Ahoj, chytil jsem nějakou potvoru co kóduje soubory. Něco zakódovala, ale mám tu stejný soubor zakódovaný a nezakódovaný, pokud by to někoho zajímalo. Snad jsem to již odstranil, ale prosím o kontrolu Logu posílám z RSIT
Logfile of random's system information tool 1.16 (written by random/random)
Run by jes at 2018-02-27 00:26:39
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 255 GB (51%) free of 500 GB
Total RAM: 4060 MB (42% free)
X64
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:26:47, on 27.2.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18922)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Program Files (x86)\ProgDVB\ProgDvbNet.exe
C:\Program Files (x86)\IObit\Driver Booster\5.2.0\Pub\PubMonitor.exe
C:\Program Files\trend micro\jes_RSITx64.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: IObit Surfing Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\IObit Malware Fighter\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
O2 - BHO: IObit Ads Removal - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\Adblock\Adblock.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKCU\..\Run: [Advanced SystemCare 11] "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /Auto
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3465B8E-5222-4F3A-B52D-FD9EC14F0139}: NameServer = 10.0.0.138,8.8.8.8
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service 11 (AdvancedSystemCareService11) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Disk Master Agent (DmAgent) - QILING Tech Co., Ltd. - C:\Program Files\QILING\Disk Master\DmAgent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: IObit Uninstaller Service (IObitUnSvr) - IObit - C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7544 bytes
====== Enumerating Processes ======
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe"
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe"
"C:\Program Files\ESET\ESET Security\ekrn.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\QILING\Disk Master\DmAgent.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
C:\Windows\system32\dllhost.exe /Processid:{6E642292-F2ED-47D2-8A45-6487E47CF97E}
C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-a066c28f-1a0a-4d3b-80d8-fcf3056d0cf5 -SystemEventPortName:HostProcess-1dd29058-7a53-4bd3-8760-26780c6bd39e -IoCancelEventPortName:HostProcess-79ecd66c-aba5-4149-ac56-d8acd13d7202 -NonStateChangingEventPortName:HostProcess-9681edcb-770e-4adc-b08f-141a9264a4f4 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:67917263-2113-4d7e-89e9-a27a14320d50 -DeviceGroupId:WpdFsGroup
C:\Windows\System32\msdtc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe" /Task
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe"
"C:\Program Files\QILING\Disk Master\DiskMasterUI.exe" -Hide
"C:\Windows\System32\igfxtray.exe"
"C:\Program Files\ESET\ESET Security\egui.exe" /hide
"C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /Auto
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /systemstart /autostart
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe" /starttips
"C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe"
"C:\Program Files (x86)\ProgDVB\ProgDvbNet.exe"
"C:\Windows\system32\wuauclt.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\jes\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\jes\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\jes\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=64.0.3282.186 --initial-client-data=0x134,0x138,0x13c,0x130,0x140,0x7fee4822050,0x7fee4822060,0x7fee4822070
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=196 --on-initialized-event-handle=460 --parent-handle=464 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1224,2059827578531166245,7544532030331773854,131072 --gpu-preferences=GAAAAAAAAAAABwAAAQAAAAAAAAAAAGAA --gpu-vendor-id=0x8086 --gpu-device-id=0x2e32 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2869 --gpu-driver-date=10-4-2012 --service-request-channel-token=2E1C25B59CC74AE3E946BE332C7BBAAA --mojo-platform-channel-handle=1232 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\IObit\Driver Booster\5.2.0\Pub\PubMonitor.exe" /DB
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1224,2059827578531166245,7544532030331773854,131072 --service-pipe-token=7D322DD7CBDD13F5BC8F2DCBBEA58826 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-compositor-image-animations --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --service-request-channel-token=7D322DD7CBDD13F5BC8F2DCBBEA58826 --renderer-client-id=18 --mojo-platform-channel-handle=652 /prefetch:1
C:\Windows\system32\taskeng.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe15_ Global\UsGthrCtrlFltPipeMssGthrPipe15 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 532 536 544 65536 540
"C:\Users\jes\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
====== Scheduled tasks folder ======
C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\ASC11_PerformanceMonitor - C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe /Task
C:\Windows\system32\tasks\ASC11_SkipUac_jes - "C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe" /SkipUac
C:\Windows\system32\tasks\Driver Booster Scheduler - C:\Program Files (x86)\IObit\Driver Booster\5.2.0\Scheduler.exe /scheduler
C:\Windows\system32\tasks\Driver Booster SkipUAC (jes) - C:\Program Files (x86)\IObit\Driver Booster\5.2.0\DriverBooster.exe /skipuac
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\Opera scheduled Autoupdate 1500499252 - C:\Program Files (x86)\Opera\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\Uninstaller_SkipUac_jes - C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-1875661055-100597291-3592894970-1000 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\Microsoft\Windows Defender\MP Scheduled Scan - c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask - %SystemRoot%\system32\Wat\WatAdminSvc.exe /run
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
=========Google Chrome=========
C:\Users\jes\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension bhjhnafpiilpffhglajcaepjbnbjemci
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 2 Dokumenty Google offline 1.4
Extension hcadgijmedbfgciegjomfpjcdchlhnif
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.46
Extension lhemechcanjmilllmccjbjldonmnnjjj
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mfffpogegjflfpflabcdkioaeobkgjik 1 GaiaAuthExtension 0.0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.6
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.3
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 6417.1211.0.0
Homepage: http://www.seznam.cz/
default_search_provider.search_url:
C:\Users\jes\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bhjhnafpiilpffhglajcaepjbnbjemci]
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hcadgijmedbfgciegjomfpjcdchlhnif]
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lhemechcanjmilllmccjbjldonmnnjjj]
"Path"=
======Registry dump ======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
ExplorerWnd Helper - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2018-01-25 2478864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-02-06 573504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-02-06 236608]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}]
IObit Surfing Protection - C:\PROGRA~2\IObit\IObit Malware Fighter\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2017-10-18 691488]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664}]
IObit Ads Removal - C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\Adblock\Adblock.dll [2017-10-18 734632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Disk Master"=C:\Program Files\QILING\Disk Master\DiskMasterUI.exe [2017-07-10 3180344]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2017-09-13 163360]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2017-09-13 18381792]
"egui"=C:\Program Files\ESET\ESET Security\ecmds.exe [2017-12-18 324352]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 11"=C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2018-01-16 3580176]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-12-19 587800]
"IObit Malware Fighter"=C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [2018-01-22 5866768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders" = credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSimpleNetIDList"=1
"NoDriveTypeAutoRun"=221
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoDriveAutoRun"=16777216
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath" = "C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
====== File associations ======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
====== List of files/folders created in the last 1 month ======
2018-02-27 00:26:39 ----D---- C:\rsit
2018-02-27 00:26:39 ----D---- C:\Program Files\trend micro
2018-02-26 23:52:10 ----D---- C:\FRST
2018-02-26 17:31:28 ----AD---- C:\Kaspersky Rescue Disk 10.0
2018-02-26 09:26:59 ----A---- C:\Windows\system32\drivers\trufos.sys
2018-02-26 09:10:06 ----A---- C:\Windows\ntbtlog.txt
2018-02-26 08:48:01 ----D---- C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2018-02-26 08:34:27 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2018-02-26 08:34:27 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2018-02-26 08:34:27 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2018-02-26 08:34:27 ----A---- C:\Windows\SYSWOW64\ieui.dll
2018-02-26 08:34:27 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2018-02-26 08:34:27 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2018-02-26 08:34:27 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2018-02-26 08:34:27 ----A---- C:\Windows\system32\mshtmled.dll
2018-02-26 08:34:27 ----A---- C:\Windows\system32\msfeeds.dll
2018-02-26 08:34:27 ----A---- C:\Windows\system32\ieui.dll
2018-02-26 08:34:27 ----A---- C:\Windows\system32\ieframe.dll
2018-02-26 08:34:27 ----A---- C:\Windows\system32\dxtrans.dll
2018-02-26 08:34:27 ----A---- C:\Windows\system32\dxtmsft.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\wininet.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\tzres.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\scesrv.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\occache.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\msrating.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\jscript.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\inseng.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\wininet.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\webcheck.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\vbscript.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\urlmon.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\tzres.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\scesrv.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\occache.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2018-02-26 08:34:26 ----A---- C:\Windows\system32\msrating.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\mshtmlmedia.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\MshtmlDac.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\mshtml.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\jsproxy.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\jscript9diag.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\jscript9.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\jscript.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\inseng.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\ieUnatt.exe
2018-02-26 08:34:26 ----A---- C:\Windows\system32\iesetup.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\iertutil.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\iernonce.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\ieetwproxystub.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\ieetwcollector.exe
2018-02-26 08:34:26 ----A---- C:\Windows\system32\iedkcs32.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\ieapfltr.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\ie4uinit.exe
2018-02-26 08:29:28 ----A---- C:\Windows\system32\drivers\IMFCameraProtect.sys
2018-02-26 01:50:00 ----D---- C:\Users\jes\AppData\Roaming\www.shadowexplorer.com
2018-02-26 01:09:31 ----D---- C:\Users\jes\AppData\Roaming\tox
2018-02-25 23:38:53 ----A---- C:\Windows\SYSWOW64\svchost.exe
2018-02-25 22:44:42 ----D---- C:\Users\jes\AppData\Roaming\ESET
2018-02-25 22:34:34 ----D---- C:\ProgramData\ESET
2018-02-25 22:34:34 ----D---- C:\Program Files\ESET
2018-02-25 20:41:19 ----D---- C:\Windows\SYSWOW64\sxltruwn
2018-02-25 20:40:45 ----D---- C:\Users\jes\AppData\Roaming\EpicNet Inc
2018-02-25 20:39:54 ----D---- C:\ProgramData\save
2018-02-25 20:39:32 ----D---- C:\Users\jes\AppData\Roaming\1337
2018-02-25 20:39:15 ----HD---- C:\Windows\rss
2018-02-24 22:18:52 ----D---- C:\ProgramData\{13CFD044-61E4-4EAC-AD61-02536D961216}
2018-02-20 22:00:42 ----A---- C:\ProgramData\unins000.dat
2018-02-20 22:00:22 ----A---- C:\ProgramData\unins000.exe
2018-02-16 15:38:44 ----A---- C:\Windows\system32\RegistryDefragBootTime.exe
2018-02-15 20:42:38 ----D---- C:\Users\jes\AppData\Roaming\Mozilla
2018-02-15 20:35:18 ----D---- C:\Users\jes\AppData\Roaming\Smart Application Controller
2018-02-14 09:22:56 ----A---- C:\Windows\system32\win32k.sys
2018-02-14 09:22:56 ----A---- C:\Windows\system32\ntoskrnl.exe
2018-02-14 09:22:55 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2018-02-14 09:22:55 ----A---- C:\Windows\system32\xpsrchvw.exe
2018-02-14 09:22:55 ----A---- C:\Windows\system32\ntdll.dll
2018-02-14 09:22:55 ----A---- C:\Windows\system32\drivers\tcpip.sys
2018-02-14 09:22:54 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2018-02-14 09:22:53 ----A---- C:\Windows\system32\schannel.dll
2018-02-14 09:22:53 ----A---- C:\Windows\system32\rpcrt4.dll
2018-02-14 09:22:53 ----A---- C:\Windows\system32\lsasrv.dll
2018-02-14 09:22:53 ----A---- C:\Windows\system32\kerberos.dll
2018-02-14 09:22:53 ----A---- C:\Windows\system32\crypt32.dll
2018-02-14 09:22:52 ----A---- C:\Windows\SYSWOW64\xpsrchvw.exe
2018-02-14 09:22:52 ----A---- C:\Windows\SYSWOW64\schannel.dll
2018-02-14 09:22:52 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2018-02-14 09:22:52 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2018-02-14 09:22:52 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2018-02-14 09:22:52 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2018-02-14 09:22:52 ----A---- C:\Windows\system32\msv1_0.dll
2018-02-14 09:22:52 ----A---- C:\Windows\system32\KernelBase.dll
2018-02-14 09:22:52 ----A---- C:\Windows\system32\kernel32.dll
2018-02-14 09:22:52 ----A---- C:\Windows\system32\advapi32.dll
2018-02-14 09:22:51 ----A---- C:\Windows\SYSWOW64\WinSCard.dll
2018-02-14 09:22:51 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2018-02-14 09:22:51 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2018-02-14 09:22:51 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2018-02-14 09:22:51 ----A---- C:\Windows\system32\wisptis.exe
2018-02-14 09:22:51 ----A---- C:\Windows\system32\WinSCard.dll
2018-02-14 09:22:51 ----A---- C:\Windows\system32\rpchttp.dll
2018-02-14 09:22:51 ----A---- C:\Windows\system32\ncrypt.dll
2018-02-14 09:22:51 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2018-02-14 09:22:51 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2018-02-14 09:22:51 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2018-02-14 09:22:51 ----A---- C:\Windows\system32\clfs.sys
2018-02-14 09:22:51 ----A---- C:\Windows\system32\certcli.dll
2018-02-14 09:22:51 ----A---- C:\Windows\system32\cdosys.dll
2018-02-14 09:22:50 ----A---- C:\Windows\SYSWOW64\t2embed.dll
2018-02-14 09:22:50 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2018-02-14 09:22:50 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2018-02-14 09:22:50 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2018-02-14 09:22:50 ----A---- C:\Windows\SYSWOW64\cdosys.dll
2018-02-14 09:22:50 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\wow64win.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\wow64.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\winsrv.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\wdigest.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\TSpkg.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\t2embed.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\srcore.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\hal.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\drivers\netio.sys
2018-02-14 09:22:50 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2018-02-14 09:22:50 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2018-02-14 09:22:50 ----A---- C:\Windows\system32\adtschema.dll
2018-02-14 09:22:49 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2018-02-14 09:22:49 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2018-02-14 09:22:49 ----A---- C:\Windows\SYSWOW64\StructuredQuery.dll
2018-02-14 09:22:49 ----A---- C:\Windows\SYSWOW64\certcli.dll
2018-02-14 09:22:49 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2018-02-14 09:22:49 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2018-02-14 09:22:49 ----A---- C:\Windows\system32\TabSvc.dll
2018-02-14 09:22:49 ----A---- C:\Windows\system32\StructuredQuery.dll
2018-02-14 09:22:49 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2018-02-14 09:22:49 ----A---- C:\Windows\system32\drivers\hidparse.sys
2018-02-14 09:22:49 ----A---- C:\Windows\system32\drivers\hidclass.sys
2018-02-14 09:22:49 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2018-02-14 09:22:49 ----A---- C:\Windows\system32\drivers\appid.sys
2018-02-14 09:22:49 ----A---- C:\Windows\system32\csrsrv.dll
2018-02-14 09:22:49 ----A---- C:\Windows\system32\conhost.exe
2018-02-14 09:22:49 ----A---- C:\Windows\system32\bcrypt.dll
2018-02-14 09:22:49 ----A---- C:\Windows\system32\appidsvc.dll
2018-02-14 09:22:49 ----A---- C:\Windows\system32\appidapi.dll
