Zdravím místní machry, bohužel jsem tupě po X letech chytil trojana a rád bych se ho zbavil než dělat formát.
Prosím o kontrolu logu a návod jak dál pokračovat, děkuji.
ESET našel:
LNK/Agent.CJ
Win32/Adware.RuKoma.B
Win32/Kryptik.FTIX
Win32/Adware.PBot
Logfile of random's system information tool 1.16 (written by random/random)
Run by Rossi46 at 2017-07-02 17:59:07
Microsoft Windows 10 Pro
System drive C: has 393 GB (79%) free of 499 GB
Total RAM: 8075 MB (56% free)
X64
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:59:11, on 02.07.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.15063.0000)
Boot mode: Normal
Running processes:
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\Program Files\TPFanControl\TPFanControl.exe
C:\Program Files (x86)\Lenovo\iMController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
C:\Program Files (x86)\Lenovo\iMController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
C:\Users\Rossi46\AppData\Roaming\Microsoft\_______
C:\Users\Rossi46\AppData\Local\Temp\EK7KHhvBDoOj.exe
C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe
C:\Program Files (x86)\Opera\46.0.2597.32\opera_crashreporter.exe
C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe
C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe
C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe
C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe
C:\Users\Rossi46\AppData\Local\Temp\YuaECIiMjXvm.exe
C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe
C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe
C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe
C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe
C:\Program Files\trend micro\Rossi46_RSITx64.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.ru/cnt/10445?gp=811013
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\SysWow64\cgmopenbho.dll
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office16\GROOVEEX.DLL
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [ivepdeytuj] explorer "http://eqvizin.ru/?utm_source=uoua03&ut ... d=20170702"
O4 - HKCU\..\RunOnce: [dxpshulwks] "C:\Users\Rossi46\AppData\Local\Temp\EK7KHhvBDoOj.exe"
O4 - HKCU\..\RunOnce: [rcdubdccyg] "C:\Users\Rossi46\AppData\Local\Temp\YuaECIiMjXvm.exe"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\Program Files\Microsoft Office\Office16\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O18 - Protocol: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\DriverStore\FileRepository\nvltwu.inf_amd64_c8da725822079174\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AVerRemote - AVerMedia - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Conexant Audio Message Service (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @oem55.inf,%ibm.svcDesc0%;Lenovo PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe (file missing)
O23 - Service: icacl - Unknown owner - C:\WINDOWS\system32\icacl.exe (file missing)
O23 - Service: System Interface Foundation Service (ImControllerService) - Lenovo Group Limited - C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Lenovo Solution Center System Service (LSC.Services.SystemService) - Lenovo - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: PAExec - Power Admin LLC - C:\Windows\PAExec.exe
O23 - Service: Lenovo Settings Power Service (Power Manager DBC Service) - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Samsung RAPID Mode Service (SamsungRapidSvc) - Unknown owner - C:\WINDOWS\system32\RAPID\SamsungRapidSvc.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Smart Sense Service (SSSvc) - Lenovo - C:\Program Files (x86)\SmartSense\SSSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 12975 bytes
====== Enumerating Processes ======
C:\WINDOWS\system32\lsass.exe
c:\windows\system32\svchost.exe -k dcomlaunch -s PlugPlay
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\fontdrvhost.exe
c:\windows\system32\svchost.exe -k rpcss
c:\windows\system32\svchost.exe -k dcomlaunch -s LSM
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s NcbService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s TimeBrokerSvc
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-76202178-62dc-4fe4-b06f-567bb4363ea8 -SystemEventPortName:HostProcess-dfdfb9de-3d15-4a01-9e23-72d38910762e -IoCancelEventPortName:HostProcess-ea9247d8-c6be-4e98-b518-290a0f20c841 -NonStateChangingEventPortName:HostProcess-5de304c9-fc37-4ff9-bbdf-3b1b5b54aaa8 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:5ee49035-b6ac-4178-bddc-9675017dbf04 -DeviceGroupId:
c:\windows\system32\svchost.exe -k netsvcs -s Schedule
c:\windows\system32\svchost.exe -k netsvcs -s ProfSvc
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
c:\windows\system32\svchost.exe -k netsvcs -s UserManager
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s EventLog
c:\windows\system32\svchost.exe -k appmodel -s StateRepository
c:\windows\system32\svchost.exe -k localservice -s nsi
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s Dhcp
C:\WINDOWS\system32\ibmpmsvc.exe
c:\windows\system32\svchost.exe -k networkservice -s NlaSvc
c:\windows\system32\svchost.exe -k netsvcs -s Themes
c:\windows\system32\svchost.exe -k localservice -s EventSystem
c:\windows\system32\svchost.exe -k localservice -s netprofm
c:\windows\system32\svchost.exe -k netsvcs -s SENS
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -s FontCache
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
c:\windows\system32\svchost.exe -k networkservice -s Dnscache
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
c:\windows\system32\svchost.exe -k netsvcs -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -s LanmanWorkstation
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService
C:\WINDOWS\system32\dashost.exe
c:\windows\system32\svchost.exe -k appmodel -s tiledatamodelsvc
c:\windows\system32\svchost.exe -k netsvcs -s TokenBroker
c:\windows\system32\svchost.exe -k netsvcs -s Winmgmt
c:\windows\system32\svchost.exe -k localservice -s WinHttpAutoProxySvc
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -s SSDPSRV
"C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe"
"C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe"
c:\windows\system32\svchost.exe -k netsvcs -s iphlpsvc
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe"
"C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe"
"C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe"
c:\windows\system32\svchost.exe -k networkservice -s CryptSvc
C:\WINDOWS\System32\svchost.exe -k utcsvc
c:\windows\system32\svchost.exe -k localservicenonetwork -s DPS
c:\windows\system32\svchost.exe -k netsvcs -s IKEEXT
"C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe"
"C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe"
"C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe"
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
c:\windows\system32\svchost.exe -k netsvcs -s LanmanServer
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s PcaSvc
C:\WINDOWS\system32\RAPID\SamsungRapidSvc.exe
C:\WINDOWS\SysWOW64\SAsrv.exe
"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s SysMain
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s TrkWks
c:\windows\system32\svchost.exe -k netsvcs -s WpnService
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
c:\windows\system32\svchost.exe -k localservice -s WdiServiceHost
c:\windows\system32\svchost.exe -k netsvcs -s Appinfo
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted -s PolicyAgent
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
c:\windows\system32\svchost.exe -k localservice -s CDPSvc
c:\windows\system32\svchost.exe -k localservice -s LicenseManager
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe -secured -Embedding
c:\windows\system32\svchost.exe -k netsvcs -s DoSvc
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s wscsvc
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s StorSvc
c:\windows\system32\svchost.exe -k netsvcs -s lfsvc
C:\WINDOWS\System32\svchost.exe -k netsvcs -s Browser
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s hidserv
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -s FDResPub
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s HomeGroupProvider
"C:\Program Files (x86)\Lenovo\System Update\SUService.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DsSvc
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -s QWAVE
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
c:\windows\system32\svchost.exe -k localservice -s SstpSvc
c:\windows\system32\svchost.exe -k networkservice -s TapiSrv
c:\windows\system32\svchost.exe -k netsvcs -s RasMan
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s Netman
C:\WINDOWS\system32\svchost.exe -k LocalService -s fdPHost
C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -s NcdAutoSetup
C:\WINDOWS\System32\WinLogon.exe -SpecialSession
C:\WINDOWS\System32\dwm.exe
C:\WINDOWS\System32\fontdrvhost.exe
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -f "C:\ProgramData\NVIDIA\DisplaySessionContainer%d.log" -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\Session" -r -l 3 -p 30000 -c
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -s lmhosts
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\windows\system32\sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
C:\WINDOWS\system32\rundll32.exe "C:\Program Files\LENOVO\HOTKEY\hotkey.dll",InstallAudioHotkeyHook
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE /UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.FullScreenMagnifier
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE /UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.OnScreenDisplay
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
"D:\Install\Core Temp\core temp 1.0 RC6 x64\Core Temp.exe"
c:\windows\system32\taskhostw.exe
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
C:\WINDOWS\Explorer.EXE
"C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
"C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe"
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\system32\SettingSyncHost.exe -Embedding
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\WINDOWS\system32\rundll32.exe "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.dll",PwrMgrBkGndMonitor
"C:\Program Files\Windows Defender\MSASCuiL.exe"
C:\Program Files\Lenovo\iMController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\TPFanControl\TPFanControl.exe"
C:\Program Files (x86)\Lenovo\iMController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
"C:\Program Files\CONEXANT\ForteConfig\fmapp.exe"
"C:\Program Files\Logitech\Gaming Software\LWEMon.exe" /noui
"C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe"
"C:\Windows\SysWOW64\rundll32.exe" C:\WINDOWS\Syswow64\cm108.dll,CMICtrlWnd
"C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe" /AUTOHIDE
"C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe"
c:\windows\system32\svchost.exe -k unistacksvcgroup
C:\Program Files (x86)\Lenovo\iMController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
"C:\Program Files\Lenovo\iMController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe" -name df774ed7-5583-45ff-a28c-95a0f2a12288 -runas SYSTEM -pluginName LenovoSystemUpdatePlugin -pluginVersion 1.2.82.0
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
C:\WINDOWS\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s SensorService
C:\WINDOWS\system32\icacl.exe
C:\Users\Rossi46\AppData\Roaming\Microsoft\msi.exe cnt=2 fts="Tomík\acericoniaa181016gbntl2mee002_lollipop5_1___.exe"
C:\Users\Rossi46\AppData\Local\Temp\EK7KHhvBDoOj.exe
"C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe" --ran-launcher --opener-id="wWpXeCtlW0gJcFmYC:\Windows\explorer.exe"
"C:\Program Files (x86)\Opera\46.0.2597.32\opera_crashreporter.exe" --ran-launcher --opener-id="wWpXeCtlW0gJcFmYC:\Windows\explorer.exe" --crash-reporter-parent-id=4656
"C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe" --type=gpu-process --field-trial-handle=1872 --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --crash-reporter-pid=6712 --supports-dual-gpus=false --gpu-driver-bug-workarounds=7,10,20,21,24,43,76 --disable-gl-extensions="GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent" --gpu-vendor-id=0x10de --gpu-device-id=0x1057 --gpu-driver-vendor=NVIDIA --gpu-driver-version=22.21.13.8205 --gpu-driver-date=5-1-2017 --gpu-secondary-vendor-ids=0x8086 --gpu-secondary-device-ids=0x0126 --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --crash-reporter-pid=6712 --service-request-channel-token=6D166B928CBFAE83F2FA3CF50766647B --mojo-platform-channel-handle=1888 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe" --type=renderer --field-trial-handle=1872 --primordial-pipe-token=F3FD92765CB99C6860AD87A5FF49C2E6 --lang=cs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --crash-reporter-pid=6712 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553 --service-request-channel-token=F3FD92765CB99C6860AD87A5FF49C2E6 --renderer-client-id=3 --mojo-platform-channel-handle=2912 /prefetch:1
"C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe" --type=renderer --field-trial-handle=1872 --primordial-pipe-token=BB3795F3E53A8300D16B407A465A1F41 --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --crash-reporter-pid=6712 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553 --service-request-channel-token=BB3795F3E53A8300D16B407A465A1F41 --renderer-client-id=5 --mojo-platform-channel-handle=3112 /prefetch:1
"C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe" --type=renderer --field-trial-handle=1872 --primordial-pipe-token=706525DD7EF8414725AC4B5EB024BBA4 --lang=cs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --crash-reporter-pid=6712 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553 --service-request-channel-token=706525DD7EF8414725AC4B5EB024BBA4 --renderer-client-id=9 --mojo-platform-channel-handle=4712 /prefetch:1
C:\Users\Rossi46\AppData\Local\Temp\YuaECIiMjXvm.exe
"C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe" --type=renderer --field-trial-handle=1872 --primordial-pipe-token=231FD682097B9D059ABCCA1BDB23506D --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --crash-reporter-pid=6712 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553 --service-request-channel-token=231FD682097B9D059ABCCA1BDB23506D --renderer-client-id=14 --mojo-platform-channel-handle=6716 /prefetch:1
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
"C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe" --type=renderer --field-trial-handle=1872 --primordial-pipe-token=539DECD932612FB4826A7C60D9BE0741 --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --crash-reporter-pid=6712 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553 --service-request-channel-token=539DECD932612FB4826A7C60D9BE0741 --renderer-client-id=18 --mojo-platform-channel-handle=5712 /prefetch:1
"C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe" --type=renderer --field-trial-handle=1872 --primordial-pipe-token=5EB21B0EF003E7572A33790463F7ABAE --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --crash-reporter-pid=6712 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553 --service-request-channel-token=5EB21B0EF003E7572A33790463F7ABAE --renderer-client-id=24 --mojo-platform-channel-handle=8840 /prefetch:1
"C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe" --type=renderer --field-trial-handle=1872 --primordial-pipe-token=34DB20C85B2E48BC3C6DBFEEE3612FBA --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --crash-reporter-pid=6712 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553 --service-request-channel-token=34DB20C85B2E48BC3C6DBFEEE3612FBA --renderer-client-id=25 --mojo-platform-channel-handle=9088 /prefetch:1
C:\WINDOWS\system32\AUDIODG.EXE 0x598
"C:\Users\Rossi46\Desktop\RSITx64.exe"
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -s WdiSystemHost
====== Scheduled tasks folder ======
C:\WINDOWS\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\tasks\Adobe Flash Player PPAPI Notifier - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_131_pepper.exe -check pepperplugin
C:\WINDOWS\system32\tasks\Adobe Flash Player Updater - C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\system32\tasks\AutoKMS - C:\Windows\AutoKMS\AutoKMS.exe
C:\WINDOWS\system32\tasks\Core Temp Autostart Rossi46 - "D:\Install\Core Temp\core temp 1.0 RC6 x64\Core Temp.exe"
C:\WINDOWS\system32\tasks\CreateExplorerShellUnelevatedTask - C:\Windows\explorer.exe /NOUACCHECK
C:\WINDOWS\system32\tasks\MSI - C:\Users\Rossi46\AppData\Roaming\Microsoft\msi.exe cnt=3 fts="Tomík\acericoniaa181016gbntl2mee002_lollipop5_1___.exe"
C:\WINDOWS\system32\tasks\nWizard_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
C:\WINDOWS\system32\tasks\OneDrive Standalone Update Task v2 - %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
C:\WINDOWS\system32\tasks\Opera scheduled Autoupdate 1448380897 - C:\Program Files (x86)\Opera\launcher.exe --scheduledautoupdate $(Arg0)
C:\WINDOWS\system32\tasks\SamsungMagician - "C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe" /AUTOHIDE
