Problém s wscript.exe a system.js

[vejce4444]

Dobrý den, tak 2 - 3 týdny zpátky jsem si pořídil SSD disk. Zapojil ho do notebooku a nainstaloval W7. Starý disk (SSHD) mám jako sekundární disk. Na SSHD byl dříve OS W7, který jsem ale smazal bez naformátování (abych zachoval data). Data jsem zachoval ale W7 z SSHD jsem smazal pomocí Linuxu. Každopádně od doby co mám na novém SSD disku nové W7 vyskakuje v poznámkovém bloku nějaké znaky (soubor má název system.js)... Dočetl jsem se, že problém je ve wscript.exe, ale bohužel nevím co s tim. Otázka je jak udělat aby system.js se neotevíral při každém startu PC. Pokud bude potřeba tak sem obsah system.js hodím. Děkuji, že se na můj problém podíváte.

zde je log:

Logfile of random's system information tool 1.10 (written by random/random)
Run by Ecjev at 2017-03-19 23:58:36
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 44 GB (39%) free of 114 GB
Total RAM: 8088 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:58:40, on 19.3.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18618)
Boot mode: Normal

Running processes:
C:\Windows\WebCam\S6000\S6000Mnt.exe
C:\drivers\RocketDock\RocketDock.exe
D:\Programy\USB Safely Remove\USBSafelyRemove.exe
C:\Windows\System32\wscript.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\wscript.exe
C:\drivers\Intel_Rapid_tech\IAStorIcon.exe
C:\Program Files\trend micro\Ecjev.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [system] wscript.exe //B "C:\Users\Ecjev\AppData\Local\Temp\system.js"
O4 - HKCU\..\Run: [RocketDock] "C:\drivers\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [USB Safely Remove] "D:\Programy\USB Safely Remove\USBSafelyRemove.exe" /startup
O4 - HKCU\..\Run: [system] wscript.exe //B "C:\Users\Ecjev\AppData\Local\Temp\system.js"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\Programy\OFFICE~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programy\OFFICE~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\drivers\ESET_smart\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\drivers\PROSet_wireless\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\drivers\Intel_Rapid_tech\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\drivers\PROSet_wireless\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NetLimiter 4 Service (nlsvc) - Locktime Software - D:\Programy\net_limiter\NLSvc.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: USB Safely Remove Assistant (USBSafelyRemoveService) - Crystal Rich Ltd - D:\Programy\USB Safely Remove\USBSRService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\drivers\PROSet_wireless\WiFi\bin\ZeroConfigService.exe

--
End of file - 8656 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\drivers\ESET_smart\ekrn.exe
"D:\Programy\USB Safely Remove\USBSRService.exe"
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe -first
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\igfxCUIService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 22215344
\??\C:\Windows\system32\conhost.exe "10643812081222642467-820917588-96488098-1924817949-199144469-458750597-1223372160
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\system32\CxAudMsg64.exe
C:\Windows\System32\svchost.exe -k utcsvc
"C:\drivers\PROSet_wireless\WiFi\bin\EvtEng.exe"
D:\Programy\net_limiter\NLSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
C:\Windows\SysWOW64\SAsrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\drivers\PROSet_wireless\WiFi\bin\ZeroConfigService.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k secsvcs
"taskhost.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
igfxEM.exe
igfxHK.exe
igfxTray.exe
"C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless
"C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe"
"C:\Program Files\CONEXANT\ForteConfig\fmapp.exe"
"C:\Windows\WebCam\S6000\S6000Mnt.exe"
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\utility.exe"
"C:\Program Files\SmartTechnology\Software\ProfilerU.exe"
"C:\Program Files\SmartTechnology\Software\SaiMfd.exe"
"C:\drivers\RocketDock\RocketDock.exe"
"C:\Windows\System32\StikyNot.exe"
"D:\Programy\USB Safely Remove\USBSafelyRemove.exe" /startup
"C:\Program Files\Elantech\ETDCtrlHelper.exe"
"C:\Windows\System32\wscript.exe" //B "C:\Users\Ecjev\AppData\Local\Temp\system.js"
"C:\Program Files\Elantech\ETDIntelligent.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Windows\System32\wscript.exe" //B "C:\Users\Ecjev\AppData\Local\Temp\system.js"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\drivers\ESET_smart\egui.exe" /hide
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\drivers\Intel_Rapid_tech\IAStorIcon.exe"
C:\drivers\Intel_Rapid_tech\IAStorDataMgrSvc.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 524 528 536 65536 532
"C:\drivers\Mozilla_firefox\firefox.exe"
"C:\drivers\Mozilla_firefox\firefox.exe" -contentproc --channel="4308.0.1556433782\1639383569" -greomni "C:\drivers\Mozilla_firefox\omni.ja" -appomni "C:\drivers\Mozilla_firefox\browser\omni.ja" -appdir "C:\drivers\Mozilla_firefox\browser" 4308 "\\.\pipe\gecko-crash-server-pipe.4308" tab
"C:\Users\Ecjev\Desktop\RSITx64.exe"

=========Mozilla firefox=========

ProfilePath - C:\Users\Ecjev\AppData\Roaming\Mozilla\Firefox\Profiles\cd0d3xug.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 25.0.0.127 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.121.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.121.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\drivers\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 25.0.0.127 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-19 473152]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-19 186944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelPROSet"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2014-01-17 4876528]
"IAStorIcon"=C:\drivers\Intel_Rapid_tech\IAStorIconLaunch.exe [2013-11-21 36352]
"cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [2013-09-04 907480]
"ForteConfig"=C:\Program Files\Conexant\ForteConfig\fmapp.exe [2010-10-26 49056]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SACpl.exe [2012-06-13 1647616]
"S6000Mnt"=C:\Windows\WebCam\S6000\S6000Mnt.exe [2015-05-21 516608]
"ETDCtrl"=C:\Program Files\Elantech\ETDCtrl.exe [2013-10-17 2891080]
"Energy Management"=C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [2017-01-19 8079408]
"EnergyUtility"=C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [2017-01-19 6200368]
"ProfilerU"=C:\Program Files\SmartTechnology\Software\ProfilerU.exe [2015-10-01 454144]
"SaiMfd"=C:\Program Files\SmartTechnology\Software\SaiMfd.exe [2015-10-01 157696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"=C:\drivers\RocketDock\RocketDock.exe [2007-09-02 495616]
"RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [2009-07-14 427520]
"USB Safely Remove"=D:\Programy\USB Safely Remove\USBSafelyRemove.exe [2016-10-16 6519064]
"system"=wscript.exe //B C:\Users\Ecjev\AppData\Local\Temp\system.js []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetLimiter]
D:\Programy\net_limiter\nlclientapp.exe [2016-12-06 56368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\system]
wscript.exe //B C:\Users\Ecjev\AppData\Local\Temp\system.js []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
D:\Programy\VirtualCloneDrive\VCDDaemon.exe [2013-03-10 88984]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2014-01-06 292848]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-12-12 587288]
"system"=wscript.exe //B C:\Users\Ecjev\AppData\Local\Temp\system.js []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37CrusaderBoot]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoDriveTypeAutorun"=158