2018-02-14 09:22:48 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-02-14 09:22:48 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\srclient.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\setup16.exe
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\secur32.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\credssp.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\sspisrv.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\sspicli.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\srclient.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\smss.exe
2018-02-14 09:22:48 ----A---- C:\Windows\system32\setbcdlocale.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\secur32.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\rstrui.exe
2018-02-14 09:22:48 ----A---- C:\Windows\system32\ntvdm64.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\msaudite.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\lsass.exe
2018-02-14 09:22:48 ----A---- C:\Windows\system32\fontsub.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\drivers\hidusb.sys
2018-02-14 09:22:48 ----A---- C:\Windows\system32\cryptbase.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\credssp.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\auditpol.exe
2018-02-14 09:22:48 ----A---- C:\Windows\system32\atmfd.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-02-14 09:22:47 ----A---- C:\Windows\SYSWOW64\wow32.dll
2018-02-14 09:22:47 ----A---- C:\Windows\SYSWOW64\instnm.exe
2018-02-14 09:22:47 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2018-02-14 09:22:47 ----A---- C:\Windows\system32\wow64cpu.dll
2018-02-14 09:22:47 ----A---- C:\Windows\system32\apisetschema.dll
2018-02-14 09:22:46 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2018-02-14 09:22:46 ----A---- C:\Windows\SYSWOW64\user.exe
2018-02-14 09:22:46 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2018-02-14 09:22:46 ----A---- C:\Windows\SYSWOW64\lpk.dll
2018-02-14 09:22:46 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2018-02-14 09:22:46 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2018-02-14 09:22:46 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2018-02-14 09:22:46 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2018-02-14 09:22:46 ----A---- C:\Windows\system32\wintrust.dll
2018-02-14 09:22:46 ----A---- C:\Windows\system32\msobjs.dll
2018-02-14 09:22:46 ----A---- C:\Windows\system32\lpk.dll
2018-02-14 09:22:46 ----A---- C:\Windows\system32\dciman32.dll
2018-02-14 09:22:46 ----A---- C:\Windows\system32\cryptsvc.dll
2018-02-14 09:22:46 ----A---- C:\Windows\system32\cryptnet.dll
2018-02-14 09:22:46 ----A---- C:\Windows\system32\atmlib.dll
2018-02-14 09:21:18 ----A---- C:\Windows\system32\generaltel.dll
2018-02-14 09:21:18 ----A---- C:\Windows\system32\appraiser.dll
2018-02-14 09:21:18 ----A---- C:\Windows\system32\aeinv.dll
2018-02-14 09:21:17 ----A---- C:\Windows\system32\invagent.dll
2018-02-14 09:21:17 ----A---- C:\Windows\system32\devinv.dll
2018-02-14 09:21:17 ----A---- C:\Windows\system32\CompatTelRunner.exe
2018-02-14 09:21:17 ----A---- C:\Windows\system32\centel.dll
2018-02-14 09:21:17 ----A---- C:\Windows\system32\aitstatic.exe
2018-02-14 09:21:17 ----A---- C:\Windows\system32\aepic.dll
2018-02-14 09:21:17 ----A---- C:\Windows\system32\acmigration.dll
====== List of files/folders modified in the last 1 month ======
2018-02-27 00:26:39 ----RD---- C:\Program Files
2018-02-26 23:59:58 ----D---- C:\Windows
2018-02-26 23:48:47 ----D---- C:\Windows\system32\config
2018-02-26 23:13:39 ----D---- C:\Windows\System32
2018-02-26 23:13:39 ----D---- C:\Windows\inf
2018-02-26 23:13:39 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-02-26 23:13:12 ----D---- C:\Windows\system32\Tasks
2018-02-26 23:09:27 ----D---- C:\ProgramData\ProductData
2018-02-26 23:08:07 ----D---- C:\Windows\Temp
2018-02-26 23:07:34 ----D---- C:\Windows\Registration
2018-02-26 20:01:40 ----HD---- C:\ProgramData
2018-02-26 19:57:02 ----D---- C:\Users\jes\AppData\Roaming\vlc
2018-02-26 19:56:13 ----D---- C:\smazat
2018-02-26 19:55:46 ----D---- C:\Windows\Prefetch
2018-02-26 18:23:19 ----SHD---- C:\Windows\Installer
2018-02-26 18:18:44 ----RD---- C:\Program Files (x86)
2018-02-26 18:13:46 ----SHD---- C:\System Volume Information
2018-02-26 18:01:30 ----D---- C:\Windows\winsxs
2018-02-26 17:59:13 ----D---- C:\Windows\SYSWOW64\en-US
2018-02-26 17:59:13 ----D---- C:\Windows\SYSWOW64\cs-CZ
2018-02-26 17:59:13 ----D---- C:\Windows\SysWOW64
2018-02-26 17:59:13 ----D---- C:\Windows\system32\en-US
2018-02-26 17:59:13 ----D---- C:\Windows\system32\cs-CZ
2018-02-26 17:59:13 ----D---- C:\Program Files\Internet Explorer
2018-02-26 17:59:13 ----D---- C:\Program Files (x86)\Internet Explorer
2018-02-26 14:22:38 ----D---- C:\Windows\rescache
2018-02-26 09:27:44 ----D---- C:\Windows\system32\catroot
2018-02-26 09:26:59 ----D---- C:\Windows\system32\drivers
2018-02-26 09:12:38 ----D---- C:\Windows\system32\DriverStore
2018-02-26 08:38:23 ----D---- C:\Windows\twain_32
2018-02-26 08:38:23 ----D---- C:\Program Files (x86)\epson
2018-02-26 08:37:55 ----D---- C:\ProgramData\EPSON
2018-02-26 08:37:08 ----D---- C:\Windows\Tasks
2018-02-26 08:34:16 ----D---- C:\Windows\system32\catroot2
2018-02-26 08:29:09 ----D---- C:\Users\jes\AppData\Roaming\IObit
2018-02-26 08:28:44 ----D---- C:\ProgramData\IObit
2018-02-26 08:28:43 ----D---- C:\Program Files (x86)\IObit
2018-02-25 21:50:31 ----SD---- C:\Users\jes\AppData\Roaming\Microsoft
2018-02-25 21:06:39 ----SHD---- C:\found.000
2018-02-25 20:59:58 ----RD---- C:\Users
2018-02-25 20:59:57 ----SHD---- C:\boot
2018-02-25 20:41:58 ----SHD---- C:\$Recycle.Bin
2018-02-24 09:48:46 ----D---- C:\Windows\SoftwareDistribution
2018-02-24 09:45:44 ----D---- C:\Windows\debug
2018-02-21 16:32:42 ----D---- C:\Program Files (x86)\Opera
2018-02-15 23:18:11 ----D---- C:\Temp
2018-02-15 20:35:46 ----HD---- C:\Windows\system32\GroupPolicy
2018-02-14 18:59:21 ----D---- C:\Windows\Microsoft.NET
2018-02-14 16:21:10 ----D---- C:\Windows\AppPatch
2018-02-14 16:21:09 ----D---- C:\Windows\system32\Boot
2018-02-14 16:21:09 ----D---- C:\Windows\system32\appraiser
2018-02-14 09:44:03 ----D---- C:\Windows\system32\MRT
2018-02-14 09:41:09 ----AC---- C:\Windows\system32\MRT-KB890830.exe
2018-02-14 09:40:58 ----AC---- C:\Windows\system32\MRT.exe
2018-02-14 09:37:42 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2018-02-14 09:36:28 ----D---- C:\ProgramData\Microsoft Help
2018-02-14 09:35:43 ----A---- C:\Windows\win.ini
2018-02-06 18:16:28 ----D---- C:\Program Files (x86)\Common Files
2018-02-06 18:09:17 ----D---- C:\Program Files\Java
2018-02-06 18:05:35 ----A---- C:\Windows\system32\WindowsAccessBridge-64.dll
File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed
====== List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======
R0 diskbckp;Disk Backup Monitor Filter Driver; C:\Windows\system32\drivers\diskbckp.sys [2017-07-10 45368]
R0 edevmon;edevmon; C:\Windows\system32\DRIVERS\edevmon.sys [2018-01-19 107328]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2018-01-01 213736]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2018-01-19 134368]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2018-01-19 180088]
R1 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2018-01-19 81880]
R1 EpfwLWF;ESET Firewall; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2018-01-19 61040]
R1 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2018-01-19 106304]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2017-09-13 27552]
R1 IMFCameraProtect;IMFCameraProtect; \??\C:\Windows\system32\drivers\IMFCameraProtect.sys [2017-04-06 26272]
R2 ekbdflt;ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [2018-01-19 50744]
R2 gzflt;gzflt; C:\Windows\system32\DRIVERS\gzflt.sys [2016-10-27 183576]
R3 AmUStor;Al USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2018-01-05 90560]
R3 cpuz143;cpuz143; \??\C:\Windows\temp\cpuz143\cpuz143_x64.sys [2018-02-26 48960]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2017-09-13 10629408]
R3 IMFDownProtect;IMFDownProtect; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFDownProtect.sys [2017-03-08 21360]
R3 IMFFilter;IMFFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\IMFFilter.sys [2016-12-22 22440]
R3 IMFForceDelete;IMFForceDelete; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFForceDelete.sys [2017-07-03 16216]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2017-09-13 5826560]
R3 iobit_monitor_server;iobit_monitor_server; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win7_x64.sys [2016-12-21 14680]
R3 IUFileFilter;IUFileFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [2017-06-06 21928]
R3 IURegProcessFilter;IURegProcessFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegProcessFilter.sys [2018-01-11 22416]
R3 mod7700;DiBcom based TV tuner device; C:\Windows\system32\DRIVERS\mod7700.sys [2007-07-13 620040]
R3 MODRC;DiBcom Infrared Receiver; C:\Windows\system32\DRIVERS\modrc.sys [2007-07-13 24200]
R3 RegFilter;RegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2016-11-03 34752]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2018-01-05 1077728]
R3 Trufos;Trufos; C:\Windows\system32\DRIVERS\TRUFOS.sys [2016-12-05 520032]
R3 vDisk;Disk Master Enumerator; C:\Windows\system32\DRIVERS\vDisk.sys [2017-07-10 256312]
S1 ZAM;ZAM Helper Driver; \??\C:\Windows\System32\drivers\zam64.sys []
S1 ZAM_Guard;ZAM Guard Driver; \??\C:\Windows\System32\drivers\zamguard64.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 usbser;USB RS-232 Emulation Driver; C:\Windows\system32\DRIVERS\USBSER.sys [2013-08-29 33280]
S3 uwldypow;uwldypow; \??\y:\temp\user\uwldypow.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 wdm_usb;wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [2016-08-16 159936]
S3 WinUsb;Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
====== List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======
R2 AdvancedSystemCareService11;Advanced SystemCare Service 11; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [2018-01-30 1056016]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll" = %SystemRoot%\system32\diagtrack.dll
R2 DmAgent;Disk Master Agent; C:\Program Files\QILING\Disk Master\DmAgent.exe [2017-07-10 67384]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Security\ekrn.exe [2017-12-18 1940584]
R2 IMFservice;IMF Service; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2018-01-08 1770784]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 Net Driver HPZ12;Net Driver HPZ12; %SystemRoot%\System32\svchost.exe -k HPZ12;"ServiceDll" = C:\Windows\system32\HPZinw12.dll
R2 Pml Driver HPZ12;Pml Driver HPZ12; %SystemRoot%\System32\svchost.exe -k HPZ12;"ServiceDll" = C:\Windows\system32\HPZipm12.dll
R2 TeamViewer;TeamViewer 12; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2017-05-23 10884848]
R2 VssProvider;VssProvider; C:\Windows\system32\dllhost.exe [2009-07-14 9728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-04-21 107656]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-04-21 128648]
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-19 153168]
S2 IObitUnSvr;IObit Uninstaller Service; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [2018-01-25 206096]
S3 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-01-17 83984]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-19 153168]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2018-02-26 116224]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\system32\storsvc.dll
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\umrdp.dll
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2017-07-27 1255736]
S4 AppMgmt;@appmgmts.dll,-3250; %SystemRoot%\system32\svchost.exe -k netsvcs;"ServiceDll" = %SystemRoot%\System32\appmgmts.dll
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-04-21 52856]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\cscsvc.dll
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; %SystemRoot%\System32\svchost.exe -k PeerDist;"ServiceDll" = %SystemRoot%\system32\peerdistsvc.dll
-----------------EOF-----------------
Dik.
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Zakodování některých souboru - koncovka GDCB
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119428
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zakodování některých souboru - koncovka GDCB
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zakodování některých souboru - koncovka GDCB
Ahoj, vkládám vygenerovaný Log soubor
# AdwCleaner 7.0.8.0 - Logfile created on Tue Feb 27 23:25:25 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 7 Professional (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
Deleted: AdvancedSystemCareService11
***** [ Folders ] *****
Deleted: C:\ProgramData\IObit\Advanced SystemCare
Deleted: C:\ProgramData\Application Data\IObit\Advanced SystemCare
Deleted: C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\Program Files (x86)\IObit\Advanced SystemCare
Deleted: C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\Users\All Users\IObit\Advanced SystemCare
Deleted: C:\Users\jes\AppData\LocalLow\IObit\Advanced SystemCare
Deleted: C:\Users\jes\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\ProgramData\IObit\Advanced SystemCare
Deleted: C:\ProgramData\Application Data\IObit\Advanced SystemCare
Deleted: C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\Program Files (x86)\IObit\Advanced SystemCare
Deleted: C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\Users\All Users\IObit\Advanced SystemCare
Deleted: C:\Users\jes\AppData\LocalLow\IObit\Advanced SystemCare
Deleted: C:\Users\jes\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare V8
Deleted: C:\ProgramData\IObit\ASCDownloader
Deleted: C:\ProgramData\Application Data\IObit\ASCDownloader
Deleted: C:\Users\All Users\IObit\ASCDownloader
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
Deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Mail.Ru
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Mail.Ru
Deleted: C:\Windows\\rss
Deleted: C:\Users\jes\AppData\Roaming\EpicNet Inc
Deleted: C:\Users\jes\AppData\Roaming\EpicNet Inc.
***** [ Files ] *****
Deleted: C:\Windows\SysNative\REGISTRYDEFRAGBOOTTIME.EXE
Deleted: C:\Users\jes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
Cleaned: C:\Users\jes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk[url,FileProtocolHandler "http:\\www.mail.ru\cnt\20775012?gp=834403"]
Cleaned: C:\Users\jes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk[url,FileProtocolHandler "http:\\www.mail.ru\cnt\20775012?gp=834403"]
***** [ Tasks ] *****
Deleted: ASC11_PerformanceMonitor
Deleted: Driver Booster Scheduler
***** [ Registry ] *****
Deleted: [Key] - HKLM\SOFTWARE\IOBIT\ASC
Deleted: [Key] - HKLM\SOFTWARE\IObit\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\IObit\RealTimeProtector
Deleted: [Key] - HKLM\SOFTWARE\IObit\ASC
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
Deleted: [Key] - HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect
Deleted: [Key] - HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{C81BED3B-31BD-491F-813D-78EFC2638CE1}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{B910D9A1-9F21-484A-8650-82250DABF38E}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{D5397E85-8AF4-414B-90FC-9F4244CD46FA}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AE298D-7E8A-4F53-BE55-15D2B065F6C0}
Deleted: [Key] - HKU\S-1-5-21-1875661055-100597291-3592894970-1000\Software\FastDataX
Deleted: [Key] - HKCU\Software\FastDataX
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\E3605470-291B-44EB-8648-745EE356599A
Deleted: [Key] - HKLM\SOFTWARE\Mail.Ru
Deleted: [Key] - HKU\S-1-5-21-1875661055-100597291-3592894970-1000\Software\Mail.Ru
Deleted: [Key] - HKU\S-1-5-21-1875661055-100597291-3592894970-1000\Software\AppDataLow\Software\Mail.Ru
Deleted: [Key] - HKCU\Software\Mail.Ru
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Mail.Ru
Deleted: [Key] - HKU\S-1-5-21-1875661055-100597291-3592894970-1000\Software\EpicNet Inc.
Deleted: [Key] - HKCU\Software\EpicNet Inc.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries deleted.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries deleted.
*************************
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
*************************
C:/AdwCleaner/AdwCleaner[S0].txt - [7506 B] - [2018/2/27 23:22:15]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
# AdwCleaner 7.0.8.0 - Logfile created on Tue Feb 27 23:25:25 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 7 Professional (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
Deleted: AdvancedSystemCareService11
***** [ Folders ] *****
Deleted: C:\ProgramData\IObit\Advanced SystemCare
Deleted: C:\ProgramData\Application Data\IObit\Advanced SystemCare
Deleted: C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\Program Files (x86)\IObit\Advanced SystemCare
Deleted: C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\Users\All Users\IObit\Advanced SystemCare
Deleted: C:\Users\jes\AppData\LocalLow\IObit\Advanced SystemCare
Deleted: C:\Users\jes\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\ProgramData\IObit\Advanced SystemCare
Deleted: C:\ProgramData\Application Data\IObit\Advanced SystemCare
Deleted: C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\Program Files (x86)\IObit\Advanced SystemCare
Deleted: C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\Users\All Users\IObit\Advanced SystemCare
Deleted: C:\Users\jes\AppData\LocalLow\IObit\Advanced SystemCare
Deleted: C:\Users\jes\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare V8
Deleted: C:\ProgramData\IObit\ASCDownloader
Deleted: C:\ProgramData\Application Data\IObit\ASCDownloader
Deleted: C:\Users\All Users\IObit\ASCDownloader
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
Deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Mail.Ru
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Mail.Ru
Deleted: C:\Windows\\rss
Deleted: C:\Users\jes\AppData\Roaming\EpicNet Inc
Deleted: C:\Users\jes\AppData\Roaming\EpicNet Inc.