C:\WINDOWS\system32\tasks\TVT\TVSUUpdateTask - "C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe" /CM -search C -action INSTALL -includerebootpackages 1,3,4 -noicon -noreboot -nolicense -defaultupdate -schtask
C:\WINDOWS\system32\tasks\TVT\TVSUUpdateTask_UserLogOn - "C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe" PendingTask
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTask - %windir%\System32\XblGameSaveTask.exe standby
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon - %windir%\System32\XblGameSaveTask.exe logon
C:\WINDOWS\system32\tasks\Microsoft\Windows\WwanSvc\NotificationTask - %SystemRoot%\System32\WiFiTask.exe wwan
C:\WINDOWS\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join - %SystemRoot%\System32\dsregcmd.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\WINDOWS\system32\sc.exe start wuauserv
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sih - %systemroot%\System32\sihclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sihboot - %systemroot%\System32\sihclient.exe /boot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -upload
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCleanup
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan - %ProgramFiles%\Windows Defender\MpCmdRun.exe Scan -ScheduleJob
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdVerification
C:\WINDOWS\system32\tasks\Microsoft\Windows\WCM\WiFiTask - %SystemRoot%\System32\WiFiTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Combined Scan Download Install - %systemroot%\system32\usoclient.exe ScanInstallWait
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval - %systemroot%\system32\MusNotification.exe Display
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Reboot - %systemroot%\system32\MusNotification.exe RebootDialog
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Refresh Settings - %systemroot%\system32\usoclient.exe RefreshSettings
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot - %systemroot%\system32\usoclient.exe ResumeUpdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan - %systemroot%\system32\usoclient.exe StartScan
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display - C:\windows\system32\MusNotification.exe Display
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot - C:\windows\system32\MusNotification.exe ReadyToReboot
C:\WINDOWS\system32\tasks\Microsoft\Windows\UNP\RunCampaignManager - %windir%\System32\UNP\UNPCampaignManager.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone - %windir%\system32\tzsync.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\WINDOWS\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation
C:\WINDOWS\system32\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Subscription\EnableLicenseAcquisition - %SystemRoot%\system32\ClipRenew.exe -e
C:\WINDOWS\system32\tasks\Microsoft\Windows\Subscription\LicenseAcquisition - %SystemRoot%\system32\ClipRenew.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization - %windir%\system32\defrag.exe -c -h -g -# -m 8 -i 13500
C:\WINDOWS\system32\tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask - %windir%\system32\speech_onecore\common\SpeechModelDownload.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceManagerTask - %windir%\system32\spaceman.exe /Work
C:\WINDOWS\system32\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - %windir%\System32\wpcmon.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SharedPC\Account Cleanup - %windir%\System32\rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\RemovalTools\MRT_HB - C:\Windows\system32\MRT.exe /EHB /Q
C:\WINDOWS\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\WINDOWS\system32\tasks\Microsoft\Windows\NlaSvc\WiFiTask - %SystemRoot%\System32\WiFiTask.exe nla
C:\WINDOWS\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\WINDOWS\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - %SystemRoot%\System32\MbaeParserTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Management\Provisioning\Cellular - %windir%\system32\ProvTool.exe /turn 7 /source CellStateChangeTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Management\Provisioning\Logon - %windir%\system32\ProvTool.exe /turn 5 /source LogonIdleTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotificationWindows.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\WindowsActionDialog - %windir%\System32\WindowsActionDialog.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClient - %windir%\system32\dmclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload - %windir%\system32\dmclient.exe utcwnf
C:\WINDOWS\system32\tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask - %windir%\system32\MDMAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DUSM\dusmtask - %SystemRoot%\System32\dusmtask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskFootprint\Diagnostics - %windir%\system32\disksnapshot.exe -z
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskCleanup\SilentCleanup - %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive%
C:\WINDOWS\system32\tasks\Microsoft\Windows\Device Information\Device - %windir%\system32\devicecensus.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -o -$
C:\WINDOWS\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Clip\License Validation - %SystemRoot%\system32\ClipUp.exe -p -s -o
C:\WINDOWS\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - %windir%\system32\rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierdaily - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierinstall - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup - %windir%\system32\dstokenclean.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattelrunner.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\StartupAppTask - %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\WINDOWS\system32\tasks\Microsoft\Office\Office 15 Subscription Heartbeat - %ProgramFiles%\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
C:\WINDOWS\system32\tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 - "C:\Program Files\Microsoft Office\Office16\msoia.exe" scan upload mininterval:2880
C:\WINDOWS\system32\tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 - "C:\Program Files\Microsoft Office\Office16\msoia.exe" scan upload
C:\WINDOWS\system32\tasks\Lenovo\Lenovo Customer Feedback Program 64 - "%ProgramFiles(x86)%\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe"
C:\WINDOWS\system32\tasks\Lenovo\Lenovo Settings Power - "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.dll",PwrMgrBkGndMonitor
C:\WINDOWS\system32\tasks\Lenovo\Lenovo Solution Center Launcher - %programfiles%\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe UpdateStatus
C:\WINDOWS\system32\tasks\Lenovo\LSC\Lenovo Solution Center Notifications - %programfiles%\Lenovo\Lenovo Solution Center\LSCNotify.exe /show
C:\WINDOWS\system32\tasks\Lenovo\LSC\LSCHardwareScan - "C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe" -diag HWScan
C:\WINDOWS\system32\tasks\Lenovo\LSC\LSCHardwareScanPostpone - "C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe" -diag HWScan
C:\WINDOWS\system32\tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance - %windir%\system32\sc.exe START ImControllerService
C:\WINDOWS\system32\tasks\Lenovo\ImController\TimeBasedEvents\3b72224a-fe8c-4982-ad40-bbb6b87a585a - "C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe" /timebasedeventtrigger 3b72224a-fe8c-4982-ad40-bbb6b87a585a
C:\WINDOWS\system32\tasks\Lenovo\ImController\TimeBasedEvents\a9ac96bf-eb3c-46ec-9f68-508286f1d47e - "C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe" /timebasedeventtrigger a9ac96bf-eb3c-46ec-9f68-508286f1d47e
C:\WINDOWS\system32\tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask - %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
=========Google Chrome=========
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj]
"Path"=
======Registry dump ======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe Acrobat Create PDF Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18 171704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
Adobe Acrobat Create PDF from Selection - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18 171704]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56B38F40-4E70-11d4-A076-0080AD86BA2F}]
WebCGMHlprObj Class - C:\WINDOWS\SysWow64\cgmopenbho.dll [2006-03-28 86016]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe Acrobat Create PDF Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18 141496]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\PROGRA~2\MICROS~1\Office16\GROOVEEX.DLL [2017-02-22 1524528]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
Adobe Acrobat Create PDF from Selection - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18 141496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe Acrobat Create PDF Toolbar - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18 171704]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe Acrobat Create PDF Toolbar - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18 141496]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\Program Files\Windows Defender\MSASCuiL.exe [2017-03-18 629152]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2017-03-09 193112]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2017-03-09 420960]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2017-03-09 463960]
"TPFanControl"=C:\Program Files\TPFanControl\TPFanControl.exe [2015-01-05 154624]
"ForteConfig"=C:\Program Files\Conexant\ForteConfig\fmapp.exe [2010-10-26 49056]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SACpl.exe [2012-06-13 1647616]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2010-06-14 190536]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01 508128]
"SamsungRapidApp"=C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [2016-11-18 123800]
"Cm108Sound"=C:\WINDOWS\syswow64\RunDll32.exe [2017-03-18 60928]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ivepdeytuj"=explorer http://eqvizin.ru/?utm_source=uoua03&ut ... d=20170702 []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"dxpshulwks"=C:\Users\Rossi46\AppData\Local\Temp\EK7KHhvBDoOj.exe [2017-07-02 2491376]
"rcdubdccyg"=C:\Users\Rossi46\AppData\Local\Temp\YuaECIiMjXvm.exe [2017-07-02 2491376]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"=C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [2017-04-05 1870928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\WINDOWS\system32\DriverStore\FileRepository\nvltwu.inf_amd64_c8da725822079174\nvinitx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders" = credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=1
"EnableUIADesktopToggle"=0
"undockwithoutlogon"=1
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"EnableLinkedConnections"=1
"ConsentPromptBehaviorAdmin"=0
"PromptOnSecureDesktop"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
====== File associations ======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
====== List of files/folders created in the last 1 month ======
2017-07-02 17:59:07 ----D---- C:\rsit
2017-07-02 17:59:07 ----D---- C:\Program Files\trend micro
2017-07-02 17:35:35 ----D---- C:\ProgramData\Norton
2017-07-02 16:48:19 ----A---- C:\WINDOWS\system32\icacl.exe
2017-07-02 16:23:02 ----D---- C:\Program Files (x86)\Mail.Ru
2017-07-02 16:22:56 ----D---- C:\ProgramData\Mail.Ru
2017-06-17 07:10:43 ----A---- C:\WINDOWS\system32\WudfUpdate_01011.dll
2017-06-15 15:52:05 ----AD---- C:\Program Files (x86)\SwissKnife V3
2017-06-15 15:49:37 ----A---- C:\WINDOWS\SKLANG.INI
2017-06-15 15:49:36 ----A---- C:\WINDOWS\IsUninst.exe
2017-06-15 10:06:16 ----ASH---- C:\swapfile.sys
2017-06-14 17:06:39 ----D---- C:\WINDOWS\PCHEALTH
2017-06-14 17:00:01 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Protection.PlayReady.dll
2017-06-14 17:00:01 ----A---- C:\WINDOWS\SYSWOW64\dbgeng.dll
2017-06-14 17:00:01 ----A---- C:\WINDOWS\SYSWOW64\CoreUIComponents.dll
2017-06-14 17:00:01 ----A---- C:\WINDOWS\SYSWOW64\CoreMessaging.dll
2017-06-14 17:00:01 ----A---- C:\WINDOWS\SYSWOW64\AzureSettingSyncProvider.dll
2017-06-14 17:00:01 ----A---- C:\WINDOWS\SYSWOW64\aadtb.dll
2017-06-14 17:00:00 ----A---- C:\WINDOWS\SYSWOW64\win32kfull.sys
2017-06-14 17:00:00 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2017-06-14 17:00:00 ----A---- C:\WINDOWS\SYSWOW64\gdi32full.dll
2017-06-14 17:00:00 ----A---- C:\WINDOWS\SYSWOW64\dwmcore.dll
2017-06-14 16:59:59 ----A---- C:\WINDOWS\SYSWOW64\WpcWebFilter.dll
2017-06-14 16:59:59 ----A---- C:\WINDOWS\SYSWOW64\Windows.Data.Pdf.dll
2017-06-14 16:59:59 ----A---- C:\WINDOWS\SYSWOW64\UserDataTimeUtil.dll
2017-06-14 16:59:59 ----A---- C:\WINDOWS\SYSWOW64\tquery.dll
2017-06-14 16:59:59 ----A---- C:\WINDOWS\SYSWOW64\SearchIndexer.exe
2017-06-14 16:59:59 ----A---- C:\WINDOWS\SYSWOW64\mssrch.dll
2017-06-14 16:59:59 ----A---- C:\WINDOWS\SYSWOW64\fontdrvhost.exe
2017-06-14 16:59:59 ----A---- C:\WINDOWS\SYSWOW64\DWrite.dll
2017-06-14 16:59:59 ----A---- C:\WINDOWS\SYSWOW64\devicengccredprov.dll
2017-06-14 16:59:59 ----A---- C:\WINDOWS\SYSWOW64\atmlib.dll
2017-06-14 16:59:59 ----A---- C:\WINDOWS\SYSWOW64\atmfd.dll
2017-06-14 16:59:59 ----A---- C:\WINDOWS\SYSWOW64\AppVEntSubsystems32.dll
2017-06-14 16:59:59 ----A---- C:\WINDOWS\system32\tquery.dll
2017-06-14 16:59:59 ----A---- C:\WINDOWS\system32\SearchIndexer.exe
2017-06-14 16:59:59 ----A---- C:\WINDOWS\system32\mssrch.dll
2017-06-14 16:59:59 ----A---- C:\WINDOWS\system32\mssprxy.dll
2017-06-14 16:59:59 ----A---- C:\WINDOWS\system32\drivers\BasicRender.sys
2017-06-14 16:59:58 ----A---- C:\WINDOWS\SYSWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-06-14 16:59:58 ----A---- C:\WINDOWS\SYSWOW64\ucrtbase.dll
2017-06-14 16:59:58 ----A---- C:\WINDOWS\SYSWOW64\tzres.dll
2017-06-14 16:59:58 ----A---- C:\WINDOWS\SYSWOW64\TpmCoreProvisioning.dll
2017-06-14 16:59:58 ----A---- C:\WINDOWS\SYSWOW64\mspaint.exe
2017-06-14 16:59:58 ----A---- C:\WINDOWS\SYSWOW64\comctl32.dll
2017-06-14 16:59:58 ----A---- C:\WINDOWS\SYSWOW64\capauthz.dll
2017-06-14 16:59:58 ----A---- C:\WINDOWS\system32\utcutil.dll
2017-06-14 16:59:58 ----A---- C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-14 16:59:58 ----A---- C:\WINDOWS\system32\ucrtbase.dll
2017-06-14 16:59:58 ----A---- C:\WINDOWS\system32\ngcsvc.dll
2017-06-14 16:59:58 ----A---- C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-14 16:59:58 ----A---- C:\WINDOWS\system32\MusNotifyIcon.exe
2017-06-14 16:59:58 ----A---- C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-14 16:59:58 ----A---- C:\WINDOWS\system32\MusNotification.exe
2017-06-14 16:59:58 ----A---- C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-14 16:59:58 ----A---- C:\WINDOWS\system32\drivers\tpm.sys
2017-06-14 16:59:58 ----A---- C:\WINDOWS\system32\drivers\tdx.sys
2017-06-14 16:59:58 ----A---- C:\WINDOWS\system32\drivers\tcpip.sys
2017-06-14 16:59:58 ----A---- C:\WINDOWS\system32\diagtrack.dll
2017-06-14 16:59:57 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2017-06-14 16:59:56 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2017-06-14 16:59:56 ----A---- C:\WINDOWS\SYSWOW64\ieproxy.dll
2017-06-14 16:59:55 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2017-06-14 16:59:55 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2017-06-14 16:59:55 ----A---- C:\WINDOWS\system32\pwcreator.exe
2017-06-14 16:59:55 ----A---- C:\WINDOWS\system32\jscript9.dll
2017-06-14 16:59:55 ----A---- C:\WINDOWS\system32\ieproxy.dll
2017-06-14 16:59:54 ----A---- C:\WINDOWS\system32\Chakra.dll
2017-06-14 16:59:54 ----A---- C:\WINDOWS\system32\edgehtml.dll
2017-06-14 16:59:53 ----A---- C:\WINDOWS\system32\mshtml.dll
2017-06-14 16:59:52 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2017-06-14 16:59:52 ----A---- C:\WINDOWS\system32\wpncore.dll
2017-06-14 16:59:52 ----A---- C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-06-14 16:59:52 ----A---- C:\WINDOWS\system32\win32spl.dll
2017-06-14 16:59:52 ----A---- C:\WINDOWS\system32\mfps.dll
2017-06-14 16:59:52 ----A---- C:\WINDOWS\system32\localspl.dll
2017-06-14 16:59:52 ----A---- C:\WINDOWS\system32\devicengccredprov.dll
2017-06-14 16:59:52 ----A---- C:\WINDOWS\system32\dbgeng.dll
2017-06-14 16:59:51 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2017-06-14 16:59:51 ----A---- C:\WINDOWS\system32\ieframe.dll
2017-06-14 16:59:51 ----A---- C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-14 16:59:50 ----A---- C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-06-14 16:59:50 ----A---- C:\WINDOWS\system32\tzres.dll
2017-06-14 16:59:50 ----A---- C:\WINDOWS\system32\GamePanel.exe
2017-06-14 16:59:50 ----A---- C:\WINDOWS\system32\FntCache.dll
2017-06-14 16:59:50 ----A---- C:\WINDOWS\system32\DWrite.dll
2017-06-14 16:59:50 ----A---- C:\WINDOWS\HelpPane.exe
2017-06-14 16:59:49 ----A---- C:\WINDOWS\system32\win32kfull.sys
2017-06-14 16:59:49 ----A---- C:\WINDOWS\system32\fontdrvhost.exe
2017-06-14 16:59:49 ----A---- C:\WINDOWS\system32\atmfd.dll
2017-06-14 16:59:48 ----A---- C:\WINDOWS\system32\winsrv.dll
2017-06-14 16:59:48 ----A---- C:\WINDOWS\system32\MBR2GPT.EXE
2017-06-14 16:59:48 ----A---- C:\WINDOWS\system32\hvax64.exe
