Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o kontrolu nalezeni trojani pomocí MAMB

Patříte mezi Vzorné návštěvníky? Pak je tato sekce pro vás.

Moderátor: Moderátoři

Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Zamčeno
Zpráva
Autor
honzikuh
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 328
Registrován: 20 říj 2007 12:11

Prosím o kontrolu nalezeni trojani pomocí MAMB

#1 Příspěvek od honzikuh »

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 17.3.2018
Čas skenování: 11:49
Protokol: sken.txt
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2018.03.17.02
Databáze rootkitů: v2018.03.08.03
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 10
CPU: x64
Souborový systém: NTFS
Uživatel: Honza

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 253941
Uplynulý čas: 30 min, 10 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 2
PUP.Optional.VideoAdBlockerPlus, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\hegneaniplmfjcmohoclabblbahcbjoe, , [96c044c99226d165a2fd2093748c3dc3],
PUP.Optional.VideoAdBlockerPlus, HKU\S-1-5-21-1255607191-696459066-793434616-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\hegneaniplmfjcmohoclabblbahcbjoe, , [93c35db03385a4922f0d6e4497696e92],

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 16
Adware.ChinAd, C:\Users\Public\QiYi, , [58fee8254a6eb086024152907e82926e],
Adware.ChinAd, C:\Users\Public\QiYi\QiyiHCDN, , [58fee8254a6eb086024152907e82926e],
Adware.ChinAd, C:\Users\Public\QiYi\QiyiHCDN\App, , [58fee8254a6eb086024152907e82926e],
Adware.ChinAd, C:\Users\Public\QiYi\QiyiHCDN\Config, , [58fee8254a6eb086024152907e82926e],
Adware.ChinAd, C:\Users\Public\QiYi\QiyiHCDN\Config\FDSCache, , [58fee8254a6eb086024152907e82926e],
Adware.ChinAd, C:\Users\Public\QiYi\QiyiHCDN\Data, , [58fee8254a6eb086024152907e82926e],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\js\api, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\js\lib, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\js\lib\popupResource, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\userCode, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\icons, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\icons\actions, , [2f27010cc9ef072f906e22943bc6c040],

Soubory: 92
Adware.ChinAd, C:\Users\Public\QiYi\QiyiHCDN\Config\PD.ini, , [58fee8254a6eb086024152907e82926e],
Adware.ChinAd, C:\Users\Public\QiYi\QiyiHCDN\Config\PowerPlayer.ini, , [58fee8254a6eb086024152907e82926e],
Adware.ChinAd, C:\Users\Public\QiYi\QiyiHCDN\Config\PSNetwork.ini, , [58fee8254a6eb086024152907e82926e],
Adware.ChinAd, C:\Users\Public\QiYi\QiyiHCDN\Config\FDSCache\vodservercfg.blf, , [58fee8254a6eb086024152907e82926e],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\js\a52ba617f832ace2f089edda1cdf5ba3.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\js\ffe595d752b035f530eae596e6883c87.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\js\main.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\js\api\0d2060e802ab2779a20298c786776781.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\js\api\25e87f5f91330b84404e8b96b7e0929e.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\js\api\2f269e1bddbbac289c7d65075d5d85df.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\js\api\a34709f367920e7804065bb902928a6c.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\js\api\f13679cdd60037cb5434022ac00f9d52.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\js\api\pageAction.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\js\lib\19f9ffc2342cdebe92ba0432fbe29e93.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\js\lib\49601a60cbee1c6da4a066e6cb786678.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\js\lib\4d63c06f62869bb682f48d678d76df4c.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\js\lib\589e707b5f31de408cd1d4215a24f563.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\js\lib\61856e20ad2847c6611e8a720bdf348c.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\js\lib\61aec40e5949e07c8186fcf3947c2b5b.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\js\lib\704ee9ef4c79af9b953790d6dfb56d8e.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\js\lib\730ed299035e3e1f70bd843f358321ab.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\js\lib\7db2caf814756269cc7285a75c82135d.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\js\lib\7e689081b2a55e25b34d13c4c25d855f.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\js\lib\8f6bcf07a20e420c5a5fe9a45a12bc29.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\js\lib\9cd67cb1f033b1800dceeece280eea0a.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\js\lib\app_api.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\js\lib\b5e314d64b74134a465987c2e16be896.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\js\lib\fa05d160a74a95d40a14a76dea690d30.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\js\lib\installer.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\js\lib\popupResource\newPopup.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\js\lib\popupResource\popup.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\background.html, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\chromeCoreFilesIndex.txt, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\manifest.json, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\popup.html, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\Settings.json, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\manifest.xml, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins.json, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\273.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\102.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\119.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\13.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\14.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\17.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\178.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\179.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\180.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\184.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\19.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\195.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\200.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\220.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\223.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\231.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\232.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\234.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\242.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\246.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\252.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\253.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\262.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\263.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\281.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\288.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\289.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\300.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\335.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\339.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\345.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\354.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\356.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\376.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\380.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\385.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\389.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\390.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\391.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\4.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\424.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\47.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\64.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\7.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\78.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\80.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\9.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\91.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\plugins\97.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\extensionData\userCode\extension.js, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\icons\icon128.png, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\icons\icon16.png, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\icons\icon48.png, , [2f27010cc9ef072f906e22943bc6c040],
Adware.CrossRider.Generic, C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.93_0\icons\actions\1.png, , [2f27010cc9ef072f906e22943bc6c040],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)





Logfile of random's system information tool 1.10 (written by random/random)
Run by Honza at 2018-03-17 12:28:33
Microsoft Windows 10 Pro
System drive C: has 32 GB (15%) free of 205 GB
Total RAM: 8190 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:28:36, on 17.3.2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.16299.0015)
Boot mode: Normal

Running processes:
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Users\Honza\AppData\Local\Skillbrains\lightshot\5.1.4.41\Lightshot.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\trend micro\Honza.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
O4 - HKLM\..\Run: [iSkysoft Helper Compact.exe] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [EPSON Stylus DX6000] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_S9473.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKCU\..\Run: [LightShot] C:\Users\Honza\AppData\Local\Skillbrains\lightshot\Lightshot.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [World of Tanks] "C:\Games\World_of_Tanks\WargamingGameUpdater.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Honza\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Startup: MEGAsync.lnk = Honza\AppData\Local\MEGAsync\MEGAsync.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SInstalátor (ssinstall) - PS Media s.r.o. - C:\WINDOWS\SysWoW64\ssins.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)

--
End of file - 10050 bytes

======Listing Processes======







C:\WINDOWS\system32\lsass.exe
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-d2d97a2b-5851-4bf4-8303-3cd23d4dddc4 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-8ed20298-2a34-4e9c-890d-633aaee8ad04 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-d126d8db-f6b6-4398-91d8-51dad6904108 -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-e76b0980-2fce-49b1-92be-b8f76e82ad67 -LifetimeId:b6eee76c-b6b8-4b64-b284-31fe4dccd7c6 -DeviceGroupId:WudfDefaultDevicePool
"fontdrvhost.exe"
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
c:\windows\system32\svchost.exe -k localservice -p -s bthserv
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s hidserv
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
C:\WINDOWS\system32\atiesrxx.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
c:\windows\system32\svchost.exe -k localservice -p -s SEMgrSvc
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
dashost.exe {ddb73485-d38a-4ddd-81d96c6edd490ec5}
c:\windows\system32\svchost.exe -k localservice -p -s nsi
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s CscService
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV

C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
"C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE"
C:\WINDOWS\SysWoW64\ssins.exe
"C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe"
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s FDResPub
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\windows\system32\svchost.exe -k networkservice -p -s TapiSrv
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc


c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Browser
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService

C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe"
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc

