\FacebookGameroom.exe" fbgames://windows_startup/
"C:\Program Files (x86)\OkayFreedom\Notifier.exe"
"Facebook Gameroom Browser.exe" --type=gpu-process --no-sandbox --lang=en-US --log-file="C:\Users\Peter\AppData\Local\Facebook\Games\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 CanvasFrame/1.20.6618.42311 Safari/537.36 FacebookCanvasDesktop FBAN/GamesWindowsDesktopApp FBAV/1.20.6618.42311" --gpu-vendor-id=0x10de --gpu-device-id=0x0a65 --gpu-driver-vendor=NVIDIA --gpu-driver-version=21.21.13.4201 --gpu-driver-date=11-14-2016 --lang=en-US --log-file="C:\Users\Peter\AppData\Local\Facebook\Games\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 CanvasFrame/1.20.6618.42311 Safari/537.36 FacebookCanvasDesktop FBAN/GamesWindowsDesktopApp FBAV/1.20.6618.42311" --service-request-channel-token=3B09A3B7D9A5577EF1994EE5DC0DD874 --mojo-platform-channel-handle=1820 /prefetch:2
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Peter\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Peter\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=63.0.3239.132 --initial-client-data=0x80,0x84,0x88,0x7c,0x8c,0x7fedd035720,0x7fedd035760,0x7fedd035738
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2664 --on-initialized-event-handle=312 --parent-handle=316 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1164,893496836539755308,18209467157421414604,131072 --gpu-vendor-id=0x10de --gpu-device-id=0x0a65 --gpu-driver-vendor=NVIDIA --gpu-driver-version=21.21.13.4201 --gpu-driver-date=11-14-2016 --service-request-channel-token=3DC9B336F5C08C66B77E015577DADC5A --mojo-platform-channel-handle=1168 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1164,893496836539755308,18209467157421414604,131072 --service-pipe-token=E864969C14304A5DD4740F42CC841ABF --lang=sk --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --service-request-channel-token=E864969C14304A5DD4740F42CC841ABF --renderer-client-id=4 --mojo-platform-channel-handle=2544 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1164,893496836539755308,18209467157421414604,131072 --service-pipe-token=4CE18063849BE446626645E4588B05C7 --lang=sk --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --service-request-channel-token=4CE18063849BE446626645E4588B05C7 --renderer-client-id=5 --mojo-platform-channel-handle=2660 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1164,893496836539755308,18209467157421414604,131072 --service-pipe-token=1335B89175A1F8618F7CB6FB9AF398C4 --lang=sk --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --service-request-channel-token=1335B89175A1F8618F7CB6FB9AF398C4 --renderer-client-id=6 --mojo-platform-channel-handle=2752 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1164,893496836539755308,18209467157421414604,131072 --service-pipe-token=0F3BAAFBFC679C187A7E9E071771AE0E --lang=sk --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --service-request-channel-token=0F3BAAFBFC679C187A7E9E071771AE0E --renderer-client-id=7 --mojo-platform-channel-handle=2808 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1164,893496836539755308,18209467157421414604,131072 --service-pipe-token=9B472B8142CCFC028F62C81EA3E0056A --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --service-request-channel-token=9B472B8142CCFC028F62C81EA3E0056A --renderer-client-id=10 --mojo-platform-channel-handle=5004 /prefetch:1
"C:\Program Files (x86)\Total Commander\TOTALCMD64.EXE"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Windows\system32\prevhost.exe {914FEED8-267A-4BAA-B8AA-21E233792679} -Embedding
"C:\Program Files\WinZip\WzPreviewer64.exe" -Embedding
"C:\Users\Peter\Downloads\IRC\xchat.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1164,893496836539755308,18209467157421414604,131072 --service-pipe-token=D89E718C20545AC38D3AAF7656D21D01 --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --service-request-channel-token=D89E718C20545AC38D3AAF7656D21D01 --renderer-client-id=101 --mojo-platform-channel-handle=6452 /prefetch:1

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1164,893496836539755308,18209467157421414604,131072 --service-pipe-token=71DF7A344F8A768C4BE0D899EF32CB0F --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --service-request-channel-token=71DF7A344F8A768C4BE0D899EF32CB0F --renderer-client-id=168 --mojo-platform-channel-handle=2296 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1164,893496836539755308,18209467157421414604,131072 --service-pipe-token=F9B0718BCF5615F98ABF54DFE3EDCA30 --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --service-request-channel-token=F9B0718BCF5615F98ABF54DFE3EDCA30 --renderer-client-id=169 --mojo-platform-channel-handle=7012 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1164,893496836539755308,18209467157421414604,131072 --service-pipe-token=747172439448C9A655BC6C174D571217 --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --service-request-channel-token=747172439448C9A655BC6C174D571217 --renderer-client-id=197 --mojo-platform-channel-handle=4340 /prefetch:1
"C:\Program Files (x86)\Winamp\winamp.exe" -Embedding
C:\Windows\System32\svchost.exe -k swprv
taskeng.exe {D7680BFD-A1AD-431E-AD9C-C4E5B0054687}
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1164,893496836539755308,18209467157421414604,131072 --service-pipe-token=BE46AA1A7924688D0CE5731EF80293BA --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --service-request-channel-token=BE46AA1A7924688D0CE5731EF80293BA --renderer-client-id=210 --mojo-platform-channel-handle=7772 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1164,893496836539755308,18209467157421414604,131072 --service-pipe-token=B8C1C8F5E9A31BFBE20087CD3E03082F --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --service-request-channel-token=B8C1C8F5E9A31BFBE20087CD3E03082F --renderer-client-id=213 --mojo-platform-channel-handle=7784 /prefetch:1
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe18_ Global\UsGthrCtrlFltPipeMssGthrPipe18 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 524 528 536 65536 532
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1164,893496836539755308,18209467157421414604,131072 --service-pipe-token=A27DDFF3211FB4DC9EE9C89F7249E390 --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --service-request-channel-token=A27DDFF3211FB4DC9EE9C89F7249E390 --renderer-client-id=215 --mojo-platform-channel-handle=8056 /prefetch:1
"C:\Users\Peter\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Neptune.job - C:\Program Files (x86)\Neptune SystemCare 2017\NeptuneTray.exe -StartTray

=========Mozilla firefox=========

ProfilePath - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\o6yasy6y.default-1506712320144

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 28.0.0.137 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.6]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 28.0.0.137 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2015-02-20 1793736]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\ecmds.exe [2017-12-18 324352]
"WinZip UN"=C:\Program Files\WinZip\WZUpdateNotifier.exe [2017-12-11 2047744]
"WinZip PreLoader"=C:\Program Files\WinZip\WzPreloader.exe [2017-12-11 123848]
"WinZip FAH"=C:\Program Files\WinZip\FAHConsole.exe [2017-12-11 436416]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"=C:\Users\Peter\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2017-12-02 777840]
"OKAYFREEDOM_Agent"=C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe [2018-01-29 6267384]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2018-02-07 10290608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
C:\Program Files\CCleaner\CCleaner64.exe [2018-02-07 10290608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Ultra Agent]
C:\Users\Peter\DAEMON Tools Ultra\DTAgent.exe [2016-12-12 5021888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OKAYFREEDOM Notifier]
C:\Program Files (x86)\OkayFreedom\Notifier.exe [2018-01-29 4201464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OKAYFREEDOM_Agent]
C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe [2018-01-29 6267384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
C:\Users\Peter\AppData\Roaming\Spotify\Spotify.exe [2017-12-02 21093488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
C:\Users\Peter\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2017-12-02 777840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Users\Peter\AppData\Roaming\uTorrent\uTorrent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Gameroom.lnk]
C:\Users\Peter\AppData\Local\Facebook\Games\FACEBO~2.EXE []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"OKAYFREEDOM Notifier"=C:\Program Files (x86)\OkayFreedom\Notifier.exe [2018-01-29 4201464]
"ACSW21EN"=C:\Program Files (x86)\ACD Systems\ACDSee\21.0\acdIDInTouch2.exe []

C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Facebook Gameroom.lnk - C:\Users\Peter\AppData\Local\Facebook\Games\FacebookGameroom.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221
"NoSimpleNetIDList"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\xchat\xchat.exe"="C:\Program Files (x86)\xchat\xchat.exe:*:Enabled:XChat IRC Client"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2018-03-11 10:31:04 ----D---- C:\rsit
2018-03-11 10:19:49 ----D---- C:\ProgramData\Lavasoft
2018-03-11 10:19:21 ----D---- C:\Program Files (x86)\Lavasoft
2018-03-11 10:19:08 ----D---- C:\Lavasoft
2018-03-10 10:14:57 ----D---- C:\ProgramData\ACD Systems
2018-03-10 10:07:07 ----D---- C:\Program Files (x86)\ACD Systems
2018-03-10 10:03:01 ----D---- C:\ProgramData\Apple
2018-03-10 10:03:01 ----D---- C:\Program Files\Bonjour
2018-03-10 10:03:01 ----D---- C:\Program Files (x86)\Bonjour
2018-03-03 08:24:57 ----D---- C:\Program Files\CCleaner
2018-02-24 16:43:49 ----D---- C:\ProgramData\ESET
2018-02-24 16:43:49 ----D---- C:\Program Files\ESET
2018-02-18 13:46:18 ----D---- C:\Windows\OpenOffice
2018-02-18 13:43:03 ----D---- C:\Program Files (x86)\OpenOffice 4
2018-02-18 12:10:13 ----D---- C:\Program Files\Microsoft Office
2018-02-18 11:34:04 ----D---- C:\Program Files\Microsoft Office 15
2018-02-18 11:13:15 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2018-02-18 09:51:05 ----D---- C:\SCANOVANIE
2018-02-17 19:42:57 ----HD---- C:\ProgramData\CanonIJScan
2018-02-17 19:10:17 ----HD---- C:\ProgramData\CanonBJ
2018-02-17 19:09:57 ----A---- C:\Windows\system32\CNMLMCT.DLL
2018-02-17 19:07:30 ----A---- C:\Windows\system32\CNHMCA6.dll
2018-02-17 19:07:30 ----A---- C:\Windows\system32\CNC_CTL.dll
2018-02-17 19:07:30 ----A---- C:\Windows\system32\CNC_CTI.dll
2018-02-17 19:07:30 ----A---- C:\Windows\system32\CNC_CTC.dll
2018-02-15 17:34:50 ----D---- C:\vlc
2018-02-14 20:18:14 ----A---- C:\Windows\system32\mshtml.dll
2018-02-14 20:18:12 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2018-02-14 20:18:10 ----A---- C:\Windows\system32\ieframe.dll
2018-02-14 20:18:09 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2018-02-14 20:18:08 ----A---- C:\Windows\system32\ntoskrnl.exe
2018-02-14 20:18:08 ----A---- C:\Windows\system32\jscript9.dll
2018-02-14 20:18:07 ----A---- C:\Windows\SYSWOW64\wininet.dll
2018-02-14 20:18:07 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2018-02-14 20:18:07 ----A---- C:\Windows\system32\wininet.dll
2018-02-14 20:18:07 ----A---- C:\Windows\system32\win32k.sys
2018-02-14 20:18:06 ----A---- C:\Windows\system32\xpsrchvw.exe
2018-02-14 20:18:06 ----A---- C:\Windows\system32\ntdll.dll
2018-02-14 20:18:06 ----A---- C:\Windows\system32\drivers\tcpip.sys
2018-02-14 20:18:05 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2018-02-14 20:18:05 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2018-02-14 20:18:05 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2018-02-14 20:18:05 ----A---- C:\Windows\system32\urlmon.dll
2018-02-14 20:18:05 ----A---- C:\Windows\system32\lsasrv.dll
2018-02-14 20:18:05 ----A---- C:\Windows\system32\iertutil.dll
2018-02-14 20:18:04 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2018-02-14 20:18:04 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2018-02-14 20:18:04 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2018-02-14 20:18:04 ----A---- C:\Windows\SYSWOW64\jscript.dll
2018-02-14 20:18:04 ----A---- C:\Windows\system32\vbscript.dll
2018-02-14 20:18:04 ----A---- C:\Windows\system32\schannel.dll
2018-02-14 20:18:04 ----A---- C:\Windows\system32\rpcrt4.dll
2018-02-14 20:18:04 ----A---- C:\Windows\system32\kerberos.dll
2018-02-14 20:18:04 ----A---- C:\Windows\system32\jscript.dll
2018-02-14 20:18:04 ----A---- C:\Windows\system32\crypt32.dll
2018-02-14 20:18:03 ----A---- C:\Windows\SYSWOW64\xpsrchvw.exe
2018-02-14 20:18:03 ----A---- C:\Windows\SYSWOW64\schannel.dll
2018-02-14 20:18:03 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2018-02-14 20:18:03 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2018-02-14 20:18:03 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2018-02-14 20:18:03 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2018-02-14 20:18:03 ----A---- C:\Windows\system32\msv1_0.dll
2018-02-14 20:18:03 ----A---- C:\Windows\system32\KernelBase.dll
2018-02-14 20:18:03 ----A---- C:\Windows\system32\kernel32.dll
2018-02-14 20:18:03 ----A---- C:\Windows\system32\advapi32.dll
2018-02-14 20:18:02 ----A---- C:\Windows\SYSWOW64\WinSCard.dll
2018-02-14 20:18:02 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2018-02-14 20:18:02 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2018-02-14 20:18:02 ----A---- C:\Windows\system32\wisptis.exe
2018-02-14 20:18:02 ----A---- C:\Windows\system32\WinSCard.dll
2018-02-14 20:18:02 ----A---- C:\Windows\system32\rpchttp.dll
2018-02-14 20:18:02 ----A---- C:\Windows\system32\ncrypt.dll
2018-02-14 20:18:02 ----A---- C:\Windows\system32\msfeeds.dll
2018-02-14 20:18:02 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2018-02-14 20:18:02 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2018-02-14 20:18:02 ----A---- C:\Windows\system32\clfs.sys
2018-02-14 20:18:02 ----A---- C:\Windows\system32\cdosys.dll
2018-02-14 20:18:01 ----A---- C:\Windows\SYSWOW64\t2embed.dll
2018-02-14 20:18:01 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2018-02-14 20:18:01 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2018-02-14 20:18:01 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2018-02-14 20:18:01 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2018-02-14 20:18:01 ----A---- C:\Windows\SYSWOW64\cdosys.dll
2018-02-14 20:18:01 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2018-02-14 20:18:01 ----A---- C:\Windows\system32\wow64win.dll
2018-02-14 20:18:01 ----A---- C:\Windows\system32\wow64.dll
2018-02-14 20:18:01 ----A---- C:\Windows\system32\winsrv.dll
2018-02-14 20:18:01 ----A---- C:\Windows\system32\wdigest.dll
2018-02-14 20:18:01 ----A---- C:\Windows\system32\TSpkg.dll
2018-02-14 20:18:01 ----A---- C:\Windows\system32\t2embed.dll
2018-02-14 20:18:01 ----A---- C:\Windows\system32\srcore.dll
2018-02-14 20:18:01 ----A---- C:\Windows\system32\hal.dll
2018-02-14 20:18:01 ----A---- C:\Windows\system32\drivers\netio.sys
2018-02-14 20:18:01 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2018-02-14 20:18:01 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2018-02-14 20:18:01 ----A---- C:\Windows\system32\certcli.dll
2018-02-14 20:18:01 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2018-02-14 20:18:01 ----A---- C:\Windows\system32\adtschema.dll
2018-02-14 20:18:00 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2018-02-14 20:18:00 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2018-02-14 20:18:00 ----A---- C:\Windows\SYSWOW64\certcli.dll
2018-02-14 20:18:00 ----A---- C:\Windows\system32\StructuredQuery.dll
2018-02-14 20:18:00 ----A---- C:\Windows\system32\iedkcs32.dll
2018-02-14 20:18:00 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2018-02-14 20:18:00 ----A---- C:\Windows\system32\conhost.exe
2018-02-14 20:18:00 ----A---- C:\Windows\system32\bcrypt.dll
2018-02-14 20:18:00 ----A---- C:\Windows\system32\appidsvc.dll
2018-02-14 20:17:59 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2018-02-14 20:17:59 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2018-02-14 20:17:59 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2018-02-14 20:17:59 ----A---- C:\Windows\system32\TabSvc.dll
2018-02-14 20:17:59 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2018-02-14 20:17:59 ----A---- C:\Windows\system32\drivers\appid.sys
2018-02-14 20:17:58 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2018-02-14 20:17:58 ----A---- C:\Windows\SYSWOW64\StructuredQuery.dll
2018-02-14 20:17:58 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2018-02-14 20:17:58 ----A---- C:\Windows\SYSWOW64\setup16.exe
2018-02-14 20:17:58 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2018-02-14 20:17:58 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2018-02-14 20:17:58 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2018-02-14 20:17:58 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2018-02-14 20:17:58 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2018-02-14 20:17:58 ----A---- C:\Windows\system32\webcheck.dll
2018-02-14 20:17:58 ----A---- C:\Windows\system32\smss.exe
2018-02-14 20:17:58 ----A---- C:\Windows\system32\rstrui.exe
2018-02-14 20:17:58 ----A---- C:\Windows\system32\MshtmlDac.dll
2018-02-14 20:17:58 ----A---- C:\Windows\system32\lsass.exe
2018-02-14 20:17:58 ----A---- C:\Windows\system32\fontsub.dll
2018-02-14 20:17:58 ----A---- C:\Windows\system32\drivers\hidparse.sys
2018-02-14 20:17:58 ----A---- C:\Windows\system32\drivers\hidclass.sys
2018-02-14 20:17:58 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2018-02-14 20:17:58 ----A---- C:\Windows\system32\csrsrv.dll
2018-02-14 20:17:58 ----A---- C:\Windows\system32\cryptbase.dll
2018-02-14 20:17:58 ----A---- C:\Windows\system32\atmfd.dll
2018-02-14 20:17:58 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2018-02-14 20:17:58 ----A---- C:\Windows\system32\appidapi.dll
2018-02-14 20:17:57 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2018-02-14 20:17:57 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2018-02-14 20:17:57 ----A---- C:\Windows\system32\sspicli.dll
2018-02-14 20:17:57 ----A---- C:\Windows\system32\secur32.dll
2018-02-14 20:17:57 ----A---- C:\Windows\system32\ntvdm64.dll
2018-02-14 20:17:57 ----A---- C:\Windows\system32\msaudite.dll
2018-02-14 20:17:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-02-14 20:17:56 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-02-14 20:17:56 ----A---- C:\Windows\SYSWOW64\srclient.dll
2018-02-14 20:17:56 ----A---- C:\Windows\SYSWOW64\secur32.dll
2018-02-14 20:17:56 ----A---- C:\Windows\SYSWOW64\msrating.dll
2018-02-14 20:17:56 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2018-02-14 20:17:56 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2018-02-14 20:17:56 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2018-02-14 20:17:56 ----A---- C:\Windows\SYSWOW64\credssp.dll
2018-02-14 20:17:56 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2018-02-14 20:17:56 ----A---- C:\Windows\system32\srclient.dll
2018-02-14 20:17:56 ----A---- C:\Windows\system32\setbcdlocale.dll
2018-02-14 20:17:56 ----A---- C:\Windows\system32\msrating.dll
2018-02-14 20:17:56 ----A---- C:\Windows\system32\mshtmlmedia.dll
2018-02-14 20:17:56 ----A---- C:\Windows\system32\mshtmled.dll
2018-02-14 20:17:56 ----A---- C:\Windows\system32\dxtrans.dll
2018-02-14 20:17:56 ----A---- C:\Windows\system32\dxtmsft.dll
2018-02-14 20:17:56 ----A---- C:\Windows\system32\drivers\hidusb.sys
2018-02-14 20:17:56 ----A---- C:\Windows\system32\credssp.dll
2018-02-14 20:17:56 ----A---- C:\Windows\system32\auditpol.exe
2018-02-14 20:17:55 ----A---- C:\Windows\SYSWOW64\ieui.dll
2018-02-14 20:17:55 ----A---- C:\Windows\system32\sspisrv.dll
2018-02-14 20:17:55 ----A---- C:\Windows\system32\ieui.dll
2018-02-14 20:17:55 ----A---- C:\Windows\system32\iesetup.dll
2018-02-14 20:17:55 ----A---- C:\Windows\system32\ie4uinit.exe
2018-02-14 20:17:54 ----A---- C:\Windows\SYSWOW64\occache.dll
2018-02-14 20:17:54 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2018-02-14 20:17:54 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2018-02-14 20:17:54 ----A---- C:\Windows\SYSWOW64\inseng.dll
2018-02-14 20:17:54 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2018-02-14 20:17:54 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2018-02-14 20:17:54 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2018-02-14 20:17:54 ----A---- C:\Windows\system32\occache.dll
2018-02-14 20:17:54 ----A---- C:\Windows\system32\jscript9diag.dll
2018-02-14 20:17:54 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-02-14 20:17:54 ----A---- C:\Windows\system32\inseng.dll
2018-02-14 20:17:54 ----A---- C:\Windows\system32\ieUnatt.exe
2018-02-14 20:17:54 ----A---- C:\Windows\system32\iernonce.dll
2018-02-14 20:17:53 ----A---- C:\Windows\SYSWOW64\wow32.dll
2018-02-14 20:17:53 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2018-02-14 20:17:53 ----A---- C:\Windows\SYSWOW64\instnm.exe
2018-02-14 20:17:53 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2018-02-14 20:17:53 ----A---- C:\Windows\system32\wow64cpu.dll
2018-02-14 20:17:53 ----A---- C:\Windows\system32\jsproxy.dll
2018-02-14 20:17:53 ----A---- C:\Windows\system32\ieetwproxystub.dll
2018-02-14 20:17:53 ----A---- C:\Windows\system32\ieetwcollector.exe
2018-02-14 20:17:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-02-14 20:17:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2018-02-14 20:17:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-02-14 20:17:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2018-02-14 20:17:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-02-14 20:17:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-02-14 20:17:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-02-14 20:17:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-02-14 20:17:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-02-14 20:17:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-02-14 20:17:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2018-02-14 20:17:51 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-02-14 20:17:51 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-02-14 20:17:51 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-02-14 20:17:51 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-02-14 20:17:51 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-02-14 20:17:51 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-02-14 20:17:51 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-02-14 20:17:51 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-02-14 20:17:51 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-02-14 20:17:51 ----A---- C:\Windows\SYSWOW64\user.exe
2018-02-14 20:17:51 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2018-02-14 20:17:51 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2018-02-14 20:17:51 ----A---- C:\Windows\system32\wintrust.dll
2018-02-14 20:17:51 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2018-02-14 20:17:51 ----A---- C:\Windows\system32\ieapfltr.dll
2018-02-14 20:17:51 ----A---- C:\Windows\system32\cryptsvc.dll
2018-02-14 20:17:51 ----A---- C:\Windows\system32\apisetschema.dll
2018-02-14 20:17:50 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2018-02-14 20:17:50 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2018-02-14 20:17:50 ----A---- C:\Windows\SYSWOW64\lpk.dll
2018-02-14 20:17:50 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2018-02-14 20:17:50 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2018-02-14 20:17:50 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2018-02-14 20:17:50 ----A---- C:\Windows\system32\msobjs.dll
2018-02-14 20:17:50 ----A---- C:\Windows\system32\lpk.dll
2018-02-14 20:17:50 ----A---- C:\Windows\system32\dciman32.dll
2018-02-14 20:17:50 ----A---- C:\Windows\system32\cryptnet.dll
2018-02-14 20:17:49 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2018-02-14 20:17:49 ----A---- C:\Windows\system32\atmlib.dll
2018-02-14 20:17:02 ----A---- C:\Windows\system32\appraiser.dll
2018-02-14 20:17:02 ----A---- C:\Windows\system32\aeinv.dll
2018-02-14 20:17:01 ----A---- C:\Windows\system32\invagent.dll
2018-02-14 20:17:01 ----A---- C:\Windows\system32\generaltel.dll
2018-02-14 20:17:01 ----A---- C:\Windows\system32\devinv.dll
2018-02-14 20:17:01 ----A---- C:\Windows\system32\CompatTelRunner.exe
2018-02-14 20:17:01 ----A---- C:\Windows\system32\centel.dll
2018-02-14 20:17:01 ----A---- C:\Windows\system32\aitstatic.exe
2018-02-14 20:17:01 ----A---- C:\Windows\system32\aepic.dll
2018-02-14 20:17:01 ----A---- C:\Windows\system32\acmigration.dll

