Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

asi malware

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
skimiwriter
Návštěvník
Návštěvník
Příspěvky: 58
Registrován: 24 bře 2014 13:34

asi malware

#1 Příspěvek od skimiwriter »

Logfile of random's system information tool 1.10 (written by random/random)
Run by skimi at 2019-04-23 20:26:08
Microsoft Windows 10 Home
System drive C: has 14 GB (12%) free of 121 GB
Total RAM: 16230 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:26:11, on 23.04.2019
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\MSIService.exe
C:\Program Files (x86)\Origin\OriginWebHelperService.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\skimi\Downloads\adwcleaner_7.3.exe
D:\Games\MSI Afterburner\MSIAfterburner.exe
D:\Games\RivaTuner Statistics Server\RTSS.exe
C:\Windows\SysWOW64\NahimicSvc32.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler.exe
D:\Games\RivaTuner Statistics Server\EncoderServer.exe
C:\Windows\System32\TiltWheelMouse.exe
C:\Users\skimi\AppData\Roaming\Spotify\Spotify.exe
C:\Users\skimi\AppData\Roaming\Spotify\Spotify.exe
C:\Users\skimi\AppData\Roaming\Spotify\Spotify.exe
C:\Users\skimi\AppData\Roaming\Spotify\Spotify.exe
D:\Photo Studio 19\Program32\ZPSTray.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Dropbox\Client\QtWebEngineProcess.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\trend micro\skimi.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://oem17win10.msn.com/?pc=NMTE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHeCZkT1zP_DTTyEFf1PG5CbJXVOzO5H7g1HYRYETPQXrrGbLlrMFozX-2kyHtgx49Y2sapI7Z_nLgEYTA1BVtM0WNyWT7GwNbffXCkDqbltfbzyEd2PKNa072tLa_UqVBBUg4gVqlHu1xIvJkcQTzUDzhn6B0cS53qdS5Z1dnjk&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHeCZkT1zP_DTTyEFf1PG5CbJXVOzO5H7g1HYRYETPQXrrGbLlrMFozX-2kyHtgx49Y2sapI7Z_nLgEYTA1BVtM0WNyWT7GwNbffXCkDqbltfbzyEd2PKNa072tLa_UqVBBUg4gVqlHu1xIvJkcQTzUDzhn6B0cS53qdS5Z1dnjk&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHeCZkT1zP_DTTyEFf1PG5CbJXVOzO5H7g1HYRYETPQXrrGbLlrMFozX-2kyHtgx49Y2sapI7Z_nLgEYTA1BVtM0WNyWT7GwNbffXCkDqbltfbzyEd2PKNa072tLa_UqVBBUg4gVqlHu1xIvJkcQTzUDzhn6B0cS53qdS5Z1dnjk&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHeCZkT1zP_DTTyEFf1PG5CbJXVOzO5H7g1HYRYETPQXrrGbLlrMFozX-2kyHtgx49Y2sapI7Z_nLgEUfx3u9O21jKyay9Wykh-uLsGEiOh2HArhdIbrzf8vnLeO8Ix1o4bSJk0OxDp9iup-vosJJ4KpLX9iU9wlkvio0taSwY7F
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHeCZkT1zP_DTTyEFf1PG5CbJXVOzO5H7g1HYRYETPQXrrGbLlrMFozX-2kyHtgx49Y2sapI7Z_nLgEYTA1BVtM0WNyWT7GwNbffXCkDqbltfbzyEd2PKNa072tLa_UqVBBUg4gVqlHu1xIvJkcQTzUDzhn6B0cS53qdS5Z1dnjk&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: YoutubeAdBlock - {0A11C8B7-2333-42A8-8DB1-9A7A91832C55} - C:\Program Files (x86)\yXYMSblVdIE\kR8Y6u1X.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Users\skimi\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [EpicGamesLauncher] "D:\Games\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent
O4 - HKCU\..\Run: [Spotify] C:\Users\skimi\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [Discord] C:\Users\skimi\AppData\Local\Discord\app-0.0.305\Discord.exe
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] "D:\Photo Studio 19\Program32\ZPSTRAY.EXE"
O4 - HKCU\..\Run: [wlorgs] rundll32.exe "C:\Users\skimi\AppData\Local\wlorgs.dll",wlorgs
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Startup: MSI Afterburner.lnk = D:\Games\MSI Afterburner\MSIAfterburner.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\System32\DriverStore\FileRepository\iigd_base.inf_amd64_8fd9cf0398a5f9ee\IntelCpHeciSvc.exe
O23 - Service: Intel(R) Content Protection HDCP Service (cplspcon) - Intel Corporation - C:\Windows\System32\DriverStore\FileRepository\iigd_base.inf_amd64_8fd9cf0398a5f9ee\IntelCpHDCPSvc.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Unknown owner - C:\Windows\System32\DbxSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\elevation_service.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @oem3.inf,%iaStorAfsWindowsService.Name%;Intel(R) Optane(TM) Memory Service (iaStorAfsService) - Unknown owner - C:\Windows\System32\iaStorAfsService.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @oem41.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\Windows\system32\ibtsiva (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Intel Corporation - C:\Windows\System32\DriverStore\FileRepository\cui_comp.inf_amd64_209bd95d56b1ac2d\igfxCUIService.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe
O23 - Service: Intel(R) TPM Provisioning Service - Intel(R) Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Micro Star SCM - Micro-Star International Co., Ltd. - C:\Windows\SysWOW64\MSIService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @oem30.inf,%SERVICE_DESCRIPTION%;Nahimic service (NahimicService) - Unknown owner - C:\Windows\System32\NahimicService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTEzYjdhYm - Unknown owner - C:\Program Files\NTEzYjdhYm\OWU3ZGFjMDNkN2.exe
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: NzE4NzU5ODM4 - Unknown owner - rundll32.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: Origin Web Helper Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginWebHelperService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RstMwService - Intel Corporation - C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_f69aac6d52d276b0\RstMwService.exe
O23 - Service: Realtek Audio Universal Service (RtkAudioUniversalService) - Unknown owner - C:\Windows\System32\RtkAudUService64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @oem57.inf,%SynTPEnhService.SVCDESC%;SynTPEnhService (SynTPEnhService) - Unknown owner - C:\Windows\System32\SynTPEnhService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\Windows\system32\xbgmsvc.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 15373 bytes