2017-06-14 16:59:48 ----A---- C:\WINDOWS\system32\gdi32full.dll
2017-06-14 16:59:48 ----A---- C:\WINDOWS\system32\dwmcore.dll
2017-06-14 16:59:48 ----A---- C:\WINDOWS\system32\bcdboot.exe
2017-06-14 16:59:48 ----A---- C:\WINDOWS\system32\atmlib.dll
2017-06-14 16:59:48 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-06-14 16:59:48 ----A---- C:\WINDOWS\bfsvc.exe
2017-06-14 16:59:47 ----A---- C:\WINDOWS\system32\win32kbase.sys
2017-06-14 16:59:47 ----A---- C:\WINDOWS\system32\shell32.dll
2017-06-14 16:59:47 ----A---- C:\WINDOWS\system32\hvix64.exe
2017-06-14 16:59:47 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2017-06-14 16:59:47 ----A---- C:\WINDOWS\system32\ClipSVC.dll
2017-06-14 16:59:46 ----A---- C:\WINDOWS\system32\WpcWebFilter.dll
2017-06-14 16:59:46 ----A---- C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-14 16:59:46 ----A---- C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-14 16:59:46 ----A---- C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-06-14 16:59:46 ----A---- C:\WINDOWS\system32\CoreMessaging.dll
2017-06-14 16:59:46 ----A---- C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-06-14 16:59:46 ----A---- C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-06-14 16:59:45 ----A---- C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-06-14 16:59:45 ----A---- C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-06-14 16:59:45 ----A---- C:\WINDOWS\system32\mspaint.exe
2017-06-14 16:59:45 ----A---- C:\WINDOWS\system32\dwmredir.dll
2017-06-14 16:59:45 ----A---- C:\WINDOWS\system32\drivers\tm.sys
2017-06-14 16:59:45 ----A---- C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-06-14 16:59:45 ----A---- C:\WINDOWS\system32\comctl32.dll
2017-06-14 16:59:45 ----A---- C:\WINDOWS\system32\CloudExperienceHost.dll
2017-06-14 16:59:45 ----A---- C:\WINDOWS\system32\capauthz.dll
2017-06-14 16:59:45 ----A---- C:\WINDOWS\system32\AppVScripting.dll
2017-06-14 16:59:45 ----A---- C:\WINDOWS\system32\AppVPublishing.dll
2017-06-14 16:59:45 ----A---- C:\WINDOWS\system32\AppVOrchestration.dll
2017-06-14 16:59:45 ----A---- C:\WINDOWS\system32\AppVIntegration.dll
2017-06-14 16:59:45 ----A---- C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-06-14 16:59:45 ----A---- C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-06-14 16:59:45 ----A---- C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-06-14 16:59:45 ----A---- C:\WINDOWS\system32\AppVClient.exe
2017-06-14 16:59:45 ----A---- C:\WINDOWS\system32\AppVCatalog.dll
2017-06-14 16:59:45 ----A---- C:\WINDOWS\system32\aadtb.dll
2017-06-07 18:47:30 ----D---- C:\WINDOWS\SYSWOW64\NV
2017-06-07 18:47:30 ----D---- C:\WINDOWS\system32\NV
2017-06-07 18:47:19 ----A---- C:\WINDOWS\SYSWOW64\nvStreaming.exe
2017-06-07 18:47:17 ----D---- C:\Program Files (x86)\VulkanRT
2017-06-07 18:47:17 ----A---- C:\WINDOWS\SYSWOW64\vulkaninfo.exe
2017-06-07 18:47:17 ----A---- C:\WINDOWS\SYSWOW64\vulkan-1.dll
2017-06-07 18:47:17 ----A---- C:\WINDOWS\system32\vulkaninfo.exe
2017-06-07 18:47:17 ----A---- C:\WINDOWS\system32\vulkan-1.dll
2017-06-07 18:47:02 ----A---- C:\WINDOWS\system32\OpenCL.dll
2017-06-05 10:50:28 ----A---- C:\WINDOWS\system32\iMDriverHelper.dll
2017-06-04 16:13:41 ----N---- C:\WINDOWS\Vmix108.dll
2017-06-04 16:13:40 ----N---- C:\WINDOWS\SYSWOW64\cmpa108.dll
2017-06-04 16:13:40 ----N---- C:\WINDOWS\SYSWOW64\CM108.dll
2017-06-04 16:13:40 ----N---- C:\WINDOWS\system32\Cmeau108.exe
2017-06-04 16:13:39 ----N---- C:\WINDOWS\system32\CmiInstallResAll64.dll
2017-06-04 16:13:39 ----N---- C:\WINDOWS\cm108.ini
2017-06-04 16:13:39 ----A---- C:\WINDOWS\difxapi.dll
2017-06-04 16:13:17 ----A---- C:\WINDOWS\system32\drivers\CM10864.sys
====== List of files/folders modified in the last 1 month ======
2017-07-02 17:59:07 ----RD---- C:\Program Files
2017-07-02 17:54:59 ----D---- C:\WINDOWS\system32\drivers
2017-07-02 17:54:06 ----D---- C:\WINDOWS\Temp
2017-07-02 17:43:05 ----D---- C:\WINDOWS\SoftwareDistribution
2017-07-02 17:43:05 ----D---- C:\Windows
2017-07-02 17:35:44 ----D---- C:\WINDOWS\Prefetch
2017-07-02 17:35:35 ----HD---- C:\ProgramData
2017-07-02 17:24:00 ----D---- C:\WINDOWS\system32\sru
2017-07-02 16:52:41 ----D---- C:\WINDOWS\system32\Tasks
2017-07-02 16:52:18 ----D---- C:\WINDOWS\AppReadiness
2017-07-02 16:48:19 ----D---- C:\WINDOWS\System32
2017-07-02 16:46:02 ----D---- C:\Program Files (x86)\uTorrent
2017-07-02 16:45:53 ----DC---- C:\WINDOWS\Panther
2017-07-02 16:45:53 ----D---- C:\WINDOWS\INF
2017-07-02 16:45:52 ----D---- C:\WINDOWS\LiveKernelReports
2017-07-02 16:45:52 ----D---- C:\WINDOWS\debug
2017-07-02 16:24:10 ----SD---- C:\Users\Rossi46\AppData\Roaming\Microsoft
2017-07-02 16:23:02 ----RD---- C:\Program Files (x86)
2017-07-02 15:25:53 ----RSD---- C:\WINDOWS\assembly
2017-07-02 15:22:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-02 10:22:52 ----D---- C:\WINDOWS\system32\SleepStudy
2017-07-02 10:22:52 ----D---- C:\ProgramData\NVIDIA
2017-07-02 09:08:45 ----RD---- C:\WINDOWS\Microsoft.NET
2017-07-01 14:26:28 ----D---- C:\Users\Rossi46\AppData\Roaming\vlc
2017-07-01 13:17:02 ----HD---- C:\Program Files\WindowsApps
2017-06-30 17:53:29 ----SHD---- C:\System Volume Information
2017-06-30 14:43:52 ----D---- C:\Users\Rossi46\AppData\Roaming\Skype
2017-06-30 12:30:52 ----AD---- C:\Program Files (x86)\Opera
2017-06-28 16:42:30 ----D---- C:\WINDOWS\system32\config
2017-06-28 16:38:30 ----A---- C:\WINDOWS\SYSWOW64\log.txt
2017-06-21 22:23:51 ----D---- C:\WINDOWS\system32\CatRoot
2017-06-21 19:46:28 ----D---- C:\WINDOWS\system32\catroot2
2017-06-20 13:32:26 ----D---- C:\Users\Rossi46\AppData\Roaming\.purple
2017-06-20 09:12:08 ----SHD---- C:\WINDOWS\Installer
2017-06-20 09:12:08 ----D---- C:\ProgramData\Skype
2017-06-20 09:12:01 ----RD---- C:\Program Files (x86)\Skype
2017-06-20 09:12:01 ----D---- C:\Program Files (x86)\Common Files
2017-06-17 07:49:35 ----D---- C:\WINDOWS\system32\DriverStore
2017-06-17 07:49:35 ----D---- C:\WINDOWS\system32\drivers\UMDF
2017-06-16 14:15:43 ----D---- C:\WINDOWS\SysWOW64
2017-06-16 14:15:37 ----D---- C:\WINDOWS\system32\Macromed
2017-06-16 14:15:33 ----D---- C:\WINDOWS\SYSWOW64\Macromed
2017-06-15 19:48:55 ----D---- C:\WINDOWS\rescache
2017-06-15 10:18:59 ----D---- C:\WINDOWS\WinSxS
2017-06-14 18:18:21 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2017-06-14 18:18:20 ----D---- C:\WINDOWS\system32\oobe
2017-06-14 18:18:20 ----D---- C:\WINDOWS\system32\cs-CZ
2017-06-14 18:18:20 ----D---- C:\WINDOWS\system32\appraiser
2017-06-14 18:18:20 ----D---- C:\WINDOWS\AppPatch
2017-06-14 17:08:17 ----D---- C:\WINDOWS\CbsTemp
2017-06-14 17:06:45 ----D---- C:\ProgramData\Microsoft Help
2017-06-14 17:06:45 ----A---- C:\WINDOWS\win.ini
2017-06-14 17:04:36 ----D---- C:\WINDOWS\system32\MRT
2017-06-14 17:02:14 ----AC---- C:\WINDOWS\system32\MRT.exe
2017-06-07 18:47:39 ----D---- C:\Program Files\NVIDIA Corporation
2017-06-07 18:47:38 ----D---- C:\ProgramData\NVIDIA Corporation
2017-06-04 16:13:42 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2017-06-04 16:13:40 ----D---- C:\WINDOWS\System
2017-06-03 08:32:49 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
File C:\WINDOWS\system32\winlogon.exe is digitally signed
File C:\WINDOWS\system32\wininit.exe is digitally signed
File C:\WINDOWS\explorer.exe is digitally signed
File C:\WINDOWS\SysWOW64\explorer.exe is digitally signed
File C:\WINDOWS\system32\svchost.exe is digitally signed
File C:\WINDOWS\SysWOW64\svchost.exe is digitally signed
File C:\WINDOWS\system32\services.exe is digitally signed
File C:\WINDOWS\system32\User32.dll is digitally signed
File C:\WINDOWS\SysWOW64\User32.dll is digitally signed
File C:\WINDOWS\system32\userinit.exe is digitally signed
File C:\WINDOWS\SysWOW64\userinit.exe is digitally signed
File C:\WINDOWS\system32\rpcss.dll is digitally signed
File C:\WINDOWS\system32\Drivers\volsnap.sys is digitally signed
====== List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======
R0 edevmon;edevmon; C:\WINDOWS\system32\DRIVERS\edevmon.sys [2017-01-17 106768]
R0 iaStorA;iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [2013-08-07 644968]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\WINDOWS\system32\drivers\iorate.sys [2017-03-18 49568]
R0 nvpciflt;nvpciflt; C:\WINDOWS\system32\DRIVERS\nvpciflt.sys [2017-05-18 47008]
R0 pwdrvio;pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [2013-09-30 19152]
R0 SamsungRapidDiskFltr;SAMSUNG RAPID Mode Disk Filter Driver; C:\WINDOWS\system32\DRIVERS\SamsungRapidDiskFltr.sys [2016-11-18 272792]
R0 SamsungRapidFSFltr;SamsungRapidFSFltr; C:\WINDOWS\system32\DRIVERS\SamsungRapidFSFltr.sys [2016-11-18 111512]
R1 eamonm;eamonm; C:\WINDOWS\system32\DRIVERS\eamonm.sys [2017-01-17 132272]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2017-01-17 180544]
R1 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2017-01-17 77616]
R1 epfwwfp;epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [2017-01-17 96856]
R1 lenovo.smi;Lenovo System Interface Driver; C:\WINDOWS\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
R2 clreg;@%SystemRoot%\system32\drivers\registry.sys,-100; C:\WINDOWS\System32\drivers\registry.sys [2017-03-18 14336]
R2 ekbdflt;ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [2017-01-17 49672]
R2 risdxc;risdxc; C:\WINDOWS\system32\DRIVERS\risdxc64.sys [2011-05-25 101888]
R3 adusbser;@oem77.inf,%ADUSBSER%;Anydata USB Device for Legacy Serial Communication; C:\WINDOWS\system32\DRIVERS\adusbser.sys [2010-12-20 123392]
R3 ALSysIO;ALSysIO; \??\C:\Users\Rossi46\AppData\Local\Temp\ALSysIO64.sys [2017-06-28 26488]
R3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\WINDOWS\System32\drivers\CAD.sys [2017-03-18 53664]
R3 CnxtHdAudService;@oem9.inf,%UAAFunctionDriverForHdAudio.SvcDesc%;Conexant UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDRT64.sys [2012-06-21 1586848]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2015-09-03 74432]
R3 NETwNe64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit; C:\WINDOWS\System32\drivers\NETwew01.sys [2017-03-18 3343872]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvltwu.inf_amd64_c8da725822079174\nvlddmkm.sys [2017-05-18 14456920]
S0 eelam;eelam; C:\WINDOWS\system32\DRIVERS\eelam.sys [2016-10-09 15488]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-03-18 64416]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2017-03-18 91040]
S2 CldFlt;Windows Cloud Files Filter Driver; C:\WINDOWS\system32\drivers\cldflt.sys [2017-03-18 12288]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2017-03-18 20480]
S3 adusbnet;@oem49.inf,%adwwan.Service.DispName%;Anydata USB-NDIS miniport; C:\WINDOWS\System32\drivers\adusbnet.sys [2010-12-20 154112]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2017-03-18 17920]
S3 AppvStrm;@%systemroot%\system32\drivers\AppvStrm.sys,-101; C:\WINDOWS\system32\drivers\AppvStrm.sys [2017-03-20 127904]
S3 AppvVemgr;@%systemroot%\system32\drivers\AppvVemgr.sys,-101; C:\WINDOWS\system32\drivers\AppvVemgr.sys [2017-03-20 161696]
S3 AppvVfs;@%systemroot%\system32\drivers\AppvVfs.sys,-101; C:\WINDOWS\system32\drivers\AppvVfs.sys [2017-03-20 143776]
S3 AVerPola;AVerMedia USB Polaris Series Capture Service; C:\WINDOWS\system32\DRIVERS\AVerPola.sys [2013-12-18 862336]
S3 AVPolCIR;AVerMedia USB Polaris Series Custom IR Service; C:\WINDOWS\System32\drivers\AVPolCIR.sys [2013-12-18 62976]
S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\WINDOWS\System32\drivers\BthEnum.sys [2017-03-18 105472]
S3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2017-03-18 129536]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\WINDOWS\System32\drivers\BTHport.sys [2017-04-19 980992]
S3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\WINDOWS\System32\drivers\BTHUSB.sys [2017-03-18 85504]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2016-04-25 129152]
S3 FTDIBUS;@oem53.inf,%SvcDesc%;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2016-03-16 108352]
S3 FTSER2K;@oem1.inf,%SvcDesc%;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2016-03-16 95168]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2017-03-18 74648]
S3 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2017-03-18 347032]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2017-03-18 2104224]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2017-03-18 33280]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2017-03-18 70656]
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2017-03-18 85504]
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2017-03-18 168448]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2017-03-18 36864]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2017-03-18 120320]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\WINDOWS\System32\drivers\mausbhost.sys [2017-03-18 405408]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\WINDOWS\System32\drivers\mausbip.sys [2017-03-18 51104]
S3 MsSecFlt;@%SystemRoot%\System32\Drivers\mssecflt.sys,-1001; C:\WINDOWS\system32\drivers\mssecflt.sys [2017-03-20 230816]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2017-03-18 122368]
S3 netvsc;netvsc; C:\WINDOWS\System32\drivers\netvsc.sys [2017-04-19 118784]
S3 nvdimmn;@nvdimmn.inf,%nvdimmn.SvcDesc%;Microsoft NVDIMM-N device driver; C:\WINDOWS\System32\drivers\nvdimmn.sys [2017-03-18 80896]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda64v.sys [2016-11-11 212936]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfdx64.sys [2012-06-11 26112]
S3 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\WINDOWS\System32\drivers\pmem.sys [2017-03-18 101376]
S3 pwdspio;pwdspio; \??\C:\Windows\system32\pwdspio.sys [2013-09-30 12504]
S3 ReFS;ReFS; C:\WINDOWS\system32\drivers\ReFS.sys [2017-03-18 1735584]
S3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2017-03-18 180736]
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\WINDOWS\System32\drivers\SDFRd.sys [2017-03-18 31128]
S3 semav6msr64;semav6msr64; \??\C:\Windows\system32\drivers\semav6msr64.sys [2015-06-04 21984]
S3 SmbDrvI;SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [2015-08-07 52912]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter; C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2017-03-20 40352]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2016-04-25 221824]
====== List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======
R2 AGSService;Adobe Genuine Software Integrity Service; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2017-05-18 2246256]
R2 AVerRemote;AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [2015-06-25 377664]
R2 AVerScheduleService;AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [2015-06-25 412480]
R2 CDPUserSvc_60df8a6;Uživatelská služba platformy připojených zařízení_60df8a6; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\dusmsvc.dll
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2016-12-14 2836296]
R2 IBMPMSVC;@oem55.inf,%ibm.svcDesc0%;Lenovo PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2015-09-03 156912]
R2 icacl;icacl; C:\WINDOWS\system32\icacl.exe [2017-07-02 920784]
R2 ImControllerService;System Interface Foundation Service; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-06-05 57160]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-07-02 327672]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2017-05-01 462968]
R2 OneSyncSvc_60df8a6;Hostitel synchronizace_60df8a6; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
R2 SamsungRapidSvc;Samsung RAPID Mode Service; C:\WINDOWS\system32\RAPID\SamsungRapidSvc.exe [2016-11-18 29080]
R2 SAService;Conexant SmartAudio service; C:\WINDOWS\syswow64\SAsrv.exe [2011-09-01 447104]
R2 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\WINDOWS\system32\SecurityHealthService.exe [2017-05-20 335808]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2014-08-23 156848]
R3 PimIndexMaintenanceSvc_60df8a6;Data kontaktů_60df8a6; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
R3 Power Manager DBC Service;Lenovo Settings Power Service; C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2017-04-28 106864]
R3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\RMapi.dll
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" = %SystemRoot%\System32\CDPUserSvc.dll
S2 CxAudMsg;Conexant Audio Message Service; C:\Windows\system32\CxAudMsg64.exe [2012-06-08 201376]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-08-07 15720]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-04-05 317400]
S2 SQLBrowser;SQL Server Browser; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2014-08-23 278192]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; %SystemRoot%\system32\svchost.exe -k DevicesFlow;"ServiceDll" = %SystemRoot%\System32\DevicesFlowBroker.dll
S3 DevicesFlowUserSvc_60df8a6;Tok zařízení_60df8a6; C:\WINDOWS\system32\svchost.exe -k DevicesFlow;"ServiceDll" =
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2017-02-10 43696]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; %SystemRoot%\System32\svchost.exe -k Camera;"ServiceDll" = %SystemRoot%\system32\FrameServer.dll
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\hvhostsvc.dll