======List of files/folders modified in the last 1 month======

2018-03-11 10:31:09 ----D---- C:\Program Files\trend micro
2018-03-11 10:31:08 ----D---- C:\Windows\TEMP
2018-03-11 10:25:09 ----D---- C:\Windows\system32\catroot2
2018-03-11 10:25:01 ----SHD---- C:\System Volume Information
2018-03-11 10:23:33 ----D---- C:\Program Files\Total Uninstall 6
2018-03-11 10:19:49 ----HD---- C:\ProgramData
2018-03-11 10:19:21 ----RD---- C:\Program Files (x86)
2018-03-11 01:40:00 ----D---- C:\Windows\SYSWOW64\Macromed
2018-03-10 21:16:13 ----D---- C:\Windows\inf
2018-03-10 14:24:41 ----D---- C:\Windows\system32\config
2018-03-10 10:33:47 ----SHD---- C:\Windows\Installer
2018-03-10 10:32:41 ----RD---- C:\Program Files
2018-03-10 10:32:40 ----D---- C:\Program Files\Common Files
2018-03-10 10:32:36 ----D---- C:\Windows\System32
2018-03-10 10:32:14 ----D---- C:\Windows
2018-03-10 10:07:07 ----D---- C:\Windows\SysWOW64
2018-03-10 10:07:07 ----D---- C:\Program Files (x86)\Common Files
2018-03-04 16:22:40 ----D---- C:\Program Files (x86)\TeamViewer
2018-03-04 11:41:11 ----D---- C:\Program Files (x86)\Microsoft Office
2018-03-03 19:09:06 ----D---- C:\ProgramData\WinZip
2018-03-03 19:07:11 ----D---- C:\Program Files\WinZip
2018-03-03 19:07:05 ----D---- C:\Windows\system32\Tasks
2018-03-03 19:06:45 ----A---- C:\Windows\win.ini
2018-02-25 15:47:59 ----AD---- C:\ADCDA2
2018-02-24 16:45:18 ----D---- C:\Windows\system32\drivers
2018-02-24 16:45:13 ----D---- C:\Windows\system32\DriverStore
2018-02-18 17:23:01 ----RSD---- C:\Windows\Fonts
2018-02-18 16:59:34 ----D---- C:\Windows\rescache
2018-02-18 14:18:40 ----D---- C:\Windows\system32\FxsTmp
2018-02-18 13:52:31 ----D---- C:\Windows\winsxs
2018-02-18 13:45:20 ----RSD---- C:\Windows\assembly
2018-02-18 13:36:45 ----D---- C:\Program Files\Common Files\Microsoft Shared
2018-02-18 13:36:36 ----SD---- C:\ProgramData\Microsoft
2018-02-18 13:36:36 ----D---- C:\Program Files (x86)\Microsoft.NET
2018-02-18 13:36:28 ----D---- C:\Program Files (x86)\MSBuild
2018-02-18 12:19:01 ----D---- C:\Program Files (x86)\Mozilla Firefox
2018-02-18 11:27:06 ----D---- C:\Windows\system32\catroot
2018-02-18 11:22:11 ----D---- C:\Windows\debug
2018-02-18 10:54:53 ----D---- C:\Nox
2018-02-15 03:38:42 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-02-15 03:31:30 ----D---- C:\Windows\SYSWOW64\sk-SK
2018-02-15 03:31:30 ----D---- C:\Program Files\Internet Explorer
2018-02-15 03:31:29 ----D---- C:\Windows\SYSWOW64\en-US
2018-02-15 03:31:29 ----D---- C:\Windows\system32\sk-SK
2018-02-15 03:31:29 ----D---- C:\Windows\system32\en-US
2018-02-15 03:31:27 ----D---- C:\Windows\system32\Boot
2018-02-15 03:31:27 ----D---- C:\Windows\system32\appraiser
2018-02-15 03:31:27 ----D---- C:\Windows\AppPatch
2018-02-15 03:31:27 ----D---- C:\Program Files (x86)\Internet Explorer
2018-02-15 03:15:50 ----D---- C:\Windows\system32\MRT
2018-02-15 03:15:03 ----D---- C:\Windows\Microsoft.NET
2018-02-15 03:11:29 ----AC---- C:\Windows\system32\MRT-KB890830.exe
2018-02-15 03:11:15 ----AC---- C:\Windows\system32\MRT.exe
2018-02-15 03:05:11 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2018-01-01 213736]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 adgnetworkwfpdrv;adgnetworkwfpdrv; C:\Windows\system32\drivers\adgnetworkwfpdrv.sys [2017-03-27 70384]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 dsnpfd;DeskSoft LightWeight Filter; C:\Windows\system32\DRIVERS\dsnpfd.sys [2017-02-22 37576]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2018-01-19 134368]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2018-01-19 180088]
R1 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2018-01-19 106304]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2016-11-26 27552]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2017-10-05 144656]
R1 YSDrv;VBox Support Driver; \??\C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [2017-10-05 270608]
R3 dtultrascsibus;DAEMON Tools Ultra Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtultrascsibus.sys [2017-01-25 30264]
R3 dtultrausbbus;DAEMON Tools Ultra Virtual USB Bus; C:\Windows\system32\DRIVERS\dtultrausbbus.sys [2017-01-25 47672]
R3 ETDSMBus;ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [2017-08-08 32840]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2016-11-26 15416]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2015-02-20 197408]
R3 P17;SB 5.1 VX; C:\Windows\system32\drivers\P17.sys [2016-11-26 1309696]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2016-12-03 129152]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtlitescsibus.sys [2016-12-22 30264]
S3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus; C:\Windows\system32\DRIVERS\dtliteusbbus.sys [2016-12-22 47672]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2017-11-18 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015.SP1a\WNt600x64\Sandra.sys [2009-08-07 23112]
S3 SmbDrvI;SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [2016-11-26 33960]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2016-12-14 221824]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 tap0901;TAP-Windows Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2016-04-21 27136]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2017-11-18 57856]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 VBoxUSB;VirtualBox USB; C:\Windows\System32\Drivers\VBoxUSB.sys [2017-10-05 131856]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 wdm_usb;wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [2017-06-10 151184]
S3 WinUsb;SAMSUNG Android USB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-04-21 52856]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 ClickToRunSvc;‪Služba Microsoft Office Klikni a spusti‬; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2018-02-22 7962800]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 CTAudSvcService;Creative Audio Service; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [2008-11-18 307200]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2017-12-18 1940584]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2016-11-14 932728]
R2 OkayFreedom VPN Starter Service;OkayFreedom VPN Starter Service; C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe [2018-01-29 358408]
R2 TeamViewer;TeamViewer 12; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2016-11-28 10216688]
R2 WinZip Compression Smart Monitor Service;WinZip Compression Smart Monitor Service; C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe [2017-09-01 495872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-04-21 107656]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-04-21 128648]
S2 CPUMonitor;CPUMonitor; C:\Windows\nssm.exe [2014-08-31 331264]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-04 153168]
S2 WCAssistantService;WC Assistant; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [2018-03-11 25704]
S3 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2017-09-27 83984]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-10 272384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2016-11-26 79360]
S3 Disc Soft Ultra Bus Service;Disc Soft Ultra Bus Service; C:\Users\Peter\DAEMON Tools Ultra\DiscSoftBusServiceUltra.exe [2016-12-12 4854464]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-04 153168]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2018-02-10 116224]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2018-01-24 194512]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015.SP1a\RpcAgentSrv.exe [2015-03-17 73200]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2017-06-10 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------

PureHate44
Návštěvník
Návštěvník
Příspěvky: 154
Registrován: 28 čer 2011 17:49

Re: Poprpsím o preventívku

#2 Příspěvek od PureHate44 »

info.txt logfile of random's system information tool 1.10 2018-03-11 10:31:21

======MBR======

0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F850E0183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731CFE4E11750C807E00800F848A00B280EB845532E48A5600CD135DEB9E813EFE7D55AA756EFF7600E88D007517FAB0D1E664E88300B0DFE660E87C00B0FFE664E87500FBB800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C007409BB0700B40ECD10EBF2F4EBFD2BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000637B9ACB08CB0800008001010007FEFFFF3F00000059E5691800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000055AA