C:\WINDOWS\System32\WinLogon.exe -SpecialSession
"fontdrvhost.exe"
"dwm.exe"
atieclxx
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
C:\WINDOWS\Explorer.EXE
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
"ctfmon.exe"
C:\WINDOWS\system32\SettingSyncHost.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\Windows Defender\MSASCuiL.exe"
"C:\Program Files\WinFast\WFDTV\WFWIZ.exe"
"C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe" atlogon
"C:\Users\Honza\AppData\Local\Skillbrains\lightshot\5.1.4.41\Lightshot.exe"
"C:\Program Files\WinFast\WFDTV\DTVSchdl.exe"
c:\windows\system32\svchost.exe -k unistacksvcgroup
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Honza\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Honza\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=64.0.3282.186 --initial-client-data=0x1d8,0x1dc,0x1e0,0x1d4,0x1e4,0x7ff91d1b2050,0x7ff91d1b2060,0x7ff91d1b2070
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=5448 --on-initialized-event-handle=648 --parent-handle=652 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1444,341222909211615830,2680637839337975987,131072 --gpu-preferences=GAAAAAAAAAAABwAAAQAAAAAAAAAAAGAA --gpu-vendor-id=0x1002 --gpu-device-id=0x6819 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=22.19.677.257 --gpu-driver-date=9-22-2017 --service-request-channel-token=7CF1D4B4260B1ECB9AB83BAF1535D81F --mojo-platform-channel-handle=1476 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1444,341222909211615830,2680637839337975987,131072 --service-pipe-token=CFCAA95DA4B4A740751C05DFE334481A --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --service-request-channel-token=CFCAA95DA4B4A740751C05DFE334481A --renderer-client-id=3 --mojo-platform-channel-handle=2100 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1444,341222909211615830,2680637839337975987,131072 --service-pipe-token=1B5EEB57573598FDBC61E3EB4DD4654F --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --service-request-channel-token=1B5EEB57573598FDBC61E3EB4DD4654F --renderer-client-id=4 --mojo-platform-channel-handle=3104 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1444,341222909211615830,2680637839337975987,131072 --service-pipe-token=08EE695A64128D0AC8D08A7085251540 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --service-request-channel-token=08EE695A64128D0AC8D08A7085251540 --renderer-client-id=14 --mojo-platform-channel-handle=2368 /prefetch:1
C:\WINDOWS\system32\AUDIODG.EXE 0x624
C:\WINDOWS\system32\svchost.exe -k appmodel -p -s tiledatamodelsvc
c:\windows\system32\svchost.exe -k netsvcs -p -s BITS
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe42_ Global\UsGthrCtrlFltPipeMssGthrPipe42 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 736 744 752 8192 748
C:\Windows\System32\smartscreen.exe -Embedding
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s wlidsvc
"C:\Users\Honza\Desktop\RSITx64.exe"
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost

======Scheduled tasks folder======

C:\WINDOWS\tasks\Wise Care 365.job - C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe -StartTray
C:\WINDOWS\tasks\Wise Turbo Checker.job - C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\lbre7z8q.default-1470848245978

prefs.js - "browser.startup.homepage" - "http://www.thesettlersonline.cz/cs/domo ... r%C3%A1nka"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 29.0.0.113 Plugin
"Path"=C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.25.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@rising.com.cn/nprising]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 29.0.0.113 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll


C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\lbre7z8q.default-1470848245978\extensions\
{ea614400-e918-4741-9a97-7a972ff7c30b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-12 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-12 172968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\Program Files\Windows Defender\MSASCuiL.exe [2017-09-29 630168]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2017-06-29 18381792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"=C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2018-01-29 41100328]
"EPSON Stylus DX6000"=C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIBIE.EXE [2007-10-05 213504]
"WinFast Schedule"=C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2013-01-09 2916352]
"LightShot"=C:\Users\Honza\AppData\Local\Skillbrains\lightshot\Lightshot.exe [2014-11-18 226560]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2017-02-08 27427808]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-09-28 8944344]
"World of Tanks"=C:\Games\World_of_Tanks\WargamingGameUpdater.exe [2017-02-28 3135752]
"OneDrive"=C:\Users\Honza\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2018-03-14 1559200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneDrive]
C:\Users\Honza\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2018-03-14 1559200]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"iSkysoft Helper Compact.exe"=C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2014-08-05 2014208]
"WinFastDTV"=C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [2015-01-29 103936]
"ArcSoft Connection Service"=C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2009-02-06 170496]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-09-13 59720]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2015-11-04 767176]
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]