***** [ Files ] *****
Deleted: C:\Windows\SysNative\REGISTRYDEFRAGBOOTTIME.EXE
Deleted: C:\Users\jes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
Cleaned: C:\Users\jes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk[url,FileProtocolHandler "http:\\www.mail.ru\cnt\20775012?gp=834403"]
Cleaned: C:\Users\jes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk[url,FileProtocolHandler "http:\\www.mail.ru\cnt\20775012?gp=834403"]
***** [ Tasks ] *****
Deleted: ASC11_PerformanceMonitor
Deleted: Driver Booster Scheduler
***** [ Registry ] *****
Deleted: [Key] - HKLM\SOFTWARE\IOBIT\ASC
Deleted: [Key] - HKLM\SOFTWARE\IObit\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\IObit\RealTimeProtector
Deleted: [Key] - HKLM\SOFTWARE\IObit\ASC
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
Deleted: [Key] - HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect
Deleted: [Key] - HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{C81BED3B-31BD-491F-813D-78EFC2638CE1}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{B910D9A1-9F21-484A-8650-82250DABF38E}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{D5397E85-8AF4-414B-90FC-9F4244CD46FA}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AE298D-7E8A-4F53-BE55-15D2B065F6C0}
Deleted: [Key] - HKU\S-1-5-21-1875661055-100597291-3592894970-1000\Software\FastDataX
Deleted: [Key] - HKCU\Software\FastDataX
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\E3605470-291B-44EB-8648-745EE356599A
Deleted: [Key] - HKLM\SOFTWARE\Mail.Ru
Deleted: [Key] - HKU\S-1-5-21-1875661055-100597291-3592894970-1000\Software\Mail.Ru
Deleted: [Key] - HKU\S-1-5-21-1875661055-100597291-3592894970-1000\Software\AppDataLow\Software\Mail.Ru
Deleted: [Key] - HKCU\Software\Mail.Ru
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Mail.Ru
Deleted: [Key] - HKU\S-1-5-21-1875661055-100597291-3592894970-1000\Software\EpicNet Inc.
Deleted: [Key] - HKCU\Software\EpicNet Inc.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries deleted.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries deleted.
*************************
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
*************************
C:/AdwCleaner/AdwCleaner[S0].txt - [7506 B] - [2018/2/27 23:22:15]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
-
Rudy
- Site Admin
- Příspěvky: 119428
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zakodování některých souboru - koncovka GDCB
Dejte nový log RSIT.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zakodování některých souboru - koncovka GDCB
Nový Log z RSIT
Logfile of random's system information tool 1.16 (written by random/random)
Run by jes at 2018-02-28 10:43:12
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 254 GB (51%) free of 500 GB
Total RAM: 4060 MB (65% free)
X64
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:43:14, on 28.2.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18922)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Program Files\trend micro\jes_RSITx64.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: IObit Ads Removal - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\Adblock\Adblock.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKCU\..\Run: [Advanced SystemCare 11] "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /Auto
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3465B8E-5222-4F3A-B52D-FD9EC14F0139}: NameServer = 10.0.0.138,8.8.8.8
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Disk Master Agent (DmAgent) - QILING Tech Co., Ltd. - C:\Program Files\QILING\Disk Master\DmAgent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: IObit Uninstaller Service (IObitUnSvr) - IObit - C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 6976 bytes
====== Enumerating Processes ======
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe"
"C:\Program Files\ESET\ESET Security\ekrn.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\QILING\Disk Master\DmAgent.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
C:\Windows\system32\dllhost.exe /Processid:{6E642292-F2ED-47D2-8A45-6487E47CF97E}
C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-3748a66e-1505-42bf-aa9f-945d919432f2 -SystemEventPortName:HostProcess-e87e7dee-5ca1-4786-9add-2f78ed84a366 -IoCancelEventPortName:HostProcess-b0d29145-a6ba-4a9f-b423-6a1460bcb1a3 -NonStateChangingEventPortName:HostProcess-5ebdbe27-4536-43e1-acc1-29e708206afd -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:3498ae0b-b89e-438f-be6e-ac269140d429 -DeviceGroupId:WpdFsGroup
C:\Windows\System32\msdtc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\QILING\Disk Master\DiskMasterUI.exe" -Hide
"C:\Windows\System32\igfxtray.exe"
"C:\Program Files\ESET\ESET Security\egui.exe" /hide
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /systemstart /autostart
"C:\Windows\system32\wuauclt.exe"
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe" /starttips
"C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe"
C:\Windows\System32\svchost.exe -k swprv
"C:\Users\jes\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
====== Scheduled tasks folder ======
C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\ASC11_SkipUac_jes - "C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe" /SkipUac
C:\Windows\system32\tasks\Driver Booster SkipUAC (jes) - C:\Program Files (x86)\IObit\Driver Booster\5.2.0\DriverBooster.exe /skipuac
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\Opera scheduled Autoupdate 1500499252 - C:\Program Files (x86)\Opera\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\Uninstaller_SkipUac_jes - C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-1875661055-100597291-3592894970-1000 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\Microsoft\Windows Defender\MP Scheduled Scan - c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask - %SystemRoot%\system32\Wat\WatAdminSvc.exe /run
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
=========Google Chrome=========
C:\Users\jes\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension bhjhnafpiilpffhglajcaepjbnbjemci
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 2 Dokumenty Google offline 1.4
Extension hcadgijmedbfgciegjomfpjcdchlhnif
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.46
Extension lhemechcanjmilllmccjbjldonmnnjjj
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mfffpogegjflfpflabcdkioaeobkgjik 1 GaiaAuthExtension 0.0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.6
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.3
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 6417.1211.0.0
Homepage: http://www.seznam.cz/
default_search_provider.search_url:
C:\Users\jes\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bhjhnafpiilpffhglajcaepjbnbjemci]
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hcadgijmedbfgciegjomfpjcdchlhnif]
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lhemechcanjmilllmccjbjldonmnnjjj]
"Path"=
======Registry dump ======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
ExplorerWnd Helper - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2018-01-25 2478864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-02-06 573504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-02-06 236608]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664}]
IObit Ads Removal - C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\Adblock\Adblock.dll [2017-10-18 734632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Disk Master"=C:\Program Files\QILING\Disk Master\DiskMasterUI.exe [2017-07-10 3180344]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2017-09-13 163360]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2017-09-13 18381792]
"egui"=C:\Program Files\ESET\ESET Security\ecmds.exe [2017-12-18 324352]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 11"=C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe /Auto []
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-12-19 587800]
"IObit Malware Fighter"=C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [2018-01-22 5866768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders" = credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSimpleNetIDList"=1
"NoDriveTypeAutoRun"=221
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoDriveAutoRun"=16777216
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath" = "C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
====== File associations ======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
====== List of files/folders created in the last 1 month ======
2018-02-28 00:18:36 ----D---- C:\AdwCleaner
2018-02-27 00:26:39 ----D---- C:\rsit
2018-02-27 00:26:39 ----D---- C:\Program Files\trend micro
2018-02-26 23:52:10 ----D---- C:\FRST
2018-02-26 17:31:28 ----AD---- C:\Kaspersky Rescue Disk 10.0
2018-02-26 09:26:59 ----A---- C:\Windows\system32\drivers\trufos.sys
2018-02-26 09:10:06 ----A---- C:\Windows\ntbtlog.txt
2018-02-26 08:48:01 ----D---- C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2018-02-26 08:34:27 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2018-02-26 08:34:27 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2018-02-26 08:34:27 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2018-02-26 08:34:27 ----A---- C:\Windows\SYSWOW64\ieui.dll
2018-02-26 08:34:27 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2018-02-26 08:34:27 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2018-02-26 08:34:27 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2018-02-26 08:34:27 ----A---- C:\Windows\system32\mshtmled.dll
2018-02-26 08:34:27 ----A---- C:\Windows\system32\msfeeds.dll
2018-02-26 08:34:27 ----A---- C:\Windows\system32\ieui.dll
2018-02-26 08:34:27 ----A---- C:\Windows\system32\ieframe.dll
2018-02-26 08:34:27 ----A---- C:\Windows\system32\dxtrans.dll
2018-02-26 08:34:27 ----A---- C:\Windows\system32\dxtmsft.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\wininet.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\tzres.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\scesrv.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\occache.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\msrating.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\jscript.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\inseng.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\wininet.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\webcheck.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\vbscript.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\urlmon.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\tzres.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\scesrv.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\occache.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2018-02-26 08:34:26 ----A---- C:\Windows\system32\msrating.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\mshtmlmedia.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\MshtmlDac.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\mshtml.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\jsproxy.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\jscript9diag.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\jscript9.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\jscript.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\inseng.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\ieUnatt.exe
2018-02-26 08:34:26 ----A---- C:\Windows\system32\iesetup.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\iertutil.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\iernonce.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\ieetwproxystub.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\ieetwcollector.exe
2018-02-26 08:34:26 ----A---- C:\Windows\system32\iedkcs32.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\ieapfltr.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\ie4uinit.exe
2018-02-26 08:29:28 ----A---- C:\Windows\system32\drivers\IMFCameraProtect.sys
2018-02-26 01:50:00 ----D---- C:\Users\jes\AppData\Roaming\www.shadowexplorer.com
2018-02-26 01:09:31 ----D---- C:\Users\jes\AppData\Roaming\tox
2018-02-25 23:38:53 ----A---- C:\Windows\SYSWOW64\svchost.exe
2018-02-25 22:44:42 ----D---- C:\Users\jes\AppData\Roaming\ESET
2018-02-25 22:34:34 ----D---- C:\ProgramData\ESET
2018-02-25 22:34:34 ----D---- C:\Program Files\ESET
2018-02-25 20:41:19 ----D---- C:\Windows\SYSWOW64\sxltruwn
2018-02-25 20:39:54 ----D---- C:\ProgramData\save
2018-02-25 20:39:32 ----D---- C:\Users\jes\AppData\Roaming\1337
2018-02-24 22:18:52 ----D---- C:\ProgramData\{13CFD044-61E4-4EAC-AD61-02536D961216}
2018-02-20 22:00:42 ----A---- C:\ProgramData\unins000.dat
2018-02-20 22:00:22 ----A---- C:\ProgramData\unins000.exe
2018-02-15 20:42:38 ----D---- C:\Users\jes\AppData\Roaming\Mozilla
2018-02-15 20:35:18 ----D---- C:\Users\jes\AppData\Roaming\Smart Application Controller
2018-02-14 09:22:56 ----A---- C:\Windows\system32\win32k.sys
2018-02-14 09:22:56 ----A---- C:\Windows\system32\ntoskrnl.exe
2018-02-14 09:22:55 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2018-02-14 09:22:55 ----A---- C:\Windows\system32\xpsrchvw.exe
2018-02-14 09:22:55 ----A---- C:\Windows\system32\ntdll.dll
2018-02-14 09:22:55 ----A---- C:\Windows\system32\drivers\tcpip.sys
2018-02-14 09:22:54 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2018-02-14 09:22:53 ----A---- C:\Windows\system32\schannel.dll
2018-02-14 09:22:53 ----A---- C:\Windows\system32\rpcrt4.dll
2018-02-14 09:22:53 ----A---- C:\Windows\system32\lsasrv.dll
2018-02-14 09:22:53 ----A---- C:\Windows\system32\kerberos.dll
2018-02-14 09:22:53 ----A---- C:\Windows\system32\crypt32.dll
2018-02-14 09:22:52 ----A---- C:\Windows\SYSWOW64\xpsrchvw.exe
2018-02-14 09:22:52 ----A---- C:\Windows\SYSWOW64\schannel.dll
2018-02-14 09:22:52 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2018-02-14 09:22:52 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2018-02-14 09:22:52 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2018-02-14 09:22:52 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2018-02-14 09:22:52 ----A---- C:\Windows\system32\msv1_0.dll
2018-02-14 09:22:52 ----A---- C:\Windows\system32\KernelBase.dll
2018-02-14 09:22:52 ----A---- C:\Windows\system32\kernel32.dll
2018-02-14 09:22:52 ----A---- C:\Windows\system32\advapi32.dll
2018-02-14 09:22:51 ----A---- C:\Windows\SYSWOW64\WinSCard.dll
2018-02-14 09:22:51 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2018-02-14 09:22:51 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2018-02-14 09:22:51 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2018-02-14 09:22:51 ----A---- C:\Windows\system32\wisptis.exe
2018-02-14 09:22:51 ----A---- C:\Windows\system32\WinSCard.dll
2018-02-14 09:22:51 ----A---- C:\Windows\system32\rpchttp.dll
2018-02-14 09:22:51 ----A---- C:\Windows\system32\ncrypt.dll
2018-02-14 09:22:51 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2018-02-14 09:22:51 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2018-02-14 09:22:51 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2018-02-14 09:22:51 ----A---- C:\Windows\system32\clfs.sys
2018-02-14 09:22:51 ----A---- C:\Windows\system32\certcli.dll
2018-02-14 09:22:51 ----A---- C:\Windows\system32\cdosys.dll
2018-02-14 09:22:50 ----A---- C:\Windows\SYSWOW64\t2embed.dll
2018-02-14 09:22:50 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2018-02-14 09:22:50 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2018-02-14 09:22:50 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2018-02-14 09:22:50 ----A---- C:\Windows\SYSWOW64\cdosys.dll
2018-02-14 09:22:50 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\wow64win.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\wow64.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\winsrv.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\wdigest.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\TSpkg.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\t2embed.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\srcore.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\hal.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\drivers\netio.sys
2018-02-14 09:22:50 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2018-02-14 09:22:50 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2018-02-14 09:22:50 ----A---- C:\Windows\system32\adtschema.dll
2018-02-14 09:22:49 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2018-02-14 09:22:49 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2018-02-14 09:22:49 ----A---- C:\Windows\SYSWOW64\StructuredQuery.dll
2018-02-14 09:22:49 ----A---- C:\Windows\SYSWOW64\certcli.dll
2018-02-14 09:22:49 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2018-02-14 09:22:49 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2018-02-14 09:22:49 ----A---- C:\Windows\system32\TabSvc.dll
2018-02-14 09:22:49 ----A---- C:\Windows\system32\StructuredQuery.dll
2018-02-14 09:22:49 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2018-02-14 09:22:49 ----A---- C:\Windows\system32\drivers\hidparse.sys
2018-02-14 09:22:49 ----A---- C:\Windows\system32\drivers\hidclass.sys
2018-02-14 09:22:49 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2018-02-14 09:22:49 ----A---- C:\Windows\system32\drivers\appid.sys
2018-02-14 09:22:49 ----A---- C:\Windows\system32\csrsrv.dll
2018-02-14 09:22:49 ----A---- C:\Windows\system32\conhost.exe
2018-02-14 09:22:49 ----A---- C:\Windows\system32\bcrypt.dll
2018-02-14 09:22:49 ----A---- C:\Windows\system32\appidsvc.dll
2018-02-14 09:22:49 ----A---- C:\Windows\system32\appidapi.dll
2018-02-14 09:22:48 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-02-14 09:22:48 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\srclient.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\setup16.exe
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\secur32.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\credssp.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\sspisrv.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\sspicli.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\srclient.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\smss.exe
2018-02-14 09:22:48 ----A---- C:\Windows\system32\setbcdlocale.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\secur32.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\rstrui.exe
2018-02-14 09:22:48 ----A---- C:\Windows\system32\ntvdm64.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\msaudite.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\lsass.exe
2018-02-14 09:22:48 ----A---- C:\Windows\system32\fontsub.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\drivers\hidusb.sys