======Listing Processes======









C:\Windows\system32\lsass.exe
winlogon.exe
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
C:\Windows\system32\svchost.exe -k DcomLaunch -p
"fontdrvhost.exe"
"fontdrvhost.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-22d1f885-2b08-44c0-9197-3bccb3499a29 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-01d0bdff-0697-413a-ad1a-72c71fb155aa -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-27164ce3-7710-4f43-813b-5dd959e76356 -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-5a9d636d-6e00-426c-9708-0f178cc0b62d -LifetimeId:e61eb7bc-e80f-4177-b3ec-1cdc24350d55 -DeviceGroupId:WudfDefaultDevicePool
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
"dwm.exe"
c:\windows\system32\svchost.exe -k netsvcs -p -s gpsvc
c:\windows\system32\svchost.exe -k localservice -p -s bthserv
c:\windows\system32\svchost.exe -k localservice -p -s BthAvctpSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NgcSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
C:\Windows\System32\DriverStore\FileRepository\cui_comp.inf_amd64_209bd95d56b1ac2d\igfxCUIService.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localservice -p -s nsi
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s BTAGService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k appmodel -p -s camsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
c:\windows\system32\syntpenhservice.exe
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
dashost.exe {df5d65e5-c3d5-43b6-af726d25e1f6ce04}
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
c:\windows\system32\svchost.exe -k localservice -p -s PhoneSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\Windows\System32\spoolsv.exe