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.LAGS"=lagarith.dll
"VIDC.X264"=x264vfw64.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.FFDS"=ff_vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.l3codecp"=l3codecp.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2017-03-19 23:58:36 ----D---- C:\rsit
2017-03-19 23:58:36 ----D---- C:\Program Files\trend micro
2017-03-19 22:42:58 ----A---- C:\Windows\system32\wscript.exe
2017-03-19 21:57:16 ----D---- C:\Windows\Minidump
2017-03-19 21:48:28 ----D---- C:\ProgramData\HitmanPro
2017-03-19 17:35:24 ----HD---- C:\$WINDOWS.~BT
2017-03-19 14:13:00 ----D---- C:\Users\Ecjev\AppData\Roaming\USBSafelyRemove
2017-03-19 14:12:58 ----D---- C:\ProgramData\USBSRService
2017-03-14 19:17:03 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2017-03-14 19:17:03 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2017-03-14 19:17:03 ----A---- C:\Windows\SYSWOW64\occache.dll
2017-03-14 19:17:03 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2017-03-14 19:17:03 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2017-03-14 19:17:03 ----A---- C:\Windows\SYSWOW64\inseng.dll
2017-03-14 19:17:03 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2017-03-14 19:17:03 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2017-03-14 19:17:03 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2017-03-14 19:17:03 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2017-03-14 19:17:03 ----A---- C:\Windows\system32\inseng.dll
2017-03-14 19:17:03 ----A---- C:\Windows\system32\iertutil.dll
2017-03-14 19:17:03 ----A---- C:\Windows\system32\iernonce.dll
2017-03-14 19:17:03 ----A---- C:\Windows\system32\ieetwproxystub.dll
2017-03-14 19:17:03 ----A---- C:\Windows\system32\ieetwcollector.exe
2017-03-14 19:17:03 ----A---- C:\Windows\system32\ie4uinit.exe
2017-03-14 19:17:02 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2017-03-14 19:17:02 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2017-03-14 19:17:02 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2017-03-14 19:17:02 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2017-03-14 19:17:02 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2017-03-14 19:17:02 ----A---- C:\Windows\system32\occache.dll
2017-03-14 19:17:02 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-03-14 19:17:01 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2017-03-14 19:17:01 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2017-03-14 19:17:01 ----A---- C:\Windows\SYSWOW64\jscript.dll
2017-03-14 19:17:01 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2017-03-14 19:17:01 ----A---- C:\Windows\SYSWOW64\ieui.dll
2017-03-14 19:17:01 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2017-03-14 19:17:01 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2017-03-14 19:17:01 ----A---- C:\Windows\system32\urlmon.dll
2017-03-14 19:17:01 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2017-03-14 19:17:01 ----A---- C:\Windows\system32\msfeeds.dll
2017-03-14 19:17:01 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2017-03-14 19:17:01 ----A---- C:\Windows\system32\iedkcs32.dll
2017-03-14 19:17:01 ----A---- C:\Windows\system32\dxtrans.dll
2017-03-14 19:17:00 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2017-03-14 19:17:00 ----A---- C:\Windows\system32\iesetup.dll
2017-03-14 19:17:00 ----A---- C:\Windows\system32\ieapfltr.dll
2017-03-14 19:16:59 ----A---- C:\Windows\SYSWOW64\wininet.dll
2017-03-14 19:16:59 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2017-03-14 19:16:59 ----A---- C:\Windows\SYSWOW64\msrating.dll
2017-03-14 19:16:59 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2017-03-14 19:16:59 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2017-03-14 19:16:59 ----A---- C:\Windows\system32\vbscript.dll
2017-03-14 19:16:59 ----A---- C:\Windows\system32\jsproxy.dll
2017-03-14 19:16:59 ----A---- C:\Windows\system32\ieUnatt.exe
2017-03-14 19:16:59 ----A---- C:\Windows\system32\ieui.dll
2017-03-14 19:16:59 ----A---- C:\Windows\system32\dxtmsft.dll
2017-03-14 19:16:58 ----A---- C:\Windows\system32\webcheck.dll
2017-03-14 19:16:58 ----A---- C:\Windows\system32\mshtmlmedia.dll
2017-03-14 19:16:58 ----A---- C:\Windows\system32\mshtmled.dll
2017-03-14 19:16:58 ----A---- C:\Windows\system32\jscript9diag.dll
2017-03-14 19:16:58 ----A---- C:\Windows\system32\jscript.dll
2017-03-14 19:16:58 ----A---- C:\Windows\system32\ieframe.dll
2017-03-14 19:16:57 ----A---- C:\Windows\system32\wininet.dll
2017-03-14 19:16:57 ----A---- C:\Windows\system32\msrating.dll
2017-03-14 19:16:57 ----A---- C:\Windows\system32\MshtmlDac.dll
2017-03-14 19:16:57 ----A---- C:\Windows\system32\jscript9.dll
2017-03-14 19:16:56 ----A---- C:\Windows\system32\mshtml.dll
2017-03-14 19:16:55 ----A---- C:\Windows\system32\win32k.sys
2017-03-14 19:16:55 ----A---- C:\Windows\system32\ntoskrnl.exe
2017-03-14 19:16:54 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2017-03-14 19:16:54 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2017-03-14 19:16:54 ----A---- C:\Windows\system32\ntdll.dll
2017-03-14 19:16:54 ----A---- C:\Windows\system32\lsasrv.dll
2017-03-14 19:16:53 ----A---- C:\Windows\SYSWOW64\schannel.dll
2017-03-14 19:16:53 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2017-03-14 19:16:53 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2017-03-14 19:16:53 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2017-03-14 19:16:53 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2017-03-14 19:16:53 ----A---- C:\Windows\system32\usp10.dll
2017-03-14 19:16:53 ----A---- C:\Windows\system32\schannel.dll
2017-03-14 19:16:53 ----A---- C:\Windows\system32\rpcrt4.dll
2017-03-14 19:16:53 ----A---- C:\Windows\system32\quartz.dll
2017-03-14 19:16:53 ----A---- C:\Windows\system32\msxml3.dll
2017-03-14 19:16:53 ----A---- C:\Windows\system32\msv1_0.dll
2017-03-14 19:16:53 ----A---- C:\Windows\system32\KernelBase.dll
2017-03-14 19:16:53 ----A---- C:\Windows\system32\kernel32.dll
2017-03-14 19:16:53 ----A---- C:\Windows\system32\kerberos.dll
2017-03-14 19:16:53 ----A---- C:\Windows\system32\FntCache.dll
2017-03-14 19:16:53 ----A---- C:\Windows\system32\DWrite.dll
2017-03-14 19:16:53 ----A---- C:\Windows\system32\advapi32.dll
2017-03-14 19:16:53 ----A---- C:\Windows\HelpPane.exe
2017-03-14 19:16:52 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2017-03-14 19:16:52 ----A---- C:\Windows\SYSWOW64\usp10.dll
2017-03-14 19:16:52 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2017-03-14 19:16:52 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2017-03-14 19:16:52 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2017-03-14 19:16:52 ----A---- C:\Windows\SYSWOW64\quartz.dll
2017-03-14 19:16:52 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2017-03-14 19:16:52 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2017-03-14 19:16:52 ----A---- C:\Windows\SYSWOW64\mscms.dll
2017-03-14 19:16:52 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2017-03-14 19:16:52 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2017-03-14 19:16:52 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2017-03-14 19:16:52 ----A---- C:\Windows\SYSWOW64\icm32.dll
2017-03-14 19:16:52 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2017-03-14 19:16:52 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2017-03-14 19:16:52 ----A---- C:\Windows\SYSWOW64\certcli.dll
2017-03-14 19:16:52 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2017-03-14 19:16:52 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2017-03-14 19:16:52 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2017-03-14 19:16:52 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2017-03-14 19:16:52 ----A---- C:\Windows\system32\wow64win.dll
2017-03-14 19:16:52 ----A---- C:\Windows\system32\wow64.dll
2017-03-14 19:16:52 ----A---- C:\Windows\system32\winsrv.dll
2017-03-14 19:16:52 ----A---- C:\Windows\system32\wdigest.dll
2017-03-14 19:16:52 ----A---- C:\Windows\system32\TSpkg.dll
2017-03-14 19:16:52 ----A---- C:\Windows\system32\srcore.dll
2017-03-14 19:16:52 ----A---- C:\Windows\system32\smss.exe
2017-03-14 19:16:52 ----A---- C:\Windows\system32\rstrui.exe
2017-03-14 19:16:52 ----A---- C:\Windows\system32\rpchttp.dll
2017-03-14 19:16:52 ----A---- C:\Windows\system32\ncrypt.dll
2017-03-14 19:16:52 ----A---- C:\Windows\system32\mscms.dll
2017-03-14 19:16:52 ----A---- C:\Windows\system32\inetcomm.dll
2017-03-14 19:16:52 ----A---- C:\Windows\system32\icm32.dll
2017-03-14 19:16:52 ----A---- C:\Windows\system32\gdi32.dll
2017-03-14 19:16:52 ----A---- C:\Windows\system32\drivers\srv.sys
2017-03-14 19:16:52 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2017-03-14 19:16:52 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2017-03-14 19:16:52 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2017-03-14 19:16:52 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2017-03-14 19:16:52 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2017-03-14 19:16:52 ----A---- C:\Windows\system32\drivers\appid.sys
2017-03-14 19:16:52 ----A---- C:\Windows\system32\csrsrv.dll
2017-03-14 19:16:52 ----A---- C:\Windows\system32\cryptbase.dll
2017-03-14 19:16:52 ----A---- C:\Windows\system32\conhost.exe
2017-03-14 19:16:52 ----A---- C:\Windows\system32\certcli.dll
2017-03-14 19:16:52 ----A---- C:\Windows\system32\bcrypt.dll
2017-03-14 19:16:52 ----A---- C:\Windows\system32\appidsvc.dll
2017-03-14 19:16:52 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2017-03-14 19:16:52 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2017-03-14 19:16:52 ----A---- C:\Windows\system32\appidapi.dll
2017-03-14 19:16:52 ----A---- C:\Windows\system32\adtschema.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-03-14 19:16:51 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-03-14 19:16:51 ----A---- C:\Windows\SYSWOW64\wow32.dll
2017-03-14 19:16:51 ----A---- C:\Windows\SYSWOW64\WcsPlugInService.dll
2017-03-14 19:16:51 ----A---- C:\Windows\SYSWOW64\user.exe
2017-03-14 19:16:51 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2017-03-14 19:16:51 ----A---- C:\Windows\SYSWOW64\srclient.dll
2017-03-14 19:16:51 ----A---- C:\Windows\SYSWOW64\setup16.exe
2017-03-14 19:16:51 ----A---- C:\Windows\SYSWOW64\secur32.dll
2017-03-14 19:16:51 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2017-03-14 19:16:51 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2017-03-14 19:16:51 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2017-03-14 19:16:51 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2017-03-14 19:16:51 ----A---- C:\Windows\SYSWOW64\instnm.exe
2017-03-14 19:16:51 ----A---- C:\Windows\SYSWOW64\INETRES.dll
2017-03-14 19:16:51 ----A---- C:\Windows\SYSWOW64\credssp.dll
2017-03-14 19:16:51 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2017-03-14 19:16:51 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2017-03-14 19:16:51 ----A---- C:\Windows\system32\wow64cpu.dll
2017-03-14 19:16:51 ----A---- C:\Windows\system32\WcsPlugInService.dll
2017-03-14 19:16:51 ----A---- C:\Windows\system32\sspisrv.dll
2017-03-14 19:16:51 ----A---- C:\Windows\system32\sspicli.dll
2017-03-14 19:16:51 ----A---- C:\Windows\system32\srclient.dll
2017-03-14 19:16:51 ----A---- C:\Windows\system32\setbcdlocale.dll
2017-03-14 19:16:51 ----A---- C:\Windows\system32\secur32.dll
2017-03-14 19:16:51 ----A---- C:\Windows\system32\ntvdm64.dll
2017-03-14 19:16:51 ----A---- C:\Windows\system32\msxml3r.dll
2017-03-14 19:16:51 ----A---- C:\Windows\system32\msobjs.dll
2017-03-14 19:16:51 ----A---- C:\Windows\system32\msaudite.dll
2017-03-14 19:16:51 ----A---- C:\Windows\system32\lsass.exe
2017-03-14 19:16:51 ----A---- C:\Windows\system32\INETRES.dll
2017-03-14 19:16:51 ----A---- C:\Windows\system32\drivers\srvnet.sys
2017-03-14 19:16:51 ----A---- C:\Windows\system32\drivers\srv2.sys
2017-03-14 19:16:51 ----A---- C:\Windows\system32\credssp.dll
2017-03-14 19:16:51 ----A---- C:\Windows\system32\auditpol.exe
2017-03-14 19:16:51 ----A---- C:\Windows\system32\apisetschema.dll
2017-03-14 19:16:23 ----A---- C:\Windows\system32\appraiser.dll
2017-03-14 19:16:23 ----A---- C:\Windows\system32\aepic.dll
2017-03-14 19:16:23 ----A---- C:\Windows\system32\aeinv.dll
2017-03-14 19:16:22 ----A---- C:\Windows\system32\invagent.dll
2017-03-14 19:16:22 ----A---- C:\Windows\system32\generaltel.dll
2017-03-14 19:16:22 ----A---- C:\Windows\system32\devinv.dll
2017-03-14 19:16:22 ----A---- C:\Windows\system32\CompatTelRunner.exe
2017-03-14 19:16:22 ----A---- C:\Windows\system32\centel.dll
2017-03-14 19:16:22 ----A---- C:\Windows\system32\acmigration.dll
2017-03-08 20:52:50 ----D---- C:\Steam
2017-02-26 13:25:58 ----D---- C:\Users\Ecjev\AppData\Roaming\TeamViewer