2018-02-14 09:22:48 ----A---- C:\Windows\system32\cryptbase.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\credssp.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\auditpol.exe
2018-02-14 09:22:48 ----A---- C:\Windows\system32\atmfd.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-02-14 09:22:47 ----A---- C:\Windows\SYSWOW64\wow32.dll
2018-02-14 09:22:47 ----A---- C:\Windows\SYSWOW64\instnm.exe
2018-02-14 09:22:47 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2018-02-14 09:22:47 ----A---- C:\Windows\system32\wow64cpu.dll
2018-02-14 09:22:47 ----A---- C:\Windows\system32\apisetschema.dll
2018-02-14 09:22:46 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2018-02-14 09:22:46 ----A---- C:\Windows\SYSWOW64\user.exe
2018-02-14 09:22:46 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2018-02-14 09:22:46 ----A---- C:\Windows\SYSWOW64\lpk.dll
2018-02-14 09:22:46 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2018-02-14 09:22:46 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2018-02-14 09:22:46 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2018-02-14 09:22:46 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2018-02-14 09:22:46 ----A---- C:\Windows\system32\wintrust.dll
2018-02-14 09:22:46 ----A---- C:\Windows\system32\msobjs.dll
2018-02-14 09:22:46 ----A---- C:\Windows\system32\lpk.dll
2018-02-14 09:22:46 ----A---- C:\Windows\system32\dciman32.dll
2018-02-14 09:22:46 ----A---- C:\Windows\system32\cryptsvc.dll
2018-02-14 09:22:46 ----A---- C:\Windows\system32\cryptnet.dll
2018-02-14 09:22:46 ----A---- C:\Windows\system32\atmlib.dll
2018-02-14 09:21:18 ----A---- C:\Windows\system32\generaltel.dll
2018-02-14 09:21:18 ----A---- C:\Windows\system32\appraiser.dll
2018-02-14 09:21:18 ----A---- C:\Windows\system32\aeinv.dll
2018-02-14 09:21:17 ----A---- C:\Windows\system32\invagent.dll
2018-02-14 09:21:17 ----A---- C:\Windows\system32\devinv.dll
2018-02-14 09:21:17 ----A---- C:\Windows\system32\CompatTelRunner.exe
2018-02-14 09:21:17 ----A---- C:\Windows\system32\centel.dll
2018-02-14 09:21:17 ----A---- C:\Windows\system32\aitstatic.exe
2018-02-14 09:21:17 ----A---- C:\Windows\system32\aepic.dll
2018-02-14 09:21:17 ----A---- C:\Windows\system32\acmigration.dll
====== List of files/folders modified in the last 1 month ======
2018-02-28 10:39:33 ----D---- C:\Windows
2018-02-28 10:36:01 ----D---- C:\Windows\System32
2018-02-28 10:36:01 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-02-28 10:36:00 ----D---- C:\Windows\inf
2018-02-28 10:31:48 ----D---- C:\Windows\system32\config
2018-02-28 10:29:33 ----D---- C:\Windows\Registration
2018-02-28 10:29:12 ----D---- C:\Windows\Temp
2018-02-28 00:25:12 ----D---- C:\ProgramData\IObit
2018-02-28 00:25:01 ----D---- C:\Users\jes\AppData\Roaming\IObit
2018-02-28 00:16:21 ----D---- C:\Windows\system32\Tasks
2018-02-27 00:26:39 ----RD---- C:\Program Files
2018-02-26 23:09:27 ----D---- C:\ProgramData\ProductData
2018-02-26 20:01:40 ----HD---- C:\ProgramData
2018-02-26 19:57:02 ----D---- C:\Users\jes\AppData\Roaming\vlc
2018-02-26 19:56:13 ----D---- C:\smazat
2018-02-26 19:55:46 ----D---- C:\Windows\Prefetch
2018-02-26 18:23:19 ----SHD---- C:\Windows\Installer
2018-02-26 18:18:44 ----RD---- C:\Program Files (x86)
2018-02-26 18:13:46 ----SHD---- C:\System Volume Information
2018-02-26 18:01:30 ----D---- C:\Windows\winsxs
2018-02-26 17:59:13 ----D---- C:\Windows\SYSWOW64\en-US
2018-02-26 17:59:13 ----D---- C:\Windows\SYSWOW64\cs-CZ
2018-02-26 17:59:13 ----D---- C:\Windows\SysWOW64
2018-02-26 17:59:13 ----D---- C:\Windows\system32\en-US
2018-02-26 17:59:13 ----D---- C:\Windows\system32\cs-CZ
2018-02-26 17:59:13 ----D---- C:\Program Files\Internet Explorer
2018-02-26 17:59:13 ----D---- C:\Program Files (x86)\Internet Explorer
2018-02-26 14:22:38 ----D---- C:\Windows\rescache
2018-02-26 09:27:44 ----D---- C:\Windows\system32\catroot
2018-02-26 09:26:59 ----D---- C:\Windows\system32\drivers
2018-02-26 09:12:38 ----D---- C:\Windows\system32\DriverStore
2018-02-26 08:38:23 ----D---- C:\Windows\twain_32
2018-02-26 08:38:23 ----D---- C:\Program Files (x86)\epson
2018-02-26 08:37:55 ----D---- C:\ProgramData\EPSON
2018-02-26 08:37:08 ----D---- C:\Windows\Tasks
2018-02-26 08:34:16 ----D---- C:\Windows\system32\catroot2
2018-02-26 08:28:43 ----D---- C:\Program Files (x86)\IObit
2018-02-25 21:50:31 ----SD---- C:\Users\jes\AppData\Roaming\Microsoft
2018-02-25 21:06:39 ----SHD---- C:\found.000
2018-02-25 20:59:58 ----RD---- C:\Users
2018-02-25 20:59:57 ----SHD---- C:\boot
2018-02-25 20:41:58 ----SHD---- C:\$Recycle.Bin
2018-02-24 09:48:46 ----D---- C:\Windows\SoftwareDistribution
2018-02-24 09:45:44 ----D---- C:\Windows\debug
2018-02-21 16:32:42 ----D---- C:\Program Files (x86)\Opera
2018-02-15 23:18:11 ----D---- C:\Temp
2018-02-15 20:35:46 ----HD---- C:\Windows\system32\GroupPolicy
2018-02-14 18:59:21 ----D---- C:\Windows\Microsoft.NET
2018-02-14 16:21:10 ----D---- C:\Windows\AppPatch
2018-02-14 16:21:09 ----D---- C:\Windows\system32\Boot
2018-02-14 16:21:09 ----D---- C:\Windows\system32\appraiser
2018-02-14 09:44:03 ----D---- C:\Windows\system32\MRT
2018-02-14 09:41:09 ----AC---- C:\Windows\system32\MRT-KB890830.exe
2018-02-14 09:40:58 ----AC---- C:\Windows\system32\MRT.exe
2018-02-14 09:37:42 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2018-02-14 09:36:28 ----D---- C:\ProgramData\Microsoft Help
2018-02-14 09:35:43 ----A---- C:\Windows\win.ini
2018-02-06 18:16:28 ----D---- C:\Program Files (x86)\Common Files
2018-02-06 18:09:17 ----D---- C:\Program Files\Java
2018-02-06 18:05:35 ----A---- C:\Windows\system32\WindowsAccessBridge-64.dll
File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed
====== List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======
R0 diskbckp;Disk Backup Monitor Filter Driver; C:\Windows\system32\drivers\diskbckp.sys [2017-07-10 45368]
R0 edevmon;edevmon; C:\Windows\system32\DRIVERS\edevmon.sys [2018-01-19 107328]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2018-01-01 213736]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2018-01-19 134368]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2018-01-19 180088]
R1 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2018-01-19 81880]
R1 EpfwLWF;ESET Firewall; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2018-01-19 61040]
R1 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2018-01-19 106304]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2017-09-13 27552]
R1 IMFCameraProtect;IMFCameraProtect; \??\C:\Windows\system32\drivers\IMFCameraProtect.sys [2017-04-06 26272]
R2 ekbdflt;ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [2018-01-19 50744]
R2 gzflt;gzflt; C:\Windows\system32\DRIVERS\gzflt.sys [2016-10-27 183576]
R3 AmUStor;Al USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2018-01-05 90560]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2017-09-13 10629408]
R3 IMFDownProtect;IMFDownProtect; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFDownProtect.sys [2017-03-08 21360]
R3 IMFFilter;IMFFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\IMFFilter.sys [2016-12-22 22440]
R3 IMFForceDelete;IMFForceDelete; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFForceDelete.sys [2017-07-03 16216]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2017-09-13 5826560]
R3 IUFileFilter;IUFileFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [2017-06-06 21928]
R3 IURegProcessFilter;IURegProcessFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegProcessFilter.sys [2018-01-11 22416]
R3 mod7700;DiBcom based TV tuner device; C:\Windows\system32\DRIVERS\mod7700.sys [2007-07-13 620040]
R3 MODRC;DiBcom Infrared Receiver; C:\Windows\system32\DRIVERS\modrc.sys [2007-07-13 24200]
R3 RegFilter;RegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2016-11-03 34752]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2018-01-05 1077728]
R3 Trufos;Trufos; C:\Windows\system32\DRIVERS\TRUFOS.sys [2016-12-05 520032]
R3 vDisk;Disk Master Enumerator; C:\Windows\system32\DRIVERS\vDisk.sys [2017-07-10 256312]
S1 ZAM;ZAM Helper Driver; \??\C:\Windows\System32\drivers\zam64.sys []
S1 ZAM_Guard;ZAM Guard Driver; \??\C:\Windows\System32\drivers\zamguard64.sys []
S3 cpuz143;cpuz143; \??\C:\Windows\temp\cpuz143\cpuz143_x64.sys [2018-02-28 48960]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 iobit_monitor_server;iobit_monitor_server; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win7_x64.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 usbser;USB RS-232 Emulation Driver; C:\Windows\system32\DRIVERS\USBSER.sys [2013-08-29 33280]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 wdm_usb;wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [2016-08-16 159936]
S3 WinUsb;Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
====== List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll" = %SystemRoot%\system32\diagtrack.dll
R2 DmAgent;Disk Master Agent; C:\Program Files\QILING\Disk Master\DmAgent.exe [2017-07-10 67384]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Security\ekrn.exe [2017-12-18 1940584]
R2 IMFservice;IMF Service; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2018-01-08 1770784]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 Net Driver HPZ12;Net Driver HPZ12; %SystemRoot%\System32\svchost.exe -k HPZ12;"ServiceDll" = C:\Windows\system32\HPZinw12.dll
R2 Pml Driver HPZ12;Pml Driver HPZ12; %SystemRoot%\System32\svchost.exe -k HPZ12;"ServiceDll" = C:\Windows\system32\HPZipm12.dll
R2 TeamViewer;TeamViewer 12; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2017-05-23 10884848]
R2 VssProvider;VssProvider; C:\Windows\system32\dllhost.exe [2009-07-14 9728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-04-21 107656]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-04-21 128648]
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-19 153168]
S2 IObitUnSvr;IObit Uninstaller Service; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [2018-01-25 206096]
S3 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-01-17 83984]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-19 153168]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2018-02-26 116224]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\system32\storsvc.dll
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\umrdp.dll
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2017-07-27 1255736]
S4 AppMgmt;@appmgmts.dll,-3250; %SystemRoot%\system32\svchost.exe -k netsvcs;"ServiceDll" = %SystemRoot%\System32\appmgmts.dll
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-04-21 52856]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\cscsvc.dll
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; %SystemRoot%\System32\svchost.exe -k PeerDist;"ServiceDll" = %SystemRoot%\system32\peerdistsvc.dll
-----------------EOF-----------------
Logfile of random's system information tool 1.16 (written by random/random)
Run by jes at 2018-02-28 10:43:12
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 254 GB (51%) free of 500 GB
Total RAM: 4060 MB (65% free)
X64
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:43:14, on 28.2.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18922)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Program Files\trend micro\jes_RSITx64.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: IObit Ads Removal - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\Adblock\Adblock.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKCU\..\Run: [Advanced SystemCare 11] "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /Auto
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3465B8E-5222-4F3A-B52D-FD9EC14F0139}: NameServer = 10.0.0.138,8.8.8.8
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Disk Master Agent (DmAgent) - QILING Tech Co., Ltd. - C:\Program Files\QILING\Disk Master\DmAgent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: IObit Uninstaller Service (IObitUnSvr) - IObit - C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 6976 bytes
====== Enumerating Processes ======
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe"
"C:\Program Files\ESET\ESET Security\ekrn.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\QILING\Disk Master\DmAgent.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
C:\Windows\system32\dllhost.exe /Processid:{6E642292-F2ED-47D2-8A45-6487E47CF97E}
C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-3748a66e-1505-42bf-aa9f-945d919432f2 -SystemEventPortName:HostProcess-e87e7dee-5ca1-4786-9add-2f78ed84a366 -IoCancelEventPortName:HostProcess-b0d29145-a6ba-4a9f-b423-6a1460bcb1a3 -NonStateChangingEventPortName:HostProcess-5ebdbe27-4536-43e1-acc1-29e708206afd -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:3498ae0b-b89e-438f-be6e-ac269140d429 -DeviceGroupId:WpdFsGroup
C:\Windows\System32\msdtc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\QILING\Disk Master\DiskMasterUI.exe" -Hide
"C:\Windows\System32\igfxtray.exe"
"C:\Program Files\ESET\ESET Security\egui.exe" /hide
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /systemstart /autostart
"C:\Windows\system32\wuauclt.exe"
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe" /starttips
"C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe"
C:\Windows\System32\svchost.exe -k swprv
"C:\Users\jes\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
====== Scheduled tasks folder ======
C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\ASC11_SkipUac_jes - "C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe" /SkipUac
C:\Windows\system32\tasks\Driver Booster SkipUAC (jes) - C:\Program Files (x86)\IObit\Driver Booster\5.2.0\DriverBooster.exe /skipuac
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\Opera scheduled Autoupdate 1500499252 - C:\Program Files (x86)\Opera\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\Uninstaller_SkipUac_jes - C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-1875661055-100597291-3592894970-1000 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\Microsoft\Windows Defender\MP Scheduled Scan - c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask - %SystemRoot%\system32\Wat\WatAdminSvc.exe /run
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
=========Google Chrome=========
C:\Users\jes\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension bhjhnafpiilpffhglajcaepjbnbjemci
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 2 Dokumenty Google offline 1.4
Extension hcadgijmedbfgciegjomfpjcdchlhnif
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.46
Extension lhemechcanjmilllmccjbjldonmnnjjj
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mfffpogegjflfpflabcdkioaeobkgjik 1 GaiaAuthExtension 0.0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.6
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.3
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 6417.1211.0.0
Homepage: http://www.seznam.cz/
default_search_provider.search_url:
C:\Users\jes\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bhjhnafpiilpffhglajcaepjbnbjemci]
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hcadgijmedbfgciegjomfpjcdchlhnif]
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lhemechcanjmilllmccjbjldonmnnjjj]
"Path"=
======Registry dump ======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
ExplorerWnd Helper - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2018-01-25 2478864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-02-06 573504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-02-06 236608]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664}]
IObit Ads Removal - C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\Adblock\Adblock.dll [2017-10-18 734632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Disk Master"=C:\Program Files\QILING\Disk Master\DiskMasterUI.exe [2017-07-10 3180344]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2017-09-13 163360]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2017-09-13 18381792]
"egui"=C:\Program Files\ESET\ESET Security\ecmds.exe [2017-12-18 324352]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 11"=C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe /Auto []
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-12-19 587800]
"IObit Malware Fighter"=C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [2018-01-22 5866768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders" = credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSimpleNetIDList"=1
"NoDriveTypeAutoRun"=221
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoDriveAutoRun"=16777216
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath" = "C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
====== File associations ======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
====== List of files/folders created in the last 1 month ======
2018-02-28 00:18:36 ----D---- C:\AdwCleaner
2018-02-27 00:26:39 ----D---- C:\rsit
2018-02-27 00:26:39 ----D---- C:\Program Files\trend micro
2018-02-26 23:52:10 ----D---- C:\FRST
2018-02-26 17:31:28 ----AD---- C:\Kaspersky Rescue Disk 10.0
2018-02-26 09:26:59 ----A---- C:\Windows\system32\drivers\trufos.sys
2018-02-26 09:10:06 ----A---- C:\Windows\ntbtlog.txt
2018-02-26 08:48:01 ----D---- C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2018-02-26 08:34:27 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2018-02-26 08:34:27 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2018-02-26 08:34:27 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2018-02-26 08:34:27 ----A---- C:\Windows\SYSWOW64\ieui.dll
2018-02-26 08:34:27 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2018-02-26 08:34:27 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2018-02-26 08:34:27 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2018-02-26 08:34:27 ----A---- C:\Windows\system32\mshtmled.dll
2018-02-26 08:34:27 ----A---- C:\Windows\system32\msfeeds.dll
2018-02-26 08:34:27 ----A---- C:\Windows\system32\ieui.dll
2018-02-26 08:34:27 ----A---- C:\Windows\system32\ieframe.dll
2018-02-26 08:34:27 ----A---- C:\Windows\system32\dxtrans.dll