c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s NgcCtnrSvc
C:\Windows\system32\WLANExt.exe 1841981546832
\??\C:\Windows\system32\conhost.exe 0x4
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
c:\windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
C:\Windows\System32\svchost.exe -k utcsvc -p
c:\windows\system32\svchost.exe -k netsvcs -s CertPropSvc
c:\windows\system32\svchost.exe -k networkservice -p -s TapiSrv
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
"C:\Windows\SysWOW64\MSIService.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
C:\Windows\System32\DbxSvc.exe
"C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll"
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
"C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r
rundll32.exe C:\Windows\ksohlbecbkdjherthcx.ksqh weiFmbaLs
"C:\Windows\System32\RtkAudUService64.exe"
C:\Windows\system32\ibtsiva
"C:\Windows\System32\NahimicService.exe"
"C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe"
C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_f69aac6d52d276b0\RstMwService.exe
C:\Windows\System32\DriverStore\FileRepository\iigd_base.inf_amd64_8fd9cf0398a5f9ee\IntelCpHDCPSvc.exe
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
"C:\Program Files (x86)\Origin\OriginWebHelperService.exe"
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
rundll32.exe C:\Windows\ksohlbecbkdjherthcx.ksqh weiFmbaLs
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
C:\Windows\System32\DriverStore\FileRepository\iigd_base.inf_amd64_8fd9cf0398a5f9ee\IntelCpHeciSvc.exe
c:\windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -f "C:\ProgramData\NVIDIA\DisplaySessionContainer%d.log" -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\Session" -r -l 3 -p 30000 -c
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s lmhosts
"C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -f "C:\ProgramData\NVIDIA\NvContainerUser%dSPUser.log" -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\SPUser" -r -l 3 -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll" -c
"C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -f "C:\ProgramData\NVIDIA\NvContainerUser%d.log" -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\User" -r -l 3 -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll" -c
sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
C:/Users/skimi/Downloads/adwcleaner_7.3.exe /r
"D:\Games\MSI Afterburner\MSIAfterburner.exe" /s
"D:\Games\RivaTuner Statistics Server\RTSS.exe" /s
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
"ctfmon.exe"
"C:\Users\skimi\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe"
\??\C:\Windows\system32\conhost.exe 0x4
"C:\Windows\System32\DriverStore\FileRepository\cui_comp.inf_amd64_209bd95d56b1ac2d\igfxEM.exe"
explorer.exe
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\.\NahimicSvc64.exe /start all
C:\Windows\System32\..\SysWOW64\NahimicSvc32.exe /start all
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\smartscreen.exe -Embedding
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\system32\SettingSyncHost.exe -Embedding
"C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe" index.js
\??\C:\Windows\system32\conhost.exe 0x4
"c:\windows\system32\SynTPEnh.exe"
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
"C:\WINDOWS\SYSTEM32\SYNTPHELPER.EXE"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
"C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler64.exe"
"D:\Games\RivaTuner Statistics Server\EncoderServer.exe" /i
"D:\Games\RivaTuner Statistics Server\RTSSHooksLoader64.exe" /i
"C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Video.UI.exe" -ServerName:Microsoft.ZuneVideo.AppX758ya5sqdjd98rx6z7g95nw6jy7bqx9y.mca
c:\windows\system32\svchost.exe -k unistacksvcgroup
"C:\Program Files\Windows Defender\MSASCuiL.exe"
"C:\Windows\System32\RtkAudUService64.exe" -background
"C:\Windows\System32\TiltWheelMouse.exe"
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\System32\winlogui.exe" -o mine.xmrpool.net:80 -u 8AW8EXfdqiT8EmjCBFWh2shwW3sC98KCEFUoNK9G6t6pJL1HkFkMJmifxXrkGS8eJ29o8k7DQPqDq5M6rCu3esd8FWL7jjt -p x
"C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll"
"C:\Program Files\WinZip\WzPreloader.exe"
"C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -d "C:\Program Files\NVIDIA Corporation\NvStreamSrv\SsauPlugins" -f "C:\ProgramData\NVIDIA Corporation\nvstreamsvc\NvcSSAU.log" -l 4 -r -c
"C:\Users\skimi\AppData\Roaming\Spotify\Spotify.exe" --autostart --minimized
"C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
C:\Users\skimi\AppData\Roaming\Spotify\Spotify.exe --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\skimi\AppData\Local\Spotify\User Data\Crashpad" "--metrics-dir=C:\Users\skimi\AppData\Local\Spotify\User Data" --url=https://crashdump.spotify.com:443/ --annotation=platform=win32 --annotation=product=spotify --annotation=version=1.1.4.197 --initial-client-data=0x5c8,0x5d0,0x598,0x5cc,0x5d4,0x634fbf60,0x634fbf70,0x634fbf7c