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\IpxlatCfg.dll
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\irmon.dll
S3 LSC.Services.SystemService;Lenovo Solution Center System Service; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [2016-06-02 273232]
S3 MessagingService_60df8a6;Služba zasílání zpráv_60df8a6; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; %SystemRoot%\system32\svchost.exe -k netsvcs;"ServiceDll" = %SystemRoot%\System32\NaturalAuth.dll
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2015-07-31 242864]
S3 PAExec;PAExec; C:\Windows\PAExec.exe [2015-12-19 189112]
S3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; %SystemRoot%\system32\svchost.exe -k LocalService;"ServiceDll" = %SystemRoot%\system32\SEMgrSvc.dll
S3 Sense;@%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2017-03-20 3913064]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
S3 spectrum;@%systemroot%\system32\spectrum.exe,-101; C:\WINDOWS\system32\spectrum.exe [2017-03-18 891904]
S3 SSSvc;Smart Sense Service; C:\Program Files (x86)\SmartSense\SSSvc.exe [2016-07-05 124744]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2017-03-23 1590560]
S4 AppVClient;@%systemroot%\system32\AppVClient.exe,-102; C:\WINDOWS\system32\AppVClient.exe [2017-06-03 846752]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 44896]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; %SystemRoot%\System32\svchost.exe -k netsvcs;"ServiceDll" = %systemroot%\system32\Windows.SharedPC.AccountManager.dll
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
trojan Agent.CJ
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119670
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: trojan Agent.CJ
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: trojan Agent.CJ
# AdwCleaner v6.047 - Log vytvořen 02/07/2017 v 18:34:42
# Aktualizováno dne 19/05/2017 z Malwarebytes
# Databáze : 2017-06-29.3 [Server]
# Operační systém : Windows 10 Pro (X64)
# Uživatelské jméno : Rossi46 - T420
# Spuštěno z : C:\Users\Rossi46\AppData\Local\Temp\scoped_dir4656_6361\adwcleaner_6.047.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
[-] Služba smazána: SSSvc
***** [ Složky ] *****
[-] Složka smazána: C:\Users\Rossi46\AppData\Local\Вoйти в Интeрнет
[-] Složka smazána: C:\Users\Rossi46\AppData\Local\Поиcк в Интeрнете
[-] Složka smazána: C:\Users\Rossi46\AppData\LocalLow\.acestream
[-] Složka smazána: C:\Users\Rossi46\AppData\Roaming\.acestream
[-] Složka smazána: C:\Users\Rossi46\AppData\Roaming\acestream
[-] Složka smazána: C:\Users\Rossi46\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
[-] Složka smazána: C:\_acestream_cache_
[-] Složka smazána: C:\ProgramData\Mail.Ru
[-] Složka smazána: C:\Program Files (x86)\Mail.Ru
[-] Složka smazána: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\Mail.Ru
***** [ Soubory ] *****
[-] Soubor smazán: C:\Users\Rossi46\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk
[#] Soubor smazán: C:\Users\Rossi46\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MAIL.RU.LNK
[-] Soubor smazán: C:\Users\Rossi46\Favorites\Mail.Ru.url
[-] Soubor smazán: C:\Users\Rossi46\Favorites\Mail.Ru Агент - используй для общения!.url
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
[!] Zástupce nelze smazat: C:\Users\Rossi46\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk
***** [ Naplánované úlohy ] *****
[-] Úloha smazána: MSI
***** [ Registry ] *****
[-] Klíč smazán: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Classes\.acelive
[-] Klíč smazán: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Classes\.acemedia
[-] Klíč smazán: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Classes\.acestream
[-] Klíč smazán: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Classes\.tslive
[-] Klíč smazán: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Classes\acestream
[-] Klíč smazán: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Classes\AceStream.CDAudio
[-] Klíč smazán: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Classes\AceStream.DVDMovie
[-] Klíč smazán: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Classes\AceStream.file
[-] Klíč smazán: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Classes\AceStream.OPENFolder
[-] Klíč smazán: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Classes\AceStream.SVCDMovie
[-] Klíč smazán: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Classes\AceStream.VCDMovie
[#] Klíč smazán po restartu: HKCU\Software\Classes\.acelive
[#] Klíč smazán po restartu: HKCU\Software\Classes\.acemedia
[#] Klíč smazán po restartu: HKCU\Software\Classes\.acestream
[#] Klíč smazán po restartu: HKCU\Software\Classes\.tslive
[#] Klíč smazán po restartu: HKCU\Software\Classes\acestream
[#] Klíč smazán po restartu: HKCU\Software\Classes\AceStream.CDAudio
[#] Klíč smazán po restartu: HKCU\Software\Classes\AceStream.DVDMovie
[#] Klíč smazán po restartu: HKCU\Software\Classes\AceStream.file
[#] Klíč smazán po restartu: HKCU\Software\Classes\AceStream.OPENFolder
[#] Klíč smazán po restartu: HKCU\Software\Classes\AceStream.SVCDMovie
[#] Klíč smazán po restartu: HKCU\Software\Classes\AceStream.VCDMovie
[-] Klíč smazán: HKLM\SOFTWARE\Classes\IESearchPlugin.MailRuBHO
[-] Klíč smazán: HKLM\SOFTWARE\Classes\IESearchPlugin.MailRuBHO.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\PCSuiteContactsView
[-] Klíč smazán: HKLM\SOFTWARE\Classes\PCSuiteMessagesView
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\.acelive
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\.acemedia
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\.acestream
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\.tslive
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\acestream
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\AceStream.CDAudio
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\AceStream.DVDMovie
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\AceStream.file
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\AceStream.OPENFolder
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\AceStream.SVCDMovie
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\AceStream.VCDMovie
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\IESearchPlugin.MailRuBHO
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\IESearchPlugin.MailRuBHO.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\PCSuiteContactsView
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\PCSuiteMessagesView
[-] Klíč smazán: HKCU\Software\Classes\CLSID\{79690976-ED6E-403C-BBBA-F8928B5EDE17}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}
[-] Klíč smazán: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\AceStream
[-] Klíč smazán: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Mail.Ru
[-] Klíč smazán: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Amigo
[-] Klíč smazán: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Microsoft\Gosearch
[-] Klíč smazán: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Microsoft\Gosearchq
[-] Klíč smazán: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Xpom
[-] Klíč smazán: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\AppDataLow\Software\Mail.Ru
[-] Klíč smazán: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
[#] Klíč smazán po restartu: HKCU\Software\AceStream
[#] Klíč smazán po restartu: HKCU\Software\Mail.Ru
[#] Klíč smazán po restartu: HKCU\Software\Amigo
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Gosearch
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Gosearchq
[#] Klíč smazán po restartu: HKCU\Software\Xpom
[#] Klíč smazán po restartu: HKCU\Software\AppDataLow\Software\Mail.Ru
[-] Klíč smazán: HKLM\SOFTWARE\Mail.Ru
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
[#] Klíč smazán po restartu: [x64] HKCU\Software\AceStream
[#] Klíč smazán po restartu: [x64] HKCU\Software\Mail.Ru
[#] Klíč smazán po restartu: [x64] HKCU\Software\Amigo
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Gosearch
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Gosearchq
[#] Klíč smazán po restartu: [x64] HKCU\Software\Xpom
[#] Klíč smazán po restartu: [x64] HKCU\Software\AppDataLow\Software\Mail.Ru
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
[-] Data obnovena: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Klíč smazán: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
[-] Data obnovena: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
[-] Data obnovena: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Klíč smazán: HKCU\Software\Classes\Applications\ace_player.exe
[-] Klíč smazán: HKCU\Software\Classes\AudioCD\shell\PlayWithACEStream
[-] Klíč smazán: HKCU\Software\Classes\DVD\shell\PlayWithACEStream
[-] Klíč smazán: HKCU\Software\Classes\MIME\Database\Content Type\application/x-acestream-plugin
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayCDAudioOnArrival
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDAudioOnArrival
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDMovieOnArrival
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayMusicFilesOnArrival
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlaySVCDMovieOnArrival
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVCDMovieOnArrival
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVideoFilesOnArrival
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acestream
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
[#] Klíč smazán po restartu: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
[#] Klíč smazán po restartu: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
[#] Klíč smazán po restartu: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acestream
[#] Klíč smazán po restartu: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
[#] Klíč smazán po restartu: HKCU\SOFTWARE\Classes\Applications\ace_player.exe
[#] Klíč smazán po restartu: HKCU\SOFTWARE\Classes\MIME\Database\Content Type\application/x-acestream-plugin
[-] Klíč smazán: HKCU\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=3.1.2
***** [ Prohlížeče ] *****
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [10954 Bajty] - [02/07/2017 18:34:42]
C:\AdwCleaner\AdwCleaner[S0].txt - [10372 Bajty] - [02/07/2017 18:33:13]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [11102 Bajty] ##########
# Aktualizováno dne 19/05/2017 z Malwarebytes
# Databáze : 2017-06-29.3 [Server]
# Operační systém : Windows 10 Pro (X64)
# Uživatelské jméno : Rossi46 - T420
# Spuštěno z : C:\Users\Rossi46\AppData\Local\Temp\scoped_dir4656_6361\adwcleaner_6.047.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
[-] Služba smazána: SSSvc
***** [ Složky ] *****
[-] Složka smazána: C:\Users\Rossi46\AppData\Local\Вoйти в Интeрнет
[-] Složka smazána: C:\Users\Rossi46\AppData\Local\Поиcк в Интeрнете
[-] Složka smazána: C:\Users\Rossi46\AppData\LocalLow\.acestream
[-] Složka smazána: C:\Users\Rossi46\AppData\Roaming\.acestream
[-] Složka smazána: C:\Users\Rossi46\AppData\Roaming\acestream
[-] Složka smazána: C:\Users\Rossi46\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
[-] Složka smazána: C:\_acestream_cache_
[-] Složka smazána: C:\ProgramData\Mail.Ru
[-] Složka smazána: C:\Program Files (x86)\Mail.Ru
[-] Složka smazána: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\Mail.Ru
***** [ Soubory ] *****
[-] Soubor smazán: C:\Users\Rossi46\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk
[#] Soubor smazán: C:\Users\Rossi46\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MAIL.RU.LNK
[-] Soubor smazán: C:\Users\Rossi46\Favorites\Mail.Ru.url
[-] Soubor smazán: C:\Users\Rossi46\Favorites\Mail.Ru Агент - используй для общения!.url
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
[!] Zástupce nelze smazat: C:\Users\Rossi46\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk
***** [ Naplánované úlohy ] *****
[-] Úloha smazána: MSI
***** [ Registry ] *****
[-] Klíč smazán: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Classes\.acelive
[-] Klíč smazán: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Classes\.acemedia
[-] Klíč smazán: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Classes\.acestream
[-] Klíč smazán: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Classes\.tslive
[-] Klíč smazán: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Classes\acestream
[-] Klíč smazán: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Classes\AceStream.CDAudio
[-] Klíč smazán: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Classes\AceStream.DVDMovie
[-] Klíč smazán: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Classes\AceStream.file
[-] Klíč smazán: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Classes\AceStream.OPENFolder
[-] Klíč smazán: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Classes\AceStream.SVCDMovie
[-] Klíč smazán: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Classes\AceStream.VCDMovie
[#] Klíč smazán po restartu: HKCU\Software\Classes\.acelive
[#] Klíč smazán po restartu: HKCU\Software\Classes\.acemedia
[#] Klíč smazán po restartu: HKCU\Software\Classes\.acestream
[#] Klíč smazán po restartu: HKCU\Software\Classes\.tslive
[#] Klíč smazán po restartu: HKCU\Software\Classes\acestream
[#] Klíč smazán po restartu: HKCU\Software\Classes\AceStream.CDAudio
[#] Klíč smazán po restartu: HKCU\Software\Classes\AceStream.DVDMovie
[#] Klíč smazán po restartu: HKCU\Software\Classes\AceStream.file
[#] Klíč smazán po restartu: HKCU\Software\Classes\AceStream.OPENFolder
[#] Klíč smazán po restartu: HKCU\Software\Classes\AceStream.SVCDMovie
[#] Klíč smazán po restartu: HKCU\Software\Classes\AceStream.VCDMovie
[-] Klíč smazán: HKLM\SOFTWARE\Classes\IESearchPlugin.MailRuBHO
[-] Klíč smazán: HKLM\SOFTWARE\Classes\IESearchPlugin.MailRuBHO.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\PCSuiteContactsView
[-] Klíč smazán: HKLM\SOFTWARE\Classes\PCSuiteMessagesView
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\.acelive
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\.acemedia
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\.acestream
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\.tslive
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\acestream
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\AceStream.CDAudio
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\AceStream.DVDMovie
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\AceStream.file
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\AceStream.OPENFolder
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\AceStream.SVCDMovie
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\AceStream.VCDMovie
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\IESearchPlugin.MailRuBHO
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\IESearchPlugin.MailRuBHO.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\PCSuiteContactsView
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\PCSuiteMessagesView
[-] Klíč smazán: HKCU\Software\Classes\CLSID\{79690976-ED6E-403C-BBBA-F8928B5EDE17}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}
[-] Klíč smazán: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\AceStream
[-] Klíč smazán: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Mail.Ru
[-] Klíč smazán: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Amigo
[-] Klíč smazán: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Microsoft\Gosearch
[-] Klíč smazán: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Microsoft\Gosearchq
[-] Klíč smazán: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Xpom
[-] Klíč smazán: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\AppDataLow\Software\Mail.Ru
[-] Klíč smazán: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
[#] Klíč smazán po restartu: HKCU\Software\AceStream
[#] Klíč smazán po restartu: HKCU\Software\Mail.Ru
[#] Klíč smazán po restartu: HKCU\Software\Amigo
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Gosearch
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Gosearchq
[#] Klíč smazán po restartu: HKCU\Software\Xpom
[#] Klíč smazán po restartu: HKCU\Software\AppDataLow\Software\Mail.Ru
[-] Klíč smazán: HKLM\SOFTWARE\Mail.Ru
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
[#] Klíč smazán po restartu: [x64] HKCU\Software\AceStream
[#] Klíč smazán po restartu: [x64] HKCU\Software\Mail.Ru
[#] Klíč smazán po restartu: [x64] HKCU\Software\Amigo
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Gosearch
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Gosearchq
[#] Klíč smazán po restartu: [x64] HKCU\Software\Xpom
[#] Klíč smazán po restartu: [x64] HKCU\Software\AppDataLow\Software\Mail.Ru
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
[-] Data obnovena: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Klíč smazán: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
[-] Data obnovena: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
[-] Data obnovena: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Klíč smazán: HKCU\Software\Classes\Applications\ace_player.exe
[-] Klíč smazán: HKCU\Software\Classes\AudioCD\shell\PlayWithACEStream
[-] Klíč smazán: HKCU\Software\Classes\DVD\shell\PlayWithACEStream