C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MEGAsync.lnk - C:\Users\Honza\AppData\Local\MEGAsync\MEGAsync.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"EnableFullTrustStartupTasks"=2
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"VIDC.RTV1"=rtvcvfw64.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2018-03-14 17:50:33 ----HD---- C:\OneDriveTemp
2018-03-14 05:32:01 ----A---- C:\WINDOWS\SYSWOW64\EdgeManager.dll
2018-03-14 05:32:01 ----A---- C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-03-14 05:32:00 ----A---- C:\WINDOWS\SYSWOW64\usoapi.dll
2018-03-14 05:32:00 ----A---- C:\WINDOWS\SYSWOW64\msIso.dll
2018-03-14 05:32:00 ----A---- C:\WINDOWS\SYSWOW64\IndexedDbLegacy.dll
2018-03-14 05:32:00 ----A---- C:\WINDOWS\SYSWOW64\edgeIso.dll
2018-03-14 05:32:00 ----A---- C:\WINDOWS\SYSWOW64\AcSpecfc.dll
2018-03-14 05:32:00 ----A---- C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-03-14 05:31:59 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Protection.PlayReady.dll
2018-03-14 05:31:59 ----A---- C:\WINDOWS\SYSWOW64\webplatstorageserver.dll
2018-03-14 05:31:59 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2018-03-14 05:31:58 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2018-03-14 05:31:57 ----A---- C:\WINDOWS\SYSWOW64\jscript9diag.dll
2018-03-14 05:31:57 ----A---- C:\WINDOWS\SYSWOW64\jscript.dll
2018-03-14 05:31:57 ----A---- C:\WINDOWS\system32\drivers\dxgmms1.sys
2018-03-14 05:31:56 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2018-03-14 05:31:56 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2018-03-14 05:31:56 ----A---- C:\WINDOWS\system32\drivers\USBXHCI.SYS
2018-03-14 05:31:56 ----A---- C:\WINDOWS\system32\drivers\dumpsd.sys
2018-03-14 05:31:55 ----A---- C:\WINDOWS\SYSWOW64\win32kfull.sys
2018-03-14 05:31:55 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2018-03-14 05:31:55 ----A---- C:\WINDOWS\system32\drivers\hidparse.sys
2018-03-14 05:31:54 ----A---- C:\WINDOWS\system32\rdpudd.dll
2018-03-14 05:31:54 ----A---- C:\WINDOWS\system32\drivers\volmgr.sys
2018-03-14 05:31:54 ----A---- C:\WINDOWS\system32\drivers\storahci.sys
2018-03-14 05:31:54 ----A---- C:\WINDOWS\system32\drivers\sdbus.sys
2018-03-14 05:31:54 ----A---- C:\WINDOWS\system32\drivers\dxgmms2.sys
2018-03-14 05:31:54 ----A---- C:\WINDOWS\system32\drivers\acpi.sys
2018-03-14 05:31:53 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2018-03-14 05:31:53 ----A---- C:\WINDOWS\system32\drivers\wcifs.sys
2018-03-14 05:31:53 ----A---- C:\WINDOWS\system32\drivers\USBHUB3.SYS
2018-03-14 05:31:53 ----A---- C:\WINDOWS\system32\drivers\storufs.sys
2018-03-14 05:31:53 ----A---- C:\WINDOWS\system32\drivers\pci.sys
2018-03-14 05:31:53 ----A---- C:\WINDOWS\system32\drivers\BasicRender.sys
2018-03-14 05:31:52 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2018-03-14 05:31:52 ----A---- C:\WINDOWS\system32\jscript9.dll
2018-03-14 05:31:51 ----A---- C:\WINDOWS\SYSWOW64\Windows.Data.Pdf.dll
2018-03-14 05:31:51 ----A---- C:\WINDOWS\SYSWOW64\dbgeng.dll
2018-03-14 05:31:51 ----A---- C:\WINDOWS\system32\vbscript.dll
2018-03-14 05:31:51 ----A---- C:\WINDOWS\system32\samsrv.dll
2018-03-14 05:31:51 ----A---- C:\WINDOWS\system32\drivers\stornvme.sys
2018-03-14 05:31:51 ----A---- C:\WINDOWS\system32\DbgModel.dll
2018-03-14 05:31:50 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2018-03-14 05:31:50 ----A---- C:\WINDOWS\SYSWOW64\KernelBase.dll
2018-03-14 05:31:50 ----A---- C:\WINDOWS\SYSWOW64\d3d10warp.dll
2018-03-14 05:31:50 ----A---- C:\WINDOWS\system32\edgeIso.dll
2018-03-14 05:31:50 ----A---- C:\WINDOWS\system32\drivers\UcmUcsi.sys
2018-03-14 05:31:50 ----A---- C:\WINDOWS\system32\drivers\srv2.sys
2018-03-14 05:31:49 ----A---- C:\WINDOWS\system32\win32kfull.sys
2018-03-14 05:31:49 ----A---- C:\WINDOWS\system32\win32kbase.sys
2018-03-14 05:31:49 ----A---- C:\WINDOWS\system32\StorSvc.dll
2018-03-14 05:31:49 ----A---- C:\WINDOWS\system32\iertutil.dll
2018-03-14 05:31:48 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2018-03-14 05:31:48 ----A---- C:\WINDOWS\system32\ieframe.dll
2018-03-14 05:31:47 ----A---- C:\WINDOWS\system32\jscript9diag.dll
2018-03-14 05:31:47 ----A---- C:\WINDOWS\system32\jscript.dll
2018-03-14 05:31:47 ----A---- C:\WINDOWS\system32\Chakra.dll
2018-03-14 05:31:46 ----A---- C:\WINDOWS\SYSWOW64\winmde.dll
2018-03-14 05:31:46 ----A---- C:\WINDOWS\SYSWOW64\msvproc.dll
2018-03-14 05:31:46 ----A---- C:\WINDOWS\SYSWOW64\mfplat.dll
2018-03-14 05:31:46 ----A---- C:\WINDOWS\system32\rdpcorets.dll
2018-03-14 05:31:46 ----A---- C:\WINDOWS\system32\lsasrv.dll
2018-03-14 05:31:46 ----A---- C:\WINDOWS\system32\hvloader.dll
2018-03-14 05:31:46 ----A---- C:\WINDOWS\system32\hvax64.exe
2018-03-14 05:31:46 ----A---- C:\WINDOWS\system32\drivers\vmbus.sys
2018-03-14 05:31:46 ----A---- C:\WINDOWS\system32\drivers\spaceport.sys
2018-03-14 05:31:46 ----A---- C:\WINDOWS\system32\drivers\netvsc.sys
2018-03-14 05:31:46 ----A---- C:\WINDOWS\system32\drivers\msiscsi.sys
2018-03-14 05:31:46 ----A---- C:\WINDOWS\system32\dbgeng.dll
2018-03-14 05:31:45 ----A---- C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-03-14 05:31:45 ----A---- C:\WINDOWS\system32\d3d10warp.dll
2018-03-14 05:31:44 ----A---- C:\WINDOWS\system32\wininet.dll
2018-03-14 05:31:44 ----A---- C:\WINDOWS\system32\KernelBase.dll
2018-03-14 05:31:44 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2018-03-14 05:31:44 ----A---- C:\WINDOWS\system32\drivers\bthport.sys
2018-03-14 05:31:44 ----A---- C:\WINDOWS\system32\AcSpecfc.dll
2018-03-14 05:31:43 ----A---- C:\WINDOWS\system32\msIso.dll
2018-03-14 05:31:43 ----A---- C:\WINDOWS\system32\drivers\WdiWiFi.sys
2018-03-14 05:31:43 ----A---- C:\WINDOWS\system32\drivers\nwifi.sys
2018-03-14 05:31:42 ----A---- C:\WINDOWS\system32\mshtml.dll
2018-03-14 05:31:41 ----A---- C:\WINDOWS\system32\winmde.dll
2018-03-14 05:31:41 ----A---- C:\WINDOWS\system32\msvproc.dll
2018-03-14 05:31:41 ----A---- C:\WINDOWS\system32\mfplat.dll
2018-03-14 05:31:41 ----A---- C:\WINDOWS\system32\hvix64.exe
2018-03-14 05:31:41 ----A---- C:\WINDOWS\system32\edgehtml.dll
2018-03-14 05:31:41 ----A---- C:\WINDOWS\system32\drivers\vhdmp.sys
2018-03-14 05:31:40 ----A---- C:\WINDOWS\SYSWOW64\wintrust.dll
2018-03-14 05:31:39 ----A---- C:\WINDOWS\SYSWOW64\zipfldr.dll
2018-03-14 05:31:39 ----A---- C:\WINDOWS\SYSWOW64\rpcrt4.dll
2018-03-14 05:31:39 ----A---- C:\WINDOWS\system32\wintrust.dll
2018-03-14 05:31:39 ----A---- C:\WINDOWS\system32\winsrv.dll
2018-03-14 05:31:39 ----A---- C:\WINDOWS\system32\windows.storage.dll
2018-03-14 05:31:39 ----A---- C:\WINDOWS\system32\pcalua.exe
2018-03-14 05:31:38 ----A---- C:\WINDOWS\SYSWOW64\daxexec.dll
2018-03-14 05:31:38 ----A---- C:\WINDOWS\system32\zipfldr.dll
2018-03-14 05:31:38 ----A---- C:\WINDOWS\system32\shell32.dll
2018-03-14 05:31:38 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2018-03-14 05:31:38 ----A---- C:\WINDOWS\system32\aitstatic.exe
2018-03-14 05:31:37 ----A---- C:\WINDOWS\SYSWOW64\windows.storage.dll
2018-03-14 05:31:37 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2018-03-14 05:31:36 ----A---- C:\WINDOWS\system32\HologramCompositor.dll
2018-03-14 05:31:34 ----A---- C:\WINDOWS\system32\usocore.dll
2018-03-14 05:31:34 ----A---- C:\WINDOWS\system32\usoapi.dll
2018-03-14 05:31:34 ----A---- C:\WINDOWS\system32\updatehandlers.dll
2018-03-14 05:31:34 ----A---- C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-03-14 05:31:34 ----A---- C:\WINDOWS\system32\MusNotificationUx.exe
2018-03-14 05:31:34 ----A---- C:\WINDOWS\system32\MusNotification.exe
2018-03-14 05:31:34 ----A---- C:\WINDOWS\system32\musdialoghandlers.dll
2018-03-14 05:31:27 ----A---- C:\WINDOWS\SYSWOW64\aepic.dll
2018-03-14 05:31:27 ----A---- C:\WINDOWS\system32\winresume.exe
2018-03-14 05:31:27 ----A---- C:\WINDOWS\system32\winload.exe
2018-03-14 05:31:27 ----A---- C:\WINDOWS\system32\win32appinventorycsp.dll
2018-03-14 05:31:27 ----A---- C:\WINDOWS\system32\pcasvc.dll
2018-03-14 05:31:27 ----A---- C:\WINDOWS\system32\invagent.dll
2018-03-14 05:31:27 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2018-03-14 05:31:27 ----A---- C:\WINDOWS\system32\devinv.dll
2018-03-14 05:31:27 ----A---- C:\WINDOWS\system32\DeviceCensus.exe
2018-03-14 05:31:27 ----A---- C:\WINDOWS\system32\dcntel.dll
2018-03-14 05:31:27 ----A---- C:\WINDOWS\system32\CompatTelRunner.exe
2018-03-14 05:31:27 ----A---- C:\WINDOWS\system32\aepic.dll
2018-03-14 05:31:27 ----A---- C:\WINDOWS\system32\aeinv.dll
2018-03-14 05:31:26 ----A---- C:\WINDOWS\system32\Spectrum.exe
2018-03-14 05:31:26 ----A---- C:\WINDOWS\system32\HolographicExtensions.dll
2018-03-14 05:31:26 ----A---- C:\WINDOWS\system32\generaltel.dll
2018-03-14 05:31:26 ----A---- C:\WINDOWS\system32\cldapi.dll
2018-03-14 05:31:26 ----A---- C:\WINDOWS\system32\cdp.dll
2018-03-14 05:31:26 ----A---- C:\WINDOWS\system32\appraiser.dll
2018-03-14 05:31:26 ----A---- C:\WINDOWS\system32\acmigration.dll
2018-03-14 05:31:25 ----A---- C:\WINDOWS\system32\Windows.Payments.dll
2018-03-14 05:31:25 ----A---- C:\WINDOWS\system32\webplatstorageserver.dll
2018-03-14 05:31:25 ----A---- C:\WINDOWS\system32\SecurityHealthService.exe
2018-03-14 05:31:25 ----A---- C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-03-14 05:31:25 ----A---- C:\WINDOWS\system32\MSVidCtl.dll
2018-03-14 05:31:25 ----A---- C:\WINDOWS\system32\daxexec.dll
2018-03-14 05:31:24 ----A---- C:\WINDOWS\SYSWOW64\Windows.Payments.dll
2018-03-14 05:31:24 ----A---- C:\WINDOWS\SYSWOW64\cldapi.dll
2018-03-14 05:31:24 ----A---- C:\WINDOWS\SYSWOW64\cdp.dll
2018-03-14 05:31:24 ----A---- C:\WINDOWS\system32\wlidsvc.dll
2018-03-14 05:31:24 ----A---- C:\WINDOWS\system32\MusNotifyIcon.exe
2018-03-14 05:31:24 ----A---- C:\WINDOWS\system32\EdgeManager.dll
2018-03-14 05:31:24 ----A---- C:\WINDOWS\system32\drivers\sdstor.sys
2018-03-14 05:31:23 ----A---- C:\WINDOWS\SYSWOW64\MSVidCtl.dll
2018-03-14 05:31:23 ----A---- C:\WINDOWS\SYSWOW64\msi.dll
2018-03-14 05:31:23 ----A---- C:\WINDOWS\system32\msi.dll
2018-03-14 05:31:22 ----A---- C:\WINDOWS\system32\drivers\RfxVmt.sys
2018-03-14 05:31:22 ----A---- C:\WINDOWS\system32\AuthFWSnapin.dll
2018-03-14 05:31:21 ----A---- C:\WINDOWS\SYSWOW64\TSpkg.dll
2018-03-14 05:31:21 ----A---- C:\WINDOWS\SYSWOW64\AuthFWSnapin.dll
2018-03-14 05:31:21 ----A---- C:\WINDOWS\system32\TSpkg.dll
2018-03-14 05:31:21 ----A---- C:\WINDOWS\system32\MSVPXENC.dll
2018-03-14 05:31:21 ----A---- C:\WINDOWS\system32\MSVideoDSP.dll
2018-03-14 05:31:21 ----A---- C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-03-14 05:31:21 ----A---- C:\WINDOWS\system32\cdpusersvc.dll
2018-03-14 05:31:20 ----A---- C:\WINDOWS\SYSWOW64\offlinesam.dll
2018-03-14 05:31:20 ----A---- C:\WINDOWS\SYSWOW64\offlinelsa.dll
2018-03-14 05:31:20 ----A---- C:\WINDOWS\SYSWOW64\MSVPXENC.dll
2018-03-14 05:31:20 ----A---- C:\WINDOWS\SYSWOW64\MSVideoDSP.dll
2018-03-14 05:31:20 ----A---- C:\WINDOWS\SYSWOW64\MicrosoftAccountWAMExtension.dll
2018-03-14 05:31:20 ----A---- C:\WINDOWS\SYSWOW64\HoloShellRuntime.dll
2018-03-14 05:31:20 ----A---- C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2018-03-14 05:31:20 ----A---- C:\WINDOWS\system32\updatecsp.dll
2018-03-14 05:31:20 ----A---- C:\WINDOWS\system32\svf.dll
2018-03-14 05:31:20 ----A---- C:\WINDOWS\system32\SpectrumSyncClient.dll
2018-03-14 05:31:20 ----A---- C:\WINDOWS\system32\offlinesam.dll
2018-03-14 05:31:20 ----A---- C:\WINDOWS\system32\offlinelsa.dll
2018-03-14 05:31:20 ----A---- C:\WINDOWS\system32\msra.exe
2018-03-14 05:31:20 ----A---- C:\WINDOWS\system32\HoloShellRuntime.dll
2018-03-14 05:31:20 ----A---- C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-03-14 05:31:20 ----A---- C:\WINDOWS\system32\drivers\wcnfs.sys
2018-03-14 05:31:20 ----A---- C:\WINDOWS\system32\drivers\tpm.sys
2018-03-14 05:31:20 ----A---- C:\WINDOWS\system32\drivers\msrpc.sys
2018-03-14 05:31:20 ----A---- C:\WINDOWS\system32\drivers\ksecpkg.sys
2018-03-14 05:31:20 ----A---- C:\WINDOWS\system32\drivers\isapnp.sys
2018-03-14 05:31:20 ----A---- C:\WINDOWS\system32\drivers\HdAudio.sys
2018-03-14 05:31:20 ----A---- C:\WINDOWS\system32\drivers\ataport.sys
2018-03-14 05:31:19 ----A---- C:\WINDOWS\SYSWOW64\msisip.dll
2018-03-14 05:31:19 ----A---- C:\WINDOWS\SYSWOW64\credssp.dll
2018-03-14 05:31:19 ----A---- C:\WINDOWS\system32\UsoClient.exe
2018-03-14 05:31:19 ----A---- C:\WINDOWS\system32\racpldlg.dll
2018-03-14 05:31:19 ----A---- C:\WINDOWS\system32\msisip.dll
2018-03-14 05:31:19 ----A---- C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-03-14 05:31:19 ----A---- C:\WINDOWS\system32\credssp.dll
2018-02-22 05:43:15 ----D---- C:\WINDOWS\system32\drivers\wd