======Uninstall list======

-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{CC3D3A93-C433-4329-AC3A-7EFC52A332C2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{CC3D3A93-C433-4329-AC3A-7EFC52A332C2}\setup.exe" -l0x9 /remove
Adobe Acrobat Reader DC - Slovak-->MsiExec.exe /I{AC76BA86-7AD7-1051-7B44-AC0F074E4100}
Adobe Flash Player 28 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_137_ActiveX.exe -maintain activex
Adobe Flash Player 28 NPAPI-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_137_Plugin.exe -maintain plugin
Adobe Flash Player 28 PPAPI-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_137_pepper.exe -maintain pepperplugin
Adobe Refresh Manager-->MsiExec.exe /I{AC76BA86-0804-1033-1959-001824245926}
Aktualizácie NVIDIA 10.4.0-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.Update
Bonjour-->MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}
BS.Player PRO-->"C:\Program Files (x86)\Webteh\BSplayerPro\uninstall.exe"
bwin Poker-->"C:\Programs\bwincom\bwincomPoker\Uninstall\Setup.exe" App_Type=U
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CountDown ShutDown PC-->"C:\Program Files (x86)\CountDown ShutDown PC\unins000.exe"
Creative Audio Control Panel-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove
Creative Software AutoUpdate-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\setup.exe" -l0x9 /remove
Creative Sound Blaster Properties x64 Edition-->"C:\Program Files (x86)\Creative Installation Information\SBCONTROL64\Setup.exe" /remove /l0x0009
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
DAEMON Tools Ultra-->C:\Users\Peter\DAEMON Tools Ultra\uninst.exe
EAX Unified-->C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\Creative\EAX Unified\Uninst.isu"
ESET Security-->MsiExec.exe /I{B489BC2D-0079-4631-97BF-CA2378299D43}
EZ CD Audio Converter-->C:\Program Files\EZ CD Audio Converter\uninstall.exe
Facebook Gameroom 1.20.6618.42311-->MsiExec.exe /X{CF2C7CB9-1009-4EAA-9033-317F4C4C9DA2}
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\Installer\setup.exe" --uninstall --system-level --verbose-logging
Google Update Helper-->MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
Charles 4.1.3-->MsiExec.exe /X{81045AC5-B1C4-4B5D-8719-9BEB41167F17}
Cheat Engine 6.6-->"C:\Program Files (x86)\Cheat Engine 6.6\unins000.exe"
Cheat Engine 6.7-->"C:\Program Files (x86)\Cheat Engine 6.7\unins000.exe"
InstaTrader-->C:\Program Files (x86)\InstaTrader\uninstall.exe
Microsoft .NET Framework 4.7-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.02053\\Setup.exe /repair /x86 /x64
Microsoft .NET Framework 4.7-->MsiExec.exe /X{BCF0C1F7-671C-3922-A7EA-8AC11F4FC0EB}
Microsoft Office 2016 Professional Plus - sk-sk-->"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" scenario=install scenariosubtype=ARP sourcetype=None productstoremove=ProplusRetail.16_sk-sk_x-none culture=sk-sk version.16=16.0
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{9085041B-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030-->MsiExec.exe /X{37B8F9C7-03FB-3253-8781-2517C99D7C00}
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030-->MsiExec.exe /X{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030-->MsiExec.exe /X{B175520C-86A2-35A7-8619-86DC379688B9}
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030-->MsiExec.exe /X{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005-->MsiExec.exe /X{929FBD26-9020-399B-9A7A-751D61F0B942}
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005-->MsiExec.exe /X{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005-->MsiExec.exe /X{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005-->MsiExec.exe /X{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}
Microsoft XNA Framework Redistributable 3.0-->MsiExec.exe /I{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}
Microsoft XNA Framework Redistributable 3.1-->MsiExec.exe /I{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}
Movie Maker-->MsiExec.exe /X{38F03569-A636-4CF3-BDDE-032C8C251304}
Movie Maker-->MsiExec.exe /X{DD67BE4B-7E62-4215-AFA3-F123A800A389}
Mozilla Firefox 58.0 (x64 sk)-->"C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
MSVCRT110-->MsiExec.exe /I{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}
NVIDIA Softvér systému s podporou technológie PhysX 9.17.0524-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.PhysX
Office 16 Click-to-Run Licensing Component-->MsiExec.exe /I{90160000-008F-0000-1000-0000000FF1CE}
OkayFreedom-->C:\Program Files (x86)\OkayFreedom\uninstall.exe
OpenOffice 4.1.5-->MsiExec.exe /I{E177AC33-EC9C-4537-8996-37ED331D9227}
Photo Gallery-->MsiExec.exe /X{07AAB66E-4718-422D-9218-4AFB3C922A71}
Scorpions WinCheater-->"C:\Program Files (x86)\Scorpions WinCheater\unins000.exe"
SiSoftware Sandra Lite 2015.SP1a-->"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015.SP1a\unins000.exe"
TeamViewer 12-->"C:\Program Files (x86)\TeamViewer\uninstall.exe"
Total Commander 64-bit (Remove or Repair)-->c:\totalcmd\tcunin64.exe
Total Commander verze 9.12-->"C:\Program Files (x86)\Total Commander\unins000.exe"
Total Uninstall 6.21.1-->"C:\Program Files\Total Uninstall 6\unins000.exe"
Update for Microsoft .NET Framework 4.7 (KB4040973)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.02053\setup.exe /uninstallpatch {801C6191-4F3A-3022-A6A7-D38E232F6B2D}
Update for Microsoft .NET Framework 4.7 (KB4041778)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.02053\setup.exe /uninstallpatch {EBC83DB1-5975-37D2-A829-889EE07FA0BB}
Update for Microsoft .NET Framework 4.7 (KB4043764)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.02053\setup.exe /uninstallpatch {1C26814D-CC59-36CD-B920-481F9AC80275}
Update for Microsoft .NET Framework 4.7 (KB4054981)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.02053\setup.exe /uninstallpatch {A26555D3-DE84-3EB1-9B87-CA8241845A68}
Update for Microsoft .NET Framework 4.7 (KB4055002)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.02053\setup.exe /uninstallpatch {C68951E2-20EC-3D45-BEB3-519551729641}
Update for Microsoft .NET Framework 4.7 (KB4074880)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.02053\setup.exe /uninstallpatch {868975F6-B682-3803-BE5D-F2EB03871E2D}
VLC media player-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Web Companion-->C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe --uninstall
Winamp-->"C:\Program Files (x86)\Winamp\UninstWA.exe"
Windows Driver Package - BigNox Corporation (VBoxUSB) USB (01/20/2017 4.3.12)-->C:\PROGRA~1\DIFX\E3D65C983ED574BF\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\vboxusb.inf_amd64_neutral_8f0a8d22e0ce9684\vboxusb.inf
Windows Driver Package - BigNox Corporation VBoxUSBMon System (01/20/2017 4.3.12)-->C:\PROGRA~1\DIFX\E3D65C983ED574BF\DPInst.exe /u C:\Windows\system32\DRVSTORE\vboxusbmon_915377DDCEBE585EADC13CDA6AF90F7C43DEDE93\vboxusbmon.inf
Windows Live Installer-->MsiExec.exe /I{659CB81C-B54E-4DF1-B618-F35777393A54}
Windows Live Photo Common-->MsiExec.exe /X{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}
Windows Live SOXE-->MsiExec.exe /I{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}
Windows Live UX Platform-->MsiExec.exe /I{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}
Windows Movie Maker 2016-->"C:\Program Files (x86)\Windows Movie Maker\unins000.exe"
WinZip 22.0-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C24119}
XChat 2 (remove only)-->"C:\Program Files (x86)\xchat\uninstall.exe"

======Hosts File======


127.0.0.1 localhost
::1 localhost
127.0.0.1 acdid.acdsystems.com

======System event log======

Computer Name: Peter-PC
Event Code: 12
Message: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
Record Number: 58696
Source Name: Microsoft-Windows-HAL
Time Written: 20170729085257.810093-000
Event Type: Error
User:

Computer Name: Peter-PC
Event Code: 12
Message: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
Record Number: 58404
Source Name: Microsoft-Windows-HAL
Time Written: 20170728065028.969885-000
Event Type: Error
User:

Computer Name: Peter-PC
Event Code: 1014
Message: Name resolution for the name www.nabytek-detsky.com timed out after none of the configured DNS servers responded.
Record Number: 58196
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20170727123052.961735-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: Peter-PC
Event Code: 12
Message: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
Record Number: 58095
Source Name: Microsoft-Windows-HAL
Time Written: 20170726171846.692740-000
Event Type: Error
User:

Computer Name: Peter-PC
Event Code: 1014
Message: Name resolution for the name pcbuh.scnet.cz timed out after none of the configured DNS servers responded.
Record Number: 58090
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20170726170100.666597-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

=====Application event log=====

Computer Name: Peter-PC
Event Code: 3006
Message: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Record Number: 232
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20161126151305.017391-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Peter-PC
Event Code: 3006
Message: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Record Number: 230
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20161126151304.954990-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Peter-PC
Event Code: 1008
Message: Služba Windows Search sa spúšťa a pokúša sa odstrániť starý index hľadania. {Dôvod: Full Index Reset}.

Record Number: 207
Source Name: Microsoft-Windows-Search
Time Written: 20161126150944.000000-000
Event Type: Warning
User:

Computer Name: 37L4247E29-32
Event Code: 8193
Message: Vytvorenie bodu obnovenia zlyhalo. (Proces = C:\Windows\system32\svchost.exe -k netsvcs; Popis = Windows Update; Chyba = 0x80042318).
Record Number: 199
Source Name: System Restore
Time Written: 20161126150436.000000-000
Event Type: Error
User:

Computer Name: 37L4247E29-32
Event Code: 12347
Message: Volume Shadow Copy Service error: An internal inconsistency was detected in trying to contact shadow copy service writers. The Registry Writer failed to respond to a query from VSS. Check to see that the Event Service and Volume Shadow Copy Service are operating properly, and please check the Application event log for any other events.

Operation:
Gathering Writer Data
Executing Asynchronous Operation

Context:
Execution Context: Requestor
Current State: GatherWriterMetadata
Record Number: 198
Source Name: VSS
Time Written: 20161126150436.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Peter-PC
Event Code: 4907
Message: Auditing settings on object were changed.

Subject:
Security ID: S-1-5-18
Account Name: PETER-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Object:
Object Server: Security
Object Type: File
Object Name: C:\Windows\System32\apisetschema.dll
Handle ID: 0x18

Process Information:
Process ID: 0xfe4
Process Name: C:\Windows\System32\poqexec.exe

Auditing Settings:
Original Security Descriptor:
New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 600885
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20180215023127.042645-000
Event Type: Audit Success
User:

Computer Name: Peter-PC
Event Code: 4907
Message: Auditing settings on object were changed.

Subject:
Security ID: S-1-5-18
Account Name: PETER-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Object:
Object Server: Security
Object Type: File
Object Name: C:\Windows\System32\winload.efi
Handle ID: 0x18

Process Information:
Process ID: 0xfe4
Process Name: C:\Windows\System32\poqexec.exe

Auditing Settings:
Original Security Descriptor:
New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 600884
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20180215023127.042645-000
Event Type: Audit Success
User:

Computer Name: Peter-PC
Event Code: 4907
Message: Auditing settings on object were changed.

Subject:
Security ID: S-1-5-18
Account Name: PETER-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Object:
Object Server: Security
Object Type: File
Object Name: C:\Windows\System32\appraiser\Appraiser_TelemetryRunList.xml
Handle ID: 0x18

Process Information:
Process ID: 0xfe4
Process Name: C:\Windows\System32\poqexec.exe

Auditing Settings:
Original Security Descriptor:
New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 600883
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20180215023127.011445-000
Event Type: Audit Success
User:

Computer Name: Peter-PC
Event Code: 4907
Message: Auditing settings on object were changed.

Subject:
Security ID: S-1-5-18
Account Name: PETER-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Object:
Object Server: Security
Object Type: File
Object Name: C:\Windows\System32\appraiser\Appraiser_Data.ini
Handle ID: 0x18

Process Information:
Process ID: 0xfe4
Process Name: C:\Windows\System32\poqexec.exe

Auditing Settings:
Original Security Descriptor:
New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 600882
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20180215023126.995845-000
Event Type: Audit Success
User:

Computer Name: Peter-PC
Event Code: 4907
Message: Auditing settings on object were changed.

Subject:
Security ID: S-1-5-18
Account Name: PETER-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Object:
Object Server: Security
Object Type: File
Object Name: C:\Windows\System32\appraiser\appraiser.sdb
Handle ID: 0x18

Process Information:
Process ID: 0xfe4
Process Name: C:\Windows\System32\poqexec.exe

Auditing Settings:
Original Security Descriptor:
New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 600881
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20180215023126.995845-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"SAN_DIR"=C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015.SP1a
"GPU_MAX_ALLOC_PERCENT"=100
"ProgramData"=C:\ProgramData

-----------------EOF-----------------

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Poprpsím o preventívku

#3 Příspěvek od Conder »

Ahoj :)

:arrow: Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
  • Uloz na plochu a ukonci vsetky programy
  • Spusti AdwCleaner ako spravca
  • Odsuhlas licencne podmienky
  • Klikni na Scan (Skenovanie) a pockaj na dokoncenie
  • Klikni na Clean (Cistenie) a potvrd kliknutim na OK
  • AdwCleaner si vyziada restart PC, potvrd kliknutim na Restart Now (Restartovat teraz)
  • Po dokonceni a restartovani PC vyskoci log, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

PureHate44
Návštěvník
Návštěvník
Příspěvky: 154
Registrován: 28 čer 2011 17:49

Re: Poprpsím o preventívku

#4 Příspěvek od PureHate44 »

Takže po scane my vyhodilo tento log
# AdwCleaner 7.0.8.0 - Logfile created on Fri Mar 16 19:31:54 2018
# Updated on 2018/08/02 by Malwarebytes
# Database: 2018-03-14.3
# Running on Windows 7 Professional (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy, C:\ProgramData\lavasoft\web companion
PUP.Optional.Legacy, C:\ProgramData\Application Data\lavasoft\web companion
PUP.Optional.Legacy, C:\Program Files (x86)\lavasoft\web companion
PUP.Optional.Legacy, C:\Users\All Users\lavasoft\web companion
PUP.Optional.Legacy, C:\Program Files\WinZip\WinZip Smart Monitor


***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Optional.Legacy, Driver Booster Scheduler


***** [ Registry ] *****

PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Lavasoft\Web Companion
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.InstallCore, [Key] - HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\Software\csastats
PUP.Optional.InstallCore, [Key] - HKCU\Software\csastats


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C1].txt - [2700 B] - [2016/4/30 12:6:27]
C:/AdwCleaner/AdwCleaner[C2].txt - [2283 B] - [2016/9/10 18:20:6]
C:/AdwCleaner/AdwCleaner[C3].txt - [5437 B] - [2016/11/18 20:8:58]
C:/AdwCleaner/AdwCleaner[C4].txt - [10900 B] - [2016/11/22 18:30:52]
C:/AdwCleaner/AdwCleaner[C5].txt - [2009 B] - [2016/12/29 18:54:56]
C:/AdwCleaner/AdwCleaner[C6].txt - [2436 B] - [2017/6/11 19:43:2]
C:/AdwCleaner/AdwCleaner[S10].txt - [2959 B] - [2017/1/20 13:27:12]
C:/AdwCleaner/AdwCleaner[S11].txt - [2458 B] - [2017/6/11 19:42:51]
C:/AdwCleaner/AdwCleaner[S1].txt - [2775 B] - [2016/4/30 12:3:52]
C:/AdwCleaner/AdwCleaner[S3].txt - [2338 B] - [2016/9/10 18:19:39]
C:/AdwCleaner/AdwCleaner[S4].txt - [5264 B] - [2016/11/18 20:6:1]
C:/AdwCleaner/AdwCleaner[S5].txt - [13560 B] - [2016/11/22 18:25:30]
C:/AdwCleaner/AdwCleaner[S6].txt - [13582 B] - [2016/11/22 18:29:2]
C:/AdwCleaner/AdwCleaner[S7].txt - [1398 B] - [2015/3/25 20:32:4]
C:/AdwCleaner/AdwCleaner[S8].txt - [2363 B] - [2015/4/18 11:58:43]
C:/AdwCleaner/AdwCleaner[S9].txt - [2144 B] - [2016/12/29 18:54:39]


########## EOF - C:\AdwCleaner\AdwCleaner[S10].txt ##########
Dal som clean a vyskočila na mňa táto chyba: ,,Caught unhadled unknowexeption terminating,, a zamrzlo.
Samozrejme som to skúšal v núdzovom režime a bez zmeny :(

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Poprpsím o preventívku

#5 Příspěvek od Conder »

:arrow: Poprosim o obidva logy z FRST podla tohto navodu (FRST.txt a Addition.txt): https://forum.viry.cz/viewtopic.php?f=13&t=152707

:arrow: V pripade, ze sa FRSTLauncher nebude dat stiahnut alebo spustit, pouzi iba samotny FRST.