[-] Klíč smazán: HKCU\Software\Classes\MIME\Database\Content Type\application/x-acestream-plugin
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayCDAudioOnArrival
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDAudioOnArrival
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDMovieOnArrival
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayMusicFilesOnArrival
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlaySVCDMovieOnArrival
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVCDMovieOnArrival
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVideoFilesOnArrival
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acestream
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
[#] Klíč smazán po restartu: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
[#] Klíč smazán po restartu: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
[#] Klíč smazán po restartu: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acestream
[#] Klíč smazán po restartu: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
[#] Klíč smazán po restartu: HKCU\SOFTWARE\Classes\Applications\ace_player.exe
[#] Klíč smazán po restartu: HKCU\SOFTWARE\Classes\MIME\Database\Content Type\application/x-acestream-plugin
[-] Klíč smazán: HKCU\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=3.1.2
***** [ Prohlížeče ] *****
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [10954 Bajty] - [02/07/2017 18:34:42]
C:\AdwCleaner\AdwCleaner[S0].txt - [10372 Bajty] - [02/07/2017 18:33:13]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [11102 Bajty] ##########
-
Rudy
- Site Admin
- Příspěvky: 119670
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: trojan Agent.CJ
Teď dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: trojan Agent.CJ
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2017
Ran by Rossi46 (administrator) on T420 (02-07-2017 19:17:16)
Running from C:\Users\Rossi46\Desktop
Loaded Profiles: Rossi46 (Available Profiles: Rossi46)
Platform: Windows 10 Pro Version 1703 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
() C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\Windows\System32\icacl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
() D:\Install\Core Temp\core temp 1.0 RC6 x64\Core Temp.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(troubadix) C:\Program Files\TPFanControl\TPFanControl.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Opera Software) C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\46.0.2597.32\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe
() C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Opera Software) C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1706.1602.0_x64__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files\WindowsApps\Microsoft.BingWeather_4.20.1102.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(forum.viry.cz) C:\Users\Rossi46\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\PING.EXE
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [TPFanControl] => C:\Program Files\TPFanControl\TPFanControl.exe [154624 2015-01-05] (troubadix)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [123800 2016-11-18] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Cm108Sound] => C:\WINDOWS\syswow64\RunDll32.exe C:\WINDOWS\Syswow64\cm108.dll,CMICtrlWnd
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1870928 2017-04-05] (Adobe Systems Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\...\Run: [ivepdeytuj] => explorer "hxxp://eqvizin.ru/?utm_source=uoua03&utm_content=30279481911209992ea2df3b8dc4809c&utm_term=02FF082A7833C4D8D0E3A587BEEEC540&utm_d=20170702" <==== ATTENTION
HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\...\MountPoints2: {76485df4-a253-11e5-800c-0021cc4ad809} - "F:\Launcher.exe"
AppInit_DLLs: C:\WINDOWS\system32\DriverStore\FileRepository\nvltwu.inf_amd64_c8da725822079174\nvinitx.dll => C:\WINDOWS\system32\DriverStore\FileRepository\nvltwu.inf_amd64_c8da725822079174\nvinitx.dll [206632 2017-05-18] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\system32\DriverStore\FileRepository\nvltwu.inf_amd64_c8da725822079174\nvinit.dll => C:\WINDOWS\System32\DriverStore\FileRepository\nvltwu.inf_amd64_c8da725822079174\nvinit.dll [179016 2017-05-18] (NVIDIA Corporation)
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{40adc6fb-14e2-4712-b1e3-dcc7d0997adc}: [DhcpNameServer] 194.228.211.33 160.218.161.60
Tcpip\..\Interfaces\{8b5903e6-1326-4f26-a6ce-cec22dca4fb4}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: WebCGMHlprObj Class -> {56B38F40-4E70-11d4-A076-0080AD86BA2F} -> C:\WINDOWS\SysWow64\cgmopenbho.dll [2006-03-28] (CGM Open Consortium, Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-22] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001 -> hxxp://www.seznam.cz/
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-04-12]
FF HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Rossi46\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
Chrome:
=======
CHR HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
Opera:
=======
OPR Extension: (No Name) - C:\Users\Rossi46\AppData\Roaming\Opera Software\Opera Stable\Extensions\ahggfmgiidlaceichjfemgbaggnbaloe [2017-07-02]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [377664 2015-06-25] (AVerMedia)
R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [412480 2015-06-25] ()
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2836296 2016-12-14] (ESET)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 icacl; C:\WINDOWS\system32\icacl.exe [920784 2017-07-02] ()
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [57160 2017-06-05] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-02] (Lenovo)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
S3 PAExec; C:\Windows\PAExec.exe [189112 2015-12-19] (Power Admin LLC)
R2 SamsungRapidSvc; C:\WINDOWS\System32\RAPID\SamsungRapidSvc.exe [29080 2016-11-18] (Samsung Electronics Co., Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
R3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [23416 2017-05-09] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [259176 2016-10-03] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 adusbnet; C:\WINDOWS\System32\drivers\adusbnet.sys [154112 2010-12-20] (QUALCOMM Incorporated)
S3 adusbnet; C:\Windows\SysWOW64\drivers\adusbnet.sys [154112 2010-12-20] (QUALCOMM Incorporated)
S3 adusbser; C:\WINDOWS\system32\DRIVERS\adusbser.sys [123392 2010-12-20] (QUALCOMM Incorporated)
S3 adusbser; C:\Windows\SysWOW64\DRIVERS\adusbser.sys [123392 2010-12-20] (QUALCOMM Incorporated)
R3 ALSysIO; C:\Users\Rossi46\AppData\Local\Temp\ALSysIO64.sys [26488 2017-07-02] (Arthur Liberman) <==== ATTENTION
S3 AVerPola; C:\WINDOWS\system32\DRIVERS\AVerPola.sys [862336 2013-12-18] (AVerMedia TECHNOLOGIES, Inc.)
S3 AVPolCIR; C:\WINDOWS\System32\drivers\AVPolCIR.sys [62976 2013-12-18] (AVerMedia TECHNOLOGIES, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [132272 2017-01-17] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [106768 2017-01-17] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15488 2016-10-09] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [180544 2017-01-17] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [49672 2017-01-17] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [77616 2017-01-17] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [96856 2017-01-17] (ESET)
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2017-03-18] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvltwu.inf_amd64_c8da725822079174\nvlddmkm.sys [14456920 2017-05-18] (NVIDIA Corporation)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R0 SamsungRapidDiskFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidDiskFltr.sys [272792 2016-11-18] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidFSFltr.sys [111512 2016-11-18] (Samsung Electronics Co., Ltd.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [52912 2015-08-07] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [131144 2017-01-16] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [205440 2017-01-16] (Oracle Corporation)
S3 VBoxUSB; C:\WINDOWS\System32\Drivers\VBoxUSB.sys [137920 2017-01-16] (Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-02 19:17 - 2017-07-02 19:17 - 00019866 _____ C:\Users\Rossi46\Desktop\FRST.txt
2017-07-02 19:17 - 2017-07-02 19:17 - 00000000 ____D C:\FRST
2017-07-02 19:16 - 2017-07-02 19:16 - 00112640 _____ (forum.viry.cz) C:\Users\Rossi46\Desktop\FRSTLauncher.exe
2017-07-02 19:16 - 2017-07-02 19:16 - 00029696 _____ C:\Users\Rossi46\AppData\Local\MSGBOX.EXE
2017-07-02 19:16 - 2017-07-02 19:16 - 00015327 _____ C:\Users\Rossi46\Desktop\LM.bat
2017-07-02 19:15 - 2017-07-02 19:15 - 02435584 _____ (Farbar) C:\Users\Rossi46\Desktop\FRST64.exe
2017-07-02 18:31 - 2017-07-02 18:34 - 00000000 ____D C:\AdwCleaner
2017-07-02 18:31 - 2017-07-02 18:31 - 04110280 _____ C:\Users\Rossi46\Desktop\adwcleaner_6.047.exe
2017-07-02 17:59 - 2017-07-02 17:59 - 00000000 ____D C:\rsit
2017-07-02 17:59 - 2017-07-02 17:59 - 00000000 ____D C:\Program Files\trend micro
2017-07-02 17:54 - 2017-07-02 17:54 - 01329152 _____ C:\Users\Rossi46\Desktop\RSITx64.exe
2017-07-02 17:35 - 2017-07-02 17:55 - 00000000 ____D C:\Users\Rossi46\AppData\Local\NPE
2017-07-02 17:35 - 2017-07-02 17:35 - 00000000 ____D C:\ProgramData\Norton
2017-07-02 17:28 - 2017-07-02 17:28 - 00000000 ____D C:\Users\Rossi46\AppData\Local\yc
2017-07-02 16:48 - 2017-07-02 16:48 - 00920784 _____ C:\WINDOWS\system32\icacl.exe
2017-07-02 16:22 - 2017-07-02 17:24 - 00003528 __RSH C:\WINDOWS\System32\Tasks\MSI
2017-07-02 15:55 - 2017-07-02 15:55 - 00000000 ____D C:\Users\Rossi46\.android
2017-07-02 15:46 - 2017-07-02 16:25 - 00000000 ____D C:\Users\Rossi46\Desktop\Tomík
2017-06-29 17:46 - 2017-06-29 17:46 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2017-06-27 08:40 - 2017-06-27 08:40 - 01391585 ____T C:\Users\Rossi46\Desktop\009-012_Detail_Jímka_2Jo06.dwg
2017-06-26 14:39 - 2017-06-26 14:39 - 00023984 _____ C:\Users\Rossi46\Desktop\07.-08.- OT K6-POT_DISPOZICE_PP_TR20170120_RV_TP_10.3.17-Model.pdf
2017-06-17 07:10 - 2017-06-17 07:10 - 02373944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WudfUpdate_01011.dll
2017-06-15 15:52 - 2017-06-15 15:52 - 00002743 _____ C:\Users\Public\Desktop\SwissKnife V3.lnk
2017-06-15 15:52 - 2017-06-15 15:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SwissKnife v3
2017-06-15 15:52 - 2017-06-15 15:52 - 00000000 ____D C:\Program Files (x86)\SwissKnife V3
2017-06-15 15:51 - 2017-06-15 15:51 - 04028175 _____ (SwissKnife V3) C:\Users\Rossi46\Desktop\swissknife_premium.exe
2017-06-15 15:49 - 2005-11-26 19:45 - 00002799 _____ C:\WINDOWS\SKLANG.INI
2017-06-15 15:49 - 1998-10-29 16:45 - 00306688 _____ (InstallShield Software Corporation) C:\WINDOWS\IsUninst.exe
2017-06-14 17:06 - 2017-06-14 17:06 - 00000000 ____D C:\WINDOWS\PCHEALTH
2017-06-14 17:06 - 2017-06-14 17:06 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2017-06-14 17:06 - 2017-06-14 17:06 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2017-06-14 17:00 - 2017-06-03 11:59 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-14 17:00 - 2017-06-03 11:35 - 02259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-14 17:00 - 2017-06-03 11:23 - 20373920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-14 17:00 - 2017-06-03 11:23 - 06760024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-06-14 17:00 - 2017-06-03 11:20 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-14 17:00 - 2017-06-03 11:11 - 02958848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-14 17:00 - 2017-06-03 10:57 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-06-14 17:00 - 2017-06-03 10:55 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-14 17:00 - 2017-06-03 10:54 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-06-14 17:00 - 2017-06-03 10:53 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-06-14 16:59 - 2017-06-03 12:15 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-14 16:59 - 2017-06-03 12:15 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-14 16:59 - 2017-06-03 12:15 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-14 16:59 - 2017-06-03 12:14 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-14 16:59 - 2017-06-03 12:14 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-14 16:59 - 2017-06-03 12:10 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-14 16:59 - 2017-06-03 12:09 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-14 16:59 - 2017-06-03 12:09 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-06-14 16:59 - 2017-06-03 12:08 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-14 16:59 - 2017-06-03 12:07 - 00923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-14 16:59 - 2017-06-03 12:07 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-14 16:59 - 2017-06-03 12:02 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-14 16:59 - 2017-06-03 12:01 - 05477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-06-14 16:59 - 2017-06-03 12:00 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-06-14 16:59 - 2017-06-03 12:00 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-06-14 16:59 - 2017-06-03 12:00 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-06-14 16:59 - 2017-06-03 11:59 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-14 16:59 - 2017-06-03 11:59 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-14 16:59 - 2017-06-03 11:59 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-06-14 16:59 - 2017-06-03 11:58 - 21352696 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-14 16:59 - 2017-06-03 11:58 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-06-14 16:59 - 2017-06-03 11:58 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-06-14 16:59 - 2017-06-03 11:58 - 00254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-06-14 16:59 - 2017-06-03 11:57 - 00371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-06-14 16:59 - 2017-06-03 11:56 - 02228120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-06-14 16:59 - 2017-06-03 11:56 - 01854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-06-14 16:59 - 2017-06-03 11:56 - 01693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-06-14 16:59 - 2017-06-03 11:56 - 01458592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-06-14 16:59 - 2017-06-03 11:56 - 00848288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-06-14 16:59 - 2017-06-03 11:56 - 00846752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-06-14 16:59 - 2017-06-03 11:56 - 00844696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-06-14 16:59 - 2017-06-03 11:56 - 00697760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-06-14 16:59 - 2017-06-03 11:56 - 00672672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-06-14 16:59 - 2017-06-03 11:56 - 00399264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-06-14 16:59 - 2017-06-03 11:55 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-14 16:59 - 2017-06-03 11:36 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-06-14 16:59 - 2017-06-03 11:28 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-14 16:59 - 2017-06-03 11:26 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
2017-06-14 16:59 - 2017-06-03 11:23 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-06-14 16:59 - 2017-06-03 11:21 - 01516448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-06-14 16:59 - 2017-06-03 11:14 - 03673088 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-14 16:59 - 2017-06-03 11:14 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-06-14 16:59 - 2017-06-03 11:14 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-06-14 16:59 - 2017-06-03 11:14 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-06-14 16:59 - 2017-06-03 11:14 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-14 16:59 - 2017-06-03 11:12 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-14 16:59 - 2017-06-03 11:11 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-14 16:59 - 2017-06-03 11:11 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-14 16:59 - 2017-06-03 11:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-14 16:59 - 2017-06-03 11:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-14 16:59 - 2017-06-03 11:11 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-14 16:59 - 2017-06-03 11:10 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-14 16:59 - 2017-06-03 11:10 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-14 16:59 - 2017-06-03 11:10 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-06-14 16:59 - 2017-06-03 11:09 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-06-14 16:59 - 2017-06-03 11:09 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-06-14 16:59 - 2017-06-03 11:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-14 16:59 - 2017-06-03 11:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-14 16:59 - 2017-06-03 11:07 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-14 16:59 - 2017-06-03 11:07 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-06-14 16:59 - 2017-06-03 11:07 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-14 16:59 - 2017-06-03 11:07 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-06-14 16:59 - 2017-06-03 11:07 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-14 16:59 - 2017-06-03 11:06 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-06-14 16:59 - 2017-06-03 11:05 - 20506624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-14 16:59 - 2017-06-03 11:05 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-14 16:59 - 2017-06-03 11:05 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-06-14 16:59 - 2017-06-03 11:05 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-06-14 16:59 - 2017-06-03 11:05 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