======List of files/folders modified in the last 1 month======

2018-03-17 12:28:35 ----D---- C:\Program Files\trend micro
2018-03-17 12:27:33 ----D---- C:\WINDOWS\Prefetch
2018-03-17 12:27:27 ----RD---- C:\Program Files (x86)
2018-03-17 11:55:05 ----SHDC---- C:\WINDOWS\Installer
2018-03-17 11:48:11 ----D---- C:\WINDOWS\Temp
2018-03-17 11:45:30 ----HD---- C:\Program Files\WindowsApps
2018-03-17 11:45:25 ----D---- C:\WINDOWS\AppReadiness
2018-03-17 11:43:57 ----D---- C:\WINDOWS\DeliveryOptimization
2018-03-17 11:43:17 ----D---- C:\WINDOWS\system32\sru
2018-03-15 18:22:17 ----D---- C:\WINDOWS\system32\SleepStudy
2018-03-15 04:55:48 ----D---- C:\WINDOWS\INF
2018-03-14 17:50:26 ----D---- C:\WINDOWS\system32\Tasks
2018-03-14 09:58:15 ----D---- C:\WINDOWS\system32\config
2018-03-14 09:54:37 ----D---- C:\WINDOWS\WinSxS
2018-03-14 09:54:37 ----D---- C:\WINDOWS\SysWOW64
2018-03-14 09:54:28 ----D---- C:\WINDOWS\CbsTemp
2018-03-14 09:52:29 ----D---- C:\WINDOWS\System32
2018-03-14 09:52:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-14 09:51:15 ----D---- C:\WINDOWS\system32\catroot2
2018-03-14 06:41:14 ----RD---- C:\WINDOWS\Microsoft.NET
2018-03-14 06:35:30 ----D---- C:\WINDOWS\system32\DriverStore
2018-03-14 06:33:52 ----D---- C:\WINDOWS\system32\drivers
2018-03-14 06:29:36 ----D---- C:\WINDOWS\TextInput
2018-03-14 06:29:36 ----D---- C:\WINDOWS\system32\cs-CZ
2018-03-14 06:29:36 ----D---- C:\WINDOWS\system32\appraiser
2018-03-14 06:29:35 ----D---- C:\WINDOWS\system32\Boot
2018-03-14 06:29:35 ----D---- C:\WINDOWS\ShellExperiences
2018-03-14 06:29:35 ----D---- C:\WINDOWS\PolicyDefinitions
2018-03-14 06:29:35 ----D---- C:\WINDOWS\apppatch
2018-03-14 06:29:21 ----D---- C:\WINDOWS\system32\drivers\UMDF
2018-03-14 05:47:17 ----D---- C:\WINDOWS\system32\MRT
2018-03-14 05:42:42 ----AC---- C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-14 05:42:28 ----AC---- C:\WINDOWS\system32\MRT.exe
2018-03-14 05:42:14 ----SHD---- C:\Config.Msi
2018-03-14 05:42:14 ----D---- C:\ProgramData\Microsoft Help
2018-03-14 05:34:28 ----A---- C:\WINDOWS\SYSWOW64\Chakradiag.dll
2018-03-14 05:34:25 ----A---- C:\WINDOWS\system32\Chakradiag.dll
2018-03-14 05:30:45 ----SHD---- C:\System Volume Information
2018-03-14 05:26:38 ----D---- C:\WINDOWS\system32\Macromed
2018-03-14 05:26:35 ----D---- C:\WINDOWS\SYSWOW64\Macromed
2018-03-02 22:09:11 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
2018-03-02 14:53:33 ----RD---- C:\Program Files\Windows Defender
2018-03-01 04:59:37 ----D---- C:\WINDOWS\Logs
2018-02-28 06:54:04 ----D---- C:\WINDOWS\rescache
2018-02-21 17:17:12 ----D---- C:\WINDOWS\system32\LogFiles
2018-02-20 18:40:08 ----D---- C:\WINDOWS\system32\WDI
2018-02-20 18:38:01 ----D---- C:\WINDOWS\SYSWOW64\wbem
2018-02-20 18:38:01 ----D---- C:\WINDOWS\SYSWOW64\migration
2018-02-20 18:37:51 ----D---- C:\WINDOWS\system32\wbem
2018-02-20 18:37:51 ----D---- C:\WINDOWS\system32\oobe
2018-02-20 18:37:51 ----D---- C:\WINDOWS\system32\migration
2018-02-20 18:37:33 ----D---- C:\WINDOWS\bcastdvr
2018-02-20 18:37:33 ----D---- C:\Windows