2018-02-26 08:34:27 ----A---- C:\Windows\system32\dxtmsft.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\wininet.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\tzres.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\scesrv.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\occache.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\msrating.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\jscript.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\inseng.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\wininet.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\webcheck.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\vbscript.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\urlmon.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\tzres.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\scesrv.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\occache.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2018-02-26 08:34:26 ----A---- C:\Windows\system32\msrating.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\mshtmlmedia.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\MshtmlDac.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\mshtml.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\jsproxy.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\jscript9diag.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\jscript9.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\jscript.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\inseng.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\ieUnatt.exe
2018-02-26 08:34:26 ----A---- C:\Windows\system32\iesetup.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\iertutil.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\iernonce.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\ieetwproxystub.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\ieetwcollector.exe
2018-02-26 08:34:26 ----A---- C:\Windows\system32\iedkcs32.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\ieapfltr.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\ie4uinit.exe
2018-02-26 08:29:28 ----A---- C:\Windows\system32\drivers\IMFCameraProtect.sys
2018-02-26 01:50:00 ----D---- C:\Users\jes\AppData\Roaming\www.shadowexplorer.com
2018-02-26 01:09:31 ----D---- C:\Users\jes\AppData\Roaming\tox
2018-02-25 23:38:53 ----A---- C:\Windows\SYSWOW64\svchost.exe
2018-02-25 22:44:42 ----D---- C:\Users\jes\AppData\Roaming\ESET
2018-02-25 22:34:34 ----D---- C:\ProgramData\ESET
2018-02-25 22:34:34 ----D---- C:\Program Files\ESET
2018-02-25 20:41:19 ----D---- C:\Windows\SYSWOW64\sxltruwn
2018-02-25 20:39:54 ----D---- C:\ProgramData\save
2018-02-25 20:39:32 ----D---- C:\Users\jes\AppData\Roaming\1337
2018-02-24 22:18:52 ----D---- C:\ProgramData\{13CFD044-61E4-4EAC-AD61-02536D961216}
2018-02-20 22:00:42 ----A---- C:\ProgramData\unins000.dat
2018-02-20 22:00:22 ----A---- C:\ProgramData\unins000.exe
2018-02-15 20:42:38 ----D---- C:\Users\jes\AppData\Roaming\Mozilla
2018-02-15 20:35:18 ----D---- C:\Users\jes\AppData\Roaming\Smart Application Controller
2018-02-14 09:22:56 ----A---- C:\Windows\system32\win32k.sys
2018-02-14 09:22:56 ----A---- C:\Windows\system32\ntoskrnl.exe
2018-02-14 09:22:55 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2018-02-14 09:22:55 ----A---- C:\Windows\system32\xpsrchvw.exe
2018-02-14 09:22:55 ----A---- C:\Windows\system32\ntdll.dll
2018-02-14 09:22:55 ----A---- C:\Windows\system32\drivers\tcpip.sys
2018-02-14 09:22:54 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2018-02-14 09:22:53 ----A---- C:\Windows\system32\schannel.dll
2018-02-14 09:22:53 ----A---- C:\Windows\system32\rpcrt4.dll
2018-02-14 09:22:53 ----A---- C:\Windows\system32\lsasrv.dll
2018-02-14 09:22:53 ----A---- C:\Windows\system32\kerberos.dll
2018-02-14 09:22:53 ----A---- C:\Windows\system32\crypt32.dll
2018-02-14 09:22:52 ----A---- C:\Windows\SYSWOW64\xpsrchvw.exe
2018-02-14 09:22:52 ----A---- C:\Windows\SYSWOW64\schannel.dll
2018-02-14 09:22:52 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2018-02-14 09:22:52 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2018-02-14 09:22:52 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2018-02-14 09:22:52 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2018-02-14 09:22:52 ----A---- C:\Windows\system32\msv1_0.dll
2018-02-14 09:22:52 ----A---- C:\Windows\system32\KernelBase.dll
2018-02-14 09:22:52 ----A---- C:\Windows\system32\kernel32.dll
2018-02-14 09:22:52 ----A---- C:\Windows\system32\advapi32.dll
2018-02-14 09:22:51 ----A---- C:\Windows\SYSWOW64\WinSCard.dll
2018-02-14 09:22:51 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2018-02-14 09:22:51 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2018-02-14 09:22:51 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2018-02-14 09:22:51 ----A---- C:\Windows\system32\wisptis.exe
2018-02-14 09:22:51 ----A---- C:\Windows\system32\WinSCard.dll
2018-02-14 09:22:51 ----A---- C:\Windows\system32\rpchttp.dll
2018-02-14 09:22:51 ----A---- C:\Windows\system32\ncrypt.dll
2018-02-14 09:22:51 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2018-02-14 09:22:51 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2018-02-14 09:22:51 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2018-02-14 09:22:51 ----A---- C:\Windows\system32\clfs.sys
2018-02-14 09:22:51 ----A---- C:\Windows\system32\certcli.dll
2018-02-14 09:22:51 ----A---- C:\Windows\system32\cdosys.dll
2018-02-14 09:22:50 ----A---- C:\Windows\SYSWOW64\t2embed.dll
2018-02-14 09:22:50 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2018-02-14 09:22:50 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2018-02-14 09:22:50 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2018-02-14 09:22:50 ----A---- C:\Windows\SYSWOW64\cdosys.dll
2018-02-14 09:22:50 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\wow64win.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\wow64.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\winsrv.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\wdigest.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\TSpkg.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\t2embed.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\srcore.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\hal.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\drivers\netio.sys
2018-02-14 09:22:50 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2018-02-14 09:22:50 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2018-02-14 09:22:50 ----A---- C:\Windows\system32\adtschema.dll
2018-02-14 09:22:49 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2018-02-14 09:22:49 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2018-02-14 09:22:49 ----A---- C:\Windows\SYSWOW64\StructuredQuery.dll
2018-02-14 09:22:49 ----A---- C:\Windows\SYSWOW64\certcli.dll
2018-02-14 09:22:49 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2018-02-14 09:22:49 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2018-02-14 09:22:49 ----A---- C:\Windows\system32\TabSvc.dll
2018-02-14 09:22:49 ----A---- C:\Windows\system32\StructuredQuery.dll
2018-02-14 09:22:49 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2018-02-14 09:22:49 ----A---- C:\Windows\system32\drivers\hidparse.sys
2018-02-14 09:22:49 ----A---- C:\Windows\system32\drivers\hidclass.sys
2018-02-14 09:22:49 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2018-02-14 09:22:49 ----A---- C:\Windows\system32\drivers\appid.sys
2018-02-14 09:22:49 ----A---- C:\Windows\system32\csrsrv.dll
2018-02-14 09:22:49 ----A---- C:\Windows\system32\conhost.exe
2018-02-14 09:22:49 ----A---- C:\Windows\system32\bcrypt.dll
2018-02-14 09:22:49 ----A---- C:\Windows\system32\appidsvc.dll
2018-02-14 09:22:49 ----A---- C:\Windows\system32\appidapi.dll
2018-02-14 09:22:48 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-02-14 09:22:48 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\srclient.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\setup16.exe
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\secur32.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\credssp.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\sspisrv.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\sspicli.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\srclient.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\smss.exe
2018-02-14 09:22:48 ----A---- C:\Windows\system32\setbcdlocale.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\secur32.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\rstrui.exe
2018-02-14 09:22:48 ----A---- C:\Windows\system32\ntvdm64.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\msaudite.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\lsass.exe
2018-02-14 09:22:48 ----A---- C:\Windows\system32\fontsub.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\drivers\hidusb.sys
2018-02-14 09:22:48 ----A---- C:\Windows\system32\cryptbase.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\credssp.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\auditpol.exe
2018-02-14 09:22:48 ----A---- C:\Windows\system32\atmfd.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-02-14 09:22:47 ----A---- C:\Windows\SYSWOW64\wow32.dll
2018-02-14 09:22:47 ----A---- C:\Windows\SYSWOW64\instnm.exe
2018-02-14 09:22:47 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2018-02-14 09:22:47 ----A---- C:\Windows\system32\wow64cpu.dll
2018-02-14 09:22:47 ----A---- C:\Windows\system32\apisetschema.dll
2018-02-14 09:22:46 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2018-02-14 09:22:46 ----A---- C:\Windows\SYSWOW64\user.exe
2018-02-14 09:22:46 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2018-02-14 09:22:46 ----A---- C:\Windows\SYSWOW64\lpk.dll
2018-02-14 09:22:46 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2018-02-14 09:22:46 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2018-02-14 09:22:46 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2018-02-14 09:22:46 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2018-02-14 09:22:46 ----A---- C:\Windows\system32\wintrust.dll
2018-02-14 09:22:46 ----A---- C:\Windows\system32\msobjs.dll
2018-02-14 09:22:46 ----A---- C:\Windows\system32\lpk.dll
2018-02-14 09:22:46 ----A---- C:\Windows\system32\dciman32.dll
2018-02-14 09:22:46 ----A---- C:\Windows\system32\cryptsvc.dll
2018-02-14 09:22:46 ----A---- C:\Windows\system32\cryptnet.dll
2018-02-14 09:22:46 ----A---- C:\Windows\system32\atmlib.dll
2018-02-14 09:21:18 ----A---- C:\Windows\system32\generaltel.dll
2018-02-14 09:21:18 ----A---- C:\Windows\system32\appraiser.dll
2018-02-14 09:21:18 ----A---- C:\Windows\system32\aeinv.dll
2018-02-14 09:21:17 ----A---- C:\Windows\system32\invagent.dll
2018-02-14 09:21:17 ----A---- C:\Windows\system32\devinv.dll
2018-02-14 09:21:17 ----A---- C:\Windows\system32\CompatTelRunner.exe
2018-02-14 09:21:17 ----A---- C:\Windows\system32\centel.dll
2018-02-14 09:21:17 ----A---- C:\Windows\system32\aitstatic.exe
2018-02-14 09:21:17 ----A---- C:\Windows\system32\aepic.dll
2018-02-14 09:21:17 ----A---- C:\Windows\system32\acmigration.dll
====== List of files/folders modified in the last 1 month ======
2018-02-28 10:39:33 ----D---- C:\Windows
2018-02-28 10:36:01 ----D---- C:\Windows\System32
2018-02-28 10:36:01 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-02-28 10:36:00 ----D---- C:\Windows\inf
2018-02-28 10:31:48 ----D---- C:\Windows\system32\config
2018-02-28 10:29:33 ----D---- C:\Windows\Registration
2018-02-28 10:29:12 ----D---- C:\Windows\Temp
2018-02-28 00:25:12 ----D---- C:\ProgramData\IObit
2018-02-28 00:25:01 ----D---- C:\Users\jes\AppData\Roaming\IObit
2018-02-28 00:16:21 ----D---- C:\Windows\system32\Tasks
2018-02-27 00:26:39 ----RD---- C:\Program Files
2018-02-26 23:09:27 ----D---- C:\ProgramData\ProductData
2018-02-26 20:01:40 ----HD---- C:\ProgramData
2018-02-26 19:57:02 ----D---- C:\Users\jes\AppData\Roaming\vlc
2018-02-26 19:56:13 ----D---- C:\smazat
2018-02-26 19:55:46 ----D---- C:\Windows\Prefetch
2018-02-26 18:23:19 ----SHD---- C:\Windows\Installer
2018-02-26 18:18:44 ----RD---- C:\Program Files (x86)
2018-02-26 18:13:46 ----SHD---- C:\System Volume Information
2018-02-26 18:01:30 ----D---- C:\Windows\winsxs
2018-02-26 17:59:13 ----D---- C:\Windows\SYSWOW64\en-US
2018-02-26 17:59:13 ----D---- C:\Windows\SYSWOW64\cs-CZ
2018-02-26 17:59:13 ----D---- C:\Windows\SysWOW64
2018-02-26 17:59:13 ----D---- C:\Windows\system32\en-US
2018-02-26 17:59:13 ----D---- C:\Windows\system32\cs-CZ
2018-02-26 17:59:13 ----D---- C:\Program Files\Internet Explorer
2018-02-26 17:59:13 ----D---- C:\Program Files (x86)\Internet Explorer
2018-02-26 14:22:38 ----D---- C:\Windows\rescache
2018-02-26 09:27:44 ----D---- C:\Windows\system32\catroot
2018-02-26 09:26:59 ----D---- C:\Windows\system32\drivers
2018-02-26 09:12:38 ----D---- C:\Windows\system32\DriverStore
2018-02-26 08:38:23 ----D---- C:\Windows\twain_32
2018-02-26 08:38:23 ----D---- C:\Program Files (x86)\epson
2018-02-26 08:37:55 ----D---- C:\ProgramData\EPSON
2018-02-26 08:37:08 ----D---- C:\Windows\Tasks
2018-02-26 08:34:16 ----D---- C:\Windows\system32\catroot2
2018-02-26 08:28:43 ----D---- C:\Program Files (x86)\IObit
2018-02-25 21:50:31 ----SD---- C:\Users\jes\AppData\Roaming\Microsoft
2018-02-25 21:06:39 ----SHD---- C:\found.000
2018-02-25 20:59:58 ----RD---- C:\Users
2018-02-25 20:59:57 ----SHD---- C:\boot
2018-02-25 20:41:58 ----SHD---- C:\$Recycle.Bin
2018-02-24 09:48:46 ----D---- C:\Windows\SoftwareDistribution
2018-02-24 09:45:44 ----D---- C:\Windows\debug
2018-02-21 16:32:42 ----D---- C:\Program Files (x86)\Opera
2018-02-15 23:18:11 ----D---- C:\Temp
2018-02-15 20:35:46 ----HD---- C:\Windows\system32\GroupPolicy
2018-02-14 18:59:21 ----D---- C:\Windows\Microsoft.NET
2018-02-14 16:21:10 ----D---- C:\Windows\AppPatch
2018-02-14 16:21:09 ----D---- C:\Windows\system32\Boot
2018-02-14 16:21:09 ----D---- C:\Windows\system32\appraiser
2018-02-14 09:44:03 ----D---- C:\Windows\system32\MRT
2018-02-14 09:41:09 ----AC---- C:\Windows\system32\MRT-KB890830.exe
2018-02-14 09:40:58 ----AC---- C:\Windows\system32\MRT.exe
2018-02-14 09:37:42 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2018-02-14 09:36:28 ----D---- C:\ProgramData\Microsoft Help
2018-02-14 09:35:43 ----A---- C:\Windows\win.ini
2018-02-06 18:16:28 ----D---- C:\Program Files (x86)\Common Files
2018-02-06 18:09:17 ----D---- C:\Program Files\Java
2018-02-06 18:05:35 ----A---- C:\Windows\system32\WindowsAccessBridge-64.dll
File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed
====== List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======
R0 diskbckp;Disk Backup Monitor Filter Driver; C:\Windows\system32\drivers\diskbckp.sys [2017-07-10 45368]
R0 edevmon;edevmon; C:\Windows\system32\DRIVERS\edevmon.sys [2018-01-19 107328]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2018-01-01 213736]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2018-01-19 134368]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2018-01-19 180088]
R1 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2018-01-19 81880]
R1 EpfwLWF;ESET Firewall; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2018-01-19 61040]
R1 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2018-01-19 106304]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2017-09-13 27552]
R1 IMFCameraProtect;IMFCameraProtect; \??\C:\Windows\system32\drivers\IMFCameraProtect.sys [2017-04-06 26272]
R2 ekbdflt;ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [2018-01-19 50744]
R2 gzflt;gzflt; C:\Windows\system32\DRIVERS\gzflt.sys [2016-10-27 183576]
R3 AmUStor;Al USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2018-01-05 90560]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2017-09-13 10629408]
R3 IMFDownProtect;IMFDownProtect; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFDownProtect.sys [2017-03-08 21360]
R3 IMFFilter;IMFFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\IMFFilter.sys [2016-12-22 22440]
R3 IMFForceDelete;IMFForceDelete; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFForceDelete.sys [2017-07-03 16216]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2017-09-13 5826560]
R3 IUFileFilter;IUFileFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [2017-06-06 21928]
R3 IURegProcessFilter;IURegProcessFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegProcessFilter.sys [2018-01-11 22416]
R3 mod7700;DiBcom based TV tuner device; C:\Windows\system32\DRIVERS\mod7700.sys [2007-07-13 620040]
R3 MODRC;DiBcom Infrared Receiver; C:\Windows\system32\DRIVERS\modrc.sys [2007-07-13 24200]
R3 RegFilter;RegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2016-11-03 34752]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2018-01-05 1077728]
R3 Trufos;Trufos; C:\Windows\system32\DRIVERS\TRUFOS.sys [2016-12-05 520032]
R3 vDisk;Disk Master Enumerator; C:\Windows\system32\DRIVERS\vDisk.sys [2017-07-10 256312]
S1 ZAM;ZAM Helper Driver; \??\C:\Windows\System32\drivers\zam64.sys []
S1 ZAM_Guard;ZAM Guard Driver; \??\C:\Windows\System32\drivers\zamguard64.sys []
S3 cpuz143;cpuz143; \??\C:\Windows\temp\cpuz143\cpuz143_x64.sys [2018-02-28 48960]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 iobit_monitor_server;iobit_monitor_server; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win7_x64.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 usbser;USB RS-232 Emulation Driver; C:\Windows\system32\DRIVERS\USBSER.sys [2013-08-29 33280]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 wdm_usb;wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [2016-08-16 159936]
S3 WinUsb;Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
====== List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll" = %SystemRoot%\system32\diagtrack.dll
R2 DmAgent;Disk Master Agent; C:\Program Files\QILING\Disk Master\DmAgent.exe [2017-07-10 67384]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Security\ekrn.exe [2017-12-18 1940584]
R2 IMFservice;IMF Service; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2018-01-08 1770784]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 Net Driver HPZ12;Net Driver HPZ12; %SystemRoot%\System32\svchost.exe -k HPZ12;"ServiceDll" = C:\Windows\system32\HPZinw12.dll
R2 Pml Driver HPZ12;Pml Driver HPZ12; %SystemRoot%\System32\svchost.exe -k HPZ12;"ServiceDll" = C:\Windows\system32\HPZipm12.dll
R2 TeamViewer;TeamViewer 12; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2017-05-23 10884848]
R2 VssProvider;VssProvider; C:\Windows\system32\dllhost.exe [2009-07-14 9728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-04-21 107656]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-04-21 128648]
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-19 153168]
S2 IObitUnSvr;IObit Uninstaller Service; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [2018-01-25 206096]
S3 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-01-17 83984]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-19 153168]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2018-02-26 116224]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\system32\storsvc.dll
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\umrdp.dll
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2017-07-27 1255736]
S4 AppMgmt;@appmgmts.dll,-3250; %SystemRoot%\system32\svchost.exe -k netsvcs;"ServiceDll" = %SystemRoot%\System32\appmgmts.dll