"C:\Users\skimi\AppData\Roaming\Spotify\Spotify.exe" --type=gpu-process --field-trial-handle=1968,11601174646352357697,912796331774885616,131072 --disable-features=ExtendedMouseButtons --disable-d3d11 --log-file="C:\Users\skimi\AppData\Roaming\Spotify\debug.log" --log-severity=disable --product-version=Spotify/1.1.4.197 --lang=en-US --gpu-preferences=KAAAAAAAAACAAwCAAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --log-file="C:\Users\skimi\AppData\Roaming\Spotify\debug.log" --log-severity=disable --product-version=Spotify/1.1.4.197 --lang=en-US --service-request-channel-token=7637589520100343533 --mojo-platform-channel-handle=2044 --ignored=" --type=renderer " /prefetch:2
"C:\Users\skimi\AppData\Roaming\Spotify\Spotify.exe" --type=renderer --field-trial-handle=1968,11601174646352357697,912796331774885616,131072 --disable-features=ExtendedMouseButtons --service-pipe-token=5221448630617680060 --lang=en-US --log-file="C:\Users\skimi\AppData\Roaming\Spotify\debug.log" --log-severity=disable --product-version=Spotify/1.1.4.197 --disable-spell-checking --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=5221448630617680060 --renderer-client-id=3 --mojo-platform-channel-handle=3132 /prefetch:1
"C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
"D:\Photo Studio 19\Program32\ZPSTray.exe"
"C:\Windows\System32\rundll32.exe" "C:\Users\skimi\AppData\Local\wlorgs.dll",wlorgs
"C:\Windows\System32\rundll32.exe" "C:\Users\skimi\AppData\Local\wlorgs.dll",wlorgs
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" -type:crashpad-handler --no-upload-gzip --no-rate-limit --capture-python --no-identify-client-via-url --database=C:\Users\skimi\AppData\Local\Dropbox\Crashpad --metrics-dir=0 --url=https://d.dropbox.com/report_crashpad_minidump --https-pin=0x23,0xf2,0xed,0xff,0x3e,0xde,0x90,0x25,0x9a,0x9e,0x30,0xf4,0xa,0xf8,0xf9,0x12,0xa5,0xe5,0xb3,0x69,0x4e,0x69,0x38,0x44,0x3,0x41,0xf6,0x6,0xe,0x1,0x4f,0xfa --https-pin=0xaf,0xf9,0x88,0x90,0x6d,0xde,0x12,0x95,0x5d,0x9b,0xeb,0xbf,0x92,0x8f,0xdc,0xc3,0x1c,0xce,0x32,0x8d,0x5b,0x93,0x84,0xf2,0x1c,0x89,0x41,0xca,0x26,0xe2,0x3,0x91 --https-pin=0x5a,0x88,0x96,0x47,0x22,0xe,0x54,0xd6,0xbd,0x8a,0x16,0x81,0x72,0x24,0x52,0xb,0xb5,0xc7,0x8e,0x58,0x98,0x4b,0xd5,0x70,0x50,0x63,0x88,0xb9,0xde,0xf,0x7,0x5f --https-pin=0xfe,0xa2,0xb7,0xd6,0x45,0xfb,0xa7,0x3d,0x75,0x3c,0x1e,0xc9,0xa7,0x87,0xc,0x40,0xe1,0xf7,0xb0,0xc5,0x61,0xe9,0x27,0xb9,0x85,0xbf,0x71,0x18,0x66,0xe3,0x6f,0x22 --https-pin=0x76,0xee,0x85,0x90,0x37,0x4c,0x71,0x54,0x37,0xbb,0xca,0x6b,0xba,0x60,0x28,0xea,0xdd,0xe2,0xdc,0x6d,0xbb,0xb8,0xc3,0xf6,0x10,0xe8,0x51,0xf1,0x1d,0x1a,0xb7,0xf5 --https-pin=0x6d,0xbf,0xae,0x0,0xd3,0x7b,0x9c,0xd7,0x3f,0x8f,0xb4,0x7d,0xe6,0x59,0x17,0xaf,0x0,0xe0,0xdd,0xdf,0x42,0xdb,0xce,0xac,0x20,0xc1,0x7c,0x2,0x75,0xee,0x20,0x95 --https-pin=0x1e,0xa3,0xc5,0xe4,0x3e,0xd6,0x6c,0x2d,0xa2,0x98,0x3a,0x42,0xa4,0xa7,0x9b,0x1e,0x90,0x67,0x86,0xce,0x9f,0x1b,0x58,0x62,0x14,0x19,0xa0,0x4,0x63,0xa8,0x7d,0x38 --https-pin=0x87,0xaf,0x34,0xd6,0x6f,0xb3,0xf2,0xfd,0xf3,0x6e,0x9,0x11,0x1e,0x9a,0xba,0x2f,0x6f,0x44,0xb2,0x7,0xf3,0x86,0x3f,0x3d,0xb,0x54,0xb2,0x50,0x23,0x90,0x9a,0xa5 --https-pin=0xbc,0xfb,0x44,0xaa,0xb9,0xad,0x2,0x10,0x15,0x70,0x6b,0x41,0x21,0xea,0x76,0x1c,0x81,0xc9,0xe8,0x89,0x67,0x59,0xf,0x6f,0x94,0xae,0x74,0x4d,0xc8,0x8b,0x78,0xfb --https-pin=0xab,0x98,0x49,0x52,0x76,0xad,0xf1,0xec,0xaf,0xf2,0x8f,0x35,0xc5,0x30,0x48,0x78,0x1e,0x5c,0x17,0x18,0xda,0xb9,0xc8,0xe6,0x7a,0x50,0x4f,0x4f,0x6a,0x51,0x32,0x8f --https-pin=0x49,0x5,0x46,0x66,0x23,0xab,0x41,0x78,0xbe,0x92,0xac,0x5c,0xbd,0x65,0x84,0xf7,0xa1,0xe1,0x7f,0x27,0x65,0x2d,0x5a,0x85,0xaf,0x89,0x50,0x4e,0xa2,0x39,0xaa,0xaa --https-pin=0x56,0x32,0xd9,0x7b,0xfa,0x77,0x5b,0xf3,0xc9,0x9d,0xde,0xa5,0x2f,0xc2,0x55,0x34,0x10,0x86,0x40,0x16,0x72,0x9c,0x52,0xdd,0x65,0x24,0xc8,0xa9,0xc3,0xb4,0x48,0x9f --https-pin=0x2a,0x8f,0x2d,0x8a,0xf0,0xeb,0x12,0x38,0x98,0xf7,0x4c,0x86,0x6a,0xc3,0xfa,0x66,0x90,0x54,0xe2,0x3c,0x17,0xbc,0x7a,0x95,0xbd,0x2,0x34,0x19,0x2d,0xc6,0x35,0xd0 --https-pin=0x32,0xb6,0x4b,0x66,0x72,0x7a,0x20,0x63,0xe4,0x6,0x6f,0x3b,0x95,0x8c,0xb0,0xaa,0xee,0x57,0x6a,0x5e,0xce,0xfd,0x95,0x33,0x99,0xbb,0x88,0x74,0x73,0x1d,0x95,0x87 --https-pin=0xf5,0x3c,0x22,0x5,0x98,0x17,0xdd,0x96,0xf4,0x0,0x65,0x16,0x39,0xd2,0xf8,0x57,0xe2,0x10,0x70,0xa5,0x9a,0xbe,0xd9,0x7,0x94,0x0,0xd9,0xf6,0x95,0x50,0x69,0x0 --https-pin=0x67,0xdc,0x4f,0x32,0xfa,0x10,0xe7,0xd0,0x1a,0x79,0xa0,0x73,0xaa,0xc,0x9e,0x2,0x12,0xec,0x2f,0xfc,0x3d,0x77,0x9e,0xa,0xa7,0xf9,0xc0,0xf0,0xe1,0xc2,0xc8,0x93 --https-pin=0x19,0x6,0xc6,0x12,0x4d,0xbb,0x43,0x85,0x78,0xd0,0xe,0x6,0x6d,0x50,0x54,0xc6,0xc3,0x7f,0xf,0xa6,0x2,0x8c,0x5,0x54,0x5e,0x9,0x94,0xed,0xda,0xec,0x86,0x29 --https-pin=0x1d,0x75,0xd0,0x83,0x1b,0x9e,0x8,0x85,0x39,0x4d,0x32,0xc7,0xa1,0xbf,0xdb,0x3d,0xbc,0x1c,0x28,0xe2,0xb0,0xe8,0x39,0x1f,0xb1,0x35,0x98,0x1d,0xbc,0x5b,0xa9,0x36 --annotation=machine_id=af926228-9d5a-4a34-ab40-3fafdce0cc8c --annotation=platform=win "--annotation=platform_version=10 1803" --initial-client-data=0x240,0x244,0x248,0x23c,0x24c,0x5d33ddb4,0x5d33ddc4,0x5d33ddd4