======List of files/folders modified in the last 1 month======

2017-03-19 23:58:38 ----D---- C:\Windows\Temp
2017-03-19 23:58:36 ----RD---- C:\Program Files
2017-03-19 23:55:18 ----D---- C:\Windows\System32
2017-03-19 23:55:18 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-03-19 23:55:17 ----D---- C:\Windows\inf
2017-03-19 23:53:40 ----D---- C:\Windows\system32\drivers
2017-03-19 23:49:03 ----D---- C:\ProgramData\NVIDIA
2017-03-19 23:48:33 ----D---- C:\Windows\system32\config
2017-03-19 22:43:17 ----SHD---- C:\System Volume Information
2017-03-19 22:33:36 ----D---- C:\Windows
2017-03-19 21:48:28 ----HD---- C:\ProgramData
2017-03-19 21:38:54 ----RD---- C:\Users
2017-03-19 17:35:25 ----D---- C:\Windows\Panther
2017-03-19 17:25:29 ----D---- C:\Windows\Logs
2017-03-19 17:24:56 ----HD---- C:\Windows\system32\WLANProfiles
2017-03-19 12:33:39 ----SD---- C:\Users\Ecjev\AppData\Roaming\Microsoft
2017-03-18 12:41:11 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-18 10:05:12 ----D---- C:\drivers
2017-03-17 08:18:04 ----D---- C:\Windows\system32\appmgmt
2017-03-17 08:18:03 ----SHD---- C:\Windows\Installer
2017-03-15 22:11:47 ----D---- C:\Program Files\Common Files\Microsoft Shared
2017-03-15 22:07:00 ----D---- C:\Windows\SysWOW64
2017-03-15 17:25:33 ----D---- C:\Windows\winsxs
2017-03-15 17:24:58 ----SD---- C:\Windows\system32\CompatTel
2017-03-15 17:24:58 ----D---- C:\Windows\SYSWOW64\migration
2017-03-15 17:24:58 ----D---- C:\Windows\SYSWOW64\en-US
2017-03-15 17:24:58 ----D---- C:\Windows\SYSWOW64\cs-CZ
2017-03-15 17:24:58 ----D---- C:\Windows\system32\migration
2017-03-15 17:24:58 ----D---- C:\Windows\system32\en-US
2017-03-15 17:24:58 ----D---- C:\Windows\system32\cs-CZ
2017-03-15 17:24:58 ----D---- C:\Windows\system32\Boot
2017-03-15 17:24:58 ----D---- C:\Windows\system32\appraiser
2017-03-15 17:24:58 ----D---- C:\Windows\AppPatch
2017-03-15 17:24:58 ----D---- C:\Program Files\Internet Explorer
2017-03-15 17:24:58 ----D---- C:\Program Files\DVD Maker
2017-03-15 17:24:58 ----D---- C:\Program Files (x86)\Internet Explorer
2017-03-14 21:40:44 ----D---- C:\Windows\system32\MRT
2017-03-14 21:40:01 ----AC---- C:\Windows\system32\MRT.exe
2017-03-14 19:15:45 ----D---- C:\Windows\system32\catroot2
2017-03-14 19:05:13 ----D---- C:\Windows\Tasks
2017-03-14 19:05:13 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2017-03-14 19:05:09 ----D---- C:\Windows\system32\Macromed
2017-03-14 19:05:05 ----D---- C:\Windows\SYSWOW64\Macromed
2017-03-13 17:57:30 ----D---- C:\Windows\system32\FxsTmp
2017-03-12 17:41:37 ----D---- C:\Users\Ecjev\AppData\Roaming\vlc

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 edevmon;edevmon; C:\Windows\system32\DRIVERS\edevmon.sys [2016-12-13 106768]
R0 iastora;iastora; C:\Windows\system32\DRIVERS\iaStorA.sys [2013-11-21 632168]
R0 iaStorF;iaStorF; C:\Windows\system32\DRIVERS\iaStorF.sys [2013-11-21 28008]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2014-01-06 20464]
R0 LHDmgr;LHDmgr; C:\Windows\System32\DRIVERS\LhdX64.sys [2017-01-19 39008]
R0 nldrv;nldrv; C:\Windows\system32\drivers\nldrv.sys [2016-12-06 142888]
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2016-12-12 38336]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2016-12-13 132272]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2016-12-13 180544]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2014-12-20 40344]
R1 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2016-12-13 77616]
R1 EpfwLWF;ESET Personal Firewall; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2016-12-13 60536]
R1 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2016-12-13 96856]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 ekbdflt;ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [2016-12-13 49672]
R3 _hid_0738_1703;_hid_0738_1703; C:\Windows\system32\DRIVERS\_hid_0738_1703.sys [2016-07-18 210408]
R3 _usb_0738_1703;_usb_0738_1703; C:\Windows\system32\DRIVERS\_usb_0738_1703.sys [2016-07-18 46824]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\Windows\system32\DRIVERS\AcpiVpc.sys [2017-01-19 30816]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2014-01-27 1692376]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2013-10-17 377608]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2015-08-09 4928256]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2014-01-06 369648]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2014-01-06 790512]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2013-09-17 99288]
R3 NETwNs64;___ Ovladač adaptéru Intel(R) Wireless pro systém Windows 7 64 Bit; C:\Windows\system32\DRIVERS\Netwsw02.sys [2014-05-04 3438048]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUVStor.sys [2013-08-08 329944]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2013-08-28 883928]
R3 S6000KNT;Alcor WebCam Driver; C:\Windows\System32\Drivers\S6000KNT.sys [2015-05-21 899712]
R3 SaiMini;SaiMini; C:\Windows\system32\DRIVERS\SaiMini.sys [2016-07-18 24152]
R3 SaiNtBus;SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [2016-07-18 59736]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2013-07-24 36864]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys [2015-04-30 23200]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-12-19 82640]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 CxAudMsg;@C:\Windows\system32\CxAudMsg64.exe,-100; C:\Windows\system32\CxAudMsg64.exe [2013-07-25 206552]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\drivers\ESET_smart\ekrn.exe [2016-12-14 2836296]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\drivers\PROSet_wireless\WiFi\bin\EvtEng.exe [2014-01-17 632048]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\drivers\Intel_Rapid_tech\IAStorDataMgrSvc.exe [2013-11-21 15720]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\Windows\system32\igfxCUIService.exe [2015-08-09 355232]
R2 nlsvc;NetLimiter 4 Service; D:\Programy\net_limiter\NLSvc.exe [2016-12-06 323632]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2016-12-11 459832]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2017-01-22 76888]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2014-01-17 154864]
R2 SAService;Conexant SmartAudio service; C:\Windows\system32\SAsrv.exe []
R2 USBSafelyRemoveService;USB Safely Remove Assistant; D:\Programy\USB Safely Remove\USBSRService.exe [2016-10-16 1705752]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service; C:\drivers\PROSet_wireless\WiFi\bin\ZeroConfigService.exe [2014-01-17 3816176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-11-29 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2016-11-29 125112]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-14 271960]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2015-08-09 288688]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-03-04 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2017-03-18 196040]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\drivers\PROSet_wireless\WiFi\bin\PanDhcpDns.exe [2014-01-17 284912]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2017-01-19 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2016-11-29 51384]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]

-----------------EOF-----------------

[Márty84]

Zdravim

Je to havet. Nejdrive na to posleme nastroje a co zbyde, domazu skriptem.

Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner[C?].txt ). Ten mi sem zkopirujte.

Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu (cili Vlastni sken vsech disku) http://forum.viry.cz/viewtopic.php?f=29&t=144868 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

[vejce4444]

Dobrý den,

projel jsem to tím ADW cleanerem, ale system.js se pořád otevírá při startu. Samozřejmě přikládám LOG. Druhý program Malwarebytes našel akorát neškodný script do jedné hry . Jaký tedy bude další postup? Děkuji za opověď. Logy samozřejmě přidávám:

ADWCLEANER:

# AdwCleaner v6.044 - Log vytvořen 20/03/2017 v 16:55:38
# Aktualizováno dne 28/02/2017 z Malwarebytes
# Databáze : 2017-03-19.1 [Server]
# Operační systém : Windows 7 Professional Service Pack 1 (X64)
# Uživatelské jméno : Ecjev - ECJEV-NTB
# Spuštěno z : C:\Users\Ecjev\Desktop\adwcleaner_6.044.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Složky ] *****



***** [ Soubory ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****



***** [ Registry ] *****

[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\System
[-] Hodnota smazána: HKU\S-1-5-21-58873803-3009850163-3451747300-1000\Software\Microsoft\Windows\CurrentVersion\Run [System]
[#] Hodnota smazána po restartu: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [System]
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [System]
[#] Hodnota smazána po restartu: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [System]


***** [ Prohlížeče ] *****



*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1303 Bajty] - [20/03/2017 16:55:38]
C:\AdwCleaner\AdwCleaner[S0].txt - [1782 Bajty] - [20/03/2017 16:55:06]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1449 Bajty] ##########



MALWAREBYTES:


Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 20.03.17
Čas skenování: 17:00
Logovací soubor: malwarebytes.txt
Správce: Ano

-Informace o softwaru-
Verze: 3.0.6.1469
Verze komponentů: 1.0.75
Aktualizovat verzi balíku komponent: 1.0.1548
Licence: Zkušební

-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x64
Systém souborů: NTFS
Uživatel: Ecjev-NTB\Ecjev

-Shrnutí skenování-
Typ skenování: Vlastní skenování
Výsledek: Dokončeno
Skenované objekty: 459604
Uplynulý čas: 1 hod, 58 min, 6 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Povoleno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 2
PUP.Optional.OpenCandy, D:\KNIHOVNY\DOCUMENTS\IMAGE\SAFE MONEY BY XHARDHEMPUS\1. CHEAT ENGINE INSTALLER\CHEATENGINE 6.5.1.EXE, Žádná uživatelská akce, [648], [101648],1.0.1548
PUP.Optional.OpenCandy, D:\KNIHOVNY\DOWNLOADS\SAFE MONEY BY XHARDHEMPUS.RAR, Žádná uživatelská akce, [648], [101648],1.0.1548

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

[Márty84]

Pokud tedy nalezy znate, nalozte s nimi jak chcete, pak MBAM odinstalujte.

Dejte logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach a budem mazat.
(Kdyby nesel Launcher stahnout, dejte logy jen ze samotneho FRST, tedy bez pouziti Launcheru)

[vejce4444]

Tak zde je log z FRST a ADDITION (ten je v zipu ke stažení).