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-04-21 52856]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\cscsvc.dll
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; %SystemRoot%\System32\svchost.exe -k PeerDist;"ServiceDll" = %SystemRoot%\system32\peerdistsvc.dll
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 119428
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zakodování některých souboru - koncovka GDCB
Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.:files
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA
C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
C:\ProgramData\{13CFD044-61E4-4EAC-AD61-02536D961216}
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]/64
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]/64
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]/64
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 11"=-
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
:commands
[Purity]
[Emptytemp]
[Emptyflash]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zakodování některých souboru - koncovka GDCB
Po restartu posílám nový výpis RSIT
Logfile of random's system information tool 1.16 (written by random/random)
Run by jes at 2018-02-28 14:53:25
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 254 GB (51%) free of 500 GB
Total RAM: 4060 MB (58% free)
X64
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:53:30, on 28.2.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18922)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Program Files\trend micro\jes_RSITx64.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: IObit Ads Removal - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\Adblock\Adblock.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3465B8E-5222-4F3A-B52D-FD9EC14F0139}: NameServer = 10.0.0.138,8.8.8.8
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Disk Master Agent (DmAgent) - QILING Tech Co., Ltd. - C:\Program Files\QILING\Disk Master\DmAgent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: IObit Uninstaller Service (IObitUnSvr) - IObit - C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 6690 bytes
====== Enumerating Processes ======
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe"
"C:\Program Files\ESET\ESET Security\ekrn.exe"
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFSrvWsc.exe" /OutFlag 0
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\QILING\Disk Master\DmAgent.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
C:\Windows\system32\dllhost.exe /Processid:{6E642292-F2ED-47D2-8A45-6487E47CF97E}
C:\Windows\system32\taskhost.exe
C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
C:\Windows\system32\taskeng.exe
"C:\Windows\system32\Dwm.exe"
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Explorer.EXE
C:\Windows\System32\msdtc.exe
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-e27e7204-f9e7-42d0-bbf7-815b62e335bf -SystemEventPortName:HostProcess-44cd69fd-c451-4442-a74f-bdd312560ec0 -IoCancelEventPortName:HostProcess-0b8aaf9a-53b8-4f1b-9c69-f2cf9aaa00ab -NonStateChangingEventPortName:HostProcess-e0ac1f3f-b568-49a5-bb1d-844001de4ac0 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:5424d172-5c82-4ec0-9a8c-f187e4e5ac88 -DeviceGroupId:WpdFsGroup
"C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\QILING\Disk Master\DiskMasterUI.exe" -Hide
"C:\Windows\System32\igfxtray.exe"
"C:\Program Files\ESET\ESET Security\egui.exe" /hide
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /systemstart /autostart
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 528 532 540 65536 536
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-1875661055-100597291-3592894970-10002_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-1875661055-100597291-3592894970-10002 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe" /starttips
"C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe"
"C:\Users\jes\Desktop\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
====== Scheduled tasks folder ======
C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\ASC11_SkipUac_jes - "C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe" /SkipUac
C:\Windows\system32\tasks\Driver Booster SkipUAC (jes) - C:\Program Files (x86)\IObit\Driver Booster\5.2.0\DriverBooster.exe /skipuac
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\Opera scheduled Autoupdate 1500499252 - C:\Program Files (x86)\Opera\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\Uninstaller_SkipUac_jes - C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-1875661055-100597291-3592894970-1000 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\Microsoft\Windows Defender\MP Scheduled Scan - c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask - %SystemRoot%\system32\Wat\WatAdminSvc.exe /run
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
=========Google Chrome=========
C:\Users\jes\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension bhjhnafpiilpffhglajcaepjbnbjemci
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 2 Dokumenty Google offline 1.4
Extension hcadgijmedbfgciegjomfpjcdchlhnif
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.46
Extension lhemechcanjmilllmccjbjldonmnnjjj
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mfffpogegjflfpflabcdkioaeobkgjik 1 GaiaAuthExtension 0.0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.6
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.3
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 6417.1211.0.0
Homepage: http://www.seznam.cz/
default_search_provider.search_url:
C:\Users\jes\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bhjhnafpiilpffhglajcaepjbnbjemci]
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hcadgijmedbfgciegjomfpjcdchlhnif]
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lhemechcanjmilllmccjbjldonmnnjjj]
"Path"=
======Registry dump ======
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
ExplorerWnd Helper - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2018-01-25 2478864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-02-06 573504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-02-06 236608]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664}]
IObit Ads Removal - C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\Adblock\Adblock.dll [2017-10-18 734632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Disk Master"=C:\Program Files\QILING\Disk Master\DiskMasterUI.exe [2017-07-10 3180344]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2017-09-13 163360]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2017-09-13 18381792]
"egui"=C:\Program Files\ESET\ESET Security\ecmds.exe [2017-12-18 324352]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"IObit Malware Fighter"=C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [2018-01-22 5866768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders" = credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSimpleNetIDList"=1
"NoDriveTypeAutoRun"=221
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoDriveAutoRun"=16777216
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath" = "C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
====== File associations ======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
====== List of files/folders created in the last 1 month ======
2018-02-28 14:49:17 ----D---- C:\_OTM
2018-02-28 00:18:36 ----D---- C:\AdwCleaner
2018-02-27 00:26:39 ----D---- C:\rsit
2018-02-27 00:26:39 ----D---- C:\Program Files\trend micro
2018-02-26 23:52:10 ----D---- C:\FRST
2018-02-26 17:31:28 ----AD---- C:\Kaspersky Rescue Disk 10.0
2018-02-26 09:26:59 ----A---- C:\Windows\system32\drivers\trufos.sys
2018-02-26 09:10:06 ----A---- C:\Windows\ntbtlog.txt
2018-02-26 08:34:27 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2018-02-26 08:34:27 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2018-02-26 08:34:27 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2018-02-26 08:34:27 ----A---- C:\Windows\SYSWOW64\ieui.dll
2018-02-26 08:34:27 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2018-02-26 08:34:27 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2018-02-26 08:34:27 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2018-02-26 08:34:27 ----A---- C:\Windows\system32\mshtmled.dll
2018-02-26 08:34:27 ----A---- C:\Windows\system32\msfeeds.dll
2018-02-26 08:34:27 ----A---- C:\Windows\system32\ieui.dll
2018-02-26 08:34:27 ----A---- C:\Windows\system32\ieframe.dll
2018-02-26 08:34:27 ----A---- C:\Windows\system32\dxtrans.dll
2018-02-26 08:34:27 ----A---- C:\Windows\system32\dxtmsft.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\wininet.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\tzres.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\scesrv.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\occache.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\msrating.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\jscript.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\inseng.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\wininet.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\webcheck.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\vbscript.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\urlmon.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\tzres.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\scesrv.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\occache.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2018-02-26 08:34:26 ----A---- C:\Windows\system32\msrating.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\mshtmlmedia.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\MshtmlDac.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\mshtml.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\jsproxy.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\jscript9diag.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\jscript9.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\jscript.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\inseng.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\ieUnatt.exe
2018-02-26 08:34:26 ----A---- C:\Windows\system32\iesetup.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\iertutil.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\iernonce.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\ieetwproxystub.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\ieetwcollector.exe
2018-02-26 08:34:26 ----A---- C:\Windows\system32\iedkcs32.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\ieapfltr.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\ie4uinit.exe
2018-02-26 08:29:28 ----A---- C:\Windows\system32\drivers\IMFCameraProtect.sys
2018-02-26 01:50:00 ----D---- C:\Users\jes\AppData\Roaming\www.shadowexplorer.com
2018-02-26 01:09:31 ----D---- C:\Users\jes\AppData\Roaming\tox
2018-02-25 23:38:53 ----A---- C:\Windows\SYSWOW64\svchost.exe
2018-02-25 22:44:42 ----D---- C:\Users\jes\AppData\Roaming\ESET
2018-02-25 22:34:34 ----D---- C:\ProgramData\ESET
2018-02-25 22:34:34 ----D---- C:\Program Files\ESET
2018-02-25 20:41:19 ----D---- C:\Windows\SYSWOW64\sxltruwn
2018-02-25 20:39:54 ----D---- C:\ProgramData\save
2018-02-25 20:39:32 ----D---- C:\Users\jes\AppData\Roaming\1337
2018-02-20 22:00:42 ----A---- C:\ProgramData\unins000.dat
2018-02-20 22:00:22 ----A---- C:\ProgramData\unins000.exe
2018-02-15 20:42:38 ----D---- C:\Users\jes\AppData\Roaming\Mozilla
2018-02-15 20:35:18 ----D---- C:\Users\jes\AppData\Roaming\Smart Application Controller
2018-02-14 09:22:56 ----A---- C:\Windows\system32\win32k.sys
2018-02-14 09:22:56 ----A---- C:\Windows\system32\ntoskrnl.exe
2018-02-14 09:22:55 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2018-02-14 09:22:55 ----A---- C:\Windows\system32\xpsrchvw.exe
2018-02-14 09:22:55 ----A---- C:\Windows\system32\ntdll.dll
2018-02-14 09:22:55 ----A---- C:\Windows\system32\drivers\tcpip.sys
2018-02-14 09:22:54 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2018-02-14 09:22:53 ----A---- C:\Windows\system32\schannel.dll
2018-02-14 09:22:53 ----A---- C:\Windows\system32\rpcrt4.dll
2018-02-14 09:22:53 ----A---- C:\Windows\system32\lsasrv.dll
2018-02-14 09:22:53 ----A---- C:\Windows\system32\kerberos.dll
2018-02-14 09:22:53 ----A---- C:\Windows\system32\crypt32.dll
2018-02-14 09:22:52 ----A---- C:\Windows\SYSWOW64\xpsrchvw.exe
2018-02-14 09:22:52 ----A---- C:\Windows\SYSWOW64\schannel.dll
2018-02-14 09:22:52 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2018-02-14 09:22:52 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2018-02-14 09:22:52 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2018-02-14 09:22:52 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2018-02-14 09:22:52 ----A---- C:\Windows\system32\msv1_0.dll
2018-02-14 09:22:52 ----A---- C:\Windows\system32\KernelBase.dll
2018-02-14 09:22:52 ----A---- C:\Windows\system32\kernel32.dll
2018-02-14 09:22:52 ----A---- C:\Windows\system32\advapi32.dll
2018-02-14 09:22:51 ----A---- C:\Windows\SYSWOW64\WinSCard.dll
2018-02-14 09:22:51 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2018-02-14 09:22:51 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2018-02-14 09:22:51 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2018-02-14 09:22:51 ----A---- C:\Windows\system32\wisptis.exe
2018-02-14 09:22:51 ----A---- C:\Windows\system32\WinSCard.dll
2018-02-14 09:22:51 ----A---- C:\Windows\system32\rpchttp.dll
2018-02-14 09:22:51 ----A---- C:\Windows\system32\ncrypt.dll
2018-02-14 09:22:51 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2018-02-14 09:22:51 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2018-02-14 09:22:51 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2018-02-14 09:22:51 ----A---- C:\Windows\system32\clfs.sys
2018-02-14 09:22:51 ----A---- C:\Windows\system32\certcli.dll
2018-02-14 09:22:51 ----A---- C:\Windows\system32\cdosys.dll
2018-02-14 09:22:50 ----A---- C:\Windows\SYSWOW64\t2embed.dll
2018-02-14 09:22:50 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2018-02-14 09:22:50 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2018-02-14 09:22:50 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2018-02-14 09:22:50 ----A---- C:\Windows\SYSWOW64\cdosys.dll
2018-02-14 09:22:50 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\wow64win.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\wow64.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\winsrv.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\wdigest.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\TSpkg.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\t2embed.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\srcore.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\hal.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\drivers\netio.sys
2018-02-14 09:22:50 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2018-02-14 09:22:50 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2018-02-14 09:22:50 ----A---- C:\Windows\system32\adtschema.dll
2018-02-14 09:22:49 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2018-02-14 09:22:49 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2018-02-14 09:22:49 ----A---- C:\Windows\SYSWOW64\StructuredQuery.dll
2018-02-14 09:22:49 ----A---- C:\Windows\SYSWOW64\certcli.dll
2018-02-14 09:22:49 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2018-02-14 09:22:49 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2018-02-14 09:22:49 ----A---- C:\Windows\system32\TabSvc.dll
2018-02-14 09:22:49 ----A---- C:\Windows\system32\StructuredQuery.dll
2018-02-14 09:22:49 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2018-02-14 09:22:49 ----A---- C:\Windows\system32\drivers\hidparse.sys
2018-02-14 09:22:49 ----A---- C:\Windows\system32\drivers\hidclass.sys
2018-02-14 09:22:49 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2018-02-14 09:22:49 ----A---- C:\Windows\system32\drivers\appid.sys
2018-02-14 09:22:49 ----A---- C:\Windows\system32\csrsrv.dll
2018-02-14 09:22:49 ----A---- C:\Windows\system32\conhost.exe
2018-02-14 09:22:49 ----A---- C:\Windows\system32\bcrypt.dll
2018-02-14 09:22:49 ----A---- C:\Windows\system32\appidsvc.dll
2018-02-14 09:22:49 ----A---- C:\Windows\system32\appidapi.dll
2018-02-14 09:22:48 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-02-14 09:22:48 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\srclient.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\setup16.exe
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\secur32.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\credssp.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\sspisrv.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\sspicli.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\srclient.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\smss.exe
2018-02-14 09:22:48 ----A---- C:\Windows\system32\setbcdlocale.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\secur32.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\rstrui.exe
2018-02-14 09:22:48 ----A---- C:\Windows\system32\ntvdm64.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\msaudite.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\lsass.exe
2018-02-14 09:22:48 ----A---- C:\Windows\system32\fontsub.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\drivers\hidusb.sys
2018-02-14 09:22:48 ----A---- C:\Windows\system32\cryptbase.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\credssp.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\auditpol.exe
2018-02-14 09:22:48 ----A---- C:\Windows\system32\atmfd.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-02-14 09:22:47 ----A---- C:\Windows\SYSWOW64\wow32.dll
2018-02-14 09:22:47 ----A---- C:\Windows\SYSWOW64\instnm.exe
2018-02-14 09:22:47 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2018-02-14 09:22:47 ----A---- C:\Windows\system32\wow64cpu.dll
2018-02-14 09:22:47 ----A---- C:\Windows\system32\apisetschema.dll
2018-02-14 09:22:46 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2018-02-14 09:22:46 ----A---- C:\Windows\SYSWOW64\user.exe
2018-02-14 09:22:46 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2018-02-14 09:22:46 ----A---- C:\Windows\SYSWOW64\lpk.dll
2018-02-14 09:22:46 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2018-02-14 09:22:46 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2018-02-14 09:22:46 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2018-02-14 09:22:46 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2018-02-14 09:22:46 ----A---- C:\Windows\system32\wintrust.dll
2018-02-14 09:22:46 ----A---- C:\Windows\system32\msobjs.dll
2018-02-14 09:22:46 ----A---- C:\Windows\system32\lpk.dll
2018-02-14 09:22:46 ----A---- C:\Windows\system32\dciman32.dll