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" -type:exit-monitor -method:collectupload -session-token:35ce7414-8842-48fb-980e-aade6a350fd7 -target-handle:572 -target-shutdown-event:544 -target-restart-event:588 "-target-command-line:\"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe\" /systemstartup" -python-version:3.6.7 -handler-pipe:\\.\pipe\crashpad_14092_QLBWIZQVOZJCREKO
"C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe"
"C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe"
"C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe" --type=gpu-process --disable-features=AsyncWheelEvents,SurfaceSynchronization --no-sandbox --log-file="C:\Users\skimi\AppData\Local\NVIDIA Corporation\NVIDIA Share\debug.log" --lang=en-US --gpu-preferences=KAAAAAAAAACAAwCAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --log-file="C:\Users\skimi\AppData\Local\NVIDIA Corporation\NVIDIA Share\debug.log" --lang=en-US --service-request-channel-token=105C3C4FD6AEB071F58DB01A9B51A70F --mojo-platform-channel-handle=1512 /prefetch:2
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe" --type=renderer --no-sandbox --disable-features=AsyncWheelEvents,SurfaceSynchronization --service-pipe-token=A231B26E400364CF07171BF3395605CF --lang=en-US --log-file="C:\Users\skimi\AppData\Local\NVIDIA Corporation\NVIDIA Share\debug.log" --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=A231B26E400364CF07171BF3395605CF --renderer-client-id=3 --mojo-platform-channel-handle=1936 /prefetch:1
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
c:\windows\system32\svchost.exe -k netsvcs -p -s BITS
"C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe"
"C:\Program Files (x86)\Dropbox\Client\QtWebEngineProcess.exe" --type=renderer --disable-accelerated-video-decode --disable-gpu-memory-buffer-video-frames --disable-shared-workers --enable-threaded-compositing --no-sandbox --disable-webrtc-hw-encoding --disable-databases --primordial-pipe-token=44816BCD1C3101DBD1F096FCB9D6FC96 --lang=cs --dropbox-schemes=dbx-local --dropbox-cors --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-gpu-compositing --service-request-channel-token=44816BCD1C3101DBD1F096FCB9D6FC96 --renderer-client-id=2 --mojo-platform-channel-handle=5928 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "https://blog.malwarebytes.com/detection ... source=adw"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\skimi\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\skimi\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\skimi\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=73.0.3683.103 --initial-client-data=0x1c8,0x1cc,0x1d0,0x1c4,0x1d4,0x7ff906d46830,0x7ff906d46840,0x7ff906d46850
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=12000 --on-initialized-event-handle=660 --parent-handle=664 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1728,13707088774532166736,562988200454698553,131072 --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=17978577826588726541 --mojo-platform-channel-handle=1784 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1728,13707088774532166736,562988200454698553,131072 --lang=cs --service-sandbox-type=network --service-request-channel-token=12808256805217318458 --mojo-platform-channel-handle=2060 /prefetch:8
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1728,13707088774532166736,562988200454698553,131072 --service-pipe-token=18015606933091672307 --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=18015606933091672307 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2792 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1728,13707088774532166736,562988200454698553,131072 --service-pipe-token=16497636407776855217 --lang=cs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=16497636407776855217 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1728,13707088774532166736,562988200454698553,131072 --service-pipe-token=12094070094467020207 --lang=cs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=12094070094467020207 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3804 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1728,13707088774532166736,562988200454698553,131072 --service-pipe-token=15150039739894271722 --lang=cs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=15150039739894271722 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3764 /prefetch:1
"C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_1.16.1012.0_x64__8wekyb3d8bbwe\GameBar.exe" -ServerName:App.AppXbdkk0yrkwpcgeaem8zk81k8py1eaahny.mca
c:\windows\system32\svchost.exe -k bcastdvruserservice -s BcastDVRUserService
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1728,13707088774532166736,562988200454698553,131072 --service-pipe-token=13246259112382641713 --lang=cs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=13246259112382641713 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files\rempl\sedsvc.exe"