2017-06-14 16:59 - 2017-06-03 11:04 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-14 16:59 - 2017-06-03 11:04 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-06-14 16:59 - 2017-06-03 11:04 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-14 16:59 - 2017-06-03 11:03 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-14 16:59 - 2017-06-03 11:03 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-06-14 16:59 - 2017-06-03 11:03 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-06-14 16:59 - 2017-06-03 11:02 - 08245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-14 16:59 - 2017-06-03 11:01 - 06726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-06-14 16:59 - 2017-06-03 11:01 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-06-14 16:59 - 2017-06-03 11:00 - 03379200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-14 16:59 - 2017-06-03 11:00 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-14 16:59 - 2017-06-03 11:00 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-14 16:59 - 2017-06-03 10:59 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-14 16:59 - 2017-06-03 10:59 - 02672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-14 16:59 - 2017-06-03 10:59 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-14 16:59 - 2017-06-03 10:59 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-14 16:59 - 2017-06-03 10:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-14 16:59 - 2017-06-03 10:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-14 16:59 - 2017-06-03 10:59 - 01142784 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-14 16:59 - 2017-06-03 10:59 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-14 16:59 - 2017-06-03 10:59 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-06-14 16:59 - 2017-06-03 10:58 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 16:59 - 2017-06-03 10:58 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-06-14 16:59 - 2017-06-03 10:58 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-06-14 16:59 - 2017-06-03 10:58 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-14 16:59 - 2017-06-03 10:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-06-14 16:59 - 2017-06-03 10:58 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-14 16:59 - 2017-06-03 10:57 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-14 16:59 - 2017-06-03 10:57 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-06-14 16:59 - 2017-06-03 10:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-06-14 16:59 - 2017-06-03 10:57 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-14 16:59 - 2017-06-03 10:57 - 01675264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-06-14 16:59 - 2017-06-03 10:57 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-14 16:59 - 2017-06-03 10:56 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-14 16:59 - 2017-06-03 10:55 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-14 16:59 - 2017-06-03 10:55 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-14 16:59 - 2017-06-03 10:54 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-14 16:59 - 2017-06-03 10:54 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\pwcreator.exe
2017-06-14 16:59 - 2017-06-03 10:51 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2017-06-07 18:47 - 2017-06-07 18:47 - 00003566 _____ C:\WINDOWS\System32\Tasks\nWizard_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-07 18:47 - 2017-06-07 18:47 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2017-06-07 18:47 - 2017-06-07 18:47 - 00000000 ____D C:\WINDOWS\system32\NV
2017-06-07 18:47 - 2017-06-07 18:47 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-06-07 18:47 - 2017-05-18 07:56 - 00521816 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-06-07 18:47 - 2017-05-01 22:14 - 00134592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-06-07 18:47 - 2017-03-10 23:17 - 00536864 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-06-07 18:47 - 2017-03-10 23:17 - 00525600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-06-07 18:47 - 2017-03-10 23:17 - 00254240 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-06-07 18:47 - 2017-03-10 23:17 - 00233760 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-06-05 10:50 - 2017-06-05 10:50 - 00257864 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll
2017-06-04 16:13 - 2017-06-04 16:13 - 00001835 _____ C:\Users\Rossi46\Desktop\GX GAMING CAVIMANUS HEADSET.lnk
2017-06-04 16:13 - 2017-06-04 16:13 - 00000850 _____ C:\WINDOWS\Cm108.ini.imi
2017-06-04 16:13 - 2017-06-04 16:13 - 00000799 _____ C:\WINDOWS\system\Cm108.ini
2017-06-04 16:13 - 2017-06-04 16:13 - 00000324 _____ C:\WINDOWS\Cm108.ini.cfl
2017-06-04 16:13 - 2017-06-04 16:13 - 00000125 _____ C:\WINDOWS\system\Dlap.pfx
2017-06-04 16:13 - 2017-06-04 16:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KYE SYSTEMS CORP
2017-06-04 16:13 - 2015-08-20 09:51 - 00002316 ____N C:\WINDOWS\Cm108.ini.cfg
2017-06-04 16:13 - 2015-08-11 13:58 - 13463552 ____N (C-Media Corporation) C:\WINDOWS\SysWOW64\CM108.dll
2017-06-04 16:13 - 2015-05-06 18:07 - 00834560 ____N C:\WINDOWS\system32\Cmeau108.exe
2017-06-04 16:13 - 2013-10-16 10:55 - 00143360 ____N C:\WINDOWS\Vmix108.dll
2017-06-04 16:13 - 2013-02-01 12:10 - 04333568 _____ (C-Media Electronics Inc) C:\WINDOWS\system32\Drivers\CM10864.sys
2017-06-04 16:13 - 2013-02-01 12:10 - 00315392 _____ (C-Media Electronics Inc.) C:\WINDOWS\system\fltr108.dll
2017-06-04 16:13 - 2012-12-24 14:06 - 00000638 ____N C:\WINDOWS\USetup.iss
2017-06-04 16:13 - 2012-06-04 14:15 - 04533760 ____N C:\WINDOWS\system32\CM108.cpl
2017-06-04 16:13 - 2012-02-15 16:49 - 00001343 ____N C:\WINDOWS\cm108.ini
2017-06-04 16:13 - 2009-08-19 01:00 - 00359424 ____N C:\WINDOWS\system32\CmiInstallResAll64.dll
2017-06-04 16:13 - 2006-10-05 14:45 - 00524768 _____ (Microsoft Corporation) C:\WINDOWS\difxapi.dll
2017-06-04 16:13 - 2006-09-13 10:21 - 00200704 ____N (C-Media) C:\WINDOWS\SysWOW64\cmpa108.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-02 18:41 - 2017-04-25 17:46 - 07290280 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-02 18:41 - 2017-03-20 06:39 - 03599884 _____ C:\WINDOWS\system32\perfh005.dat
2017-07-02 18:41 - 2017-03-20 06:39 - 00997226 _____ C:\WINDOWS\system32\perfc005.dat
2017-07-02 18:40 - 2016-11-16 13:29 - 00696389 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2017-07-02 18:35 - 2017-04-25 17:44 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-02 18:35 - 2017-03-18 13:40 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-07-02 18:35 - 2016-08-10 12:18 - 00000000 ____D C:\ProgramData\NVIDIA
2017-07-02 16:54 - 2016-02-02 12:36 - 00000000 ____D C:\Users\Rossi46\.VirtualBox
2017-07-02 16:52 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-02 16:46 - 2015-11-24 18:23 - 00000000 ____D C:\Program Files (x86)\uTorrent
2017-07-02 16:45 - 2017-04-25 16:13 - 00000000 ___DC C:\WINDOWS\Panther
2017-07-02 16:45 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-07-02 16:45 - 2017-03-18 23:01 - 00000000 ____D C:\WINDOWS\INF
2017-07-02 16:23 - 2015-12-24 14:29 - 00001258 __RSH C:\ProgramData\ntuser.pol
2017-07-02 15:55 - 2017-04-25 17:39 - 00000000 ____D C:\Users\Rossi46
2017-07-02 15:25 - 2017-04-25 17:44 - 00003808 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2017-07-02 10:22 - 2017-04-25 17:37 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-02 10:19 - 2016-03-20 11:26 - 00000000 ____D C:\Users\Rossi46\Documents\Soubory aplikace Outlook
2017-07-01 14:26 - 2017-05-25 18:49 - 00000000 ____D C:\Users\Rossi46\AppData\Roaming\vlc
2017-07-01 13:17 - 2017-03-18 23:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-30 14:47 - 2017-03-06 15:29 - 00000000 ____D C:\Users\Rossi46\Desktop\dražby
2017-06-30 14:43 - 2016-03-24 16:48 - 00000000 ____D C:\Users\Rossi46\AppData\Roaming\Skype
2017-06-30 12:30 - 2015-11-24 18:01 - 00000000 ____D C:\Program Files (x86)\Opera
2017-06-30 09:29 - 2015-11-24 15:34 - 00000000 ____D C:\Users\Rossi46\AppData\Local\Packages
2017-06-29 17:46 - 2017-04-25 17:44 - 00003948 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1448380897
2017-06-27 15:07 - 2015-12-14 21:13 - 00000000 ____D C:\Users\Rossi46\AppData\Local\Anydata ADU890-WH
2017-06-21 21:53 - 2017-04-25 17:49 - 00003272 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-21 21:53 - 2016-08-10 12:31 - 00002397 _____ C:\Users\Rossi46\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-21 21:53 - 2016-08-10 12:31 - 00000000 ___RD C:\Users\Rossi46\OneDrive
2017-06-20 13:32 - 2015-11-25 01:35 - 00000000 ____D C:\Users\Rossi46\AppData\Roaming\.purple
2017-06-20 09:12 - 2017-04-12 09:20 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-06-20 09:12 - 2016-03-24 16:48 - 00000000 ____D C:\ProgramData\Skype
2017-06-16 14:15 - 2017-04-25 17:44 - 00004600 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-06-16 14:15 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-16 14:15 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-15 19:48 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\rescache
2017-06-15 15:51 - 2016-02-21 18:00 - 00000000 ____D C:\Users\Rossi46\AppData\Local\Downloaded Installations
2017-06-15 10:07 - 2015-11-24 15:34 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-15 10:06 - 2017-04-25 17:37 - 00399040 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-14 18:18 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-06-14 18:18 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-14 17:08 - 2017-03-18 22:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-14 17:06 - 2015-10-30 09:24 - 00000167 _____ C:\WINDOWS\win.ini
2017-06-14 17:04 - 2015-12-09 12:17 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-14 17:02 - 2015-12-09 12:17 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-11 09:15 - 2016-09-27 08:28 - 00000000 ____D C:\Users\Rossi46\Desktop\Playlist
2017-06-07 18:47 - 2017-04-25 17:38 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-06-07 18:47 - 2017-04-25 17:38 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-06-04 16:13 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\System
2017-06-04 16:13 - 2015-11-24 16:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-06-04 16:13 - 2015-11-24 15:34 - 00000000 ____D C:\Users\Rossi46\AppData\Local\VirtualStore
2017-06-04 15:01 - 2015-11-24 20:57 - 00000000 ____D C:\Users\Rossi46\Documents\Prins VSI
2017-06-03 08:32 - 2017-03-18 23:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-03 08:32 - 2017-03-18 23:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2017-07-02 16:22 - 2017-07-02 16:24 - 2491376 __RSH () C:\Users\Rossi46\AppData\Roaming\Microsoft\msi.exe
2017-07-02 19:16 - 2017-07-02 19:16 - 0029696 _____ () C:\Users\Rossi46\AppData\Local\MSGBOX.EXE
2016-01-14 23:07 - 2017-03-17 23:15 - 0007622 _____ () C:\Users\Rossi46\AppData\Local\Resmon.ResmonCfg
Some files in TEMP:
====================
2017-07-02 17:27 - 2017-07-02 17:28 - 37564928 ____N (The Chromium Authors) C:\Users\Rossi46\AppData\Local\Temp\7DiFmgLoZHUg.exe
2017-07-02 17:30 - 2017-07-02 17:30 - 2491376 ____N () C:\Users\Rossi46\AppData\Local\Temp\sn5UQM4UNrP2.exe
2017-07-02 17:25 - 2017-07-02 17:25 - 2491376 ____N () C:\Users\Rossi46\AppData\Local\Temp\Vn848H2jo0hc.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-07-02 18:16
==================== End of FRST.txt ============================
Ran by Rossi46 (administrator) on T420 (02-07-2017 19:17:16)
Running from C:\Users\Rossi46\Desktop
Loaded Profiles: Rossi46 (Available Profiles: Rossi46)
Platform: Windows 10 Pro Version 1703 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
() C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\Windows\System32\icacl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
() D:\Install\Core Temp\core temp 1.0 RC6 x64\Core Temp.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(troubadix) C:\Program Files\TPFanControl\TPFanControl.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Opera Software) C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\46.0.2597.32\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe
() C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Opera Software) C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1706.1602.0_x64__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files\WindowsApps\Microsoft.BingWeather_4.20.1102.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(forum.viry.cz) C:\Users\Rossi46\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\PING.EXE
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [TPFanControl] => C:\Program Files\TPFanControl\TPFanControl.exe [154624 2015-01-05] (troubadix)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [123800 2016-11-18] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Cm108Sound] => C:\WINDOWS\syswow64\RunDll32.exe C:\WINDOWS\Syswow64\cm108.dll,CMICtrlWnd
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1870928 2017-04-05] (Adobe Systems Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\...\Run: [ivepdeytuj] => explorer "hxxp://eqvizin.ru/?utm_source=uoua03&utm_content=30279481911209992ea2df3b8dc4809c&utm_term=02FF082A7833C4D8D0E3A587BEEEC540&utm_d=20170702" <==== ATTENTION
HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\...\MountPoints2: {76485df4-a253-11e5-800c-0021cc4ad809} - "F:\Launcher.exe"
AppInit_DLLs: C:\WINDOWS\system32\DriverStore\FileRepository\nvltwu.inf_amd64_c8da725822079174\nvinitx.dll => C:\WINDOWS\system32\DriverStore\FileRepository\nvltwu.inf_amd64_c8da725822079174\nvinitx.dll [206632 2017-05-18] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\system32\DriverStore\FileRepository\nvltwu.inf_amd64_c8da725822079174\nvinit.dll => C:\WINDOWS\System32\DriverStore\FileRepository\nvltwu.inf_amd64_c8da725822079174\nvinit.dll [179016 2017-05-18] (NVIDIA Corporation)
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{40adc6fb-14e2-4712-b1e3-dcc7d0997adc}: [DhcpNameServer] 194.228.211.33 160.218.161.60
Tcpip\..\Interfaces\{8b5903e6-1326-4f26-a6ce-cec22dca4fb4}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: WebCGMHlprObj Class -> {56B38F40-4E70-11d4-A076-0080AD86BA2F} -> C:\WINDOWS\SysWow64\cgmopenbho.dll [2006-03-28] (CGM Open Consortium, Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-22] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-1428096516-1343879287-2363046301-1001 -> hxxp://www.seznam.cz/
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-04-12]
FF HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Rossi46\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
Chrome:
=======
CHR HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
Opera:
=======
OPR Extension: (No Name) - C:\Users\Rossi46\AppData\Roaming\Opera Software\Opera Stable\Extensions\ahggfmgiidlaceichjfemgbaggnbaloe [2017-07-02]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [377664 2015-06-25] (AVerMedia)
R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [412480 2015-06-25] ()
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2836296 2016-12-14] (ESET)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 icacl; C:\WINDOWS\system32\icacl.exe [920784 2017-07-02] ()
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [57160 2017-06-05] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-02] (Lenovo)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
S3 PAExec; C:\Windows\PAExec.exe [189112 2015-12-19] (Power Admin LLC)
R2 SamsungRapidSvc; C:\WINDOWS\System32\RAPID\SamsungRapidSvc.exe [29080 2016-11-18] (Samsung Electronics Co., Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
R3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [23416 2017-05-09] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [259176 2016-10-03] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 adusbnet; C:\WINDOWS\System32\drivers\adusbnet.sys [154112 2010-12-20] (QUALCOMM Incorporated)
S3 adusbnet; C:\Windows\SysWOW64\drivers\adusbnet.sys [154112 2010-12-20] (QUALCOMM Incorporated)
S3 adusbser; C:\WINDOWS\system32\DRIVERS\adusbser.sys [123392 2010-12-20] (QUALCOMM Incorporated)
S3 adusbser; C:\Windows\SysWOW64\DRIVERS\adusbser.sys [123392 2010-12-20] (QUALCOMM Incorporated)
R3 ALSysIO; C:\Users\Rossi46\AppData\Local\Temp\ALSysIO64.sys [26488 2017-07-02] (Arthur Liberman) <==== ATTENTION
S3 AVerPola; C:\WINDOWS\system32\DRIVERS\AVerPola.sys [862336 2013-12-18] (AVerMedia TECHNOLOGIES, Inc.)