2018-02-14 09:22:46 ----A---- C:\Windows\system32\cryptsvc.dll
2018-02-14 09:22:46 ----A---- C:\Windows\system32\cryptnet.dll
2018-02-14 09:22:46 ----A---- C:\Windows\system32\atmlib.dll
2018-02-14 09:21:18 ----A---- C:\Windows\system32\generaltel.dll
2018-02-14 09:21:18 ----A---- C:\Windows\system32\appraiser.dll
2018-02-14 09:21:18 ----A---- C:\Windows\system32\aeinv.dll
2018-02-14 09:21:17 ----A---- C:\Windows\system32\invagent.dll
2018-02-14 09:21:17 ----A---- C:\Windows\system32\devinv.dll
2018-02-14 09:21:17 ----A---- C:\Windows\system32\CompatTelRunner.exe
2018-02-14 09:21:17 ----A---- C:\Windows\system32\centel.dll
2018-02-14 09:21:17 ----A---- C:\Windows\system32\aitstatic.exe
2018-02-14 09:21:17 ----A---- C:\Windows\system32\aepic.dll
2018-02-14 09:21:17 ----A---- C:\Windows\system32\acmigration.dll
====== List of files/folders modified in the last 1 month ======
2018-02-28 14:51:59 ----D---- C:\Windows\Registration
2018-02-28 14:51:40 ----D---- C:\Windows\Temp
2018-02-28 14:50:17 ----D---- C:\Windows\system32\config
2018-02-28 14:49:18 ----HD---- C:\ProgramData
2018-02-28 14:15:54 ----SHD---- C:\Windows\Installer
2018-02-28 14:15:54 ----D---- C:\Windows\system32\Tasks
2018-02-28 10:39:33 ----D---- C:\Windows
2018-02-28 10:36:01 ----D---- C:\Windows\System32
2018-02-28 10:36:01 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-02-28 10:36:00 ----D---- C:\Windows\inf
2018-02-28 00:25:12 ----D---- C:\ProgramData\IObit
2018-02-28 00:25:01 ----D---- C:\Users\jes\AppData\Roaming\IObit
2018-02-27 00:26:39 ----RD---- C:\Program Files
2018-02-26 23:09:27 ----D---- C:\ProgramData\ProductData
2018-02-26 19:57:02 ----D---- C:\Users\jes\AppData\Roaming\vlc
2018-02-26 19:56:13 ----D---- C:\smazat
2018-02-26 19:55:46 ----D---- C:\Windows\Prefetch
2018-02-26 18:18:44 ----RD---- C:\Program Files (x86)
2018-02-26 18:13:46 ----SHD---- C:\System Volume Information
2018-02-26 18:01:30 ----D---- C:\Windows\winsxs
2018-02-26 17:59:13 ----D---- C:\Windows\SYSWOW64\en-US
2018-02-26 17:59:13 ----D---- C:\Windows\SYSWOW64\cs-CZ
2018-02-26 17:59:13 ----D---- C:\Windows\SysWOW64
2018-02-26 17:59:13 ----D---- C:\Windows\system32\en-US
2018-02-26 17:59:13 ----D---- C:\Windows\system32\cs-CZ
2018-02-26 17:59:13 ----D---- C:\Program Files\Internet Explorer
2018-02-26 17:59:13 ----D---- C:\Program Files (x86)\Internet Explorer
2018-02-26 14:22:38 ----D---- C:\Windows\rescache
2018-02-26 09:27:44 ----D---- C:\Windows\system32\catroot
2018-02-26 09:26:59 ----D---- C:\Windows\system32\drivers
2018-02-26 09:12:38 ----D---- C:\Windows\system32\DriverStore
2018-02-26 08:38:23 ----D---- C:\Windows\twain_32
2018-02-26 08:38:23 ----D---- C:\Program Files (x86)\epson
2018-02-26 08:37:55 ----D---- C:\ProgramData\EPSON
2018-02-26 08:37:08 ----D---- C:\Windows\Tasks
2018-02-26 08:34:16 ----D---- C:\Windows\system32\catroot2
2018-02-26 08:28:43 ----D---- C:\Program Files (x86)\IObit
2018-02-25 21:50:31 ----SD---- C:\Users\jes\AppData\Roaming\Microsoft
2018-02-25 21:06:39 ----SHD---- C:\found.000
2018-02-25 20:59:58 ----RD---- C:\Users
2018-02-25 20:59:57 ----SHD---- C:\boot
2018-02-25 20:41:58 ----SHD---- C:\$Recycle.Bin
2018-02-24 09:48:46 ----D---- C:\Windows\SoftwareDistribution
2018-02-24 09:45:44 ----D---- C:\Windows\debug
2018-02-21 16:32:42 ----D---- C:\Program Files (x86)\Opera
2018-02-15 23:18:11 ----D---- C:\Temp
2018-02-15 20:35:46 ----HD---- C:\Windows\system32\GroupPolicy
2018-02-14 18:59:21 ----D---- C:\Windows\Microsoft.NET
2018-02-14 16:21:10 ----D---- C:\Windows\AppPatch
2018-02-14 16:21:09 ----D---- C:\Windows\system32\Boot
2018-02-14 16:21:09 ----D---- C:\Windows\system32\appraiser
2018-02-14 09:44:03 ----D---- C:\Windows\system32\MRT
2018-02-14 09:41:09 ----AC---- C:\Windows\system32\MRT-KB890830.exe
2018-02-14 09:40:58 ----AC---- C:\Windows\system32\MRT.exe
2018-02-14 09:37:42 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2018-02-14 09:36:28 ----D---- C:\ProgramData\Microsoft Help
2018-02-14 09:35:43 ----A---- C:\Windows\win.ini
2018-02-06 18:16:28 ----D---- C:\Program Files (x86)\Common Files
2018-02-06 18:09:17 ----D---- C:\Program Files\Java
2018-02-06 18:05:35 ----A---- C:\Windows\system32\WindowsAccessBridge-64.dll
File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed
====== List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======
R0 diskbckp;Disk Backup Monitor Filter Driver; C:\Windows\system32\drivers\diskbckp.sys [2017-07-10 45368]
R0 edevmon;edevmon; C:\Windows\system32\DRIVERS\edevmon.sys [2018-01-19 107328]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2018-01-01 213736]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2018-01-19 134368]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2018-01-19 180088]
R1 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2018-01-19 81880]
R1 EpfwLWF;ESET Firewall; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2018-01-19 61040]
R1 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2018-01-19 106304]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2017-09-13 27552]
R1 IMFCameraProtect;IMFCameraProtect; \??\C:\Windows\system32\drivers\IMFCameraProtect.sys [2017-04-06 26272]
R2 ekbdflt;ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [2018-01-19 50744]
R2 gzflt;gzflt; C:\Windows\system32\DRIVERS\gzflt.sys [2016-10-27 183576]
R3 AmUStor;Al USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2018-01-05 90560]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2017-09-13 10629408]
R3 IMFDownProtect;IMFDownProtect; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFDownProtect.sys [2017-03-08 21360]
R3 IMFForceDelete;IMFForceDelete; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFForceDelete.sys [2017-07-03 16216]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2017-09-13 5826560]
R3 IUFileFilter;IUFileFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [2017-06-06 21928]
R3 IURegProcessFilter;IURegProcessFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegProcessFilter.sys [2018-01-11 22416]
R3 mod7700;DiBcom based TV tuner device; C:\Windows\system32\DRIVERS\mod7700.sys [2007-07-13 620040]
R3 MODRC;DiBcom Infrared Receiver; C:\Windows\system32\DRIVERS\modrc.sys [2007-07-13 24200]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2018-01-05 1077728]
R3 vDisk;Disk Master Enumerator; C:\Windows\system32\DRIVERS\vDisk.sys [2017-07-10 256312]
S1 ZAM;ZAM Helper Driver; \??\C:\Windows\System32\drivers\zam64.sys []
S1 ZAM_Guard;ZAM Guard Driver; \??\C:\Windows\System32\drivers\zamguard64.sys []
S3 cpuz143;cpuz143; \??\C:\Windows\temp\cpuz143\cpuz143_x64.sys [2018-02-28 48960]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 IMFFilter;IMFFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\IMFFilter.sys [2016-12-22 22440]
S3 iobit_monitor_server;iobit_monitor_server; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win7_x64.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RegFilter;RegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2016-11-03 34752]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 Trufos;Trufos; C:\Windows\system32\DRIVERS\TRUFOS.sys [2016-12-05 520032]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 usbser;USB RS-232 Emulation Driver; C:\Windows\system32\DRIVERS\USBSER.sys [2013-08-29 33280]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 wdm_usb;wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [2016-08-16 159936]
S3 WinUsb;Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
====== List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-02-09 83984]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll" = %SystemRoot%\system32\diagtrack.dll
R2 DmAgent;Disk Master Agent; C:\Program Files\QILING\Disk Master\DmAgent.exe [2017-07-10 67384]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Security\ekrn.exe [2017-12-18 1940584]
R2 IMFservice;IMF Service; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2018-01-08 1770784]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 Net Driver HPZ12;Net Driver HPZ12; %SystemRoot%\System32\svchost.exe -k HPZ12;"ServiceDll" = C:\Windows\system32\HPZinw12.dll
R2 Pml Driver HPZ12;Pml Driver HPZ12; %SystemRoot%\System32\svchost.exe -k HPZ12;"ServiceDll" = C:\Windows\system32\HPZipm12.dll
R2 TeamViewer;TeamViewer 12; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2017-05-23 10884848]
R2 VssProvider;VssProvider; C:\Windows\system32\dllhost.exe [2009-07-14 9728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-04-21 107656]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-04-21 128648]
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-19 153168]
S2 IObitUnSvr;IObit Uninstaller Service; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [2018-01-25 206096]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-19 153168]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2018-02-26 116224]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\system32\storsvc.dll
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\umrdp.dll
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2017-07-27 1255736]
S4 AppMgmt;@appmgmts.dll,-3250; %SystemRoot%\system32\svchost.exe -k netsvcs;"ServiceDll" = %SystemRoot%\System32\appmgmts.dll
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-04-21 52856]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\cscsvc.dll
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; %SystemRoot%\System32\svchost.exe -k PeerDist;"ServiceDll" = %SystemRoot%\system32\peerdistsvc.dll
-----------------EOF-----------------
Logfile of random's system information tool 1.16 (written by random/random)
Run by jes at 2018-02-28 14:53:25
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 254 GB (51%) free of 500 GB
Total RAM: 4060 MB (58% free)
X64
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:53:30, on 28.2.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18922)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Program Files\trend micro\jes_RSITx64.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: IObit Ads Removal - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\Adblock\Adblock.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3465B8E-5222-4F3A-B52D-FD9EC14F0139}: NameServer = 10.0.0.138,8.8.8.8
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Disk Master Agent (DmAgent) - QILING Tech Co., Ltd. - C:\Program Files\QILING\Disk Master\DmAgent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: IObit Uninstaller Service (IObitUnSvr) - IObit - C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 6690 bytes
====== Enumerating Processes ======
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe"
"C:\Program Files\ESET\ESET Security\ekrn.exe"
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFSrvWsc.exe" /OutFlag 0
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\QILING\Disk Master\DmAgent.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
C:\Windows\system32\dllhost.exe /Processid:{6E642292-F2ED-47D2-8A45-6487E47CF97E}
C:\Windows\system32\taskhost.exe
C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
C:\Windows\system32\taskeng.exe
"C:\Windows\system32\Dwm.exe"
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Explorer.EXE
C:\Windows\System32\msdtc.exe
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-e27e7204-f9e7-42d0-bbf7-815b62e335bf -SystemEventPortName:HostProcess-44cd69fd-c451-4442-a74f-bdd312560ec0 -IoCancelEventPortName:HostProcess-0b8aaf9a-53b8-4f1b-9c69-f2cf9aaa00ab -NonStateChangingEventPortName:HostProcess-e0ac1f3f-b568-49a5-bb1d-844001de4ac0 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:5424d172-5c82-4ec0-9a8c-f187e4e5ac88 -DeviceGroupId:WpdFsGroup
"C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\QILING\Disk Master\DiskMasterUI.exe" -Hide
"C:\Windows\System32\igfxtray.exe"
"C:\Program Files\ESET\ESET Security\egui.exe" /hide
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /systemstart /autostart
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 528 532 540 65536 536
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-1875661055-100597291-3592894970-10002_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-1875661055-100597291-3592894970-10002 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe" /starttips
"C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe"
"C:\Users\jes\Desktop\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
====== Scheduled tasks folder ======
C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\ASC11_SkipUac_jes - "C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe" /SkipUac
C:\Windows\system32\tasks\Driver Booster SkipUAC (jes) - C:\Program Files (x86)\IObit\Driver Booster\5.2.0\DriverBooster.exe /skipuac
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\Opera scheduled Autoupdate 1500499252 - C:\Program Files (x86)\Opera\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\Uninstaller_SkipUac_jes - C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-1875661055-100597291-3592894970-1000 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\Microsoft\Windows Defender\MP Scheduled Scan - c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask - %SystemRoot%\system32\Wat\WatAdminSvc.exe /run
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
=========Google Chrome=========
C:\Users\jes\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension bhjhnafpiilpffhglajcaepjbnbjemci
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 2 Dokumenty Google offline 1.4
Extension hcadgijmedbfgciegjomfpjcdchlhnif
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.46
Extension lhemechcanjmilllmccjbjldonmnnjjj
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mfffpogegjflfpflabcdkioaeobkgjik 1 GaiaAuthExtension 0.0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.6
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.3
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 6417.1211.0.0
Homepage: http://www.seznam.cz/
default_search_provider.search_url:
C:\Users\jes\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bhjhnafpiilpffhglajcaepjbnbjemci]
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hcadgijmedbfgciegjomfpjcdchlhnif]
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lhemechcanjmilllmccjbjldonmnnjjj]
"Path"=
======Registry dump ======
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
ExplorerWnd Helper - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2018-01-25 2478864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-02-06 573504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-02-06 236608]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664}]
IObit Ads Removal - C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\Adblock\Adblock.dll [2017-10-18 734632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Disk Master"=C:\Program Files\QILING\Disk Master\DiskMasterUI.exe [2017-07-10 3180344]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2017-09-13 163360]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2017-09-13 18381792]
"egui"=C:\Program Files\ESET\ESET Security\ecmds.exe [2017-12-18 324352]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"IObit Malware Fighter"=C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [2018-01-22 5866768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders" = credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSimpleNetIDList"=1
"NoDriveTypeAutoRun"=221
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoDriveAutoRun"=16777216
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath" = "C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
====== File associations ======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
====== List of files/folders created in the last 1 month ======
2018-02-28 14:49:17 ----D---- C:\_OTM
2018-02-28 00:18:36 ----D---- C:\AdwCleaner
2018-02-27 00:26:39 ----D---- C:\rsit
2018-02-27 00:26:39 ----D---- C:\Program Files\trend micro
2018-02-26 23:52:10 ----D---- C:\FRST
2018-02-26 17:31:28 ----AD---- C:\Kaspersky Rescue Disk 10.0
2018-02-26 09:26:59 ----A---- C:\Windows\system32\drivers\trufos.sys
2018-02-26 09:10:06 ----A---- C:\Windows\ntbtlog.txt
2018-02-26 08:34:27 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2018-02-26 08:34:27 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2018-02-26 08:34:27 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2018-02-26 08:34:27 ----A---- C:\Windows\SYSWOW64\ieui.dll
2018-02-26 08:34:27 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2018-02-26 08:34:27 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2018-02-26 08:34:27 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2018-02-26 08:34:27 ----A---- C:\Windows\system32\mshtmled.dll
2018-02-26 08:34:27 ----A---- C:\Windows\system32\msfeeds.dll
2018-02-26 08:34:27 ----A---- C:\Windows\system32\ieui.dll
2018-02-26 08:34:27 ----A---- C:\Windows\system32\ieframe.dll
2018-02-26 08:34:27 ----A---- C:\Windows\system32\dxtrans.dll
2018-02-26 08:34:27 ----A---- C:\Windows\system32\dxtmsft.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\wininet.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\tzres.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\scesrv.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\occache.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\msrating.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\jscript.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\inseng.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2018-02-26 08:34:26 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\wininet.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\webcheck.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\vbscript.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\urlmon.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\tzres.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\scesrv.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\occache.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2018-02-26 08:34:26 ----A---- C:\Windows\system32\msrating.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\mshtmlmedia.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\MshtmlDac.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\mshtml.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\jsproxy.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\jscript9diag.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\jscript9.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\jscript.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\inseng.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\ieUnatt.exe