c:\windows\system32\svchost.exe -k netsvcs -p
"C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe"
"C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1728,13707088774532166736,562988200454698553,131072 --service-pipe-token=5518187212833693380 --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=5518187212833693380 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
wmiadap.exe /F /T /R
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1728,13707088774532166736,562988200454698553,131072 --service-pipe-token=9464892854457914967 --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=9464892854457914967 --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4296 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1728,13707088774532166736,562988200454698553,131072 --service-pipe-token=12415905125835896799 --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=12415905125835896799 --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2688 /prefetch:1
"C:\Users\skimi\Downloads\RSITx64.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s WdiSystemHost

======Scheduled tasks folder======

C:\Windows\tasks\CreateExplorerShellUnelevatedTask.job - C:\Windows\explorer.exe /NOUACCHECK
C:\Windows\tasks\DropboxUpdateTaskMachineCore.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
C:\Windows\tasks\DropboxUpdateTaskMachineUA.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\{KUHO45BP-ZJ6Y-160L-VGAE-EGO3B2JGI577}.job - explorer "http://eroiuka.com/cl/?guid=57rqsuafco2 ... =11_1415_0"

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0A11C8B7-2333-42A8-8DB1-9A7A91832C55}]
YoutubeAdBlock - C:\Program Files (x86)\yXYMSblVdIE\tUTjaEq.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0A11C8B7-2333-42A8-8DB1-9A7A91832C55}]
YoutubeAdBlock - C:\Program Files (x86)\yXYMSblVdIE\kR8Y6u1X.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssv.dll [2019-04-23 480120]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-04-23 194424]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\Program Files\Windows Defender\MSASCuiL.exe [2019-02-10 193024]
"RtkAudUService"=C:\Windows\System32\RtkAudUService64.exe [2018-08-11 771528]
"IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2018-05-30 79360]
"MouseDriver"=C:\Windows\system32\TiltWheelMouse.exe [2012-12-19 241152]
"winlogui"=C:\Windows\system32\winlogui.exe [2019-02-28 1803776]
"WinZip UN"=C:\Program Files\WinZip\WZUpdateNotifier.exe [2018-11-07 2862032]
"WinZip PreLoader"=C:\Program Files\WinZip\WzPreloader.exe [2018-11-07 130624]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite Automount"=C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2018-12-17 731240]
"uTorrent"=C:\Users\skimi\AppData\Roaming\uTorrent\uTorrent.exe [2019-03-22 1998008]
"EpicGamesLauncher"=D:\Games\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [2019-04-13 35193232]
"Spotify"=C:\Users\skimi\AppData\Roaming\Spotify\Spotify.exe [2019-04-09 25901288]
"GoogleDriveSync"=C:\Program Files\Google\Drive\googledrivesync.exe [2019-04-09 46506040]
"Discord"=C:\Users\skimi\AppData\Local\Discord\app-0.0.305\Discord.exe [2019-03-07 81780056]
"Zoner Photo Studio Autoupdate"=D:\Photo Studio 19\Program32\ZPSTRAY.EXE [2019-01-18 604128]
"wlorgs"=C:\Users\skimi\AppData\Local\wlorgs.dll [2019-04-23 15360]
"CCleaner Smart Cleaning"=C:\Program Files\CCleaner\CCleaner64.exe [2019-04-04 22515488]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Dropbox"=C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [2019-04-03 4426560]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2019-04-01 645456]