:arrow: Ak sa logy nezmestia do jedneho prispevku, zabal ich do archivu RAR alebo ZIP a posli ako prilohu.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

PureHate44
Návštěvník
Návštěvník
Příspěvky: 154
Registrován: 28 čer 2011 17:49

Re: Poprpsím o preventívku

#6 Příspěvek od PureHate44 »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Peter (administrator) on PETER-PC (17-03-2018 08:31:55)
Running from C:\Users\Peter\Desktop
Loaded Profiles: Peter (Available Profiles: Peter)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow64.exe
(Spotify Ltd) C:\Users\Peter\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Steganos Software GmbH) C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 19\Program32\ZPSTray.exe
(Steganos Software GmbH) C:\Program Files (x86)\OkayFreedom\Notifier.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Steganos Software GmbH) C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe
(IObit) C:\Users\Peter\AppData\Local\Temp\is-5G3OS.tmp-dbinst\IObit\Driver Booster\5.2.0\Scheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Peter\Desktop\FRST-OlderVersion\FRSTLauncher.exe
(IObit) C:\Users\Peter\AppData\Local\Temp\is-5G3OS.tmp-dbinst\IObit\Driver Booster\5.2.0\Pub\PubMonitor.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1793736 2015-02-20] (NVIDIA Corporation)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2047744 2017-12-11] (WinZip)
HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [123848 2017-12-11] (WinZip Computing, S.L.)
HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [436416 2017-12-11] (WinZip Computing, S.L.)
HKLM-x32\...\Run: [OKAYFREEDOM Notifier] => C:\Program Files (x86)\OkayFreedom\Notifier.exe [4201464 2018-01-29] (Steganos Software GmbH)
HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\Run: [Spotify Web Helper] => C:\Users\Peter\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-12-02] (Spotify Ltd)
HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\Run: [OKAYFREEDOM_Agent] => C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe [6267384 2018-01-29] (Steganos Software GmbH)
HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10290608 2018-02-07] (Piriform Ltd)
HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\Run: [SharewareOnSale Notifier] => \SharewareOnSale Notifier\SharewareOnSale Notifier.exe
HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 19\Program32\ZPSTRAY.EXE [575952 2018-02-02] (ZONER software)
HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\Policies\system: [EnableLUA] 1
HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1762337417-2231521048-3039012980-1000] => http=127.0.0.1:8888;https=127.0.0.1:8888
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{198A64C8-8290-44FF-AFFC-CC0451C43693}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-1762337417-2231521048-3039012980-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - No File
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - No File
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - No File
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - No File

FireFox:
========
FF DefaultProfile: o6yasy6y.default-1506712320144
FF ProfilePath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\o6yasy6y.default-1506712320144 [2018-03-17]
FF user.js: detected! => C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\o6yasy6y.default-1506712320144\user.js [2017-11-18]
FF Extension: (OkayFreedom) - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\o6yasy6y.default-1506712320144\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi [2017-04-11]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-16] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-16] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-04] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://search.searchytdvta.com/s?remove=remove&query={searchTerms}
CHR Profile: C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default [2018-03-17]
CHR Extension: (Prezentácie) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Dokumenty) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Disk Google) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-20]
CHR Extension: (YouTube) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-20]
CHR Extension: (Adblock Plus) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-01-27]
CHR Extension: (Adobe Acrobat) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-30]
CHR Extension: (Who Deleted Me - Unfriend Finder) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiepnnbjenknnjgabbodaihlnkkpkgll [2017-08-04]
CHR Extension: (Tabuľky) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-20]
CHR Extension: (Save to Facebook) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2017-09-26]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Midnight Lizard) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbnndmlekkboofhnbonilimejonapojg [2018-01-11]
CHR Extension: (Gmail) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-20]
CHR Extension: (Chrome Media Router) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-10]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - <no Path/update_url>
CHR HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlhpijolpcimadhjingadnbcjncmjdce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iinglghmhcgdgjjlafobajghjamdchik] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7962288 2018-03-12] (Microsoft Corporation)
S2 CPUMonitor; C:\Windows\nssm.exe [331264 2014-08-31] () [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2016-11-26] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
S3 Disc Soft Ultra Bus Service; C:\Users\Peter\DAEMON Tools Ultra\DiscSoftBusServiceUltra.exe [4854464 2016-12-12] (Disc Soft Ltd)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-08-02] (McAfee, Inc.)
S3 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-04-26] (McAfee, Inc.)
R2 OkayFreedom VPN Starter Service; C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe [358408 2018-01-29] (Steganos Software GmbH)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015.SP1a\RpcAgentSrv.exe [73200 2015-03-17] (SiSoftware) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10216688 2016-11-28] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WinZip Compression Smart Monitor Service; C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe [495872 2017-09-01] ()

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 adgnetworkwfpdrv; C:\Windows\System32\drivers\adgnetworkwfpdrv.sys [70384 2017-03-27] ()
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [129152 2016-12-03] (Samsung Electronics Co., Ltd.)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-12-22] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-12-22] (Disc Soft Ltd)
R3 dtultrascsibus; C:\Windows\System32\DRIVERS\dtultrascsibus.sys [30264 2017-01-25] (Disc Soft Ltd)
R3 dtultrausbbus; C:\Windows\System32\DRIVERS\dtultrausbbus.sys [47672 2017-01-25] (Disc Soft Ltd)
S3 ETDSMBus; C:\Windows\System32\DRIVERS\ETDSMBus.sys [32840 2017-08-08] (ELAN Microelectronic Corp.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-11-26] (REALiX(tm))
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2016-08-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-08-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [843048 2016-08-02] (McAfee, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2016-11-26] ()
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015.SP1a\WNt600x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [51808 2018-03-16] (Synaptics Incorporated)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [221824 2016-12-14] (Samsung Electronics Co., Ltd.)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [131856 2017-10-05] (BigNox Corporation)
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [144656 2017-10-05] (BigNox Corporation)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [151184 2017-06-10] (MBB)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [270608 2017-10-05] (BigNox Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-17 08:31 - 2018-03-17 08:32 - 000015434 _____ C:\Users\Peter\Desktop\FRST.txt
2018-03-17 08:31 - 2018-03-17 08:31 - 000000000 ____D C:\Users\Peter\Desktop\FRST-OlderVersion
2018-03-17 08:30 - 2018-03-17 08:30 - 000112640 _____ (forum.viry.cz) C:\Users\Peter\Downloads\FRSTLauncher.exe
2018-03-17 08:29 - 2018-03-17 08:29 - 002403328 _____ (Farbar) C:\Users\Peter\Downloads\FRST64 (1).exe
2018-03-17 08:27 - 2018-03-17 08:27 - 000000000 ____D C:\Windows\SysWOW64\矏㔼矒➒瘛
2018-03-16 20:44 - 2018-03-16 20:44 - 000000000 ____D C:\Windows\SysWOW64\瞞㔼瞡➒県
2018-03-16 20:28 - 2018-03-16 20:28 - 000057230 _____ C:\Windows\ntbtlog.txt
2018-03-16 20:25 - 2018-03-16 20:25 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-03-16 20:18 - 2018-03-16 20:18 - 002364880 _____ C:\Users\Peter\Downloads\SharewareOnSale_Giveaway_Driver_Booster_5_PRO_hub (3).exe
2018-03-16 20:18 - 2018-03-16 20:18 - 002364880 _____ C:\Users\Peter\Downloads\SharewareOnSale_Giveaway_Driver_Booster_5_PRO_hub (2).exe
2018-03-16 20:12 - 2018-03-16 20:12 - 002364880 _____ C:\Users\Peter\Downloads\SharewareOnSale_Giveaway_Driver_Booster_5_PRO_hub (1).exe
2018-03-16 20:08 - 2018-03-16 20:08 - 001804688 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2018-03-16 20:08 - 2018-03-16 20:08 - 000051808 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2018-03-16 20:05 - 2018-03-17 08:27 - 000003316 _____ C:\Windows\System32\Tasks\Driver Booster Scheduler
2018-03-16 20:05 - 2018-03-16 20:25 - 000002744 _____ C:\Users\Peter\Desktop\Driver Booster 5.lnk
2018-03-16 20:05 - 2018-03-16 20:06 - 000000000 ____D C:\IObit
2018-03-16 20:05 - 2018-03-16 20:05 - 000000000 ____D C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Booster 5
2018-03-16 20:05 - 2018-03-16 20:05 - 000000000 ____D C:\ProductData
2018-03-16 20:03 - 2018-03-16 20:04 - 019824372 _____ C:\Users\Peter\Downloads\SharewareOnSale_Giveaway_Driver_Booster_5_PRO.zip
2018-03-16 20:03 - 2018-03-16 20:03 - 002364880 _____ C:\Users\Peter\Downloads\SharewareOnSale_Giveaway_Driver_Booster_5_PRO_hub.exe
2018-03-16 20:01 - 2018-03-16 20:02 - 008222496 _____ (Malwarebytes) C:\Users\Peter\Downloads\adwcleaner_7.0.8.0.exe
2018-03-14 19:36 - 2018-02-13 19:17 - 000136384 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-03-14 19:36 - 2018-02-13 19:10 - 000655872 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-03-14 19:36 - 2018-02-13 15:05 - 001994752 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-03-14 19:36 - 2018-02-13 15:05 - 001560064 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-03-14 19:36 - 2018-02-13 15:05 - 000740864 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-03-14 19:36 - 2018-02-13 15:05 - 000600576 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-03-14 19:36 - 2018-02-13 15:05 - 000451072 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-03-14 19:36 - 2018-02-13 15:05 - 000380928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-03-14 19:36 - 2018-02-13 15:05 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-03-14 19:36 - 2018-02-13 15:05 - 000237568 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-03-11 20:20 - 2018-03-11 20:26 - 1290103944 _____ C:\Users\Peter\Downloads\DCs.Legends.of.Tomorrow.S03E12.720p.HDTV.x264-AVS.mkv
2018-03-11 20:09 - 2018-03-11 20:09 - 001026464 _____ C:\Users\Peter\Downloads\IST_2000R_ukázka (1).pdf
2018-03-11 19:51 - 2018-03-11 19:51 - 001026464 _____ C:\Users\Peter\Downloads\IST_2000R_ukázka.pdf
2018-03-11 13:04 - 2018-03-11 13:18 - 000000000 ____D C:\Users\Peter\Downloads\Odpovede
2018-03-11 12:59 - 2018-03-11 12:59 - 000000000 ____D C:\Users\Peter\AppData\Roaming\Zoner
2018-03-11 12:59 - 2018-03-11 12:59 - 000000000 ____D C:\Users\Peter\AppData\Local\Zoner
2018-03-11 12:58 - 2018-03-11 13:01 - 000002139 _____ C:\Users\Peter\Desktop\Zoner Photo Studio X.lnk
2018-03-11 12:58 - 2018-03-11 12:58 - 000002006 _____ C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Zoner Photo Studio X.lnk
2018-03-11 12:58 - 2018-03-11 12:58 - 000000000 ____D C:\Program Files\Zoner
2018-03-11 12:57 - 2018-02-28 14:55 - 000000000 ____D C:\Users\Peter\Downloads\Zoner Photo Studio X v19.1802.2.51 SK
2018-03-11 12:56 - 2018-03-11 12:57 - 087449662 _____ C:\Users\Peter\Downloads\kapitola236.rar
2018-03-11 12:18 - 2018-03-11 12:19 - 003114288 _____ (BitTorrent Inc.) C:\Users\Peter\Downloads\uTorrent.exe
2018-03-11 11:28 - 2018-03-11 11:28 - 008379024 _____ (McAfee, Inc.) C:\Users\Peter\Downloads\SharewareOnSale_Giveaway_McAfee_Internet_Security_2017.exe
2018-03-11 11:28 - 2018-03-11 11:28 - 000000000 ____D C:\Program Files\Common Files\McAfee
2018-03-11 11:28 - 2016-04-26 17:56 - 000277744 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2018-03-11 11:27 - 2018-03-11 11:27 - 002384424 _____ C:\Users\Peter\Downloads\SharewareOnSale_Giveaway_McAfee_Internet_Security_2017_hub.exe
2018-03-11 11:27 - 2018-03-11 11:27 - 000000000 ____D C:\SharewareOnSale Notifier
2018-03-11 10:31 - 2018-03-11 10:31 - 000000000 ____D C:\rsit
2018-03-11 10:30 - 2018-03-11 10:30 - 001222144 _____ C:\Users\Peter\Downloads\RSITx64.exe
2018-03-11 10:29 - 2018-03-11 10:29 - 000016743 _____ C:\Users\Peter\Downloads\[CzT]Spotify_Music_v_5_9_0_732_2016_EN_Android_.torrent
2018-03-11 10:26 - 2018-03-11 10:26 - 003062024 _____ (BitTorrent Inc.) C:\Users\Peter\Downloads\BitTorrent.exe
2018-03-11 10:19 - 2018-03-16 20:32 - 000000000 ____D C:\ProgramData\Lavasoft
2018-03-11 10:19 - 2018-03-16 20:32 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2018-03-11 10:19 - 2018-03-16 20:13 - 000000000 ____D C:\Lavasoft
2018-03-11 10:19 - 2018-03-11 10:19 - 000000000 ____D C:\Users\Peter\AppData\Local\Lavasoft
2018-03-10 13:25 - 2018-03-10 13:25 - 000000000 ____D C:\Users\Peter\Downloads\Psychotesty - k prijatiu do polície
2018-03-10 11:49 - 2018-03-10 12:03 - 1579989426 _____ C:\Users\Peter\Downloads\01x01.rar
2018-03-10 11:48 - 2018-03-10 12:01 - 1567360233 _____ C:\Users\Peter\Downloads\02 - Super (4.3. 2018).mp4
2018-03-10 10:32 - 2018-03-10 10:34 - 173457082 _____ C:\Users\Peter\Downloads\ACD.Systems.ACDSee.Photo.Studio.Ultimate.2018.v11.1.1272.x64.Incl.Keymaker-CORE.rar
2018-03-10 10:14 - 2018-03-10 10:14 - 000000000 ____D C:\ProgramData\ACD Systems
2018-03-10 10:07 - 2018-03-10 10:07 - 000000000 ____D C:\Program Files (x86)\ACD Systems
2018-03-10 10:03 - 2018-03-10 10:03 - 000000000 ____D C:\ProgramData\Apple
2018-03-10 10:03 - 2018-03-10 10:03 - 000000000 ____D C:\Program Files\Bonjour
2018-03-10 10:03 - 2018-03-10 10:03 - 000000000 ____D C:\Program Files (x86)\Bonjour
2018-03-10 09:59 - 2018-03-10 09:59 - 000966928 _____ C:\Users\Peter\Downloads\acdsee.exe
2018-03-10 09:17 - 2018-03-10 09:17 - 000000000 ____D C:\Users\Peter\AppData\LocalLow\WINZIP_W3d70
2018-03-10 08:57 - 2018-03-10 08:57 - 000000000 ____D C:\Users\Peter\Downloads\updates
2018-03-10 08:57 - 2018-03-10 08:57 - 000000000 ____D C:\Users\Peter\Downloads\share
2018-03-04 14:51 - 2018-03-04 14:51 - 000306786 _____ C:\Users\Peter\Downloads\DPFOB-17-print-edit-save STANKA (1).pdf
2018-03-04 12:18 - 2018-03-04 12:19 - 000306786 _____ C:\Users\Peter\Downloads\DPFOB-17-print-edit-save STANKA.pdf
2018-03-03 19:09 - 2018-03-10 09:28 - 000000000 ____D C:\Users\Peter\AppData\Local\WinZip
2018-03-03 19:07 - 2018-03-03 19:07 - 000003404 _____ C:\Windows\System32\Tasks\WinZip Update Notifier
2018-03-03 19:06 - 2018-03-03 19:06 - 000001921 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip.lnk
2018-03-03 19:06 - 2018-03-03 19:06 - 000001821 _____ C:\Users\Public\Desktop\WinZip.lnk
2018-03-03 19:06 - 2018-03-03 19:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 22.0
2018-03-03 08:25 - 2018-03-03 08:25 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-03-03 08:25 - 2018-03-03 08:25 - 000002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-03-03 08:25 - 2018-03-03 08:25 - 000000824 _____ C:\Users\Peter\Desktop\CCleaner.lnk
2018-03-03 08:25 - 2018-03-03 08:25 - 000000000 ____D C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-03-03 08:24 - 2018-03-03 08:25 - 000000000 ____D C:\Program Files\CCleaner
2018-02-25 15:47 - 2018-02-25 15:47 - 045283912 _____ C:\Users\Peter\Downloads\Psychotesty - k prijatiu do polície.rar
2018-02-24 13:02 - 2018-02-24 13:02 - 000020914 _____ C:\Users\Peter\Downloads\Životopis-Peter-Preták.odt
2018-02-18 17:45 - 2018-02-18 17:45 - 000002486 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2018-02-18 17:45 - 2018-02-18 17:45 - 000002408 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-02-18 17:45 - 2018-02-18 17:45 - 000002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2018-02-18 17:45 - 2018-02-18 17:45 - 000002403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2018-02-18 17:45 - 2018-02-18 17:45 - 000002398 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2018-02-18 17:45 - 2018-02-18 17:45 - 000002372 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2018-02-18 17:45 - 2018-02-18 17:45 - 000002364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2018-02-18 17:45 - 2018-02-18 17:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje balíka Microsoft Office 2016
2018-02-18 16:20 - 2018-02-18 16:20 - 000002511 _____ C:\Users\Peter\Desktop\JDownloader 2.lnk
2018-02-18 16:20 - 2018-02-18 16:20 - 000000000 ____D C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2018-02-18 13:46 - 2018-02-18 13:46 - 000000000 ____D C:\Windows\OpenOffice
2018-02-18 13:44 - 2018-02-18 13:45 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.5
2018-02-18 13:44 - 2018-02-18 13:44 - 000001100 _____ C:\Users\Public\Desktop\OpenOffice 4.1.5.lnk
2018-02-18 13:43 - 2018-02-18 13:44 - 000000000 ____D C:\Program Files (x86)\OpenOffice 4
2018-02-18 13:39 - 2018-02-18 13:39 - 000000000 ____D C:\Users\Peter\Desktop\OpenOffice 4.1.5 (sk) Installation Files
2018-02-18 12:36 - 2018-02-18 12:36 - 000000000 ____D C:\Users\Peter\Downloads\Office 2007 + SP3
2018-02-18 12:19 - 2018-02-18 12:19 - 000011573 _____ C:\Users\Peter\Downloads\docx (2)
2018-02-18 12:10 - 2018-02-18 13:37 - 000000000 ____D C:\Program Files\Microsoft Office
2018-02-18 11:34 - 2018-02-18 11:34 - 000000000 ____D C:\Program Files\Microsoft Office 15
2018-02-18 11:13 - 2018-02-18 12:18 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-02-18 10:59 - 2018-02-18 10:59 - 000000000 ____D C:\Users\Peter\Downloads\MicoOffi20132016Insv53
2018-02-18 09:51 - 2018-02-25 15:49 - 000000000 ____D C:\SCANOVANIE
2018-02-17 19:42 - 2018-02-24 14:54 - 000000000 ___RD C:\Users\Peter\Documents\Scanned Documents
2018-02-17 19:42 - 2018-02-17 19:42 - 000000000 ___HD C:\ProgramData\CanonIJScan
2018-02-17 19:42 - 2018-02-17 19:42 - 000000000 ____D C:\Users\Peter\Documents\Fax
2018-02-17 19:10 - 2018-02-17 19:10 - 000000000 ___HD C:\ProgramData\CanonBJ
2018-02-17 19:09 - 2015-03-12 05:00 - 000406528 _____ (CANON INC.) C:\Windows\system32\CNMLMCT.DLL
2018-02-17 19:07 - 2015-01-29 15:35 - 000312320 _____ (CANON INC.) C:\Windows\system32\CNC_CTC.dll
2018-02-17 19:07 - 2015-01-29 15:35 - 000123392 _____ (CANON INC.) C:\Windows\system32\CNC_CTI.dll
2018-02-17 19:07 - 2015-01-29 11:23 - 000387584 _____ (CANON INC.) C:\Windows\system32\CNC_CTL.dll
2018-02-17 19:07 - 2014-12-02 16:01 - 000089088 _____ C:\Windows\system32\CNC178AD.TBL
2018-02-17 19:07 - 2008-08-25 18:02 - 000017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll
2018-02-15 17:39 - 2018-02-15 17:39 - 000004185 _____ C:\Users\Peter\Downloads\IPTV.CZ.SK.Playlist.M3U
2018-02-15 17:34 - 2018-03-10 15:04 - 000000000 ____D C:\vlc
2018-02-15 17:33 - 2018-02-17 19:42 - 000000957 _____ C:\Users\Peter\Desktop\VLC media player.lnk
2018-02-15 17:33 - 2018-02-15 17:33 - 000000000 ____D C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-02-15 17:31 - 2018-02-15 17:32 - 038911168 _____ C:\Users\Peter\Downloads\vlc-3.0.0-win32.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-17 08:31 - 2017-11-05 08:03 - 002403328 _____ (Farbar) C:\Users\Peter\Desktop\FRST64.exe
2018-03-17 08:31 - 2017-11-05 08:00 - 000000000 ____D C:\FRST
2018-03-17 08:27 - 2017-10-01 08:50 - 000002948 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Peter)
2018-03-17 08:22 - 2017-11-30 11:06 - 000000452 _____ C:\Windows\Tasks\Neptune.job
2018-03-17 08:22 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-16 21:01 - 2017-10-22 12:32 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-03-16 21:00 - 2009-07-14 05:45 - 000025760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-16 21:00 - 2009-07-14 05:45 - 000025760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-16 20:49 - 2016-11-26 17:00 - 000000000 ____D C:\Users\Peter\AppData\Roaming\IObit
2018-03-16 20:29 - 2015-03-25 21:30 - 000000000 ____D C:\AdwCleaner
2018-03-16 20:25 - 2016-11-27 21:03 - 000804352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-03-16 20:25 - 2016-11-27 21:03 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-16 20:25 - 2016-11-27 21:03 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-03-16 20:25 - 2016-11-27 21:03 - 000000000 ____D C:\Windows\system32\Macromed
2018-03-16 20:24 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-03-16 20:06 - 2016-11-26 17:00 - 000000000 ____D C:\ProgramData\IObit
2018-03-16 17:20 - 2017-08-23 15:06 - 000000000 ____D C:\Users\Peter\Downloads\d160
2018-03-16 17:19 - 2016-11-30 17:20 - 000000333 _____ C:\Users\Peter\Desktop\mail.txt
2018-03-16 16:35 - 2017-12-12 13:33 - 000000000 ____D C:\Users\Peter\AppData\Local\CrashDumps
2018-03-16 03:22 - 2017-06-11 02:20 - 000000000 ____D C:\Windows\system32\appraiser
2018-03-16 03:07 - 2016-11-26 16:30 - 000000000 ____D C:\Windows\system32\MRT
2018-03-16 03:02 - 2017-10-12 02:09 - 130364688 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-03-16 03:01 - 2016-11-26 16:30 - 130364688 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-03-13 03:05 - 2016-11-26 19:21 - 000765656 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-03-13 03:05 - 2009-07-14 06:13 - 000765656 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-11 10:36 - 2016-11-26 19:51 - 000000000 ____D C:\Users\Peter\AppData\Local\Facebook
2018-03-11 10:31 - 2016-12-27 14:19 - 000000000 ____D C:\Program Files\trend micro
2018-03-11 10:23 - 2018-01-15 08:25 - 000000000 ____D C:\Program Files\Total Uninstall 6
2018-03-10 10:13 - 2017-08-23 14:44 - 000000000 ____D C:\Users\Peter\AppData\Local\Downloaded Installations
2018-03-04 16:22 - 2016-12-13 16:01 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-03-04 16:15 - 2016-11-26 16:20 - 000000000 ____D C:\Users\Peter\AppData\Local\ElevatedDiagnostics
2018-03-03 19:09 - 2017-12-09 09:26 - 000000000 ____D C:\ProgramData\WinZip
2018-03-03 19:07 - 2017-12-09 09:26 - 000000000 ____D C:\Program Files\WinZip
2018-03-03 19:06 - 2009-07-14 03:34 - 000000467 _____ C:\Windows\win.ini
2018-02-25 15:47 - 2016-11-19 11:05 - 000000000 ____D C:\ADCDA2
2018-02-18 17:23 - 2017-12-20 08:27 - 000463384 _____ C:\Windows\system32\FNTCACHE.DAT
2018-02-18 16:59 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\rescache
2018-02-18 15:35 - 2017-12-20 08:30 - 000120704 _____ C:\Users\Peter\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-18 14:18 - 2009-07-14 06:32 - 000000000 ____D C:\Windows\system32\FxsTmp
2018-02-18 13:36 - 2009-07-14 06:32 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-02-18 13:36 - 2009-07-14 04:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-02-18 12:35 - 2016-11-26 16:09 - 000000000 ____D C:\Users\Peter
2018-02-18 12:19 - 2016-11-26 19:49 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-02-18 10:54 - 2018-01-22 13:56 - 000000000 ____D C:\Nox