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 DSFKSVCS;@oem82.inf,%DSFKSVCS.DeviceDesc%;Kernel Services for DSF; C:\WINDOWS\System32\drivers\dsfksvcs.sys [2010-02-08 676232]
R0 dsfroot;@oem0.inf,%dsfroot.SVCDESC%;root enumerated bus driver; C:\WINDOWS\System32\drivers\dsfroot.sys [2010-02-08 35832]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\WINDOWS\system32\drivers\iorate.sys [2017-09-29 56728]
R0 MsSecFlt;@%SystemRoot%\System32\Drivers\mssecflt.sys,-1001; C:\WINDOWS\system32\drivers\mssecflt.sys [2017-09-30 293272]
R0 speedfan;speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [2012-12-29 28664]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\WINDOWS\system32\drivers\bam.sys [2018-01-01 59800]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2017-09-29 55808]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2017-09-29 8192]
R1 MpKsl8b26bb4c;MpKsl8b26bb4c; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{852ED267-9105-4D25-9194-78E1CA2821A0}\MpKsl8b26bb4c.sys [2018-03-16 58120]
R2 CldFlt;Windows Cloud Files Filter Driver; C:\WINDOWS\system32\drivers\cldflt.sys [2018-02-10 385536]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2017-09-29 43520]
R2 storqosflt;@%SystemRoot%\System32\drivers\storqosflt.sys,-101; C:\WINDOWS\system32\drivers\storqosflt.sys [2017-09-29 79872]
R3 amdkmdag;amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0318486.inf_amd64_11ba0b4b7cc81d52\atikmdag.sys [2017-10-13 38774688]
R3 amdkmdap;amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0318486.inf_amd64_11ba0b4b7cc81d52\atikmpag.sys [2017-10-13 549792]
R3 AtiHDAudioService;@oem133.inf,%ATIHdAudioDriver.SvcDesc%;AMD Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdWT6.sys [2017-11-07 111112]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\WINDOWS\System32\drivers\BthEnum.sys [2017-09-29 105472]
R3 bthl2cap;@bthl2cap.inf,%bthl2cap_desc%;Ovladač podpory protokolu Microsoft Bluetooth; C:\WINDOWS\system32\DRIVERS\bthl2cap.sys [2017-09-29 83968]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2017-09-29 129536]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\WINDOWS\System32\drivers\BTHUSB.sys [2017-09-29 85504]
R3 CX88VID;@oem36.inf,%CX23880.DeviceDesc%;WinFast CX2388x AvStream Driver; C:\WINDOWS\system32\drivers\cxavsvid.sys [2007-09-19 469248]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2017-06-29 5826560]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2017-09-29 189440]
R3 rt640x64;@rt640x64.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2017-09-29 604160]
S0 amdkmafd;@oem95.inf,%AMDKMAFD_svcdesc%;AMD Audio Bus Lower Filter; C:\WINDOWS\System32\drivers\amdkmafd.sys [2016-08-18 49448]
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\WINDOWS\System32\drivers\bttflt.sys [2017-09-29 37784]
S0 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2017-09-29 357272]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2017-09-29 123800]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2017-09-29 103320]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-09-29 63520]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2017-09-29 58776]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2017-09-29 61848]
S0 Ramdisk;Windows RAM Disk Driver; C:\WINDOWS\system32\DRIVERS\ramdisk.sys [2017-09-29 39832]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2017-09-29 118168]
S0 storufs;@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver; C:\WINDOWS\System32\drivers\storufs.sys [2018-02-22 45472]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2017-09-29 20480]
S3 AndnetBus;@oem2.inf,%LGSI.Service.Desc%;LGE Mobile USB Composite Device; C:\WINDOWS\System32\drivers\lgandnetbus64.sys [2016-08-31 30208]
S3 AndNetDiag;@oem49.inf,%Lgsi.Service.Name%;LGE AndroidNet USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgandnetdiag64.sys [2016-08-24 30720]
S3 ANDNetModem;@oem58.inf,%LGSI.Service.Name%;LGE AndroidNet USB Modem; C:\WINDOWS\system32\DRIVERS\lgandnetmodem64.sys [2016-08-24 37376]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2017-09-29 18432]
S3 AppvStrm;@%systemroot%\system32\drivers\AppvStrm.sys,-101; C:\WINDOWS\system32\drivers\AppvStrm.sys [2017-09-30 126872]
S3 AppvVemgr;@%systemroot%\system32\drivers\AppvVemgr.sys,-101; C:\WINDOWS\system32\drivers\AppvVemgr.sys [2017-09-30 158616]
S3 AppvVfs;@%systemroot%\system32\drivers\AppvVfs.sys,-101; C:\WINDOWS\system32\drivers\AppvVfs.sys [2017-09-30 143768]
S3 athur;Qualcomm Atheros AR9271 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athuw8x.sys [2013-06-02 2919936]
S3 bthav;Bluetooth AV Profile; C:\WINDOWS\system32\drivers\bthav.sys [2008-07-10 40448]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\WINDOWS\System32\drivers\BTHport.sys [2018-02-22 1015296]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2017-09-29 39424]
S3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\WINDOWS\System32\drivers\CAD.sys [2017-09-29 60312]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2017-09-29 122368]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2016-09-05 131712]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2017-09-29 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2017-09-29 50584]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2017-09-29 73112]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\WINDOWS\System32\Drivers\mshwnclx.sys [2017-09-29 27136]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2017-09-29 1723288]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2017-09-29 36864]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2017-09-29 91648]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2017-09-29 79360]
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2017-09-29 88576]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2017-09-29 171520]
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2017-09-29 174592]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2017-09-29 526232]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2017-09-29 39424]
S3 invdimm;@invdimm.inf,%invdimm.SvcDesc%;Microsoft iNVDIMM device driver; C:\WINDOWS\System32\drivers\invdimm.sys [2017-09-29 38912]
S3 IPT;IPT; C:\WINDOWS\System32\drivers\ipt.sys [2017-09-29 26112]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2017-09-29 119808]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\WINDOWS\System32\drivers\mausbhost.sys [2017-09-29 505240]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\WINDOWS\System32\drivers\mausbip.sys [2017-09-29 55840]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2017-09-29 842648]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2017-09-29 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2017-09-29 132608]
S3 nvdimmn;@nvdimmn.inf,%nvdimmn.SvcDesc%;Microsoft NVDIMM-N device driver; C:\WINDOWS\System32\drivers\nvdimmn.sys [2017-09-29 88576]
S3 OlyCamComm;OLYMPUS USB Communication Device; C:\WINDOWS\system32\DRIVERS\OlyCamComm.sys [2009-09-09 24208]
S3 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\WINDOWS\System32\drivers\pmem.sys [2017-09-29 100352]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\WINDOWS\System32\drivers\pnpmem.sys [2017-09-29 16896]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2017-09-29 936856]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\WINDOWS\System32\drivers\rhproxy.sys [2017-09-29 103936]
S3 RSUSBCCID;Realtek Smartcard Reader Driver; C:\WINDOWS\system32\DRIVERS\RtsUCcid.sys [2009-08-10 50176]
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\WINDOWS\System32\drivers\SDFRd.sys [2017-09-29 33176]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter; C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2017-09-30 56216]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2016-09-05 165504]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudserd.sys [2016-09-05 165504]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2009-02-06 109056]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-02-09 83984]
R2 AMD External Events Utility;AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [2017-10-13 560544]
R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
R2 CDPUserSvc_25963a0;Uživatelská služba platformy připojených zařízení_25963a0; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [2007-01-11 126464]
R2 OneSyncSvc_25963a0;Hostitel synchronizace_25963a0; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
R2 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\WINDOWS\system32\SecurityHealthService.exe [2018-03-01 519152]
R2 ssinstall;SInstalátor; C:\WINDOWS\SysWoW64\ssins.exe [2016-12-12 4696960]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
R3 PimIndexMaintenanceSvc_25963a0;Data kontaktů_25963a0; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
R3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
R3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29 144200]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-01-16 317400]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-14 272384]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 AssignedAccessManagerSvc;@%SystemRoot%\system32\assignedaccessmanagersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 DevicesFlowUserSvc_25963a0;Tok zařízení_25963a0; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2017-09-29 85504]
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2017-10-29 43648]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29 144200]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 MessagingService_25963a0;Služba zasílání zpráv_25963a0; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-11-22 172488]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 PrintWorkflowUserSvc_25963a0;PrintWorkflow_25963a0; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 Sense;@%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2017-11-26 4329952]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2017-09-29 1288704]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 SharedRealitySvc;@%SystemRoot%\system32\SharedRealitySvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2015-06-10 155520]
S3 spectrum;@%systemroot%\system32\spectrum.exe,-101; C:\WINDOWS\system32\spectrum.exe [2018-03-02 956416]
S4 AppVClient;@%systemroot%\system32\AppVClient.exe,-102; C:\WINDOWS\system32\AppVClient.exe [2018-02-10 819096]
S4 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]

-----------------EOF-----------------

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118196
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o kontrolu nalezeni trojani pomocí MAMB

#2 Příspěvek od Rudy »

Zdravím!
V ADW ještě klikněte na mazání, restartujte a dejte log FRST: http://forum.viry.cz/viewtopic.php?f=24&t=132509 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

honzikuh
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 328
Registrován: 20 říj 2007 12:11