C:\Users\skimi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MSI Afterburner.lnk - D:\Games\MSI Afterburner\MSIAfterburner.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\epmntdrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EuGdiDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\epmntdrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EuGdiDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"EnableFullTrustStartupTasks"=2
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HideSCAHealth"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.RTV1"=rtvcvfw64.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux3"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux4"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux5"=wdmaud.drv
"wave7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux6"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2019-04-23 20:26:08 ----D---- C:\rsit
2019-04-23 20:26:08 ----D---- C:\Program Files\trend micro
2019-04-23 19:53:16 ----DC---- C:\Users\skimi\AppData\Roaming\java
2019-04-23 19:50:29 ----DC---- C:\Users\skimi\AppData\Roaming\Sun
2019-04-23 19:50:24 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2019-04-23 19:50:06 ----D---- C:\ProgramData\Oracle
2019-04-23 19:50:05 ----D---- C:\Program Files (x86)\Java
2019-04-23 14:52:11 ----D---- C:\AdwCleaner
2019-04-23 14:47:58 ----D---- C:\Program Files\CCleaner
2019-04-23 14:39:15 ----DC---- C:\Users\skimi\AppData\Roaming\Mozilla
2019-04-23 14:39:08 ----D---- C:\ProgramData\{4FF79E46-0162-2ED3-1A1C-50A21AFB09F3}
2019-04-23 14:39:08 ----D---- C:\ProgramData\{46D84F83-D0A7-27FC-DFCD-7FABDF2A26FA}
2019-04-23 14:38:22 ----D---- C:\ProgramData\fb
2019-04-23 14:38:06 ----D---- C:\Program Files\NTEzYjdhYm
2019-04-23 11:24:58 ----DC---- C:\Users\skimi\AppData\Roaming\Dropbox
2019-04-23 11:24:33 ----D---- C:\Program Files (x86)\Dropbox
2019-04-23 11:24:31 ----D---- C:\ProgramData\Dropbox
2019-04-22 10:23:48 ----A---- C:\Windows\uninstaller.dat
2019-04-22 10:23:48 ----A---- C:\Windows\NmVlNDk3MDE.exe
2019-04-13 21:11:16 ----DC---- C:\Users\skimi\AppData\Roaming\CPY_SAVES
2019-04-13 03:37:24 ----A---- C:\Windows\SYSWOW64\vulkaninfo-1-999-0-0-0.exe
2019-04-13 03:37:24 ----A---- C:\Windows\SYSWOW64\vulkaninfo.exe
2019-04-13 03:37:24 ----A---- C:\Windows\SYSWOW64\vulkan-1-999-0-0-0.dll
2019-04-13 03:37:24 ----A---- C:\Windows\SYSWOW64\vulkan-1.dll
2019-04-13 03:37:24 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2019-04-13 03:37:24 ----A---- C:\Windows\SYSWOW64\nvptxJitCompiler.dll
2019-04-13 03:37:24 ----A---- C:\Windows\SYSWOW64\nvofapi.dll
2019-04-13 03:37:24 ----A---- C:\Windows\SYSWOW64\NvIFROpenGL.dll
2019-04-13 03:37:24 ----A---- C:\Windows\SYSWOW64\NvIFR.dll
2019-04-13 03:37:24 ----A---- C:\Windows\SYSWOW64\NvFBC.dll
2019-04-13 03:37:24 ----A---- C:\Windows\SYSWOW64\nvfatbinaryLoader.dll
2019-04-13 03:37:24 ----A---- C:\Windows\SYSWOW64\nvEncodeAPI.dll
2019-04-13 03:37:24 ----A---- C:\Windows\SYSWOW64\nvEncMFThevc.dll
2019-04-13 03:37:24 ----A---- C:\Windows\SYSWOW64\nvEncMFTH264.dll
2019-04-13 03:37:24 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2019-04-13 03:37:24 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2019-04-13 03:37:24 ----A---- C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2019-04-13 03:37:24 ----A---- C:\Windows\system32\vulkaninfo.exe
2019-04-13 03:37:24 ----A---- C:\Windows\system32\vulkan-1-999-0-0-0.dll
2019-04-13 03:37:24 ----A---- C:\Windows\system32\vulkan-1.dll
2019-04-13 03:37:24 ----A---- C:\Windows\system32\OpenCL.dll
2019-04-13 03:37:24 ----A---- C:\Windows\system32\nvptxJitCompiler.dll
2019-04-13 03:37:24 ----A---- C:\Windows\system32\nvofapi64.dll
2019-04-13 03:37:24 ----A---- C:\Windows\system32\nvml.dll
2019-04-13 03:37:24 ----A---- C:\Windows\system32\NvIFROpenGL.dll
2019-04-13 03:37:24 ----A---- C:\Windows\system32\NvIFR64.dll
2019-04-13 03:37:24 ----A---- C:\Windows\system32\nvidia-smi.exe
2019-04-13 03:37:24 ----A---- C:\Windows\system32\NvFBC64.dll
2019-04-13 03:37:24 ----A---- C:\Windows\system32\nvfatbinaryLoader.dll
2019-04-13 03:37:24 ----A---- C:\Windows\system32\nvEncodeAPI64.dll
2019-04-13 03:37:24 ----A---- C:\Windows\system32\nvEncMFThevc.dll
2019-04-13 03:37:24 ----A---- C:\Windows\system32\nvEncMFTH264.dll
2019-04-13 03:37:24 ----A---- C:\Windows\system32\nvdebugdump.exe
2019-04-13 03:37:24 ----A---- C:\Windows\system32\nvcuvid.dll
2019-04-13 03:37:24 ----A---- C:\Windows\system32\nvcuda.dll
2019-04-13 03:37:23 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2019-04-13 03:37:23 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2019-04-13 03:37:23 ----A---- C:\Windows\system32\nvcompiler.dll
2019-04-13 03:37:23 ----A---- C:\Windows\system32\MCU.exe
2019-04-13 03:04:19 ----D---- C:\Windows\LastGood.Tmp
2019-04-05 02:45:11 ----DC---- C:\Users\skimi\AppData\Roaming\SpaceEngineers
2019-04-04 11:48:30 ----D---- C:\ProgramData\WinZip
2019-04-04 11:48:26 ----D---- C:\Program Files\WinZip
2019-04-04 11:47:09 ----D---- C:\ProgramData\UniqueId
2019-04-03 22:59:32 ----A---- C:\Windows\system32\drivers\dbx-stable.sys
2019-04-03 22:59:32 ----A---- C:\Windows\system32\drivers\dbx-dev.sys
2019-04-03 22:59:32 ----A---- C:\Windows\system32\drivers\dbx-canary.sys
2019-04-03 22:59:32 ----A---- C:\Windows\system32\DbxSvc.exe
2019-04-01 12:16:25 ----DC---- C:\Users\skimi\AppData\Roaming\HelloGames
2019-03-28 10:37:10 ----D---- C:\ProgramData\Steam
2019-03-26 13:04:07 ----A---- C:\Windows\system32\drivers\vmdrv.sys