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Ecjev (administrator) on ECJEV-NTB (20-03-2017 19:54:07)
Running from C:\Users\Ecjev\Desktop
Loaded Profiles: Ecjev (Available Profiles: Ecjev)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: "C:\drivers\Mozilla_firefox\firefox.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\drivers\ESET_smart\ekrn.exe
(Crystal Rich Ltd) D:\Programy\USB Safely Remove\USBSRService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\drivers\PROSet_wireless\WiFi\bin\EvtEng.exe
(Locktime Software) D:\Programy\net_limiter\NLSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Intel® Corporation) C:\drivers\PROSet_wireless\WiFi\bin\ZeroConfigService.exe
(ESET) C:\drivers\ESET_smart\egui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Alcor) C:\Windows\WebCam\S6000\S6000Mnt.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
() C:\drivers\RocketDock\RocketDock.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Crystal Rich Ltd) D:\Programy\USB Safely Remove\USBSafelyRemove.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Mozilla Corporation) C:\drivers\Mozilla_firefox\firefox.exe
(Mozilla Corporation) C:\drivers\Mozilla_firefox\firefox.exe
(Intel Corporation) C:\drivers\Intel_Rapid_tech\IAStorIcon.exe
(Intel Corporation) C:\drivers\Intel_Rapid_tech\IAStorDataMgrSvc.exe
(forum.viry.cz) C:\Users\Ecjev\Desktop\FRSTLauncher(2).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4876528 2014-01-17] (Intel(R) Corporation)
HKLM\...\Run: [IAStorIcon] => C:\drivers\Intel_Rapid_tech\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-04] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [S6000Mnt] => C:\Windows\WebCam\S6000\S6000Mnt.exe [516608 2015-05-21] (Alcor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2891080 2013-10-17] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2017-01-19] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6200368 2017-01-19] (Lenovo(beijing) Limited)
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2015-10-01] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [157696 2015-10-01] (Saitek)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-01-06] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-58873803-3009850163-3451747300-1000\...\Run: [RocketDock] => C:\drivers\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-58873803-3009850163-3451747300-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-58873803-3009850163-3451747300-1000\...\Run: [USB Safely Remove] => D:\Programy\USB Safely Remove\USBSafelyRemove.exe [6519064 2016-10-16] (Crystal Rich Ltd)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [170688 2016-12-12] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148016 2016-12-12] (NVIDIA Corporation)
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F236742D-D4F8-4C22-AEAC-E4904C803F32}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-58873803-3009850163-3451747300-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-19] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-19] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: cd0d3xug.default
FF ProfilePath: C:\Users\Ecjev\AppData\Roaming\Mozilla\Firefox\Profiles\cd0d3xug.default [2017-03-20]
FF Extension: (Adblock Plus Pop-up Addon) - C:\Users\Ecjev\AppData\Roaming\Mozilla\Firefox\Profiles\cd0d3xug.default\Extensions\adblockpopups@jessehakanen.net.xpi [2016-07-10]
FF Extension: (Adblock Plus) - C:\Users\Ecjev\AppData\Roaming\Mozilla\Firefox\Profiles\cd0d3xug.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\drivers\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-01-18] (Adobe Systems Inc.)
StartMenuInternet: FIREFOX.EXE - C:\drivers\Mozilla_firefox\firefox.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\drivers\ESET_smart\ekrn.exe [2836296 2016-12-14] (ESET)
R2 EvtEng; C:\drivers\PROSet_wireless\WiFi\bin\EvtEng.exe [632048 2014-01-17] (Intel(R) Corporation)
R2 IAStorDataMgrSvc; C:\drivers\Intel_Rapid_tech\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\drivers\PROSet_wireless\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
R2 nlsvc; D:\Programy\net_limiter\NLSvc.exe [323632 2016-12-06] (Locktime Software)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2016-12-11] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2017-01-22] ()
R2 USBSafelyRemoveService; D:\Programy\USB Safely Remove\USBSRService.exe [1705752 2016-10-16] (Crystal Rich Ltd)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\drivers\PROSet_wireless\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [132272 2016-12-13] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [106768 2016-12-13] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [180544 2016-12-13] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [49672 2016-12-13] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [77616 2016-12-13] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [60536 2016-12-13] (ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [96856 2016-12-13] (ESET)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-21] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-17] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3438048 2014-05-04] (Intel Corporation)
R0 nldrv; C:\Windows\System32\drivers\nldrv.sys [142888 2016-12-06] (Locktime Software)
R3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [899712 2015-05-21] (Bison)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [24152 2016-07-18] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [59736 2016-07-18] (Saitek)
R3 _hid_0738_1703; C:\Windows\System32\DRIVERS\_hid_0738_1703.sys [210408 2016-07-18] (Saitek)
R3 _usb_0738_1703; C:\Windows\System32\DRIVERS\_usb_0738_1703.sys [46824 2016-07-18] (Saitek)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-20 19:54 - 2017-03-20 19:54 - 00011594 _____ C:\Users\Ecjev\Desktop\FRST.txt
2017-03-20 19:53 - 2017-03-20 19:54 - 00000000 ____D C:\FRST
2017-03-20 19:53 - 2017-03-20 19:52 - 00112640 _____ (forum.viry.cz) C:\Users\Ecjev\Desktop\FRSTLauncher(2).exe
2017-03-20 19:53 - 2017-03-20 19:51 - 02424832 _____ (Farbar) C:\Users\Ecjev\Desktop\FRST64.exe
2017-03-20 18:59 - 2017-03-20 18:59 - 00001754 _____ C:\Users\Ecjev\Desktop\malwarebytes.txt
2017-03-20 16:53 - 2017-03-20 16:55 - 00000000 ____D C:\AdwCleaner
2017-03-20 16:53 - 2017-03-20 16:53 - 04031440 _____ C:\Users\Ecjev\Desktop\adwcleaner_6.044.exe
2017-03-20 00:00 - 2017-03-20 00:00 - 00018856 _____ C:\Users\Ecjev\Desktop\info.txt
2017-03-19 23:58 - 2017-03-19 23:58 - 01222144 _____ C:\Users\Ecjev\Desktop\RSITx64.exe
2017-03-19 23:58 - 2017-03-19 23:58 - 00000000 ____D C:\rsit
2017-03-19 23:58 - 2017-03-19 23:58 - 00000000 ____D C:\Program Files\trend micro
2017-03-19 22:42 - 2016-07-16 13:42 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2017-03-19 22:33 - 2017-03-19 22:33 - 00262144 ____N C:\Windows\Minidump\031917-8595-01.dmp
2017-03-19 21:57 - 2017-03-19 22:33 - 00000000 ____D C:\Windows\Minidump
2017-03-19 21:57 - 2017-03-19 21:57 - 607172030 _____ C:\Windows\MEMORY.DMP
2017-03-19 21:57 - 2017-03-19 21:57 - 00308752 _____ C:\Windows\Minidump\031917-18330-01.dmp
2017-03-19 21:56 - 2017-03-19 22:43 - 00000482 _____ C:\Windows\system32\.crusader
2017-03-19 21:48 - 2017-03-19 21:53 - 00000000 ____D C:\ProgramData\HitmanPro
2017-03-19 17:35 - 2017-03-19 17:35 - 00000000 ___HD C:\$WINDOWS.~BT
2017-03-19 17:25 - 2017-03-19 17:35 - 00001908 _____ C:\Windows\diagwrn.xml
2017-03-19 17:25 - 2017-03-19 17:35 - 00001908 _____ C:\Windows\diagerr.xml
2017-03-19 14:13 - 2017-03-20 16:56 - 00000000 ____D C:\Users\Ecjev\AppData\Roaming\USBSafelyRemove
2017-03-19 14:12 - 2017-03-19 14:12 - 00000000 ____D C:\Users\Ecjev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\USB Safely Remove
2017-03-19 14:12 - 2017-03-19 14:12 - 00000000 ____D C:\ProgramData\USBSRService
2017-03-16 22:11 - 2017-03-16 22:11 - 00000000 ____D C:\Users\Ecjev\AppData\Local\IsolatedStorage
2017-03-16 08:33 - 2017-03-16 22:24 - 00000539 _____ C:\Users\Ecjev\Desktop\key.txt
2017-03-15 22:12 - 2017-03-15 22:12 - 00000000 ____D C:\Users\Ecjev\Documents\CPY_SAVES
2017-03-15 20:41 - 2017-03-15 20:41 - 00000057 _____ C:\Users\Ecjev\Desktop\server.txt
2017-03-14 19:17 - 2017-03-04 18:24 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-03-14 19:17 - 2017-03-04 17:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-03-14 19:17 - 2017-03-04 09:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-03-14 19:17 - 2017-03-04 09:02 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-03-14 19:17 - 2017-03-04 09:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-03-14 19:17 - 2017-03-04 08:59 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-03-14 19:17 - 2017-03-04 08:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-03-14 19:17 - 2017-03-04 08:45 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-03-14 19:17 - 2017-03-04 08:36 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-03-14 19:17 - 2017-03-04 08:23 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-03-14 19:17 - 2017-03-04 08:21 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-03-14 19:17 - 2017-03-04 08:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-03-14 19:17 - 2017-03-04 08:11 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-03-14 19:17 - 2017-03-04 07:55 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-03-14 19:17 - 2017-03-04 07:54 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-03-14 19:17 - 2017-03-04 07:52 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-03-14 19:17 - 2017-03-04 07:12 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-03-14 19:17 - 2017-03-04 07:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-03-14 19:17 - 2017-03-04 05:18 - 20281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-03-14 19:17 - 2017-03-02 19:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-03-14 19:17 - 2017-03-02 19:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-03-14 19:17 - 2017-03-02 19:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-03-14 19:17 - 2017-03-02 18:55 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-03-14 19:17 - 2017-03-02 