==================== Files in the root of some directories =======

2002-08-29 18:33 - 2002-08-29 18:33 - 000319488 ____R () C:\Users\Peter\AppData\Roaming\MafiaSetup.exe
2016-11-26 16:41 - 2017-02-21 17:38 - 014438400 _____ () C:\Users\Peter\AppData\Roaming\Sandra.mdb
2017-01-14 17:58 - 2017-01-20 16:37 - 000007597 _____ () C:\Users\Peter\AppData\Local\Resmon.ResmonCfg
2017-01-19 16:47 - 2017-01-19 16:47 - 000000424 _____ () C:\Users\Peter\AppData\Local\UserProducts.xml

Some files in TEMP:
====================
2018-03-10 09:59 - 2018-03-10 10:02 - 204793368 _____ (ACD Systems International Inc.) C:\Users\Peter\AppData\Local\Temp\ACDSee Photo Studio Standard 2018.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Neptune.job => C:\Program Files (x86)\Neptune SystemCare 2017\NeptuneTray.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Peter\Desktop" je 1573 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring
"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Ultra Agent
"C:\Users\Peter\DAEMON Tools Ultra\DTAgent.exe" -autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OKAYFREEDOM Notifier
"C:\Program Files (x86)\OkayFreedom\Notifier.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OKAYFREEDOM_Agent
"C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe" -agent [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify
"C:\Users\Peter\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper
"C:\Users\Peter\AppData\Roaming\Spotify\SpotifyWebHelper.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent
"C:\Users\Peter\AppData\Roaming\uTorrent\uTorrent.exe" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Gameroom.lnk
C:\Users\Peter\AppData\Local\Facebook\Games\FACEBO~2.EXE [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files (x86)\\xchat\\xchat.exe"="C:\\Program Files (x86)\\xchat\\xchat.exe:*:Enabled:XChat IRC Client"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================
Přílohy
Addition.zip
(7.1 KiB) Staženo 101 x

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Poprpsím o preventívku

#7 Příspěvek od Conder »

:arrow: Odporucam odinstalovat vsetky programy od IObit (Driver Booster, Advanced SystemCare, atd.) - su to smejdy, ktore mozu poskodit system. Postupuj nasledovne:
  • Otvor start, napis "rstrui.exe" a otvor program "rstrui.exe" (Obnova systemu)
  • Vyber moznost "Vybrat iny bod obnovenia" a klikni na Dalej
  • V zozname vyber tento bod obnovenia: Driver Booster : SAMSUNG Android ADB Interface
  • Klikni na Dalej, potom na Dokoncit a potvrd kliknutim na Ano
  • Pockaj na dokoncenie obnovy
  • Nasledne cez Ovladaci panel -> Odinstalovat program odinstaluj vsetky programy od IObit
:arrow: Co sa tyka ovladacov, tak tie sa maju stahovat zo stranky vyrobcu zakladnej dosky alebo zo stranky vyrobcu daneho HW (napr. ovladac grafickej karty - nvidia.com alebo amd.com, atd).

:arrow: Nasledne skus opat precistit PC cez AdwCleaner a posli logy.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

PureHate44
Návštěvník
Návštěvník
Příspěvky: 154
Registrován: 28 čer 2011 17:49

Re: Poprpsím o preventívku

#8 Příspěvek od PureHate44 »

- Obnovené, odinštalované, a zas tá istá chyba u Cleaneru (caught unhadled....)

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Poprpsím o preventívku

#9 Příspěvek od Conder »

:arrow: OK, v AdwCleaneri sprav iba Scan a posli log.

:arrow: Vytvor a posli nove logy z FRST.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

PureHate44
Návštěvník
Návštěvník
Příspěvky: 154
Registrován: 28 čer 2011 17:49

Re: Poprpsím o preventívku

#10 Příspěvek od PureHate44 »

# AdwCleaner 7.0.8.0 - Logfile created on Fri Mar 23 16:44:07 2018
# Updated on 2018/08/02 by Malwarebytes
# Database: 2018-03-22.1
# Running on Windows 7 Professional (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy, C:\Program Files\WinZip\WinZip Smart Monitor


***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Lavasoft\Web Companion
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.InstallCore, [Key] - HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\Software\csastats
PUP.Optional.InstallCore, [Key] - HKCU\Software\csastats


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C1].txt - [2700 B] - [2016/4/30 12:6:27]
C:/AdwCleaner/AdwCleaner[C2].txt - [2283 B] - [2016/9/10 18:20:6]
C:/AdwCleaner/AdwCleaner[C3].txt - [5437 B] - [2016/11/18 20:8:58]
C:/AdwCleaner/AdwCleaner[C4].txt - [10900 B] - [2016/11/22 18:30:52]
C:/AdwCleaner/AdwCleaner[C5].txt - [2009 B] - [2016/12/29 18:54:56]
C:/AdwCleaner/AdwCleaner[C6].txt - [2436 B] - [2017/6/11 19:43:2]
C:/AdwCleaner/AdwCleaner[S10].txt - [2911 B] - [2017/1/20 13:27:12]
C:/AdwCleaner/AdwCleaner[S11].txt - [2458 B] - [2017/6/11 19:42:51]
C:/AdwCleaner/AdwCleaner[S1].txt - [2775 B] - [2016/4/30 12:3:52]
C:/AdwCleaner/AdwCleaner[S3].txt - [2338 B] - [2016/9/10 18:19:39]
C:/AdwCleaner/AdwCleaner[S4].txt - [5264 B] - [2016/11/18 20:6:1]
C:/AdwCleaner/AdwCleaner[S5].txt - [13560 B] - [2016/11/22 18:25:30]
C:/AdwCleaner/AdwCleaner[S6].txt - [13582 B] - [2016/11/22 18:29:2]
C:/AdwCleaner/AdwCleaner[S7].txt - [1398 B] - [2015/3/25 20:32:4]
C:/AdwCleaner/AdwCleaner[S8].txt - [2363 B] - [2015/4/18 11:58:43]
C:/AdwCleaner/AdwCleaner[S9].txt - [2144 B] - [2016/12/29 18:54:39]


########## EOF - C:\AdwCleaner\AdwCleaner[S10].txt ##########

PureHate44
Návštěvník
Návštěvník
Příspěvky: 154
Registrován: 28 čer 2011 17:49

Re: Poprpsím o preventívku

#11 Příspěvek od PureHate44 »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Peter (administrator) on PETER-PC (23-03-2018 17:45:15)
Running from C:\Users\Peter\Desktop
Loaded Profiles: Peter (Available Profiles: Peter)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow64.exe
(Spotify Ltd) C:\Users\Peter\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Steganos Software GmbH) C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 19\Program32\ZPSTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Steganos Software GmbH) C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe
(Steganos Software GmbH) C:\Program Files (x86)\OkayFreedom\Notifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1793736 2015-02-20] (NVIDIA Corporation)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2047744 2017-12-11] (WinZip)
HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [123848 2017-12-11] (WinZip Computing, S.L.)
HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [436416 2017-12-11] (WinZip Computing, S.L.)
HKLM-x32\...\Run: [OKAYFREEDOM Notifier] => C:\Program Files (x86)\OkayFreedom\Notifier.exe [4201464 2018-01-29] (Steganos Software GmbH)
HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\Run: [Spotify Web Helper] => C:\Users\Peter\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-12-02] (Spotify Ltd)
HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\Run: [OKAYFREEDOM_Agent] => C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe [6267384 2018-01-29] (Steganos Software GmbH)
HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10290608 2018-02-07] (Piriform Ltd)
HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\Run: [SharewareOnSale Notifier] => \SharewareOnSale Notifier\SharewareOnSale Notifier.exe
HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 19\Program32\ZPSTRAY.EXE [575952 2018-02-02] (ZONER software)
HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\Policies\system: [EnableLUA] 1
HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1762337417-2231521048-3039012980-1000] => http=127.0.0.1:8888;https=127.0.0.1:8888
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{198A64C8-8290-44FF-AFFC-CC0451C43693}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-1762337417-2231521048-3039012980-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - No File
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - No File
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - No File
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - No File