Re: Prosím o kontrolu nalezeni trojani pomocí MAMB

#3 Příspěvek od honzikuh »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Honza (administrator) on HONZA-PC (17-03-2018 13:22:47)
Running from C:\Users\Honza\Desktop
Loaded Profiles: Honza (Available Profiles: Honza)
Platform: Windows 10 Pro Version 1709 16299.309 (X64) Language: Čeština (Česko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(PS Media s.r.o.) C:\Windows\SysWOW64\ssins.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Leadtek Research Inc.) C:\Program Files\WinFast\WFDTV\WFWIZ.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Skillbrains) C:\Users\Honza\AppData\Local\Skillbrains\lightshot\5.1.4.41\Lightshot.exe
(Leadtek Research Inc.) C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18381792 2017-06-29] (Realtek Semiconductor)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2014208 2014-08-05] (iSkySoft)
HKLM-x32\...\Run: [WinFastDTV] => C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [103936 2015-01-29] (Leadtek Research Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [170496 2009-02-06] (ArcSoft Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1255607191-696459066-793434616-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [41100328 2018-01-29] ()
HKU\S-1-5-21-1255607191-696459066-793434616-1001\...\Run: [EPSON Stylus DX6000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIBIE.EXE [213504 2007-10-05] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1255607191-696459066-793434616-1001\...\Run: [WinFast Schedule] => C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2916352 2013-01-09] (Leadtek Research Inc.)
HKU\S-1-5-21-1255607191-696459066-793434616-1001\...\Run: [LightShot] => C:\Users\Honza\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKU\S-1-5-21-1255607191-696459066-793434616-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27427808 2017-02-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1255607191-696459066-793434616-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8944344 2016-09-28] (Piriform Ltd)
HKU\S-1-5-21-1255607191-696459066-793434616-1001\...\Run: [World of Tanks] => C:\Games\World_of_Tanks\WargamingGameUpdater.exe [3135752 2017-02-28] (Wargaming.net)
Startup: C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2015-04-12]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Honza\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{98adec1b-9fd8-4762-8e5d-f85cde3bfd9d}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKU\S-1-5-21-1255607191-696459066-793434616-1001 -> {07FABE2F-8128-42B0-9AAE-8865F8ADF0DC} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1255607191-696459066-793434616-1001 -> {0C358692-663E-495E-8764-FAB97474E7A4} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_12454
SearchScopes: HKU\S-1-5-21-1255607191-696459066-793434616-1001 -> {0CDA4DCF-CCB8-4B47-9D6B-04E1783A5388} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1255607191-696459066-793434616-1001 -> {25786223-E8D7-4CA2-8332-68E350141D57} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1255607191-696459066-793434616-1001 -> {39952EFE-9E27-4ED5-B9D0-7E0163CCDB7B} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_12454
SearchScopes: HKU\S-1-5-21-1255607191-696459066-793434616-1001 -> {5CE25775-92B7-477d-9603-852F0B34D8B0} URL = hxxp://www.sogou.com/sogou?query={searchTerms} ... e1e39af286
SearchScopes: HKU\S-1-5-21-1255607191-696459066-793434616-1001 -> {A741EFC5-A683-4FD2-B00A-F8D952CF40BA} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1255607191-696459066-793434616-1001 -> {ABA18D5D-DA5F-4742-B96D-828D63944C54} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_12454
SearchScopes: HKU\S-1-5-21-1255607191-696459066-793434616-1001 -> {E256CCE6-B36C-492E-A237-52287AFDD4DF} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1255607191-696459066-793434616-1001 -> {F74F50F3-FEAB-41B1-8024-6E543D45A102} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-12] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-12] (Oracle Corporation)

Edge:
======
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.9.0_neutral__d55gg7py3s0m0 [2017-04-24]