18:54 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-03-14 19:17 - 2017-03-02 18:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-03-14 19:17 - 2017-03-02 18:51 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-03-14 19:17 - 2017-03-02 18:50 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-03-14 19:17 - 2017-03-02 18:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-03-14 19:17 - 2017-03-02 18:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-03-14 19:17 - 2017-03-02 18:41 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-03-14 19:17 - 2017-03-02 18:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-03-14 19:17 - 2017-03-02 18:35 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-03-14 19:17 - 2017-03-02 18:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-03-14 19:17 - 2017-03-02 18:29 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-03-14 19:17 - 2017-03-02 18:28 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-03-14 19:17 - 2017-03-02 18:19 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-03-14 19:17 - 2017-03-02 18:17 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-03-14 19:17 - 2017-03-02 18:17 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-03-14 19:17 - 2017-03-02 18:11 - 13654528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-03-14 19:17 - 2017-03-02 17:50 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-03-14 19:17 - 2017-03-02 17:50 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-03-14 19:16 - 2017-03-04 09:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-03-14 19:16 - 2017-03-04 09:01 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-03-14 19:16 - 2017-03-04 09:01 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-03-14 19:16 - 2017-03-04 09:01 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-03-14 19:16 - 2017-03-04 08:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-03-14 19:16 - 2017-03-04 08:48 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-03-14 19:16 - 2017-03-04 08:46 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-03-14 19:16 - 2017-03-04 08:45 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-03-14 19:16 - 2017-03-04 08:45 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-03-14 19:16 - 2017-03-04 08:44 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-03-14 19:16 - 2017-03-04 08:32 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-03-14 19:16 - 2017-03-04 08:31 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-03-14 19:16 - 2017-03-04 08:16 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-03-14 19:16 - 2017-03-04 08:16 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-03-14 19:16 - 2017-03-04 07:57 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-03-14 19:16 - 2017-03-04 07:52 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-03-14 19:16 - 2017-03-04 07:26 - 15259648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-03-14 19:16 - 2017-03-04 07:25 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-03-14 19:16 - 2017-03-02 19:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-03-14 19:16 - 2017-03-02 19:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-03-14 19:16 - 2017-03-02 19:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-03-14 19:16 - 2017-03-02 18:32 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-03-14 19:16 - 2017-03-02 18:22 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-03-14 19:16 - 2017-03-02 18:21 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-03-14 19:16 - 2017-03-02 17:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-03-14 19:16 - 2017-02-23 00:42 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-03-14 19:16 - 2017-02-23 00:37 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-03-14 19:16 - 2017-02-18 15:05 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-03-14 19:16 - 2017-02-18 15:05 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-03-14 19:16 - 2017-02-11 16:58 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-14 19:16 - 2017-02-11 16:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-03-14 19:16 - 2017-02-11 16:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-03-14 19:16 - 2017-02-10 17:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-14 19:16 - 2017-02-10 17:32 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-03-14 19:16 - 2017-02-10 17:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-03-14 19:16 - 2017-02-10 17:17 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-03-14 19:16 - 2017-02-10 15:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-03-14 19:16 - 2017-02-09 17:36 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-03-14 19:16 - 2017-02-09 17:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-03-14 19:16 - 2017-02-09 17:35 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-03-14 19:16 - 2017-02-09 17:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-03-14 19:16 - 2017-02-09 17:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-03-14 19:16 - 2017-02-09 17:33 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-03-14 19:16 - 2017-02-09 17:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-03-14 19:16 - 2017-02-09 17:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-03-14 19:16 - 2017-02-09 17:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-03-14 19:16 - 2017-02-09 17:32 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-03-14 19:16 - 2017-02-09 17:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-03-14 19:16 - 2017-02-09 17:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-03-14 19:16 - 2017-02-09 17:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-03-14 19:16 - 2017-02-09 17:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-03-14 19:16 - 2017-02-09 17:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-03-14 19:16 - 2017-02-09 17:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-03-14 19:16 - 2017-02-09 17:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-03-14 19:16 - 2017-02-09 17:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-03-14 19:16 - 2017-02-09 17:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-03-14 19:16 - 2017-02-09 17:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-03-14 19:16 - 2017-02-09 17:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-03-14 19:16 - 2017-02-09 17:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-03-14 19:16 - 2017-02-09 17:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:19 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-03-14 19:16 - 2017-02-09 17:19 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-03-14 19:16 - 2017-02-09 17:16 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 17:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-03-14 19:16 - 2017-02-09 17:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-03-14 19:16 - 2017-02-09 17:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-03-14 19:16 - 2017-02-09 17:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-03-14 19:16 - 2017-02-09 17:00 - 03220480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-03-14 19:16 - 2017-02-09 16:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-03-14 19:16 - 2017-02-09 16:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-03-14 19:16 - 2017-02-09 16:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-03-14 19:16 - 2017-02-09 16:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-03-14 19:16 - 2017-02-09 16:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-03-14 19:16 - 2017-02-09 16:54 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-03-14 19:16 - 2017-02-09 16:54 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-03-14 19:16 - 2017-02-09 16:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-03-14 19:16 - 2017-02-09 16:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-03-14 19:16 - 2017-02-09 16:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-03-14 19:16 - 2017-02-09 16:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-03-14 19:16 - 2017-02-09 16:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-03-14 19:16 - 2017-02-09 16:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-03-14 19:16 - 2017-02-09 16:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-03-14 19:16 - 2017-02-09 16:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 16:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 16:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 16:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-03-14 19:16 - 2017-02-09 15:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-14 19:16 - 2017-02-09 15:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-14 19:16 - 2017-02-06 17:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-14 19:16 - 2017-01-13 19:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-14 19:16 - 2017-01-13 19:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-03-14 19:16 - 2017-01-13 18:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-03-14 19:16 - 2017-01-13 18:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-03-14 19:16 - 2017-01-11 19:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-14 19:16 - 2017-01-11 19:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-03-14 19:16 - 2017-01-11 18:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-03-14 19:16 - 2017-01-11 18:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-03-14 19:16 - 2017-01-06 19:00 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-03-14 19:16 - 2017-01-06 18:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-03-14 19:16 - 2016-12-31 16:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-03-14 19:16 - 2016-12-31 16:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-03-14 19:16 - 2016-12-31 16:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-03-14 19:16 - 2016-12-31 16:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-03-14 19:16 - 2016-12-31 16:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-03-08 20:52 - 2017-03-08 20:53 - 00000000 ____D C:\Steam
2017-02-26 13:25 - 2017-02-26 13:47 - 00000000 ____D C:\Users\Ecjev\AppData\Roaming\TeamViewer