2018-02-26 08:34:26 ----A---- C:\Windows\system32\iesetup.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\iertutil.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\iernonce.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\ieetwproxystub.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\ieetwcollector.exe
2018-02-26 08:34:26 ----A---- C:\Windows\system32\iedkcs32.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\ieapfltr.dll
2018-02-26 08:34:26 ----A---- C:\Windows\system32\ie4uinit.exe
2018-02-26 08:29:28 ----A---- C:\Windows\system32\drivers\IMFCameraProtect.sys
2018-02-26 01:50:00 ----D---- C:\Users\jes\AppData\Roaming\www.shadowexplorer.com
2018-02-26 01:09:31 ----D---- C:\Users\jes\AppData\Roaming\tox
2018-02-25 23:38:53 ----A---- C:\Windows\SYSWOW64\svchost.exe
2018-02-25 22:44:42 ----D---- C:\Users\jes\AppData\Roaming\ESET
2018-02-25 22:34:34 ----D---- C:\ProgramData\ESET
2018-02-25 22:34:34 ----D---- C:\Program Files\ESET
2018-02-25 20:41:19 ----D---- C:\Windows\SYSWOW64\sxltruwn
2018-02-25 20:39:54 ----D---- C:\ProgramData\save
2018-02-25 20:39:32 ----D---- C:\Users\jes\AppData\Roaming\1337
2018-02-20 22:00:42 ----A---- C:\ProgramData\unins000.dat
2018-02-20 22:00:22 ----A---- C:\ProgramData\unins000.exe
2018-02-15 20:42:38 ----D---- C:\Users\jes\AppData\Roaming\Mozilla
2018-02-15 20:35:18 ----D---- C:\Users\jes\AppData\Roaming\Smart Application Controller
2018-02-14 09:22:56 ----A---- C:\Windows\system32\win32k.sys
2018-02-14 09:22:56 ----A---- C:\Windows\system32\ntoskrnl.exe
2018-02-14 09:22:55 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2018-02-14 09:22:55 ----A---- C:\Windows\system32\xpsrchvw.exe
2018-02-14 09:22:55 ----A---- C:\Windows\system32\ntdll.dll
2018-02-14 09:22:55 ----A---- C:\Windows\system32\drivers\tcpip.sys
2018-02-14 09:22:54 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2018-02-14 09:22:53 ----A---- C:\Windows\system32\schannel.dll
2018-02-14 09:22:53 ----A---- C:\Windows\system32\rpcrt4.dll
2018-02-14 09:22:53 ----A---- C:\Windows\system32\lsasrv.dll
2018-02-14 09:22:53 ----A---- C:\Windows\system32\kerberos.dll
2018-02-14 09:22:53 ----A---- C:\Windows\system32\crypt32.dll
2018-02-14 09:22:52 ----A---- C:\Windows\SYSWOW64\xpsrchvw.exe
2018-02-14 09:22:52 ----A---- C:\Windows\SYSWOW64\schannel.dll
2018-02-14 09:22:52 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2018-02-14 09:22:52 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2018-02-14 09:22:52 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2018-02-14 09:22:52 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2018-02-14 09:22:52 ----A---- C:\Windows\system32\msv1_0.dll
2018-02-14 09:22:52 ----A---- C:\Windows\system32\KernelBase.dll
2018-02-14 09:22:52 ----A---- C:\Windows\system32\kernel32.dll
2018-02-14 09:22:52 ----A---- C:\Windows\system32\advapi32.dll
2018-02-14 09:22:51 ----A---- C:\Windows\SYSWOW64\WinSCard.dll
2018-02-14 09:22:51 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2018-02-14 09:22:51 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2018-02-14 09:22:51 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2018-02-14 09:22:51 ----A---- C:\Windows\system32\wisptis.exe
2018-02-14 09:22:51 ----A---- C:\Windows\system32\WinSCard.dll
2018-02-14 09:22:51 ----A---- C:\Windows\system32\rpchttp.dll
2018-02-14 09:22:51 ----A---- C:\Windows\system32\ncrypt.dll
2018-02-14 09:22:51 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2018-02-14 09:22:51 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2018-02-14 09:22:51 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2018-02-14 09:22:51 ----A---- C:\Windows\system32\clfs.sys
2018-02-14 09:22:51 ----A---- C:\Windows\system32\certcli.dll
2018-02-14 09:22:51 ----A---- C:\Windows\system32\cdosys.dll
2018-02-14 09:22:50 ----A---- C:\Windows\SYSWOW64\t2embed.dll
2018-02-14 09:22:50 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2018-02-14 09:22:50 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2018-02-14 09:22:50 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2018-02-14 09:22:50 ----A---- C:\Windows\SYSWOW64\cdosys.dll
2018-02-14 09:22:50 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\wow64win.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\wow64.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\winsrv.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\wdigest.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\TSpkg.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\t2embed.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\srcore.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\hal.dll
2018-02-14 09:22:50 ----A---- C:\Windows\system32\drivers\netio.sys
2018-02-14 09:22:50 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2018-02-14 09:22:50 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2018-02-14 09:22:50 ----A---- C:\Windows\system32\adtschema.dll
2018-02-14 09:22:49 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2018-02-14 09:22:49 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2018-02-14 09:22:49 ----A---- C:\Windows\SYSWOW64\StructuredQuery.dll
2018-02-14 09:22:49 ----A---- C:\Windows\SYSWOW64\certcli.dll
2018-02-14 09:22:49 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2018-02-14 09:22:49 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2018-02-14 09:22:49 ----A---- C:\Windows\system32\TabSvc.dll
2018-02-14 09:22:49 ----A---- C:\Windows\system32\StructuredQuery.dll
2018-02-14 09:22:49 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2018-02-14 09:22:49 ----A---- C:\Windows\system32\drivers\hidparse.sys
2018-02-14 09:22:49 ----A---- C:\Windows\system32\drivers\hidclass.sys
2018-02-14 09:22:49 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2018-02-14 09:22:49 ----A---- C:\Windows\system32\drivers\appid.sys
2018-02-14 09:22:49 ----A---- C:\Windows\system32\csrsrv.dll
2018-02-14 09:22:49 ----A---- C:\Windows\system32\conhost.exe
2018-02-14 09:22:49 ----A---- C:\Windows\system32\bcrypt.dll
2018-02-14 09:22:49 ----A---- C:\Windows\system32\appidsvc.dll
2018-02-14 09:22:49 ----A---- C:\Windows\system32\appidapi.dll
2018-02-14 09:22:48 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-02-14 09:22:48 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\srclient.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\setup16.exe
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\secur32.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\credssp.dll
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2018-02-14 09:22:48 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\sspisrv.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\sspicli.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\srclient.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\smss.exe
2018-02-14 09:22:48 ----A---- C:\Windows\system32\setbcdlocale.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\secur32.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\rstrui.exe
2018-02-14 09:22:48 ----A---- C:\Windows\system32\ntvdm64.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\msaudite.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\lsass.exe
2018-02-14 09:22:48 ----A---- C:\Windows\system32\fontsub.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\drivers\hidusb.sys
2018-02-14 09:22:48 ----A---- C:\Windows\system32\cryptbase.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\credssp.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\auditpol.exe
2018-02-14 09:22:48 ----A---- C:\Windows\system32\atmfd.dll
2018-02-14 09:22:48 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-02-14 09:22:47 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-02-14 09:22:47 ----A---- C:\Windows\SYSWOW64\wow32.dll
2018-02-14 09:22:47 ----A---- C:\Windows\SYSWOW64\instnm.exe
2018-02-14 09:22:47 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2018-02-14 09:22:47 ----A---- C:\Windows\system32\wow64cpu.dll
2018-02-14 09:22:47 ----A---- C:\Windows\system32\apisetschema.dll
2018-02-14 09:22:46 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2018-02-14 09:22:46 ----A---- C:\Windows\SYSWOW64\user.exe
2018-02-14 09:22:46 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2018-02-14 09:22:46 ----A---- C:\Windows\SYSWOW64\lpk.dll
2018-02-14 09:22:46 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2018-02-14 09:22:46 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2018-02-14 09:22:46 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2018-02-14 09:22:46 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2018-02-14 09:22:46 ----A---- C:\Windows\system32\wintrust.dll
2018-02-14 09:22:46 ----A---- C:\Windows\system32\msobjs.dll
2018-02-14 09:22:46 ----A---- C:\Windows\system32\lpk.dll
2018-02-14 09:22:46 ----A---- C:\Windows\system32\dciman32.dll
2018-02-14 09:22:46 ----A---- C:\Windows\system32\cryptsvc.dll
2018-02-14 09:22:46 ----A---- C:\Windows\system32\cryptnet.dll
2018-02-14 09:22:46 ----A---- C:\Windows\system32\atmlib.dll
2018-02-14 09:21:18 ----A---- C:\Windows\system32\generaltel.dll
2018-02-14 09:21:18 ----A---- C:\Windows\system32\appraiser.dll
2018-02-14 09:21:18 ----A---- C:\Windows\system32\aeinv.dll
2018-02-14 09:21:17 ----A---- C:\Windows\system32\invagent.dll
2018-02-14 09:21:17 ----A---- C:\Windows\system32\devinv.dll
2018-02-14 09:21:17 ----A---- C:\Windows\system32\CompatTelRunner.exe
2018-02-14 09:21:17 ----A---- C:\Windows\system32\centel.dll
2018-02-14 09:21:17 ----A---- C:\Windows\system32\aitstatic.exe
2018-02-14 09:21:17 ----A---- C:\Windows\system32\aepic.dll
2018-02-14 09:21:17 ----A---- C:\Windows\system32\acmigration.dll
====== List of files/folders modified in the last 1 month ======
2018-02-28 14:51:59 ----D---- C:\Windows\Registration
2018-02-28 14:51:40 ----D---- C:\Windows\Temp
2018-02-28 14:50:17 ----D---- C:\Windows\system32\config
2018-02-28 14:49:18 ----HD---- C:\ProgramData
2018-02-28 14:15:54 ----SHD---- C:\Windows\Installer
2018-02-28 14:15:54 ----D---- C:\Windows\system32\Tasks
2018-02-28 10:39:33 ----D---- C:\Windows
2018-02-28 10:36:01 ----D---- C:\Windows\System32
2018-02-28 10:36:01 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-02-28 10:36:00 ----D---- C:\Windows\inf
2018-02-28 00:25:12 ----D---- C:\ProgramData\IObit
2018-02-28 00:25:01 ----D---- C:\Users\jes\AppData\Roaming\IObit
2018-02-27 00:26:39 ----RD---- C:\Program Files
2018-02-26 23:09:27 ----D---- C:\ProgramData\ProductData
2018-02-26 19:57:02 ----D---- C:\Users\jes\AppData\Roaming\vlc
2018-02-26 19:56:13 ----D---- C:\smazat
2018-02-26 19:55:46 ----D---- C:\Windows\Prefetch
2018-02-26 18:18:44 ----RD---- C:\Program Files (x86)
2018-02-26 18:13:46 ----SHD---- C:\System Volume Information
2018-02-26 18:01:30 ----D---- C:\Windows\winsxs
2018-02-26 17:59:13 ----D---- C:\Windows\SYSWOW64\en-US
2018-02-26 17:59:13 ----D---- C:\Windows\SYSWOW64\cs-CZ
2018-02-26 17:59:13 ----D---- C:\Windows\SysWOW64
2018-02-26 17:59:13 ----D---- C:\Windows\system32\en-US
2018-02-26 17:59:13 ----D---- C:\Windows\system32\cs-CZ
2018-02-26 17:59:13 ----D---- C:\Program Files\Internet Explorer
2018-02-26 17:59:13 ----D---- C:\Program Files (x86)\Internet Explorer
2018-02-26 14:22:38 ----D---- C:\Windows\rescache
2018-02-26 09:27:44 ----D---- C:\Windows\system32\catroot
2018-02-26 09:26:59 ----D---- C:\Windows\system32\drivers
2018-02-26 09:12:38 ----D---- C:\Windows\system32\DriverStore
2018-02-26 08:38:23 ----D---- C:\Windows\twain_32
2018-02-26 08:38:23 ----D---- C:\Program Files (x86)\epson
2018-02-26 08:37:55 ----D---- C:\ProgramData\EPSON
2018-02-26 08:37:08 ----D---- C:\Windows\Tasks
2018-02-26 08:34:16 ----D---- C:\Windows\system32\catroot2
2018-02-26 08:28:43 ----D---- C:\Program Files (x86)\IObit
2018-02-25 21:50:31 ----SD---- C:\Users\jes\AppData\Roaming\Microsoft
2018-02-25 21:06:39 ----SHD---- C:\found.000
2018-02-25 20:59:58 ----RD---- C:\Users
2018-02-25 20:59:57 ----SHD---- C:\boot
2018-02-25 20:41:58 ----SHD---- C:\$Recycle.Bin
2018-02-24 09:48:46 ----D---- C:\Windows\SoftwareDistribution
2018-02-24 09:45:44 ----D---- C:\Windows\debug
2018-02-21 16:32:42 ----D---- C:\Program Files (x86)\Opera
2018-02-15 23:18:11 ----D---- C:\Temp
2018-02-15 20:35:46 ----HD---- C:\Windows\system32\GroupPolicy
2018-02-14 18:59:21 ----D---- C:\Windows\Microsoft.NET
2018-02-14 16:21:10 ----D---- C:\Windows\AppPatch
2018-02-14 16:21:09 ----D---- C:\Windows\system32\Boot
2018-02-14 16:21:09 ----D---- C:\Windows\system32\appraiser
2018-02-14 09:44:03 ----D---- C:\Windows\system32\MRT
2018-02-14 09:41:09 ----AC---- C:\Windows\system32\MRT-KB890830.exe
2018-02-14 09:40:58 ----AC---- C:\Windows\system32\MRT.exe
2018-02-14 09:37:42 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2018-02-14 09:36:28 ----D---- C:\ProgramData\Microsoft Help
2018-02-14 09:35:43 ----A---- C:\Windows\win.ini
2018-02-06 18:16:28 ----D---- C:\Program Files (x86)\Common Files
2018-02-06 18:09:17 ----D---- C:\Program Files\Java
2018-02-06 18:05:35 ----A---- C:\Windows\system32\WindowsAccessBridge-64.dll
File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed
====== List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======
R0 diskbckp;Disk Backup Monitor Filter Driver; C:\Windows\system32\drivers\diskbckp.sys [2017-07-10 45368]
R0 edevmon;edevmon; C:\Windows\system32\DRIVERS\edevmon.sys [2018-01-19 107328]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2018-01-01 213736]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2018-01-19 134368]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2018-01-19 180088]
R1 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2018-01-19 81880]
R1 EpfwLWF;ESET Firewall; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2018-01-19 61040]
R1 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2018-01-19 106304]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2017-09-13 27552]
R1 IMFCameraProtect;IMFCameraProtect; \??\C:\Windows\system32\drivers\IMFCameraProtect.sys [2017-04-06 26272]
R2 ekbdflt;ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [2018-01-19 50744]
R2 gzflt;gzflt; C:\Windows\system32\DRIVERS\gzflt.sys [2016-10-27 183576]
R3 AmUStor;Al USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2018-01-05 90560]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2017-09-13 10629408]
R3 IMFDownProtect;IMFDownProtect; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFDownProtect.sys [2017-03-08 21360]
R3 IMFForceDelete;IMFForceDelete; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFForceDelete.sys [2017-07-03 16216]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2017-09-13 5826560]
R3 IUFileFilter;IUFileFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [2017-06-06 21928]
R3 IURegProcessFilter;IURegProcessFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegProcessFilter.sys [2018-01-11 22416]
R3 mod7700;DiBcom based TV tuner device; C:\Windows\system32\DRIVERS\mod7700.sys [2007-07-13 620040]
R3 MODRC;DiBcom Infrared Receiver; C:\Windows\system32\DRIVERS\modrc.sys [2007-07-13 24200]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2018-01-05 1077728]
R3 vDisk;Disk Master Enumerator; C:\Windows\system32\DRIVERS\vDisk.sys [2017-07-10 256312]
S1 ZAM;ZAM Helper Driver; \??\C:\Windows\System32\drivers\zam64.sys []
S1 ZAM_Guard;ZAM Guard Driver; \??\C:\Windows\System32\drivers\zamguard64.sys []
S3 cpuz143;cpuz143; \??\C:\Windows\temp\cpuz143\cpuz143_x64.sys [2018-02-28 48960]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 IMFFilter;IMFFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\IMFFilter.sys [2016-12-22 22440]
S3 iobit_monitor_server;iobit_monitor_server; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win7_x64.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RegFilter;RegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2016-11-03 34752]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 Trufos;Trufos; C:\Windows\system32\DRIVERS\TRUFOS.sys [2016-12-05 520032]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 usbser;USB RS-232 Emulation Driver; C:\Windows\system32\DRIVERS\USBSER.sys [2013-08-29 33280]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 wdm_usb;wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [2016-08-16 159936]
S3 WinUsb;Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
====== List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-02-09 83984]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll" = %SystemRoot%\system32\diagtrack.dll
R2 DmAgent;Disk Master Agent; C:\Program Files\QILING\Disk Master\DmAgent.exe [2017-07-10 67384]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Security\ekrn.exe [2017-12-18 1940584]
R2 IMFservice;IMF Service; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2018-01-08 1770784]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 Net Driver HPZ12;Net Driver HPZ12; %SystemRoot%\System32\svchost.exe -k HPZ12;"ServiceDll" = C:\Windows\system32\HPZinw12.dll
R2 Pml Driver HPZ12;Pml Driver HPZ12; %SystemRoot%\System32\svchost.exe -k HPZ12;"ServiceDll" = C:\Windows\system32\HPZipm12.dll
R2 TeamViewer;TeamViewer 12; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2017-05-23 10884848]
R2 VssProvider;VssProvider; C:\Windows\system32\dllhost.exe [2009-07-14 9728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-04-21 107656]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-04-21 128648]
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-19 153168]
S2 IObitUnSvr;IObit Uninstaller Service; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [2018-01-25 206096]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-19 153168]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2018-02-26 116224]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\system32\storsvc.dll
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\umrdp.dll
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2017-07-27 1255736]
S4 AppMgmt;@appmgmts.dll,-3250; %SystemRoot%\system32\svchost.exe -k netsvcs;"ServiceDll" = %SystemRoot%\System32\appmgmts.dll
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-04-21 52856]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\cscsvc.dll
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; %SystemRoot%\System32\svchost.exe -k PeerDist;"ServiceDll" = %SystemRoot%\system32\peerdistsvc.dll
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 119428
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zakodování některých souboru - koncovka GDCB
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zakodování některých souboru - koncovka GDCB
Děkuji za pomoc. System se tváří funkčně. Ještě jestli můžu nějaké připomínky napíšu soukromě do mailu.
S pozdravem Víťa
S pozdravem Víťa
-
Rudy
- Site Admin
- Příspěvky: 119428
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zakodování některých souboru - koncovka GDCB
OK a nemáte zač! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?