FireFox:
========
FF DefaultProfile: o6yasy6y.default-1506712320144
FF ProfilePath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\o6yasy6y.default-1506712320144 [2018-03-23]
FF user.js: detected! => C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\o6yasy6y.default-1506712320144\user.js [2017-11-18]
FF Extension: (OkayFreedom) - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\o6yasy6y.default-1506712320144\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi [2017-04-11]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-10] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-10] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-04] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://search.searchytdvta.com/s?remove=remove&query={searchTerms}
CHR Profile: C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default [2018-03-23]
CHR Extension: (Prezentácie) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Dokumenty) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Disk Google) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-20]
CHR Extension: (YouTube) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-20]
CHR Extension: (Adblock Plus) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-01-27]
CHR Extension: (Adobe Acrobat) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-30]
CHR Extension: (Who Deleted Me - Unfriend Finder) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiepnnbjenknnjgabbodaihlnkkpkgll [2017-08-04]
CHR Extension: (Tabuľky) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-20]
CHR Extension: (Save to Facebook) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2017-09-26]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Midnight Lizard) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbnndmlekkboofhnbonilimejonapojg [2018-01-11]
CHR Extension: (Gmail) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-20]
CHR Extension: (Chrome Media Router) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-10]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - <no Path/update_url>
CHR HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlhpijolpcimadhjingadnbcjncmjdce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iinglghmhcgdgjjlafobajghjamdchik] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7962800 2018-02-22] (Microsoft Corporation)
S2 CPUMonitor; C:\Windows\nssm.exe [331264 2014-08-31] () [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2016-11-26] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
S3 Disc Soft Ultra Bus Service; C:\Users\Peter\DAEMON Tools Ultra\DiscSoftBusServiceUltra.exe [4854464 2016-12-12] (Disc Soft Ltd)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-08-02] (McAfee, Inc.)
S3 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-04-26] (McAfee, Inc.)
R2 OkayFreedom VPN Starter Service; C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe [358408 2018-01-29] (Steganos Software GmbH)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015.SP1a\RpcAgentSrv.exe [73200 2015-03-17] (SiSoftware) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10216688 2016-11-28] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WinZip Compression Smart Monitor Service; C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe [495872 2017-09-01] ()

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 adgnetworkwfpdrv; C:\Windows\System32\drivers\adgnetworkwfpdrv.sys [70384 2017-03-27] ()
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [129152 2016-12-03] (Samsung Electronics Co., Ltd.)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-12-22] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-12-22] (Disc Soft Ltd)
R3 dtultrascsibus; C:\Windows\System32\DRIVERS\dtultrascsibus.sys [30264 2017-01-25] (Disc Soft Ltd)
R3 dtultrausbbus; C:\Windows\System32\DRIVERS\dtultrausbbus.sys [47672 2017-01-25] (Disc Soft Ltd)
R3 ETDSMBus; C:\Windows\System32\DRIVERS\ETDSMBus.sys [32840 2017-08-08] (ELAN Microelectronic Corp.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-11-26] (REALiX(tm))
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2016-08-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-08-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [843048 2016-08-02] (McAfee, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2016-11-26] ()
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015.SP1a\WNt600x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33960 2016-11-26] (Synaptics Incorporated)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [221824 2016-12-14] (Samsung Electronics Co., Ltd.)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [131856 2017-10-05] (BigNox Corporation)
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [144656 2017-10-05] (BigNox Corporation)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [151184 2017-06-10] (MBB)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [270608 2017-10-05] (BigNox Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-23 17:45 - 2018-03-23 17:45 - 000000000 ____D C:\Users\Peter\Desktop\FRST-OlderVersion
2018-03-23 17:41 - 2018-03-23 17:41 - 008222496 _____ (Malwarebytes) C:\Users\Peter\Downloads\adwcleaner_7.0.8.0 (1).exe
2018-03-23 17:41 - 2018-03-23 17:41 - 008222496 _____ (Malwarebytes) C:\Users\Peter\Desktop\adwcleaner_7.0.8.0 (1).exe
2018-03-23 13:25 - 2018-03-23 13:25 - 000003488 ____N C:\bootsqm.dat
2018-03-23 13:23 - 2018-03-23 13:23 - 000000000 __SHD C:\found.000
2018-03-18 13:45 - 2018-03-18 13:45 - 000383395 _____ C:\Users\Peter\Downloads\TY_KURVA_TY_KURVA_VYJEBANÁ.mp4
2018-03-18 13:16 - 2018-03-18 13:23 - 1587711659 _____ C:\Users\Peter\Downloads\03---Super-11.3.-2018.mp4
2018-03-18 12:42 - 2018-03-18 12:46 - 000009392 _____ C:\Users\Peter\Downloads\Fullwolf6unsensoredHQ.7z.004
2018-03-18 08:19 - 2018-03-18 08:19 - 000000000 ____D C:\Windows\SysWOW64\矜㔼矟➒痑
2018-03-17 09:35 - 2017-06-21 10:18 - 000000000 ____D C:\Users\Peter\Downloads\Ibude Gold Love Lyon
2018-03-17 09:34 - 2018-03-17 09:35 - 117470601 _____ C:\Users\Peter\Downloads\zaloha_28.1_reall.rar
2018-03-17 09:26 - 2018-03-17 09:26 - 000004528 _____ C:\Users\Peter\Downloads\[CzT]RarmaRadio_Pro_v_2_71_9_CZ_SK_.torrent
2018-03-17 08:36 - 2018-03-17 08:36 - 000007270 _____ C:\Users\Peter\Desktop\Addition.zip
2018-03-17 08:32 - 2018-03-17 08:33 - 000024776 _____ C:\Users\Peter\Desktop\Addition.txt
2018-03-17 08:31 - 2018-03-23 17:45 - 000015618 _____ C:\Users\Peter\Desktop\FRST.txt
2018-03-16 20:05 - 2018-03-18 08:24 - 000000000 ____D C:\IObit
2018-03-16 20:05 - 2018-03-16 20:05 - 000000000 ____D C:\ProductData
2018-03-16 20:03 - 2018-03-16 20:03 - 002364880 _____ C:\Users\Peter\Downloads\SharewareOnSale_Giveaway_Driver_Booster_5_PRO_hub.exe
2018-03-16 20:01 - 2018-03-16 20:02 - 008222496 _____ (Malwarebytes) C:\Users\Peter\Downloads\adwcleaner_7.0.8.0.exe
2018-03-14 19:36 - 2018-02-13 19:17 - 000136384 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-03-14 19:36 - 2018-02-13 19:10 - 000655872 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-03-14 19:36 - 2018-02-13 15:05 - 001994752 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-03-14 19:36 - 2018-02-13 15:05 - 001560064 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-03-14 19:36 - 2018-02-13 15:05 - 000740864 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-03-14 19:36 - 2018-02-13 15:05 - 000600576 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-03-14 19:36 - 2018-02-13 15:05 - 000451072 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-03-14 19:36 - 2018-02-13 15:05 - 000380928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-03-14 19:36 - 2018-02-13 15:05 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-03-14 19:36 - 2018-02-13 15:05 - 000237568 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-03-11 20:20 - 2018-03-11 20:26 - 1290103944 _____ C:\Users\Peter\Downloads\DCs.Legends.of.Tomorrow.S03E12.720p.HDTV.x264-AVS.mkv
2018-03-11 20:09 - 2018-03-11 20:09 - 001026464 _____ C:\Users\Peter\Downloads\IST_2000R_ukázka (1).pdf
2018-03-11 19:51 - 2018-03-11 19:51 - 001026464 _____ C:\Users\Peter\Downloads\IST_2000R_ukázka.pdf
2018-03-11 13:04 - 2018-03-11 13:18 - 000000000 ____D C:\Users\Peter\Downloads\Odpovede
2018-03-11 12:59 - 2018-03-11 12:59 - 000000000 ____D C:\Users\Peter\AppData\Roaming\Zoner
2018-03-11 12:59 - 2018-03-11 12:59 - 000000000 ____D C:\Users\Peter\AppData\Local\Zoner
2018-03-11 12:58 - 2018-03-11 13:01 - 000002139 _____ C:\Users\Peter\Desktop\Zoner Photo Studio X.lnk
2018-03-11 12:58 - 2018-03-11 12:58 - 000002006 _____ C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Zoner Photo Studio X.lnk
2018-03-11 12:58 - 2018-03-11 12:58 - 000000000 ____D C:\Program Files\Zoner
2018-03-11 12:57 - 2018-02-28 14:55 - 000000000 ____D C:\Users\Peter\Downloads\Zoner Photo Studio X v19.1802.2.51 SK
2018-03-11 12:56 - 2018-03-11 12:57 - 087449662 _____ C:\Users\Peter\Downloads\kapitola236.rar
2018-03-11 12:18 - 2018-03-11 12:19 - 003114288 _____ (BitTorrent Inc.) C:\Users\Peter\Downloads\uTorrent.exe
2018-03-11 11:28 - 2018-03-11 11:28 - 008379024 _____ (McAfee, Inc.) C:\Users\Peter\Downloads\SharewareOnSale_Giveaway_McAfee_Internet_Security_2017.exe
2018-03-11 11:28 - 2018-03-11 11:28 - 000000000 ____D C:\Program Files\Common Files\McAfee
2018-03-11 11:28 - 2016-04-26 17:56 - 000277744 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2018-03-11 11:27 - 2018-03-11 11:27 - 002384424 _____ C:\Users\Peter\Downloads\SharewareOnSale_Giveaway_McAfee_Internet_Security_2017_hub.exe
2018-03-11 11:27 - 2018-03-11 11:27 - 000000000 ____D C:\SharewareOnSale Notifier
2018-03-11 10:31 - 2018-03-11 10:31 - 000000000 ____D C:\rsit
2018-03-11 10:30 - 2018-03-11 10:30 - 001222144 _____ C:\Users\Peter\Downloads\RSITx64.exe
2018-03-11 10:29 - 2018-03-11 10:29 - 000016743 _____ C:\Users\Peter\Downloads\[CzT]Spotify_Music_v_5_9_0_732_2016_EN_Android_.torrent
2018-03-11 10:26 - 2018-03-11 10:26 - 003062024 _____ (BitTorrent Inc.) C:\Users\Peter\Downloads\BitTorrent.exe
2018-03-11 10:19 - 2018-03-18 08:30 - 000000000 ____D C:\ProgramData\Lavasoft
2018-03-11 10:19 - 2018-03-18 08:30 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2018-03-11 10:19 - 2018-03-16 20:13 - 000000000 ____D C:\Lavasoft
2018-03-11 10:19 - 2018-03-11 10:19 - 000000000 ____D C:\Users\Peter\AppData\Local\Lavasoft
2018-03-10 13:25 - 2018-03-10 13:25 - 000000000 ____D C:\Users\Peter\Downloads\Psychotesty - k prijatiu do polície
2018-03-10 11:49 - 2018-03-10 12:03 - 1579989426 _____ C:\Users\Peter\Downloads\01x01.rar
2018-03-10 11:48 - 2018-03-10 12:01 - 1567360233 _____ C:\Users\Peter\Downloads\02 - Super (4.3. 2018).mp4
2018-03-10 10:32 - 2018-03-10 10:34 - 173457082 _____ C:\Users\Peter\Downloads\ACD.Systems.ACDSee.Photo.Studio.Ultimate.2018.v11.1.1272.x64.Incl.Keymaker-CORE.rar
2018-03-10 10:14 - 2018-03-10 10:14 - 000000000 ____D C:\ProgramData\ACD Systems
2018-03-10 10:07 - 2018-03-10 10:07 - 000000000 ____D C:\Program Files (x86)\ACD Systems
2018-03-10 10:03 - 2018-03-10 10:03 - 000000000 ____D C:\ProgramData\Apple
2018-03-10 10:03 - 2018-03-10 10:03 - 000000000 ____D C:\Program Files\Bonjour
2018-03-10 10:03 - 2018-03-10 10:03 - 000000000 ____D C:\Program Files (x86)\Bonjour
2018-03-10 09:59 - 2018-03-10 09:59 - 000966928 _____ C:\Users\Peter\Downloads\acdsee.exe
2018-03-10 09:17 - 2018-03-10 09:17 - 000000000 ____D C:\Users\Peter\AppData\LocalLow\WINZIP_W3d70
2018-03-10 08:57 - 2018-03-10 08:57 - 000000000 ____D C:\Users\Peter\Downloads\updates
2018-03-10 08:57 - 2018-03-10 08:57 - 000000000 ____D C:\Users\Peter\Downloads\share
2018-03-04 14:51 - 2018-03-04 14:51 - 000306786 _____ C:\Users\Peter\Downloads\DPFOB-17-print-edit-save STANKA (1).pdf
2018-03-04 12:18 - 2018-03-04 12:19 - 000306786 _____ C:\Users\Peter\Downloads\DPFOB-17-print-edit-save STANKA.pdf
2018-03-03 19:09 - 2018-03-10 09:28 - 000000000 ____D C:\Users\Peter\AppData\Local\WinZip
2018-03-03 19:07 - 2018-03-03 19:07 - 000003404 _____ C:\Windows\System32\Tasks\WinZip Update Notifier
2018-03-03 19:06 - 2018-03-03 19:06 - 000001921 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip.lnk
2018-03-03 19:06 - 2018-03-03 19:06 - 000001821 _____ C:\Users\Public\Desktop\WinZip.lnk
2018-03-03 19:06 - 2018-03-03 19:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 22.0
2018-03-03 08:25 - 2018-03-03 08:25 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-03-03 08:25 - 2018-03-03 08:25 - 000002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-03-03 08:25 - 2018-03-03 08:25 - 000000824 _____ C:\Users\Peter\Desktop\CCleaner.lnk
2018-03-03 08:25 - 2018-03-03 08:25 - 000000000 ____D C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-03-03 08:24 - 2018-03-03 08:25 - 000000000 ____D C:\Program Files\CCleaner
2018-02-25 15:47 - 2018-02-25 15:47 - 045283912 _____ C:\Users\Peter\Downloads\Psychotesty - k prijatiu do polície.rar
2018-02-24 13:02 - 2018-02-24 13:02 - 000020914 _____ C:\Users\Peter\Downloads\Životopis-Peter-Preták.odt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-23 17:45 - 2017-11-05 08:03 - 002403328 _____ (Farbar) C:\Users\Peter\Desktop\FRST64.exe
2018-03-23 17:45 - 2017-11-05 08:00 - 000000000 ____D C:\FRST
2018-03-23 17:41 - 2015-03-25 21:30 - 000000000 ____D C:\AdwCleaner
2018-03-23 17:17 - 2009-07-14 05:45 - 000025760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-23 17:17 - 2009-07-14 05:45 - 000025760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-23 16:53 - 2018-02-15 17:34 - 000000000 ____D C:\vlc
2018-03-23 16:12 - 2017-12-12 13:33 - 000000000 ____D C:\Users\Peter\AppData\Local\CrashDumps
2018-03-23 13:26 - 2017-11-30 11:06 - 000000452 _____ C:\Windows\Tasks\Neptune.job
2018-03-23 13:26 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-18 12:34 - 2017-08-23 15:06 - 000000000 ____D C:\Users\Peter\Downloads\d160
2018-03-18 08:28 - 2016-11-27 21:03 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-03-18 08:26 - 2016-11-26 17:00 - 000000000 ____D C:\Users\Peter\AppData\Roaming\IObit
2018-03-18 08:25 - 2016-11-26 17:00 - 000000000 ____D C:\ProgramData\IObit
2018-03-18 08:25 - 2016-11-26 17:00 - 000000000 ____D C:\Program Files (x86)\IObit
2018-03-18 08:19 - 2017-10-01 08:50 - 000002948 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Peter)
2018-03-18 08:13 - 2016-11-26 16:09 - 000000000 ____D C:\Users\Peter
2018-03-18 08:12 - 2016-11-26 19:31 - 000000000 ____D C:\Users\Peter\AppData\Roaming\GHISLER
2018-03-18 08:12 - 2016-11-26 17:00 - 000000000 ____D C:\Users\Peter\AppData\LocalLow\IObit
2018-03-18 08:12 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-03-18 08:11 - 2016-11-27 21:03 - 000000000 ____D C:\Windows\system32\Macromed
2018-03-18 08:11 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\registration
2018-03-18 08:10 - 2017-10-22 12:32 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-03-16 17:19 - 2016-11-30 17:20 - 000000333 _____ C:\Users\Peter\Desktop\mail.txt
2018-03-16 03:22 - 2017-06-11 02:20 - 000000000 ____D C:\Windows\system32\appraiser
2018-03-16 03:07 - 2016-11-26 16:30 - 000000000 ____D C:\Windows\system32\MRT
2018-03-16 03:02 - 2017-10-12 02:09 - 130364688 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-03-16 03:01 - 2016-11-26 16:30 - 130364688 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-03-13 03:05 - 2016-11-26 19:21 - 000765656 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-03-13 03:05 - 2009-07-14 06:13 - 000765656 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-11 10:36 - 2016-11-26 19:51 - 000000000 ____D C:\Users\Peter\AppData\Local\Facebook
2018-03-11 10:31 - 2016-12-27 14:19 - 000000000 ____D C:\Program Files\trend micro
2018-03-11 10:23 - 2018-01-15 08:25 - 000000000 ____D C:\Program Files\Total Uninstall 6
2018-03-10 10:13 - 2017-08-23 14:44 - 000000000 ____D C:\Users\Peter\AppData\Local\Downloaded Installations
2018-03-04 16:22 - 2016-12-13 16:01 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-03-04 16:15 - 2016-11-26 16:20 - 000000000 ____D C:\Users\Peter\AppData\Local\ElevatedDiagnostics
2018-03-03 19:09 - 2017-12-09 09:26 - 000000000 ____D C:\ProgramData\WinZip
2018-03-03 19:07 - 2017-12-09 09:26 - 000000000 ____D C:\Program Files\WinZip
2018-03-03 19:06 - 2009-07-14 03:34 - 000000467 _____ C:\Windows\win.ini
2018-02-25 15:49 - 2018-02-18 09:51 - 000000000 ____D C:\SCANOVANIE
2018-02-25 15:47 - 2016-11-19 11:05 - 000000000 ____D C:\ADCDA2
2018-02-24 14:54 - 2018-02-17 19:42 - 000000000 ___RD C:\Users\Peter\Documents\Scanned Documents