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-20 17:55 - 2009-07-14 05:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-20 17:55 - 2009-07-14 05:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-20 17:52 - 2011-04-12 09:34 - 00681844 _____ C:\Windows\system32\perfh005.dat
2017-03-20 17:52 - 2011-04-12 09:34 - 00145756 _____ C:\Windows\system32\perfc005.dat
2017-03-20 17:52 - 2009-07-14 06:13 - 01611422 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-20 17:52 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-03-20 16:57 - 2017-01-19 17:38 - 00000000 ____D C:\Users\Ecjev\AppData\LocalLow\Mozilla
2017-03-20 16:56 - 2017-01-19 20:27 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-20 16:56 - 2017-01-19 19:10 - 00000000 __SHD C:\Users\Ecjev\IntelGraphicsProfiles
2017-03-20 16:56 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-20 16:52 - 2017-01-19 17:33 - 00000000 ___HD C:\Windows\system32\WLANProfiles
2017-03-19 21:53 - 2009-07-14 06:08 - 00032570 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-03-19 17:35 - 2017-01-20 18:00 - 00000452 __RSH C:\ProgramData\ntuser.pol
2017-03-19 17:35 - 2017-01-19 17:09 - 00000000 ____D C:\Windows\Panther
2017-03-18 22:33 - 2017-01-20 07:13 - 00000000 ____D C:\Users\Ecjev\AppData\Local\CrashDumps
2017-03-18 12:41 - 2017-01-19 17:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-17 08:18 - 2017-01-19 19:22 - 00000000 ____D C:\Windows\system32\appmgmt
2017-03-15 22:12 - 2017-01-20 17:42 - 00000000 ____D C:\Users\Ecjev\Documents\My Games
2017-03-15 22:11 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-03-15 17:25 - 2009-07-14 05:45 - 00343528 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-15 17:24 - 2017-01-19 21:50 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-03-15 17:24 - 2017-01-19 21:50 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-15 17:24 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-03-14 21:40 - 2017-01-19 18:05 - 138634176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-14 21:40 - 2017-01-19 18:05 - 00000000 ____D C:\Windows\system32\MRT
2017-03-14 19:05 - 2017-01-20 09:02 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-14 19:05 - 2017-01-20 09:02 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-14 19:05 - 2017-01-20 09:02 - 00004396 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-14 19:05 - 2017-01-20 09:02 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-14 19:05 - 2017-01-20 09:02 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-13 18:00 - 2017-02-02 18:49 - 00002294 ____H C:\Users\Ecjev\Documents\Default.rdp
2017-03-13 17:57 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2017-03-12 17:41 - 2017-01-20 19:58 - 00000000 ____D C:\Users\Ecjev\AppData\Roaming\vlc
2017-02-24 16:34 - 2017-01-20 09:01 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2017-01-20 07:15 - 2016-08-05 21:46 - 0034310 ___SH () C:\Users\Ecjev\AppData\Roaming\Microsoft\system.js
2017-01-20 19:20 - 2017-01-21 11:06 - 0007610 _____ () C:\Users\Ecjev\AppData\Local\Resmon.ResmonCfg
2017-01-19 17:55 - 2017-01-19 17:55 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2017-02-10 20:52 - 2016-10-11 16:34 - 1732864 _____ (Microsoft Corporation) C:\Users\Ecjev\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-19 17:09