S3 AVPolCIR; C:\WINDOWS\System32\drivers\AVPolCIR.sys [62976 2013-12-18] (AVerMedia TECHNOLOGIES, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [132272 2017-01-17] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [106768 2017-01-17] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15488 2016-10-09] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [180544 2017-01-17] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [49672 2017-01-17] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [77616 2017-01-17] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [96856 2017-01-17] (ESET)
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2017-03-18] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvltwu.inf_amd64_c8da725822079174\nvlddmkm.sys [14456920 2017-05-18] (NVIDIA Corporation)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R0 SamsungRapidDiskFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidDiskFltr.sys [272792 2016-11-18] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidFSFltr.sys [111512 2016-11-18] (Samsung Electronics Co., Ltd.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [52912 2015-08-07] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [131144 2017-01-16] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [205440 2017-01-16] (Oracle Corporation)
S3 VBoxUSB; C:\WINDOWS\System32\Drivers\VBoxUSB.sys [137920 2017-01-16] (Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-02 19:17 - 2017-07-02 19:17 - 00019866 _____ C:\Users\Rossi46\Desktop\FRST.txt
2017-07-02 19:17 - 2017-07-02 19:17 - 00000000 ____D C:\FRST
2017-07-02 19:16 - 2017-07-02 19:16 - 00112640 _____ (forum.viry.cz) C:\Users\Rossi46\Desktop\FRSTLauncher.exe
2017-07-02 19:16 - 2017-07-02 19:16 - 00029696 _____ C:\Users\Rossi46\AppData\Local\MSGBOX.EXE
2017-07-02 19:16 - 2017-07-02 19:16 - 00015327 _____ C:\Users\Rossi46\Desktop\LM.bat
2017-07-02 19:15 - 2017-07-02 19:15 - 02435584 _____ (Farbar) C:\Users\Rossi46\Desktop\FRST64.exe
2017-07-02 18:31 - 2017-07-02 18:34 - 00000000 ____D C:\AdwCleaner
2017-07-02 18:31 - 2017-07-02 18:31 - 04110280 _____ C:\Users\Rossi46\Desktop\adwcleaner_6.047.exe
2017-07-02 17:59 - 2017-07-02 17:59 - 00000000 ____D C:\rsit
2017-07-02 17:59 - 2017-07-02 17:59 - 00000000 ____D C:\Program Files\trend micro
2017-07-02 17:54 - 2017-07-02 17:54 - 01329152 _____ C:\Users\Rossi46\Desktop\RSITx64.exe
2017-07-02 17:35 - 2017-07-02 17:55 - 00000000 ____D C:\Users\Rossi46\AppData\Local\NPE
2017-07-02 17:35 - 2017-07-02 17:35 - 00000000 ____D C:\ProgramData\Norton
2017-07-02 17:28 - 2017-07-02 17:28 - 00000000 ____D C:\Users\Rossi46\AppData\Local\yc
2017-07-02 16:48 - 2017-07-02 16:48 - 00920784 _____ C:\WINDOWS\system32\icacl.exe
2017-07-02 16:22 - 2017-07-02 17:24 - 00003528 __RSH C:\WINDOWS\System32\Tasks\MSI
2017-07-02 15:55 - 2017-07-02 15:55 - 00000000 ____D C:\Users\Rossi46\.android
2017-07-02 15:46 - 2017-07-02 16:25 - 00000000 ____D C:\Users\Rossi46\Desktop\Tomík
2017-06-29 17:46 - 2017-06-29 17:46 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2017-06-27 08:40 - 2017-06-27 08:40 - 01391585 ____T C:\Users\Rossi46\Desktop\009-012_Detail_Jímka_2Jo06.dwg
2017-06-26 14:39 - 2017-06-26 14:39 - 00023984 _____ C:\Users\Rossi46\Desktop\07.-08.- OT K6-POT_DISPOZICE_PP_TR20170120_RV_TP_10.3.17-Model.pdf
2017-06-17 07:10 - 2017-06-17 07:10 - 02373944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WudfUpdate_01011.dll
2017-06-15 15:52 - 2017-06-15 15:52 - 00002743 _____ C:\Users\Public\Desktop\SwissKnife V3.lnk
2017-06-15 15:52 - 2017-06-15 15:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SwissKnife v3
2017-06-15 15:52 - 2017-06-15 15:52 - 00000000 ____D C:\Program Files (x86)\SwissKnife V3
2017-06-15 15:51 - 2017-06-15 15:51 - 04028175 _____ (SwissKnife V3) C:\Users\Rossi46\Desktop\swissknife_premium.exe
2017-06-15 15:49 - 2005-11-26 19:45 - 00002799 _____ C:\WINDOWS\SKLANG.INI
2017-06-15 15:49 - 1998-10-29 16:45 - 00306688 _____ (InstallShield Software Corporation) C:\WINDOWS\IsUninst.exe
2017-06-14 17:06 - 2017-06-14 17:06 - 00000000 ____D C:\WINDOWS\PCHEALTH
2017-06-14 17:06 - 2017-06-14 17:06 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2017-06-14 17:06 - 2017-06-14 17:06 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2017-06-14 17:00 - 2017-06-03 11:59 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-14 17:00 - 2017-06-03 11:35 - 02259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-14 17:00 - 2017-06-03 11:23 - 20373920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-14 17:00 - 2017-06-03 11:23 - 06760024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-06-14 17:00 - 2017-06-03 11:20 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-14 17:00 - 2017-06-03 11:11 - 02958848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-14 17:00 - 2017-06-03 10:57 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-06-14 17:00 - 2017-06-03 10:55 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-14 17:00 - 2017-06-03 10:54 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-06-14 17:00 - 2017-06-03 10:53 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-06-14 16:59 - 2017-06-03 12:15 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-14 16:59 - 2017-06-03 12:15 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-14 16:59 - 2017-06-03 12:15 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-14 16:59 - 2017-06-03 12:14 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-14 16:59 - 2017-06-03 12:14 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-14 16:59 - 2017-06-03 12:10 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-14 16:59 - 2017-06-03 12:09 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-14 16:59 - 2017-06-03 12:09 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-06-14 16:59 - 2017-06-03 12:08 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-14 16:59 - 2017-06-03 12:07 - 00923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-14 16:59 - 2017-06-03 12:07 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-14 16:59 - 2017-06-03 12:02 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-14 16:59 - 2017-06-03 12:01 - 05477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-06-14 16:59 - 2017-06-03 12:00 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-06-14 16:59 - 2017-06-03 12:00 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-06-14 16:59 - 2017-06-03 12:00 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-06-14 16:59 - 2017-06-03 11:59 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-14 16:59 - 2017-06-03 11:59 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-14 16:59 - 2017-06-03 11:59 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-06-14 16:59 - 2017-06-03 11:58 - 21352696 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-14 16:59 - 2017-06-03 11:58 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-06-14 16:59 - 2017-06-03 11:58 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-06-14 16:59 - 2017-06-03 11:58 - 00254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-06-14 16:59 - 2017-06-03 11:57 - 00371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-06-14 16:59 - 2017-06-03 11:56 - 02228120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-06-14 16:59 - 2017-06-03 11:56 - 01854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-06-14 16:59 - 2017-06-03 11:56 - 01693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-06-14 16:59 - 2017-06-03 11:56 - 01458592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-06-14 16:59 - 2017-06-03 11:56 - 00848288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-06-14 16:59 - 2017-06-03 11:56 - 00846752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-06-14 16:59 - 2017-06-03 11:56 - 00844696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-06-14 16:59 - 2017-06-03 11:56 - 00697760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-06-14 16:59 - 2017-06-03 11:56 - 00672672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-06-14 16:59 - 2017-06-03 11:56 - 00399264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-06-14 16:59 - 2017-06-03 11:55 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-14 16:59 - 2017-06-03 11:36 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-06-14 16:59 - 2017-06-03 11:28 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-14 16:59 - 2017-06-03 11:26 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
2017-06-14 16:59 - 2017-06-03 11:23 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-06-14 16:59 - 2017-06-03 11:21 - 01516448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-06-14 16:59 - 2017-06-03 11:14 - 03673088 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-14 16:59 - 2017-06-03 11:14 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-06-14 16:59 - 2017-06-03 11:14 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-06-14 16:59 - 2017-06-03 11:14 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-06-14 16:59 - 2017-06-03 11:14 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-14 16:59 - 2017-06-03 11:12 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-14 16:59 - 2017-06-03 11:11 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-14 16:59 - 2017-06-03 11:11 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-14 16:59 - 2017-06-03 11:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-14 16:59 - 2017-06-03 11:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-14 16:59 - 2017-06-03 11:11 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-14 16:59 - 2017-06-03 11:10 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-14 16:59 - 2017-06-03 11:10 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-14 16:59 - 2017-06-03 11:10 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-06-14 16:59 - 2017-06-03 11:09 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-06-14 16:59 - 2017-06-03 11:09 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-06-14 16:59 - 2017-06-03 11:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-14 16:59 - 2017-06-03 11:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-14 16:59 - 2017-06-03 11:07 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-14 16:59 - 2017-06-03 11:07 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-06-14 16:59 - 2017-06-03 11:07 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-14 16:59 - 2017-06-03 11:07 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-06-14 16:59 - 2017-06-03 11:07 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-14 16:59 - 2017-06-03 11:06 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-06-14 16:59 - 2017-06-03 11:05 - 20506624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-14 16:59 - 2017-06-03 11:05 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-14 16:59 - 2017-06-03 11:05 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-06-14 16:59 - 2017-06-03 11:05 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-06-14 16:59 - 2017-06-03 11:05 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
2017-06-14 16:59 - 2017-06-03 11:04 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-14 16:59 - 2017-06-03 11:04 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-06-14 16:59 - 2017-06-03 11:04 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-14 16:59 - 2017-06-03 11:03 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-14 16:59 - 2017-06-03 11:03 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-06-14 16:59 - 2017-06-03 11:03 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-06-14 16:59 - 2017-06-03 11:02 - 08245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-14 16:59 - 2017-06-03 11:01 - 06726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-06-14 16:59 - 2017-06-03 11:01 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-06-14 16:59 - 2017-06-03 11:00 - 03379200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-14 16:59 - 2017-06-03 11:00 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-14 16:59 - 2017-06-03 11:00 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-14 16:59 - 2017-06-03 10:59 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-14 16:59 - 2017-06-03 10:59 - 02672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-14 16:59 - 2017-06-03 10:59 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-14 16:59 - 2017-06-03 10:59 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-14 16:59 - 2017-06-03 10:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-14 16:59 - 2017-06-03 10:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-14 16:59 - 2017-06-03 10:59 - 01142784 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-14 16:59 - 2017-06-03 10:59 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-14 16:59 - 2017-06-03 10:59 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-06-14 16:59 - 2017-06-03 10:58 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 16:59 - 2017-06-03 10:58 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-06-14 16:59 - 2017-06-03 10:58 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-06-14 16:59 - 2017-06-03 10:58 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-14 16:59 - 2017-06-03 10:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-06-14 16:59 - 2017-06-03 10:58 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-14 16:59 - 2017-06-03 10:57 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-14 16:59 - 2017-06-03 10:57 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-06-14 16:59 - 2017-06-03 10:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-06-14 16:59 - 2017-06-03 10:57 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-14 16:59 - 2017-06-03 10:57 - 01675264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-06-14 16:59 - 2017-06-03 10:57 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-14 16:59 - 2017-06-03 10:56 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-14 16:59 - 2017-06-03 10:55 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-14 16:59 - 2017-06-03 10:55 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-14 16:59 - 2017-06-03 10:54 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-14 16:59 - 2017-06-03 10:54 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\pwcreator.exe
2017-06-14 16:59 - 2017-06-03 10:51 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2017-06-07 18:47 - 2017-06-07 18:47 - 00003566 _____ C:\WINDOWS\System32\Tasks\nWizard_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-07 18:47 - 2017-06-07 18:47 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2017-06-07 18:47 - 2017-06-07 18:47 - 00000000 ____D C:\WINDOWS\system32\NV
2017-06-07 18:47 - 2017-06-07 18:47 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-06-07 18:47 - 2017-05-18 07:56 - 00521816 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-06-07 18:47 - 2017-05-01 22:14 - 00134592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-06-07 18:47 - 2017-03-10 23:17 - 00536864 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-06-07 18:47 - 2017-03-10 23:17 - 00525600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-06-07 18:47 - 2017-03-10 23:17 - 00254240 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-06-07 18:47 - 2017-03-10 23:17 - 00233760 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-06-05 10:50 - 2017-06-05 10:50 - 00257864 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll
2017-06-04 16:13 - 2017-06-04 16:13 - 00001835 _____ C:\Users\Rossi46\Desktop\GX GAMING CAVIMANUS HEADSET.lnk
2017-06-04 16:13 - 2017-06-04 16:13 - 00000850 _____ C:\WINDOWS\Cm108.ini.imi
2017-06-04 16:13 - 2017-06-04 16:13 - 00000799 _____ C:\WINDOWS\system\Cm108.ini
2017-06-04 16:13 - 2017-06-04 16:13 - 00000324 _____ C:\WINDOWS\Cm108.ini.cfl
2017-06-04 16:13 - 2017-06-04 16:13 - 00000125 _____ C:\WINDOWS\system\Dlap.pfx
2017-06-04 16:13 - 2017-06-04 16:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KYE SYSTEMS CORP
2017-06-04 16:13 - 2015-08-20 09:51 - 00002316 ____N C:\WINDOWS\Cm108.ini.cfg
2017-06-04 16:13 - 2015-08-11 13:58 - 13463552 ____N (C-Media Corporation) C:\WINDOWS\SysWOW64\CM108.dll