FireFox:
========
FF ProfilePath: C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\lbre7z8q.default-1470848245978 [2017-10-31]
FF Homepage: Mozilla\Firefox\Profiles\lbre7z8q.default-1470848245978 -> hxxp://www.thesettlersonline.cz/cs/domovsk%C3%A1-str%C3%A1nka
FF Extension: (Seznam lištička) - C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\lbre7z8q.default-1470848245978\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2016-11-19] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-12] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1255607191-696459066-793434616-1001: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2014-07-10] (Sony Network Entertainment International LLC)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://seznam.cz/
CHR StartupUrls: Default -> "hxxp://seznam.cz/"
CHR NewTab: Default -> Active:"chrome-extension://olfeabkoenfaoljndfecamgilllcpiak/speeddial/html/newTab.html"
CHR Profile: C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default [2018-03-17]
CHR Extension: (Disk Google) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-04]
CHR Extension: (Adblock Plus) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-01-29]
CHR Extension: (Adobe Acrobat) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03]
CHR Extension: (Pinky) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\eijmklfnehnnkbfcoabieogaomookbna [2017-10-18]
CHR Extension: (Dokumenty Google offline) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Lightshot (Nástroje snímků)) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2018-01-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-29]
CHR Extension: (Seznam pro Chrome - Esko) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2018-01-11]
CHR Extension: (Chrome Media Router) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-01]
CHR Profile: C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-10-31]
CHR Profile: C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-10-31]
CHR Extension: (Prezentace Google) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-17]
CHR Extension: (Dokumenty Google) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-17]
CHR Extension: (Disk Google) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-17]
CHR Extension: (YouTube) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-17]
CHR Extension: (Vyhledávání Google) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-17]
CHR Extension: (Tabulky Google) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-17]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-02-17]
CHR Extension: (Peněženka Google) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-17]
CHR Extension: () - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp [2018-03-17]
CHR Extension: (Gmail) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-17]
CHR Profile: C:\Users\Honza\AppData\Local\Google\Chrome\User Data\System Profile [2017-10-31]
CHR HKU\S-1-5-21-1255607191-696459066-793434616-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Honza\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-09-11]
CHR HKU\S-1-5-21-1255607191-696459066-793434616-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lelcohngbjgpiibagnfmncojacafbbpg] - C:\Users\Honza\AppData\Roaming\Seznam.cz\bin\Partner-1.0.3.crx <not found>
CHR HKU\S-1-5-21-1255607191-696459066-793434616-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
S4 NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2006-11-10] (Nero AG) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-26] (Microsoft Corporation)
R2 ssinstall; C:\WINDOWS\SysWoW64\ssins.exe [4696960 2016-12-12] (PS Media s.r.o.)
S4 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-12-13] (Ulead Systems, Inc.) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-02] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-02] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0318486.inf_amd64_11ba0b4b7cc81d52\atikmdag.sys [38774688 2017-10-13] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0318486.inf_amd64_11ba0b4b7cc81d52\atikmpag.sys [549792 2017-10-13] (Advanced Micro Devices, Inc.)
S3 AndnetBus; C:\WINDOWS\System32\drivers\lgandnetbus64.sys [30208 2016-08-31] (LG Electronics Inc.)
S3 AndNetDiag; C:\WINDOWS\system32\DRIVERS\lgandnetdiag64.sys [30720 2016-08-24] (LG Electronics Inc.)
S3 ANDNetModem; C:\WINDOWS\system32\DRIVERS\lgandnetmodem64.sys [37376 2016-08-24] (LG Electronics Inc.)
S3 athur; C:\WINDOWS\system32\DRIVERS\athuw8x.sys [2919936 2013-06-02] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111112 2017-11-07] (Advanced Micro Devices)
S3 bthav; C:\WINDOWS\system32\drivers\bthav.sys [40448 2008-07-10] (CSR, plc) [File not signed]
R3 CX88VID; C:\WINDOWS\system32\drivers\cxavsvid.sys [469248 2007-09-19] (Leadtek Research Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 MpKsl8b26bb4c; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{852ED267-9105-4D25-9194-78E1CA2821A0}\MpKsl8b26bb4c.sys [58120 2018-03-16] (Microsoft Corporation)
S3 RSUSBCCID; C:\WINDOWS\System32\DRIVERS\RtsUCcid.sys [50176 2009-08-10] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-03-02] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288296 2018-03-02] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-02] (Microsoft Corporation)
S3 WiseHDInfo; C:\WINDOWS\WiseHDInfo64.dll [11304 2015-12-05] (wisecleaner.com) [File not signed]
R1 WiseTDIFw; C:\WINDOWS\WiseTDIFw64.sys [39464 2015-12-05] (WiseCleaner.com) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-17 13:22 - 2018-03-17 13:24 - 000018957 _____ C:\Users\Honza\Desktop\FRST.txt
2018-03-17 13:21 - 2018-03-17 13:21 - 002403328 _____ (Farbar) C:\Users\Honza\Downloads\FRST64.exe
2018-03-17 13:21 - 2018-03-17 13:21 - 002403328 _____ (Farbar) C:\Users\Honza\Desktop\FRST64.exe
2018-03-17 12:28 - 2018-03-17 12:28 - 001222144 _____ C:\Users\Honza\Downloads\RSITx64.exe
2018-03-17 12:28 - 2018-03-17 12:28 - 001222144 _____ C:\Users\Honza\Desktop\RSITx64.exe
2018-03-17 12:20 - 2018-03-17 12:20 - 000023270 _____ C:\Users\Honza\Desktop\sken.txt
2018-03-14 17:50 - 2018-03-14 17:50 - 000000000 ___HD C:\OneDriveTemp
2018-03-14 05:32 - 2018-03-01 08:14 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-03-14 05:32 - 2018-03-01 08:10 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-03-14 05:32 - 2018-03-01 07:03 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-03-14 05:32 - 2018-03-01 07:03 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-03-14 05:32 - 2018-03-01 07:03 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-03-14 05:32 - 2018-03-01 07:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-03-14 05:32 - 2018-03-01 07:01 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-03-14 05:32 - 2018-03-01 06:57 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-03-14 05:31 - 2018-03-02 04:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-03-14 05:31 - 2018-03-02 04:02 - 000037888 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll
2018-03-14 05:31 - 2018-03-02 04:01 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-03-14 05:31 - 2018-03-02 04:00 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2018-03-14 05:31 - 2018-03-02 04:00 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll
2018-03-14 05:31 - 2018-03-02 04:00 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-03-14 05:31 - 2018-03-02 03:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-03-14 05:31 - 2018-03-01 21:28 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-03-14 05:31 - 2018-03-01 08:50 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-03-14 05:31 - 2018-03-01 08:49 - 000389536 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-03-14 05:31 - 2018-03-01 08:48 - 000664472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-03-14 05:31 - 2018-03-01 08:47 - 000749464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-03-14 05:31 - 2018-03-01 08:47 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-03-14 05:31 - 2018-03-01 08:46 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-03-14 05:31 - 2018-03-01 08:46 - 001568664 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-03-14 05:31 - 2018-03-01 08:46 - 000609176 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-03-14 05:31 - 2018-03-01 08:46 - 000138144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-03-14 05:31 - 2018-03-01 08:45 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-03-14 05:31 - 2018-03-01 08:40 - 002514936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-03-14 05:31 - 2018-03-01 08:40 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-03-14 05:31 - 2018-03-01 08:40 - 000273304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-03-14 05:31 - 2018-03-01 08:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-03-14 05:31 - 2018-03-01 08:31 - 008602520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-03-14 05:31 - 2018-03-01 08:30 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-03-14 05:31 - 2018-03-01 08:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-03-14 05:31 - 2018-03-01 08:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-03-14 05:31 - 2018-03-01 08:27 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-03-14 05:31 - 2018-03-01 08:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-03-14 05:31 - 2018-03-01 08:25 - 000377752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-03-14 05:31 - 2018-03-01 08:23 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-03-14 05:31 - 2018-03-01 08:19 - 000710768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-03-14 05:31 - 2018-03-01 08:17 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-03-14 05:31 - 2018-03-01 08:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-03-14 05:31 - 2018-03-01 08:17 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-03-14 05:31 - 2018-03-01 08:15 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-03-14 05:31 - 2018-03-01 08:14 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-03-14 05:31 - 2018-03-01 08:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll
2018-03-14 05:31 - 2018-03-01 08:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-03-14 05:31 - 2018-03-01 08:14 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-03-14 05:31 - 2018-03-01 08:14 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-03-14 05:31 - 2018-03-01 08:14 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-03-14 05:31 - 2018-03-01 08:12 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-03-14 05:31 - 2018-03-01 08:12 - 000250264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2018-03-14 05:31 - 2018-03-01 08:12 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-03-14 05:31 - 2018-03-01 08:11 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-03-14 05:31 - 2018-03-01 08:10 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-03-14 05:31 - 2018-03-01 08:10 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2018-03-14 05:31 - 2018-03-01 08:09 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-03-14 05:31 - 2018-03-01 07:51 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-03-14 05:31 - 2018-03-01 07:48 - 001930736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-03-14 05:31 - 2018-03-01 07:39 - 000213400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-03-14 05:31 - 2018-03-01 07:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-03-14 05:31 - 2018-03-01 07:29 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-03-14 05:31 - 2018-03-01 07:29 - 000574960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-03-14 05:31 - 2018-03-01 07:28 - 006480616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-03-14 05:31 - 2018-03-01 07:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-03-14 05:31 - 2018-03-01 07:28 - 000115096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2018-03-14 05:31 - 2018-03-01 07:27 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-03-14 05:31 - 2018-03-01 07:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2018-03-14 05:31 - 2018-03-01 07:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-03-14 05:31 - 2018-03-01 07:26 - 001057816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-03-14 05:31 - 2018-03-01 07:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll
2018-03-14 05:31 - 2018-03-01 07:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-03-14 05:31 - 2018-03-01 07:09 - 025251840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-03-14 05:31 - 2018-03-01 07:03 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-03-14 05:31 - 2018-03-01 07:01 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-03-14 05:31 - 2018-03-01 07:01 - 006575616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-03-14 05:31 - 2018-03-01 07:01 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-03-14 05:31 - 2018-03-01 07:00 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-03-14 05:31 - 2018-03-01 06:59 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-03-14 05:31 - 2018-03-01 06:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-03-14 05:31 - 2018-03-01 06:58 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-03-14 05:31 - 2018-03-01 06:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2018-03-14 05:31 - 2018-03-01 06:58 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-03-14 05:31 - 2018-03-01 06:56 - 018922496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-03-14 05:31 - 2018-03-01 06:56 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-03-14 05:31 - 2018-03-01 06:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-03-14 05:31 - 2018-03-01 06:54 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-03-14 05:31 - 2018-03-01 06:54 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-03-14 05:31 - 2018-03-01 06:54 - 001296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-03-14 05:31 - 2018-03-01 06:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-03-14 05:31 - 2018-03-01 06:54 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-03-14 05:31 - 2018-03-01 06:54 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-03-14 05:31 - 2018-03-01 06:53 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-03-14 05:31 - 2018-03-01 06:53 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-03-14 05:31 - 2018-03-01 06:53 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-03-14 05:31 - 2018-03-01 06:53 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-03-14 05:31 - 2018-03-01 06:53 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-03-14 05:31 - 2018-03-01 06:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-03-14 05:31 - 2018-03-01 06:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-03-14 05:31 - 2018-03-01 06:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-03-14 05:31 - 2018-03-01 06:53 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-03-14 05:31 - 2018-03-01 06:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2018-03-14 05:31 - 2018-03-01 06:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-03-14 05:31 - 2018-03-01 06:52 - 006030336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-03-14 05:31 - 2018-03-01 06:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2018-03-14 05:31 - 2018-03-01 06:51 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-03-14 05:31 - 2018-03-01 06:51 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-03-14 05:31 - 2018-03-01 06:51 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-03-14 05:31 - 2018-03-01 06:50 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-03-14 05:31 - 2018-03-01 06:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-03-14 05:31 - 2018-03-01 06:50 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-03-14 05:31 - 2018-03-01 06:50 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-03-14 05:31 - 2018-03-01 06:50 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-03-14 05:31 - 2018-03-01 06:49 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-03-14 05:31 - 2018-03-01 06:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-03-14 05:31 - 2018-03-01 06:49 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-03-14 05:31 - 2018-03-01 06:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2018-03-14 05:31 - 2018-03-01 06:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-03-14 05:31 - 2018-03-01 06:48 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-03-14 05:31 - 2018-03-01 06:47 - 023674368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-03-14 05:31 - 2018-03-01 06:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-03-14 05:31 - 2018-03-01 06:47 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-03-14 05:31 - 2018-03-01 06:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-03-14 05:31 - 2018-03-01 06:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-03-14 05:31 - 2018-03-01 06:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-03-14 05:31 - 2018-03-01 06:45 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-03-14 05:31 - 2018-03-01 06:45 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-03-14 05:31 - 2018-03-01 06:45 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-03-14 05:31 - 2018-03-01 06:44 - 008030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-03-14 05:31 - 2018-03-01 06:44 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-03-14 05:31 - 2018-03-01 06:43 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-03-14 05:31 - 2018-03-01 06:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2018-03-14 05:31 - 2018-03-01 06:42 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-03-14 05:31 - 2018-03-01 06:41 - 008103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-03-14 05:31 - 2018-03-01 06:41 - 004745728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-03-14 05:31 - 2018-03-01 06:41 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-03-14 05:31 - 2018-03-01 06:41 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-03-14 05:31 - 2018-03-01 06:41 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-03-14 05:31 - 2018-03-01 06:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-03-14 05:31 - 2018-03-01 06:39 - 002222592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-03-14 05:31 - 2018-03-01 06:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-03-14 05:31 - 2018-03-01 06:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-03-14 05:31 - 2018-03-01 06:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-03-14 05:31 - 2018-03-01 06:38 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-03-14 05:31 - 2018-03-01 06:38 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-03-14 05:31 - 2018-03-01 06:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-03-14 05:31 - 2018-03-01 06:36 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-03-14 05:31 - 2018-03-01 06:35 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-03-14 05:31 - 2018-03-01 06:35 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2018-03-14 05:31 - 2018-03-01 06:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-03-14 05:31 - 2018-02-22 03:23 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-03-14 05:31 - 2018-02-22 03:23 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-03-14 05:31 - 2018-02-22 03:13 - 000279456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-03-14 05:31 - 2018-02-22 03:13 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-03-14 05:31 - 2018-02-22 03:11 - 000109984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-03-14 05:31 - 2018-02-22 03:10 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-03-14 05:31 - 2018-02-22 03:08 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-03-14 05:31 - 2018-02-22 03:08 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-03-14 05:31 - 2018-02-22 03:08 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-03-14 05:31 - 2018-02-22 03:07 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-03-14 05:31 - 2018-02-22 03:07 - 001209248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-03-14 05:31 - 2018-02-22 03:07 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2018-03-14 05:31 - 2018-02-22 03:03 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-03-14 05:31 - 2018-02-22 03:03 - 000082848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-03-14 05:31 - 2018-02-22 03:02 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-03-14 05:31 - 2018-02-22 03:00 - 000187296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-03-14 05:31 - 2018-02-22 02:59 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-03-14 05:31 - 2018-02-22 02:54 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-03-14 05:31 - 2018-02-22 02:52 - 000103328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-03-14 05:31 - 2018-02-22 02:51 - 000555424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-03-14 05:31 - 2018-02-22 02:51 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-03-14 05:31 - 2018-02-22 02:51 - 000045472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-03-14 05:31 - 2018-02-22 02:50 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-03-14 05:31 - 2018-02-22 02:50 - 000229272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-03-14 05:31 - 2018-02-22 01:41 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-03-14 05:31 - 2018-02-22 01:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-03-14 05:31 - 2018-02-22 01:30 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-03-14 05:31 - 2018-02-22 01:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-03-14 05:31 - 2018-02-22 01:30 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-03-14 05:31 - 2018-02-22 01:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-03-14 05:31 - 2018-02-22 01:26 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-03-14 05:31 - 2018-02-22 01:26 - 000441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\HdAudio.sys
2018-03-14 05:31 - 2018-02-22 01:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-03-14 05:31 - 2018-02-22 01:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-03-14 05:31 - 2018-02-22 01:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-03-14 05:11 - 2018-03-14 05:11 - 000004630 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-02-28 18:10 - 2018-02-28 18:14 - 000000000 ____D C:\Users\Honza\Desktop\Molke
2018-02-22 05:43 - 2018-03-02 14:54 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-02-16 19:45 - 2018-02-16 20:35 - 913225756 _____ C:\Users\Honza\Downloads\Já Padouch 3 CZ Dabing.avi