==================== Files in the root of some directories =======

2002-08-29 18:33 - 2002-08-29 18:33 - 000319488 ____R () C:\Users\Peter\AppData\Roaming\MafiaSetup.exe
2016-11-26 16:41 - 2017-02-21 17:38 - 014438400 _____ () C:\Users\Peter\AppData\Roaming\Sandra.mdb
2017-01-14 17:58 - 2017-01-20 16:37 - 000007597 _____ () C:\Users\Peter\AppData\Local\Resmon.ResmonCfg
2017-01-19 16:47 - 2017-01-19 16:47 - 000000424 _____ () C:\Users\Peter\AppData\Local\UserProducts.xml

Some files in TEMP:
====================
2018-03-10 09:59 - 2018-03-10 10:02 - 204793368 _____ (ACD Systems International Inc.) C:\Users\Peter\AppData\Local\Temp\ACDSee Photo Studio Standard 2018.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-10 12:15

==================== End of FRST.txt ============================

PureHate44
Návštěvník
Návštěvník
Příspěvky: 154
Registrován: 28 čer 2011 17:49

Re: Poprpsím o preventívku

#12 Příspěvek od PureHate44 »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Peter (23-03-2018 17:46:13)
Running from C:\Users\Peter\Desktop
Windows 7 Professional Service Pack 1 (X64) (2016-11-26 15:09:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1762337417-2231521048-3039012980-500 - Administrator - Disabled)
Guest (S-1-5-21-1762337417-2231521048-3039012980-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1762337417-2231521048-3039012980-1002 - Limited - Enabled)
Peter (S-1-5-21-1762337417-2231521048-3039012980-1000 - Administrator - Enabled) => C:\Users\Peter

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Slovak (HKLM-x32\...\{AC76BA86-7AD7-1051-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Aktualizácie NVIDIA 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.71.1081 - AB Team, d.o.o.)
bwin Poker (HKLM-x32\...\bwincomPoker) (Version: - bwincom)
CCleaner (HKLM\...\CCleaner) (Version: 5.40 - Piriform)
CountDown ShutDown PC (HKLM-x32\...\CountDown ShutDown PC_is1) (Version: - Velkej Chytrák)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 2.56 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Ultra (HKLM\...\DAEMON Tools Ultra) (Version: 5.0.0.0540 - Disc Soft Ltd)
EAX Unified (HKLM-x32\...\EAX Unified) (Version: - )
EZ CD Audio Converter (HKLM-x32\...\EZ CD Audio Converter) (Version: 7.0 - Poikosoft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Spoločnosť Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Charles 4.1.3 (HKLM\...\{81045AC5-B1C4-4B5D-8719-9BEB41167F17}) (Version: 4.1.3.5 - XK72 Ltd)
Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version: - Cheat Engine)
Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version: - Cheat Engine)
InstaTrader (HKLM-x32\...\InstaTrader) (Version: 6.00 - MetaQuotes Software Corp.)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Office 2016 Professional Plus - sk-sk (HKLM\...\ProplusRetail - sk-sk) (Version: 16.0.9029.2167 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{9085041B-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 58.0 (x64 sk) (HKLM\...\Mozilla Firefox 58.0 (x64 sk)) (Version: 58.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 58.0.0.6592 - Mozilla)
NVIDIA Softvér systému s podporou technológie PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9001.2171 - Microsoft Corporation) Hidden
OkayFreedom (HKLM-x32\...\{3F3FB10C-7175-4D38-9335-3488B89C12AF}) (Version: 1.8.3 - Steganos Software GmbH)
OpenOffice 4.1.5 (HKLM-x32\...\{E177AC33-EC9C-4537-8996-37ED331D9227}) (Version: 4.15.9789 - Apache Software Foundation)
Ovládací panel NVIDIA 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 342.01 - NVIDIA Corporation) Hidden
Scorpions WinCheater (HKLM-x32\...\Scorpions WinCheater 2.07 (s finální databází 178)_is1) (Version: - )
SDÍLEJ.CZ Manager (HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\69f070f18ade444c) (Version: 0.0.1.42 - SDÍLEJ.CZ)
SharewareOnSale Notifier (HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\SharewareOnSale Notifier) (Version: 20 - SharewareOnSale)
SiSoftware Sandra Lite 2015.SP1a (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2496}_is1) (Version: 21.32.2015.3 - SiSoftware)
Spotify (HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\Spotify) (Version: 1.0.66.478.g1296534d - Spotify AB)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.71503 - TeamViewer)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.0 - Ghisler Software GmbH)
Total Commander verze 9.12 (HKLM-x32\...\{B12BC641-C553-4138-A829-31B1A642333B}_is1) (Version: 9.12 - ©Ghisler Software GmbH)
Total Uninstall 6.21.1 (HKLM\...\Total Uninstall 6_is1) (Version: 6.21.1 - Gavrila Martau)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.0 - VideoLAN)
Web Companion (HKLM-x32\...\{ec80fed1-5939-421b-87ec-3985ac6e76b4}) (Version: 4.1.1813.3374 - Lavasoft)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Driver Package - BigNox Corporation (VBoxUSB) USB (01/20/2017 4.3.12) (HKLM\...\5704FF66AFA4D394842933DCC54279C2E177D380) (Version: 01/20/2017 4.3.12 - BigNox Corporation)
Windows Driver Package - BigNox Corporation VBoxUSBMon System (01/20/2017 4.3.12) (HKLM\...\35C6212A24F5D9B7942ECD18B0255759779999C2) (Version: 01/20/2017 4.3.12 - BigNox Corporation)
Windows Movie Maker 2016 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2videowin}}_is1) (Version: - videowinsoft.com)
WinZip 22.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24119}) (Version: 22.0.12706 - Corel Corporation)
XChat 2 (remove only) (HKLM-x32\...\xchat) (Version: - )
Zoner Photo Studio X (HKLM\...\ZonerPhotoStudioX_SK_is1) (Version: 19.1802.2.51 - ZONER software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1762337417-2231521048-3039012980-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1762337417-2231521048-3039012980-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1762337417-2231521048-3039012980-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1762337417-2231521048-3039012980-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1762337417-2231521048-3039012980-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1762337417-2231521048-3039012980-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1762337417-2231521048-3039012980-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.WinZipExpressForOffice.dll ()
ContextMenuHandlers1: [EzCd] -> {E46D6DC6-9707-43a9-BDBB-0BDBDD096F90} => C:\Program Files\EZ CD Audio Converter\ezcd64.dll [2016-01-01] (Poikosoft)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-12-11] (WinZip Computing, S.L.)
ContextMenuHandlers4: [EzCd] -> {E46D6DC6-9707-43a9-BDBB-0BDBDD096F90} => C:\Program Files\EZ CD Audio Converter\ezcd64.dll [2016-01-01] (Poikosoft)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-12-11] (WinZip Computing, S.L.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-12-11] (WinZip Computing, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D9BB623-888A-4301-BE89-F64F4D2EF447} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2016-12-13] ()
Task: {0FE79079-7120-4F05-AEB7-F1453464D482} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-02-22] (Microsoft Corporation)
Task: {13BD8189-A171-49FE-9027-8C33F59C029F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {2526F98E-7DEA-4119-8FC1-7E8272BC7DA1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-10] (Adobe Systems Incorporated)
Task: {2E2E26A6-15AC-4B60-ABC5-E955FAEA00BD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-04] (Google Inc.)
Task: {51866950-7186-4069-BA8F-A63C3279F21D} - System32\Tasks\{E30CA91D-AAF5-480F-A381-9FC5B3911889} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Nox\bin\Nox_unload.exe" -d "C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Nox"
Task: {95DB87D3-3FAD-45B7-B2F3-002C8DE0E96C} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [2017-12-11] (WinZip)
Task: {9D1ED043-594B-4966-9B5F-C5CCD3E6EB8C} - System32\Tasks\Neptune => C:\Program Files (x86)\Neptune SystemCare 2017\NeptuneTray.exe
Task: {B9EFBD61-0C95-4A01-8A7F-200A476BC774} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-02-22] (Microsoft Corporation)
Task: {D6CBF758-74A5-42D1-A4A0-C3527B17AAF6} - System32\Tasks\Driver Booster SkipUAC (Peter) => C:\Users\Peter\AppData\Local\Temp\is-5G3OS.tmp-dbinst\IObit\Driver Booster\5.2.0\DriverBooster.exe <==== ATTENTION
Task: {DEC619F7-E42E-44CF-B75A-E48E9890A24D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-04] (Google Inc.)
Task: {E0F94AAF-0B95-444C-A0BC-54A6A4F0404B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-02-07] (Piriform Ltd)
Task: {E182B577-489C-40B4-8627-246BAD945241} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_137_pepper.exe [2018-01-10] (Adobe Systems Incorporated)
Task: {F5C6E9EE-90CE-48E2-A0DE-099EB67E52CF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-02-07] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Neptune.job => C:\Program Files (x86)\Neptune SystemCare 2017\NeptuneTray.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-11-26 16:36 - 2016-11-14 12:15 - 000135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2018-01-22 10:03 - 2018-01-22 10:03 - 000061920 _____ () C:\Program Files\CCleaner\branding.dll
2017-09-01 12:15 - 2017-09-01 12:15 - 000495872 ____N () C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe
2018-01-06 09:16 - 2018-01-03 10:20 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
2018-01-06 09:16 - 2018-01-03 10:20 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libegl.dll
2018-01-25 14:28 - 2018-01-25 14:28 - 001160704 _____ () C:\Program Files (x86)\OkayFreedom\vpn.dll
2017-07-17 18:30 - 2017-07-17 18:30 - 000863744 _____ () C:\Windows\mod_frst.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2018-03-10 10:18 - 000000873 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 acdid.acdsystems.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Gameroom.lnk => C:\Windows\pss\Facebook Gameroom.lnk.Startup
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Ultra Agent => "C:\Users\Peter\DAEMON Tools Ultra\DTAgent.exe" -autorun
MSCONFIG\startupreg: OKAYFREEDOM Notifier => "C:\Program Files (x86)\OkayFreedom\Notifier.exe"
MSCONFIG\startupreg: OKAYFREEDOM_Agent => "C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe" -agent
MSCONFIG\startupreg: Spotify => "C:\Users\Peter\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Peter\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\Peter\AppData\Roaming\uTorrent\uTorrent.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{21AF00BC-69E4-46D0-9E2C-7BDCA808AB87}] => (Allow) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015.SP1a\RpcAgentSrv.exe
FirewallRules: [{49A999C8-E8ED-493A-8569-474C1C02AA67}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5F3E2D9C-ADDF-4688-BA9C-7498CB62CE88}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BF242538-1915-4CB0-9CCA-0BE42684B226}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C2B13292-FE11-4D92-8BE6-FC58126E6FE3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{91562D1F-4BB8-4DE3-9061-83293C19044B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{65A90583-4A75-4A42-B53E-574948CA365F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{C9F0D391-BBD5-4832-819B-8FED00D6A67B}C:\users\peter\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\peter\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{62EF1DAB-D355-4394-8692-6C9DE01C8F57}C:\users\peter\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\peter\appdata\roaming\spotify\spotify.exe
FirewallRules: [{C536916A-B3E5-478E-9A3B-99FBC19BE9BF}] => (Allow) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015.SP1a\WNt600x64\RpcSandraSrv.exe
FirewallRules: [TCP Query User{E99ACC46-EB4B-4690-AF11-A6D761CE11CB}C:\program files\charles\charles.exe] => (Allow) C:\program files\charles\charles.exe
FirewallRules: [UDP Query User{5F003441-B584-43ED-9AC2-F4CFC62463F4}C:\program files\charles\charles.exe] => (Allow) C:\program files\charles\charles.exe
FirewallRules: [{7C805329-BE04-4FE2-ADBA-FE123F381327}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{FD895352-A201-4520-99D3-041E934E9621}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{22D57A7F-28F1-433B-B1B8-20C30E90BED8}] => (Block) LPort=445
FirewallRules: [{287B29C8-F3BB-40DB-A7F1-CE083767A946}] => (Block) LPort=445
FirewallRules: [TCP Query User{9E74E1B7-D2A6-485D-939B-C6BDF5A46CAF}C:\program files\charles\charles.exe] => (Allow) C:\program files\charles\charles.exe
FirewallRules: [UDP Query User{8C4309E6-FF2E-47F3-BF23-EB0C4B101B69}C:\program files\charles\charles.exe] => (Allow) C:\program files\charles\charles.exe
FirewallRules: [TCP Query User{A283D731-EAFB-411F-BEFC-AD2A2B510395}C:\users\peter\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\peter\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{A48889D6-B34D-4693-B1B3-3CCC50F648E5}C:\users\peter\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\peter\appdata\roaming\spotify\spotify.exe
FirewallRules: [{256598AE-79AF-48E7-A2B6-99F2250E81A8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{7DD46EE1-1C8B-47F6-A07B-605F35064D62}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{334F2B70-9981-4709-A053-2CBE9A891BED}] => (Allow) \Nox\bin\Nox.exe
FirewallRules: [{C8EFF610-85D7-48FF-9174-DEF031BEE7EB}] => (Allow) \Bignox\BigNoxVM\RT\NoxVMHandle.exe
FirewallRules: [{BFF57A19-B280-410D-B975-C97037BCA189}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B21132F8-8F3E-4BC4-ADEC-9A7249804BA8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BC3F5B27-B14C-4FF5-8AC0-C7D159430180}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BC7FAFBE-7EB6-4B94-8D7B-3BFB5255A88E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\xchat\xchat.exe] => Enabled:XChat IRC Client

==================== Restore Points =========================

18-03-2018 08:04:00 Operácia obnovovania
18-03-2018 08:18:13 Odinštalované pomocou Total Uninstall "SharewareOnSale Notifier"
18-03-2018 08:23:17 Odinštalované pomocou Total Uninstall "Driver Booster 5"
20-03-2018 18:51:38 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/23/2018 04:12:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybovej aplikácie: OneDriveSetup.exe, verzia: 18.25.204.9, časová značka: 0x5a9798dc
Názov chybového modulu: OneDriveSetup.exe, verzia: 18.25.204.9, časová značka: 0x5a9798dc
Kód výnimky: 0x40000015
Odstup chyby: 0x00086722
Identifikácia chybného procesu: 0xaec
Čas spustenia chybnej aplikácie: 0x01d3c2b961e9874f
Cesta chybnej aplikácie: C:\Users\Peter\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe
Cesta chybného modulu: C:\Users\Peter\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe
Identifikácia hlásenia: a1c33b3f-2eac-11e8-8031-001e8c60ef64

Error: (03/23/2018 04:12:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybovej aplikácie: OneDriveSetup.exe, verzia: 18.25.204.9, časová značka: 0x5a9798dc
Názov chybového modulu: OneDriveSetup.exe, verzia: 18.25.204.9, časová značka: 0x5a9798dc
Kód výnimky: 0x40000015
Odstup chyby: 0x00086722
Identifikácia chybného procesu: 0x1004
Čas spustenia chybnej aplikácie: 0x01d3c2b963ab6b63
Cesta chybnej aplikácie: C:\Users\Peter\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe
Cesta chybného modulu: C:\Users\Peter\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe
Identifikácia hlásenia: a1c3142f-2eac-11e8-8031-001e8c60ef64

Error: (03/23/2018 01:26:30 PM) (Source: nssm) (EventID: 1010) (User: )
Description: Failed to start service CPUMonitor. Program C:\Windows\cpumonitor.exe couldn't be launched.
CreateProcess() failed:
Systém nemôže nájsť zadaný súbor.