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (Systém) (Fixed) (Total:111.69 GB) (Free:42.55 GB) NTFS
Drive d: (Data) (Fixed) (Total:931.41 GB) (Free:163.73 GB) NTFS

Available physical RAM: 4672.68 MB
Total physical RAM: 8088.36 MB
Percentage of memory in use: 42%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 9892029A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D9FA2484)
Partition 1: (Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: ESET Smart Security 10.0.390.0 (Disabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security 10.0.390.0 (Disabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personální firewall (Disabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Ecjev\Desktop" je 433 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetLimiter
"D:\Programy\net_limiter\nlclientapp.exe" /minimized [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive
"D:\Programy\VirtualCloneDrive\VCDDaemon.exe" /s [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[Márty84]

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
GroupPolicy: Restriction <======= ATTENTION

HKU\S-1-5-21-58873803-3009850163-3451747300-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp

Task: {D24746BD-98C1-434C-B8F2-6D74234102F1} - System32\Tasks\WindowDefender => C:\Users\Ecjev\AppData\Roaming\MICROSOFT\system.js [2016-08-05] ()

C:\Users\Ecjev\AppData\Roaming\Microsoft\system.js

Hosts:
EmptyTemp:
Reboot:
End

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

[vejce4444]

Skvělé už se system.js po restartu neotevřel. Moc Vám děkuji jste nejlepší . Log samozřejmě přiložím. Chci se ještě zeptat co to bylo za havěť? A co popřípadě dělal v systému? Ještě jednou děkuji moc a přikládám Log.

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Ecjev (21-03-2017 17:11:28) Run:1
Running from C:\Users\Ecjev\Desktop
Loaded Profiles: Ecjev (Available Profiles: Ecjev)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
GroupPolicy: Restriction <======= ATTENTION

HKU\S-1-5-21-58873803-3009850163-3451747300-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp

Task: {D24746BD-98C1-434C-B8F2-6D74234102F1} - System32\Tasks\WindowDefender => C:\Users\Ecjev\AppData\Roaming\MICROSOFT\system.js [2016-08-05] ()

C:\Users\Ecjev\AppData\Roaming\Microsoft\system.js

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKU\S-1-5-21-58873803-3009850163-3451747300-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D24746BD-98C1-434C-B8F2-6D74234102F1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D24746BD-98C1-434C-B8F2-6D74234102F1} => key removed successfully
C:\Windows\System32\Tasks\WindowDefender => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WindowDefender => key removed successfully
C:\Users\Ecjev\AppData\Roaming\Microsoft\system.js => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 176409908 B
Java, Flash, Steam htmlcache => 105999427 B
Windows/system/drivers => 615191759 B
Edge => 0 B
Chrome => 0 B
Firefox => 529312434 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 58558406 B
systemprofile32 => 66356 B
LocalService => 0 B
NetworkService => 69194 B
Ecjev => 535559861 B

RecycleBin => 1318 B
EmptyTemp: => 1.9 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:11:41 ====

[vejce4444]

Ještě jeden takový poznatek, před Vaší opravou (když jsem na ntb nic nedělal) mě ntb celkem pekl a zabíral. Po Vaší opravě je ntb studenej a větráček tolik nezabírá. Za to taky děkuji.

[Márty84]

Nemate zac!

Takove informace, co v systemu delal, z logu nevyctu, takze jedine pogooglit, ale stejne se to s jistotou nedovite. Hlavne ze je to pryc

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Ecjev\Desktop" je 433 MB.

Hlidejte velikost plochy. Cim mensi, tim lepe pro chod pc.



Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

DelFix https://toolslib.net/downloads/finish/2/

• Stahnete a spustte
• Ponechte zatrzitkou pouze u volby Remove disinfection tools
• Kliknete na Run

Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler https://www.piriform.com/defraggler/download/standard
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




Pak napiste, jak to s pc vypada a pokud bude vse v poradku, mame hotovo.

[vejce4444]

Dobrý den,

nenechávám nic na ploše. Mám rád uklizeno akorát na jednu složku jsem zapoměl (děkuji za připomenutí ). PC jsem CCleanerem vyčistil a poté spustil defragmentaci disku. Jelikož defragmentaci jsem moc nedělal (tzn. na tomto disku nikdy) tak trvala 20 hodin . Ale naplánoval jsem další za týden a budu dělat pravidelně. Pc běží lépe jak předtím ještě jednou moc děkuji za pomoc .

[Márty84]

Defragmentace staci jednou za pul, pripadne ctvrt roku

Nemate zac!

Mejte se a treba zase nekdy