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-17 13:22 - 2016-09-12 19:38 - 000000000 ____D C:\FRST
2018-03-17 12:28 - 2014-08-23 06:12 - 000000000 ____D C:\Program Files\trend micro
2018-03-17 11:49 - 2014-11-11 17:17 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2018-03-17 11:46 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-03-17 11:45 - 2017-09-29 14:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-17 11:45 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-16 14:49 - 2017-10-29 11:15 - 000004194 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5AD7F4A8-644C-4377-8365-4BD99777193E}
2018-03-15 18:22 - 2017-10-29 10:42 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-15 04:55 - 2017-09-29 14:44 - 000000000 ____D C:\WINDOWS\INF
2018-03-14 17:51 - 2017-09-16 14:54 - 000000000 ___RD C:\Users\Honza\Documents\OneDrive
2018-03-14 17:50 - 2017-10-29 11:15 - 000003360 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1255607191-696459066-793434616-1001
2018-03-14 17:50 - 2015-09-27 06:05 - 000002425 _____ C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-14 09:54 - 2017-09-29 14:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-14 09:52 - 2017-10-29 11:12 - 002020056 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-14 09:52 - 2017-09-30 15:30 - 000875622 _____ C:\WINDOWS\system32\perfh005.dat
2018-03-14 09:52 - 2017-09-30 15:30 - 000188640 _____ C:\WINDOWS\system32\perfc005.dat
2018-03-14 09:45 - 2017-10-29 11:15 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-14 06:43 - 2017-09-29 09:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-03-14 06:43 - 2017-04-16 16:44 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-03-14 06:38 - 2017-02-09 13:43 - 000000000 ___RD C:\Users\Honza\3D Objects
2018-03-14 06:38 - 2015-09-10 06:44 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-14 06:36 - 2017-10-29 10:42 - 000410768 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-14 06:29 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-03-14 06:29 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-03-14 06:29 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-03-14 06:29 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-03-14 05:47 - 2013-08-09 09:20 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-03-14 05:42 - 2017-10-18 20:11 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-14 05:42 - 2012-11-26 09:26 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-03-14 05:34 - 2017-09-29 14:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-03-14 05:34 - 2017-09-29 14:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-03-14 05:26 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-03-14 05:26 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-03-14 05:26 - 2014-07-11 15:40 - 000000000 ____D C:\Users\Honza\AppData\Local\Adobe
2018-03-14 05:11 - 2017-10-29 11:15 - 000004652 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-03-02 22:09 - 2018-01-30 17:22 - 000834552 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-03-02 22:09 - 2018-01-30 17:22 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-02 14:53 - 2017-09-29 14:46 - 000000000 ___RD C:\Program Files\Windows Defender
2018-03-01 04:58 - 2012-12-02 20:07 - 000000000 ____D C:\Users\Honza\AppData\Local\ElevatedDiagnostics
2018-02-28 06:54 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\rescache
2018-02-28 05:05 - 2015-11-09 05:16 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-28 05:04 - 2017-10-29 11:15 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-02-28 05:03 - 2016-11-14 19:20 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-28 05:03 - 2016-11-14 19:20 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-22 05:58 - 2017-10-29 10:50 - 000000000 ____D C:\Users\Honza
2018-02-20 18:37 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-02-20 18:37 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-02-16 04:58 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-02-15 19:49 - 2012-12-19 19:16 - 000000000 ____D C:\Users\Honza\AppData\Roaming\Skype

==================== Files in the root of some directories =======

2015-04-14 17:28 - 2015-04-14 17:28 - 000004387 _____ () C:\Users\Honza\AppData\Roaming\3ITIvptArw
2015-03-14 11:20 - 2016-11-19 17:32 - 000000558 _____ () C:\Users\Honza\AppData\Roaming\AutoGK.ini
2016-10-29 11:22 - 2016-12-02 14:24 - 000000041 _____ () C:\Users\Honza\AppData\Roaming\AVSMediaPlayer.m3u
2015-04-14 17:28 - 2015-04-14 17:28 - 000004387 _____ () C:\Users\Honza\AppData\Roaming\JaxnO0pi8PWQ
2015-10-09 14:51 - 2015-12-20 07:06 - 000001287 _____ () C:\Users\Honza\AppData\Local\MRDownloader.err
2015-03-14 14:22 - 2015-12-20 07:06 - 000001160 _____ () C:\Users\Honza\AppData\Local\MRDownloader.nast
2016-09-12 19:15 - 2016-09-12 19:19 - 000029696 _____ () C:\Users\Honza\AppData\Local\MSGBOX.EXE
2015-03-25 18:14 - 2015-03-25 18:15 - 028579392 _____ (Sony Mobile Communications ) C:\Users\Honza\AppData\Local\pcc.exe
2014-12-30 15:03 - 2014-12-30 15:03 - 000000843 _____ () C:\Users\Honza\AppData\Local\recently-used.xbel
2012-12-02 13:30 - 2012-12-02 13:31 - 000007605 _____ () C:\Users\Honza\AppData\Local\Resmon.ResmonCfg
2012-12-30 17:03 - 2015-03-14 14:15 - 000002437 _____ () C:\Users\Honza\AppData\Local\SRDownloader.err
2012-12-16 17:09 - 2015-03-14 14:20 - 000001120 _____ () C:\Users\Honza\AppData\Local\SRDownloader.nast
2013-11-03 16:17 - 2013-11-03 16:17 - 000000003 _____ () C:\Users\Honza\AppData\Local\updater.log
2013-11-03 16:17 - 2014-10-08 17:07 - 000000437 _____ () C:\Users\Honza\AppData\Local\UserProducts.xml

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-02-28 06:33

==================== End of FRST.txt ============================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118196
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o kontrolu nalezeni trojani pomocí MAMB

#4 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
CHR Extension: () - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp [2018-03-17]
CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" <not found>
C:\Users\Honza\AppData\Roaming\3ITIvptArw
C:\Users\Honza\AppData\Roaming\JaxnO0pi8PWQ

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

honzikuh
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 328
Registrován: 20 říj 2007 12:11

Re: Prosím o kontrolu nalezeni trojani pomocí MAMB

#5 Příspěvek od honzikuh »

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Honza (17-03-2018 16:24:44) Run:2
Running from C:\Users\Honza\Desktop
Loaded Profiles: Honza (Available Profiles: Honza)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
CHR Extension: () - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp [2018-03-17]
CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" <not found>
C:\Users\Honza\AppData\Roaming\3ITIvptArw
C:\Users\Honza\AppData\Roaming\JaxnO0pi8PWQ

EmptyTemp:
End
*****************

Processes closed successfully.
CHR Extension: () - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp [2018-03-17] => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ihenkjeihefokohmemphikjnjbmegdik" => removed successfully
C:\Users\Honza\AppData\Roaming\3ITIvptArw => moved successfully
C:\Users\Honza\AppData\Roaming\JaxnO0pi8PWQ => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 192915262 B
Java, Flash, Steam htmlcache => 2606 B
Windows/system/drivers => 3616029 B
Edge => 527748 B
Chrome => 472272716 B
Firefox => 8354165 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 13824 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 868 B
NetworkService => 445432 B
Honza => 129095740 B

RecycleBin => 1289750642 B
EmptyTemp: => 2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:25:57 ====

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118196
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o kontrolu nalezeni trojani pomocí MAMB

#6 Příspěvek od Rudy »

OK. Log by již měl být čistý.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

honzikuh
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 328
Registrován: 20 říj 2007 12:11

Re: Prosím o kontrolu nalezeni trojani pomocí MAMB

#7 Příspěvek od honzikuh »

Moc moc děkuji

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118196
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o kontrolu nalezeni trojani pomocí MAMB

#8 Příspěvek od Rudy »

Rádo se stalo! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Zamčeno