Error: (03/20/2018 06:50:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybovej aplikácie: OneDriveSetup.exe, verzia: 18.25.204.9, časová značka: 0x5a9798dc
Názov chybového modulu: OneDriveSetup.exe, verzia: 18.25.204.9, časová značka: 0x5a9798dc
Kód výnimky: 0x40000015
Odstup chyby: 0x00086722
Identifikácia chybného procesu: 0x1818
Čas spustenia chybnej aplikácie: 0x01d3c073ddbe4130
Cesta chybnej aplikácie: C:\Users\Peter\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe
Cesta chybného modulu: C:\Users\Peter\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe
Identifikácia hlásenia: 1cdc84ae-2c67-11e8-96d0-001e8c60ef64

Error: (03/20/2018 06:50:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybovej aplikácie: OneDriveSetup.exe, verzia: 18.25.204.9, časová značka: 0x5a9798dc
Názov chybového modulu: OneDriveSetup.exe, verzia: 18.25.204.9, časová značka: 0x5a9798dc
Kód výnimky: 0x40000015
Odstup chyby: 0x00086722
Identifikácia chybného procesu: 0x9c8
Čas spustenia chybnej aplikácie: 0x01d3c073dae6d5d2
Cesta chybnej aplikácie: C:\Users\Peter\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe
Cesta chybného modulu: C:\Users\Peter\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe
Identifikácia hlásenia: 1cdcabbe-2c67-11e8-96d0-001e8c60ef64

Error: (03/19/2018 01:23:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6021

Error: (03/19/2018 01:23:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6021

Error: (03/19/2018 01:23:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (03/23/2018 05:44:06 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (03/23/2018 05:44:06 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (03/23/2018 01:33:10 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

Error: (03/23/2018 01:28:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby Služba Google Update (gupdate) zlyhalo kvôli nasledujúcej chybe:
Služba neodpovedala na riadiaci alebo spúšťací pokyn načas.

Error: (03/23/2018 01:28:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Počas čakania na pripojenie služby Služba Google Update (gupdate) bol dosiahnutý časový limit (120000 ms).

Error: (03/23/2018 01:26:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba CPUMonitor sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (03/23/2018 01:26:30 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba CPUMonitor bola ukončená s chybou služby Systém nemôže nájsť zadanú cestu.
.

Error: (03/23/2018 01:26:00 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.


CodeIntegrity:
===================================

Date: 2017-06-02 05:57:47.906
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-06-02 05:57:47.906
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-06-02 05:57:47.906
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-05-27 14:23:26.429
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-05-27 14:23:26.427
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-05-27 14:23:26.415
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-05-20 08:33:09.048
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-05-20 08:33:09.031
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 62%
Total physical RAM: 4095.12 MB
Available physical RAM: 1552.72 MB
Total Virtual: 8188.4 MB
Available Virtual: 4893.19 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.31 GB) (Free:33.54 GB) NTFS ==>[drive with boot components (obtained from BCD)]


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 08CB08CB)
Partition 1: (Active) - (Size=195.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Poprpsím o preventívku

#13 Příspěvek od Conder »

:arrow: Pouzivas nejaky program/antivirus od McAfee?

:arrow: Zresetuj Chrome na predvolene nastavenia: Nastavenia -> Rozsirene - Obnovit -> potvrd kliknutim na Obnovit.

:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
    CloseProcesses:
    CreateRestorePoint:
    
    Folder: C:\Windows\SysWOW64\矜㔼矟➒痑
    CMD: type "C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\o6yasy6y.default-1506712320144\user.js"
    
    HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
    Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} -  No File
    Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} -  No File
    Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} -  No File
    Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} -  No File
    FF user.js: detected! => C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\o6yasy6y.default-1506712320144\user.js [2017-11-18]
    CHR DefaultSearchURL: Default -> hxxp://search.searchytdvta.com/s?remove=remove&query={searchTerms}
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - <no Path/update_url>
    CHR HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlhpijolpcimadhjingadnbcjncmjdce] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [iinglghmhcgdgjjlafobajghjamdchik] - hxxps://clients2.google.com/service/update2/crx
    2018-03-18 08:19 - 2018-03-18 08:19 - 000000000 ____D C:\Windows\SysWOW64\矜㔼矟➒痑
    2018-03-16 20:05 - 2018-03-18 08:24 - 000000000 ____D C:\IObit
    2018-03-16 20:05 - 2018-03-16 20:05 - 000000000 ____D C:\ProductData
    2018-03-18 08:26 - 2016-11-26 17:00 - 000000000 ____D C:\Users\Peter\AppData\Roaming\IObit
    2018-03-18 08:25 - 2016-11-26 17:00 - 000000000 ____D C:\ProgramData\IObit
    2018-03-18 08:25 - 2016-11-26 17:00 - 000000000 ____D C:\Program Files (x86)\IObit
    2018-03-18 08:19 - 2017-10-01 08:50 - 000002948 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Peter)
    2018-03-18 08:12 - 2016-11-26 17:00 - 000000000 ____D C:\Users\Peter\AppData\LocalLow\IObit
    
    Task: {0D9BB623-888A-4301-BE89-F64F4D2EF447} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2016-12-13] ()
    Task: {D6CBF758-74A5-42D1-A4A0-C3527B17AAF6} - System32\Tasks\Driver Booster SkipUAC (Peter) => C:\Users\Peter\AppData\Local\Temp\is-5G3OS.tmp-dbinst\IObit\Driver Booster\5.2.0\DriverBooster.exe <==== ATTENTION
    IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
    IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
    IE trusted site: HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\localhost -> localhost
    IE trusted site: HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\webcompanion.com -> hxxp://webcompanion.com
    C:\Windows\AutoKMS
    
    DeleteKey: HKLM\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
    DeleteKey: HKLM\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
    DeleteKey: HKLM\SOFTWARE\Lavasoft\Web Companion
    DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
    DeleteKey: HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\Software\csastats
    DeleteKey: HKCU\Software\csastats
    
    Hosts:
    EmptyTemp:
    End
  • Klikni na Subor a potom na Ulozit
  • Vpravo dole vyber kodovanie Unicode
  • Subor uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

PureHate44
Návštěvník
Návštěvník
Příspěvky: 154
Registrován: 28 čer 2011 17:49

Re: Poprpsím o preventívku

#14 Příspěvek od PureHate44 »

Nepoužívam žiadny produkt od mcafee..... Prečo ? :)

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Peter (24-03-2018 06:14:12) Run:2
Running from C:\Users\Peter\Desktop
Loaded Profiles: Peter (Available Profiles: Peter)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

Folder: C:\Windows\SysWOW64\矜㔼矟➒痑
CMD: type "C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\o6yasy6y.default-1506712320144\user.js"

HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - No File
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - No File
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - No File
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - No File
FF user.js: detected! => C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\o6yasy6y.default-1506712320144\user.js [2017-11-18]
CHR DefaultSearchURL: Default -> hxxp://search.searchytdvta.com/s?remove=remove&query={searchTerms}
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - <no Path/update_url>
CHR HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlhpijolpcimadhjingadnbcjncmjdce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iinglghmhcgdgjjlafobajghjamdchik] - hxxps://clients2.google.com/service/update2/crx
2018-03-18 08:19 - 2018-03-18 08:19 - 000000000 ____D C:\Windows\SysWOW64\矜㔼矟➒痑
2018-03-16 20:05 - 2018-03-18 08:24 - 000000000 ____D C:\IObit
2018-03-16 20:05 - 2018-03-16 20:05 - 000000000 ____D C:\ProductData
2018-03-18 08:26 - 2016-11-26 17:00 - 000000000 ____D C:\Users\Peter\AppData\Roaming\IObit
2018-03-18 08:25 - 2016-11-26 17:00 - 000000000 ____D C:\ProgramData\IObit
2018-03-18 08:25 - 2016-11-26 17:00 - 000000000 ____D C:\Program Files (x86)\IObit
2018-03-18 08:19 - 2017-10-01 08:50 - 000002948 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Peter)
2018-03-18 08:12 - 2016-11-26 17:00 - 000000000 ____D C:\Users\Peter\AppData\LocalLow\IObit

Task: {0D9BB623-888A-4301-BE89-F64F4D2EF447} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2016-12-13] ()
Task: {D6CBF758-74A5-42D1-A4A0-C3527B17AAF6} - System32\Tasks\Driver Booster SkipUAC (Peter) => C:\Users\Peter\AppData\Local\Temp\is-5G3OS.tmp-dbinst\IObit\Driver Booster\5.2.0\DriverBooster.exe <==== ATTENTION
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\webcompanion.com -> hxxp://webcompanion.com
C:\Windows\AutoKMS

DeleteKey: HKLM\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
DeleteKey: HKLM\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
DeleteKey: HKLM\SOFTWARE\Lavasoft\Web Companion
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
DeleteKey: HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\Software\csastats
DeleteKey: HKCU\Software\csastats

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========================= Folder: C:\Windows\SysWOW64\矜㔼矟➒痑 ========================

2018-03-18 08:19 - 2018-03-18 08:19 - 000000000 ____D [00000000000000000000000000000000] () C:\Windows\SysWOW64\矜㔼矟➒痑\ProductData
2018-03-18 08:19 - 2018-03-18 08:19 - 000000032 ____A [74F979057CC2E5CB1D02908401FBD5B0] () C:\Windows\SysWOW64\矜㔼矟➒痑\ProductData\db5Stat.ini
2018-03-18 08:19 - 2018-03-18 08:19 - 000000226 ____A [9AB12656CD9C8BF7E177BA1990E0970E] () C:\Windows\SysWOW64\矜㔼矟➒痑\ProductData\StatCache.db

====== End of Folder: ======


========= type "C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\o6yasy6y.default-1506712320144\user.js" =========

user_pref("network.http.pipelining.maxrequests", 8);
user_pref("network.http.request.max-start-delay", 0);
user_pref("network.http.max-connections", 48);
user_pref("network.http.max-connections-per-server", 16);
user_pref("network.http.max-persistent-connections-per-proxy", 16);
user_pref("network.http.max-persistent-connections-per-server", 8);
user_pref("browser.turbo.enabled", true);
user_pref("browser.display.show_image_placeholders", true);
user_pref("browser.chrome.favicons", false);
user_pref("browser.urlbar.autocomplete.enabled", true);
user_pref("browser.cache.memory.capacity", 65536);
user_pref("content.notify.ontimer", true);
user_pref("content.interrupt.parsing", true);
user_pref("content.max.tokenizing.time", 2250000);
user_pref("content.switch.threshold", 750000);
user_pref("plugin.expose_full_path", true);
user_pref("ui.submenuDelay", 0);

========= End of CMD: =========

"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SPReview" => removed successfully
"HKLM\Software\Classes\PROTOCOLS\Handler\mso-minsb-roaming.16" => removed successfully
HKLM\Software\Classes\CLSID\{83C25742-A9F7-49FB-9138-434302C88D07} => not found
"HKLM\Software\Classes\PROTOCOLS\Handler\mso-minsb.16" => removed successfully
HKLM\Software\Classes\CLSID\{42089D2D-912D-4018-9087-2B87803E93FB} => not found
"HKLM\Software\Classes\PROTOCOLS\Handler\osf-roaming.16" => removed successfully
HKLM\Software\Classes\CLSID\{42089D2D-912D-4018-9087-2B87803E93FB} => not found
"HKLM\Software\Classes\PROTOCOLS\Handler\osf.16" => removed successfully
HKLM\Software\Classes\CLSID\{5504BE45-A83B-4808-900A-3A5C36E7F77A} => not found
C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\o6yasy6y.default-1506712320144\user.js => moved successfully
"Chrome DefaultSearchURL" => removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek" => removed successfully
"HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\SOFTWARE\Google\Chrome\Extensions\jlhpijolpcimadhjingadnbcjncmjdce" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iinglghmhcgdgjjlafobajghjamdchik" => removed successfully
C:\Windows\SysWOW64\矜㔼矟➒痑 => moved successfully
C:\IObit => moved successfully
C:\ProductData => moved successfully
C:\Users\Peter\AppData\Roaming\IObit => moved successfully
C:\ProgramData\IObit => moved successfully
C:\Program Files (x86)\IObit => moved successfully
C:\Windows\System32\Tasks\Driver Booster SkipUAC (Peter) => moved successfully
C:\Users\Peter\AppData\LocalLow\IObit => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D9BB623-888A-4301-BE89-F64F4D2EF447}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D9BB623-888A-4301-BE89-F64F4D2EF447}" => removed successfully
C:\Windows\System32\Tasks\AutoKMS => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D6CBF758-74A5-42D1-A4A0-C3527B17AAF6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6CBF758-74A5-42D1-A4A0-C3527B17AAF6}" => removed successfully
"C:\Windows\System32\Tasks\Driver Booster SkipUAC (Peter)" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Peter)" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com" => removed successfully
"HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost" => removed successfully
"HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com" => removed successfully
C:\Windows\AutoKMS => moved successfully
HKLM\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99} => not found
"HKLM\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}" => removed successfully
"HKLM\SOFTWARE\Lavasoft\Web Companion" => not found
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => not found
"HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\Software\csastats" => removed successfully
HKCU\Software\csastats => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7293705 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 28060332 B
Edge => 0 B
Chrome => 117095399 B
Firefox => 12762515 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 21100 B
Peter => 2209203835 B

RecycleBin => 1577203595 B
EmptyTemp: => 3.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 06:16:32 ====

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Poprpsím o preventívku

#15 Příspěvek od Conder »

:arrow: Bezia tam totiz nejake zbytky po McAfee, docistime teda.

:arrow: Tento proxy server mas nastaveny umyselne?
ProxyServer: [S-1-5-21-1762337417-2231521048-3039012980-1000] => http=127.0.0.1:8888;https=127.0.0.1:8888
:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
    CloseProcesses:
    CreateRestorePoint:
    
    R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-08-02] (McAfee, Inc.)
    S3 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-04-26] (McAfee, Inc.)
    R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2016-08-02] (McAfee, Inc.)
    R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-08-02] (McAfee, Inc.)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [843048 2016-08-02] (McAfee, Inc.)
    2018-03-11 11:28 - 2018-03-11 11:28 - 000000000 ____D C:\Program Files\Common Files\McAfee
    2018-03-11 11:28 - 2016-04-26 17:56 - 000277744 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
    
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
    
    C:\Program Files (x86)\McAfee
    C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware
    C:\Program Files\Common Files\McAfee
    C:\Program Files\McAfee
    C:\Program Files\McAfee.com
    C:\ProgramData\McAfee
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    C:\Users\Public\Desktop\McAfee*
    C:\Windows\System32\Tasks\*McAfee*
    C:\Windows\System32\Tasks\McAfee
    
    C:\Windows\System32\drivers\cfwids.sys
    C:\Windows\System32\drivers\HipShieldK.sys
    C:\Windows\system32\drivers\McPvDrv.sys
    C:\Windows\System32\drivers\mfeaack.sys
    C:\Windows\System32\drivers\mfeavfk.sys
    C:\Windows\System32\drivers\mfefirek.sys
    C:\Windows\System32\drivers\mfehidk.sys
    C:\Windows\System32\DRIVERS\mfencbdc.sys
    C:\Windows\System32\DRIVERS\mfencrk.sys
    C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys
    C:\Windows\System32\drivers\mfewfpk.sys
    
    Hosts:
    EmptyTemp:
    End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Odpovědět