2017-06-04 16:13 - 2015-05-06 18:07 - 00834560 ____N C:\WINDOWS\system32\Cmeau108.exe
2017-06-04 16:13 - 2013-10-16 10:55 - 00143360 ____N C:\WINDOWS\Vmix108.dll
2017-06-04 16:13 - 2013-02-01 12:10 - 04333568 _____ (C-Media Electronics Inc) C:\WINDOWS\system32\Drivers\CM10864.sys
2017-06-04 16:13 - 2013-02-01 12:10 - 00315392 _____ (C-Media Electronics Inc.) C:\WINDOWS\system\fltr108.dll
2017-06-04 16:13 - 2012-12-24 14:06 - 00000638 ____N C:\WINDOWS\USetup.iss
2017-06-04 16:13 - 2012-06-04 14:15 - 04533760 ____N C:\WINDOWS\system32\CM108.cpl
2017-06-04 16:13 - 2012-02-15 16:49 - 00001343 ____N C:\WINDOWS\cm108.ini
2017-06-04 16:13 - 2009-08-19 01:00 - 00359424 ____N C:\WINDOWS\system32\CmiInstallResAll64.dll
2017-06-04 16:13 - 2006-10-05 14:45 - 00524768 _____ (Microsoft Corporation) C:\WINDOWS\difxapi.dll
2017-06-04 16:13 - 2006-09-13 10:21 - 00200704 ____N (C-Media) C:\WINDOWS\SysWOW64\cmpa108.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-02 18:41 - 2017-04-25 17:46 - 07290280 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-02 18:41 - 2017-03-20 06:39 - 03599884 _____ C:\WINDOWS\system32\perfh005.dat
2017-07-02 18:41 - 2017-03-20 06:39 - 00997226 _____ C:\WINDOWS\system32\perfc005.dat
2017-07-02 18:40 - 2016-11-16 13:29 - 00696389 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2017-07-02 18:35 - 2017-04-25 17:44 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-02 18:35 - 2017-03-18 13:40 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-07-02 18:35 - 2016-08-10 12:18 - 00000000 ____D C:\ProgramData\NVIDIA
2017-07-02 16:54 - 2016-02-02 12:36 - 00000000 ____D C:\Users\Rossi46\.VirtualBox
2017-07-02 16:52 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-02 16:46 - 2015-11-24 18:23 - 00000000 ____D C:\Program Files (x86)\uTorrent
2017-07-02 16:45 - 2017-04-25 16:13 - 00000000 ___DC C:\WINDOWS\Panther
2017-07-02 16:45 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-07-02 16:45 - 2017-03-18 23:01 - 00000000 ____D C:\WINDOWS\INF
2017-07-02 16:23 - 2015-12-24 14:29 - 00001258 __RSH C:\ProgramData\ntuser.pol
2017-07-02 15:55 - 2017-04-25 17:39 - 00000000 ____D C:\Users\Rossi46
2017-07-02 15:25 - 2017-04-25 17:44 - 00003808 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2017-07-02 10:22 - 2017-04-25 17:37 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-02 10:19 - 2016-03-20 11:26 - 00000000 ____D C:\Users\Rossi46\Documents\Soubory aplikace Outlook
2017-07-01 14:26 - 2017-05-25 18:49 - 00000000 ____D C:\Users\Rossi46\AppData\Roaming\vlc
2017-07-01 13:17 - 2017-03-18 23:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-30 14:47 - 2017-03-06 15:29 - 00000000 ____D C:\Users\Rossi46\Desktop\dražby
2017-06-30 14:43 - 2016-03-24 16:48 - 00000000 ____D C:\Users\Rossi46\AppData\Roaming\Skype
2017-06-30 12:30 - 2015-11-24 18:01 - 00000000 ____D C:\Program Files (x86)\Opera
2017-06-30 09:29 - 2015-11-24 15:34 - 00000000 ____D C:\Users\Rossi46\AppData\Local\Packages
2017-06-29 17:46 - 2017-04-25 17:44 - 00003948 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1448380897
2017-06-27 15:07 - 2015-12-14 21:13 - 00000000 ____D C:\Users\Rossi46\AppData\Local\Anydata ADU890-WH
2017-06-21 21:53 - 2017-04-25 17:49 - 00003272 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-21 21:53 - 2016-08-10 12:31 - 00002397 _____ C:\Users\Rossi46\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-21 21:53 - 2016-08-10 12:31 - 00000000 ___RD C:\Users\Rossi46\OneDrive
2017-06-20 13:32 - 2015-11-25 01:35 - 00000000 ____D C:\Users\Rossi46\AppData\Roaming\.purple
2017-06-20 09:12 - 2017-04-12 09:20 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-06-20 09:12 - 2016-03-24 16:48 - 00000000 ____D C:\ProgramData\Skype
2017-06-16 14:15 - 2017-04-25 17:44 - 00004600 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-06-16 14:15 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-16 14:15 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-15 19:48 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\rescache
2017-06-15 15:51 - 2016-02-21 18:00 - 00000000 ____D C:\Users\Rossi46\AppData\Local\Downloaded Installations
2017-06-15 10:07 - 2015-11-24 15:34 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-15 10:06 - 2017-04-25 17:37 - 00399040 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-14 18:18 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-06-14 18:18 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-14 17:08 - 2017-03-18 22:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-14 17:06 - 2015-10-30 09:24 - 00000167 _____ C:\WINDOWS\win.ini
2017-06-14 17:04 - 2015-12-09 12:17 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-14 17:02 - 2015-12-09 12:17 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-11 09:15 - 2016-09-27 08:28 - 00000000 ____D C:\Users\Rossi46\Desktop\Playlist
2017-06-07 18:47 - 2017-04-25 17:38 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-06-07 18:47 - 2017-04-25 17:38 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-06-04 16:13 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\System
2017-06-04 16:13 - 2015-11-24 16:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-06-04 16:13 - 2015-11-24 15:34 - 00000000 ____D C:\Users\Rossi46\AppData\Local\VirtualStore
2017-06-04 15:01 - 2015-11-24 20:57 - 00000000 ____D C:\Users\Rossi46\Documents\Prins VSI
2017-06-03 08:32 - 2017-03-18 23:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-03 08:32 - 2017-03-18 23:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2017-07-02 16:22 - 2017-07-02 16:24 - 2491376 __RSH () C:\Users\Rossi46\AppData\Roaming\Microsoft\msi.exe
2017-07-02 19:16 - 2017-07-02 19:16 - 0029696 _____ () C:\Users\Rossi46\AppData\Local\MSGBOX.EXE
2016-01-14 23:07 - 2017-03-17 23:15 - 0007622 _____ () C:\Users\Rossi46\AppData\Local\Resmon.ResmonCfg
Some files in TEMP:
====================
2017-07-02 17:27 - 2017-07-02 17:28 - 37564928 ____N (The Chromium Authors) C:\Users\Rossi46\AppData\Local\Temp\7DiFmgLoZHUg.exe
2017-07-02 17:30 - 2017-07-02 17:30 - 2491376 ____N () C:\Users\Rossi46\AppData\Local\Temp\sn5UQM4UNrP2.exe
2017-07-02 17:25 - 2017-07-02 17:25 - 2491376 ____N () C:\Users\Rossi46\AppData\Local\Temp\Vn848H2jo0hc.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-07-02 18:16
==================== End of FRST.txt ============================
-
Rudy
- Site Admin
- Příspěvky: 119670
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: trojan Agent.CJ
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\...\Run: [ivepdeytuj] => explorer "hxxp://eqvizin.ru/?utm_source=uoua03&utm_content=30279481911209992ea2df3b8dc4809c&utm_term=02FF082A7833C4D8D0E3A587BEEEC540&utm_d=20170702" <==== ATTENTION
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
FF HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Rossi46\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
C:\WINDOWS\System32\Tasks\AutoKMS
C:\Users\Rossi46\AppData\Local\Temp
EmptyTemp:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: trojan Agent.CJ
Fix result of Farbar Recovery Scan Tool (x64) Version: 02-07-2017
Ran by Rossi46 (02-07-2017 20:11:45) Run:1
Running from C:\Users\Rossi46\Desktop
Loaded Profiles: Rossi46 (Available Profiles: Rossi46)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\...\Run: [ivepdeytuj] => explorer "hxxp://eqvizin.ru/?utm_source=uoua03&utm_content=30279481911209992ea2df3b8dc4809c&utm_term=02FF082A7833C4D8D0E3A587BEEEC540&utm_d=20170702" <==== ATTENTION
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
FF HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Rossi46\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
C:\WINDOWS\System32\Tasks\AutoKMS
C:\Users\Rossi46\AppData\Local\Temp
EmptyTemp:
End
*****************
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ivepdeytuj => value removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Mozilla\Firefox\Extensions\\acewebextension_unlisted@acestream.org => value removed successfully
C:\WINDOWS\System32\Tasks\AutoKMS => moved successfully
"C:\Users\Rossi46\AppData\Local\Temp" folder move:
Could not move "C:\Users\Rossi46\AppData\Local\Temp" => Scheduled to move on reboot.
=========== EmptyTemp: ==========
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 32541040 B
Java, Flash, Steam htmlcache => 156835120 B
Windows/system/drivers => 136558 B
Edge => 1544352 B
Chrome => 0 B
Firefox => 0 B
Opera => 78307290 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 3290 B
NetworkService => 0 B
Rossi46 => 44912248 B
RecycleBin => 0 B
EmptyTemp: => 307.2 MB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 02-07-2017 20:12:39)
C:\Users\Rossi46\AppData\Local\Temp => moved successfully
==== End of Fixlog 20:12:39 ====
Ran by Rossi46 (02-07-2017 20:11:45) Run:1
Running from C:\Users\Rossi46\Desktop
Loaded Profiles: Rossi46 (Available Profiles: Rossi46)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\...\Run: [ivepdeytuj] => explorer "hxxp://eqvizin.ru/?utm_source=uoua03&utm_content=30279481911209992ea2df3b8dc4809c&utm_term=02FF082A7833C4D8D0E3A587BEEEC540&utm_d=20170702" <==== ATTENTION
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
FF HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Rossi46\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
C:\WINDOWS\System32\Tasks\AutoKMS
C:\Users\Rossi46\AppData\Local\Temp
EmptyTemp:
End
*****************
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ivepdeytuj => value removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Mozilla\Firefox\Extensions\\acewebextension_unlisted@acestream.org => value removed successfully
C:\WINDOWS\System32\Tasks\AutoKMS => moved successfully
"C:\Users\Rossi46\AppData\Local\Temp" folder move:
Could not move "C:\Users\Rossi46\AppData\Local\Temp" => Scheduled to move on reboot.
=========== EmptyTemp: ==========
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 32541040 B
Java, Flash, Steam htmlcache => 156835120 B
Windows/system/drivers => 136558 B
Edge => 1544352 B
Chrome => 0 B
Firefox => 0 B
Opera => 78307290 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 3290 B
NetworkService => 0 B
Rossi46 => 44912248 B
RecycleBin => 0 B
EmptyTemp: => 307.2 MB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 02-07-2017 20:12:39)
C:\Users\Rossi46\AppData\Local\Temp => moved successfully
==== End of Fixlog 20:12:39 ====
-
Rudy
- Site Admin
- Příspěvky: 119670
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: trojan Agent.CJ
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: trojan Agent.CJ
Objevují se mi reklamy v prohlížeči a eset mi blokuje přesměrování na nežádaný stránky.
viz příloha
viz příloha
- Přílohy
-
- reklamy.jpg (125.72 KiB) Zobrazeno 4460 x
-
Rudy
- Site Admin
- Příspěvky: 119670
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: trojan Agent.CJ
Vyčistíme prohlížeče. Spusťte postupně tyto utility:
1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu
Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize
Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.
a
2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu
Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize
autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;
Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.
a
2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: trojan Agent.CJ
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Rossi46 on 02.07.2017 at 21:05:01,93.
Microsoft Windows 10 Pro 10.0.15063 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Rossi46\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
02.07.2017 21:05:37 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Empty Folders Check ======================
C:\PROGRA~2\Appnimi deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\PROGRA~3\SolidDocuments deleted successfully
C:\Users\Rossi46\AppData\Local\ActiveSync deleted successfully
C:\Users\Rossi46\AppData\Local\DBG deleted successfully
C:\Users\Rossi46\AppData\Local\PeerDistRepub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\DBG deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{8E8F97CD-60B5-456F-A201-73065652D099} deleted successfully
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\PROGRA~2\Appnimi not found
C:\Users\Rossi46\.android deleted
C:\Users\Rossi46\ia_remove.sh1709.tmp deleted
C:\Users\Rossi46\ia_remove.sh7869.tmp deleted
C:\PROGRA~3\Package Cache deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"web2pdfextension.15@web2pdf.adobedotcom"="C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn" [12.04.2017 18:02]
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - No path found[]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
mjbepbhonbojpoaenhckjocchgfiaofo - No path found[]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IESR02"
==== Reset Google Chrome ======================
Nothing found to reset
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Rossi46\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Rossi46\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Rossi46\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=49 folders=48 47461616 bytes)
==== Empty Temp Folders ======================
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\Rossi46\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 02.07.2017 at 21:18:46,25 ======================
Tool run by Rossi46 on 02.07.2017 at 21:05:01,93.
Microsoft Windows 10 Pro 10.0.15063 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Rossi46\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
02.07.2017 21:05:37 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Empty Folders Check ======================
C:\PROGRA~2\Appnimi deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\PROGRA~3\SolidDocuments deleted successfully
C:\Users\Rossi46\AppData\Local\ActiveSync deleted successfully
C:\Users\Rossi46\AppData\Local\DBG deleted successfully
C:\Users\Rossi46\AppData\Local\PeerDistRepub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\DBG deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-1428096516-1343879287-2363046301-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{8E8F97CD-60B5-456F-A201-73065652D099} deleted successfully
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\PROGRA~2\Appnimi not found
C:\Users\Rossi46\.android deleted
C:\Users\Rossi46\ia_remove.sh1709.tmp deleted
C:\Users\Rossi46\ia_remove.sh7869.tmp deleted
C:\PROGRA~3\Package Cache deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"web2pdfextension.15@web2pdf.adobedotcom"="C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn" [12.04.2017 18:02]
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - No path found[]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
mjbepbhonbojpoaenhckjocchgfiaofo - No path found[]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IESR02"
==== Reset Google Chrome ======================
Nothing found to reset
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Rossi46\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Rossi46\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Rossi46\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=49 folders=48 47461616 bytes)
==== Empty Temp Folders ======================
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\Rossi46\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 02.07.2017 at 21:18:46,25 ======================
Re: trojan Agent.CJ
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Pro x64
Ran by Rossi46 (Administrator) on 02.07.2017 at 21:20:41,79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.07.2017 at 21:21:37,31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Pro x64
Ran by Rossi46 (Administrator) on 02.07.2017 at 21:20:41,79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.07.2017 at 21:21:37,31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Re: trojan Agent.CJ
Neproběhla žádná změna.
Stále jsou reklamy a přesměrování.
Stále jsou reklamy a přesměrování.
-
Rudy
- Site Admin
- Příspěvky: 119670
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: trojan Agent.CJ
V kterém prohlížeči?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?