======List of files/folders modified in the last 1 month======

2019-04-23 20:26:08 ----RD---- C:\Program Files
2019-04-23 20:23:19 ----D---- C:\Windows\Temp
2019-04-23 20:22:43 ----D---- C:\ProgramData\NVIDIA
2019-04-23 20:21:06 ----DC---- C:\Users\skimi\AppData\Roaming\Spotify
2019-04-23 20:21:02 ----D---- C:\Windows\Prefetch
2019-04-23 20:20:55 ----D---- C:\Windows\system32\Tasks
2019-04-23 20:20:00 ----D---- C:\Windows\system32\sru
2019-04-23 20:19:58 ----DC---- C:\Users\skimi\AppData\Roaming\Twitch
2019-04-23 20:19:56 ----RD---- C:\Program Files (x86)
2019-04-23 20:19:56 ----HD---- C:\ProgramData
2019-04-23 20:08:42 ----DC---- C:\Users\skimi\AppData\Roaming\.minecraft
2019-04-23 20:08:19 ----SHD---- C:\Windows\Installer
2019-04-23 19:50:32 ----D---- C:\Program Files (x86)\Common Files
2019-04-23 19:50:24 ----D---- C:\Windows\SysWOW64
2019-04-23 19:04:38 ----D---- C:\Windows\system32\SleepStudy
2019-04-23 19:04:19 ----RD---- C:\Windows\Microsoft.NET
2019-04-23 15:22:56 ----DC---- C:\Users\skimi\AppData\Roaming\SmartSteamEmu
2019-04-23 15:02:11 ----D---- C:\Program Files (x86)\Steam
2019-04-23 15:01:30 ----D---- C:\Windows\System32
2019-04-23 15:01:30 ----D---- C:\Windows\INF
2019-04-23 15:01:30 ----A---- C:\Windows\system32\PerfStringBackup.INI
2019-04-23 14:55:05 ----SHD---- C:\System Volume Information
2019-04-23 14:54:05 ----D---- C:\Windows\system32\LogFiles
2019-04-23 14:52:49 ----D---- C:\Windows\system32\catroot2
2019-04-23 14:52:47 ----D---- C:\Windows\Tasks
2019-04-23 14:51:53 ----DC---- C:\Users\skimi\AppData\Roaming\uTorrent
2019-04-23 14:49:10 ----D---- C:\Windows\SoftwareDistribution
2019-04-23 14:49:10 ----D---- C:\Windows\Panther
2019-04-23 14:49:10 ----D---- C:\Windows\debug
2019-04-23 14:49:10 ----D---- C:\Windows
2019-04-23 14:39:27 ----D---- C:\Windows\system32\GroupPolicy
2019-04-23 14:38:26 ----SDC---- C:\Users\skimi\AppData\Roaming\Microsoft
2019-04-23 14:38:08 ----D---- C:\Windows\system32\drivers
2019-04-23 13:02:50 ----DC---- C:\Users\skimi\AppData\Roaming\Discord
2019-04-23 13:01:44 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2019-04-22 03:59:40 ----D---- C:\Windows\Logs
2019-04-13 13:02:26 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2019-04-13 03:39:45 ----D---- C:\Windows\system32\DriverStore
2019-04-13 03:38:14 ----D---- C:\Windows\system32\drivers\NVIDIA Corporation
2019-04-13 03:04:40 ----D---- C:\ProgramData\NVIDIA Corporation
2019-04-13 03:04:27 ----D---- C:\Program Files\NVIDIA Corporation
2019-04-10 12:40:56 ----A---- C:\Windows\system32\nvapi64.dll
2019-04-10 04:13:03 ----D---- C:\Windows\system32\Macromed
2019-04-10 04:13:02 ----D---- C:\Windows\SYSWOW64\Macromed
2019-04-09 13:43:24 ----A---- C:\Windows\system32\nvsvc64.dll
2019-04-09 13:43:24 ----A---- C:\Windows\system32\nvcpl.dll
2019-04-09 13:43:22 ----A---- C:\Windows\system32\nvsvcr.dll
2019-04-09 13:43:22 ----A---- C:\Windows\system32\nvshext.dll
2019-04-09 13:43:22 ----A---- C:\Windows\system32\nvmctray.dll
2019-04-09 13:43:22 ----A---- C:\Windows\system32\nv3dappshextr.dll
2019-04-09 13:43:22 ----A---- C:\Windows\system32\nv3dappshext.dll
2019-04-05 19:12:31 ----SD---- C:\Windows\system32\Microsoft
2019-04-05 18:50:04 ----D---- C:\Windows\AppReadiness
2019-04-04 11:31:14 ----D---- C:\Windows\system32\NDF
2019-04-02 19:00:36 ----A---- C:\Windows\system32\nvspcap64.dll
2019-04-02 19:00:35 ----A---- C:\Windows\SYSWOW64\nvspcap.dll
2019-04-02 19:00:33 ----A---- C:\Windows\system32\NvRtmpStreamer64.dll
2019-04-02 17:25:46 ----A---- C:\Windows\NvTelemetryContainerRecovery.bat
2019-03-30 11:37:17 ----A---- C:\Windows\NvContainerRecovery.bat
2019-03-28 19:55:47 ----D---- C:\ProgramData\Package Cache
2019-03-25 10:40:48 ----D---- C:\Windows\system32\WDI
2019-03-25 09:46:11 ----D---- C:\Windows\Minidump
2019-03-25 09:36:32 ----A---- C:\Windows\system32\winscomrssrv.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 EPMVolFlt;EPMVolFlt; C:\Windows\System32\drivers\EPMVolFlt.sys [2018-10-18 30416]
R0 iaStorAC;@oem3.inf,%iaStorAC.DeviceDesc%;Intel(R) Chipset SATA/PCIe RST Premium Controller; C:\Windows\System32\drivers\iaStorAC.sys [2018-05-28 967696]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\Windows\system32\drivers\iorate.sys [2018-12-08 58168]
R0 SgrmAgent;@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001; C:\Windows\system32\drivers\SgrmAgent.sys [2018-04-12 63896]
R1 afunix;afunix; C:\Windows\system32\drivers\afunix.sys [2018-04-12 39424]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\Windows\system32\drivers\bam.sys [2018-04-12 60320]
R1 ccSet_NGC;NGC Settings Manager; C:\Windows\System32\drivers\NGCx64\1610030.015\ccSetx64.sys [2018-12-12 189152]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2018-12-30 515792]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\Windows\system32\drivers\filecrypt.sys [2018-04-12 55808]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\Windows\System32\drivers\gpuenergydrv.sys [2018-04-12 8192]
R2 CldFlt;Windows Cloud Files Filter Driver; C:\Windows\system32\drivers\cldflt.sys [2018-07-14 414720]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\Windows\system32\drivers\mmcss.sys [2018-12-08 43008]
R3 BthA2DP;@wdma_bt.inf,%BthA2DP.SvcDesc%;Bluetooth stereo; C:\Windows\system32\drivers\BthA2DP.sys [2018-11-09 200704]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\Windows\System32\drivers\BthEnum.sys [2018-12-08 106496]
R3 BthHFAud;@wdma_bt.inf,%DISPLAY_NAME%;Bluetooth Hands-Free; C:\Windows\System32\drivers\BthHfAud.sys [2018-04-12 48640]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\Windows\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [2018-04-12 86528]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\Windows\System32\drivers\bthpan.sys [2018-04-12 129536]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\drivers\BTHUSB.sys [2018-04-12 85504]
R3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\Windows\System32\drivers\CAD.sys [2018-04-12 60320]
R3 dtlitescsibus;@oem48.inf,%DTLITESCSIBUS.DeviceDesc%;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\System32\drivers\dtlitescsibus.sys [2018-12-31 30264]
R3 dtliteusbbus;@oem49.inf,%DTLITEUSBBUS.DeviceDesc%;DAEMON Tools Lite Virtual USB Bus; C:\Windows\System32\drivers\dtliteusbbus.sys [2018-12-31 47672]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2019-02-02 153296]
R3 ibtusb;@oem41.inf,%ibtusb.SVCDESC_IBT%;Intel(R) Wireless Bluetooth(R); C:\Windows\system32\DRIVERS\ibtusb.sys [2018-05-15 136728]
R3 igfx;igfx; C:\Windows\System32\DriverStore\FileRepository\iigd_base.inf_amd64_8fd9cf0398a5f9ee\igdkmd64.sys [2018-08-11 13186544]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2018-08-11 6330824]
R3 IntcDAud;@oem14.inf,%IntcAud.SvcDesc%;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2018-08-11 633320]
R3 L1C;@oem31.inf,%L1C.Service.DispName%;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller; C:\Windows\System32\drivers\L1C63x64.sys [2018-06-07 170672]
R3 MEIx64;@oem32.inf,%TEE_SvcDesc%;Intel(R) Management Engine Interface ; C:\Windows\System32\drivers\TeeDriverW8x64.sys [2018-06-07 228992]
R3 Microsoft_Bluetooth_AvrcpTransport;@microsoft_bluetooth_avrcptransport.inf,%Microsoft_Bluetooth_AvrcpTransport.ServiceDescription%;Ovladač přenosů Avrcp protokolu Microsoft Bluetooth; C:\Windows\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [2018-04-12 46592]
R3 Netwtw06;___ Intel(R) Wireless Adapter Driver for Windows 10 - 64 Bit; C:\Windows\System32\drivers\Netwtw06.sys [2018-05-14 8810336]
R3 nvlddmkm;nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvmii.inf_amd64_32a13b27440a4d2c\nvlddmkm.sys [2019-04-10 20747520]
R3 NvStreamKms;NVIDIA KMS; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2019-03-28 30336]
R3 nvvad_WaveExtensible;@oem65.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2019-03-19 69840]
R3 nvvhci;@oem61.inf,%ServiceDesc%;NVVHCI Enumerator Service; C:\Windows\System32\drivers\nvvhci.sys [2018-10-03 66792]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\System32\drivers\rfcomm.sys [2018-04-12 193536]
R3 RTCore64;RTCore64; \??\D:\Games\MSI Afterburner\RTCore64.sys [2017-08-27 14024]
R3 RTSUER;@oem33.inf,%RtsUER%;Realtek USB Card Reader - UER; C:\Windows\system32\Drivers\RtsUer.sys [2018-08-11 424384]
R3 SmbDrvI;SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [2018-08-30 56912]
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\Windows\System32\drivers\bttflt.sys [2018-04-12 38304]
S0 cht4iscsi;cht4iscsi; C:\Windows\System32\drivers\cht4sx64.sys [2018-04-12 321432]
S0 iaStorAVC;@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller; C:\Windows\System32\drivers\iaStorAVC.sys [2018-04-12 885144]
S0 ItSas35i;ItSas35i; C:\Windows\System32\drivers\ItSas35i.sys [2018-04-12 145816]
S0 LSI_SAS2i;LSI_SAS2i; C:\Windows\System32\drivers\lsi_sas2i.sys [2018-04-12 124312]
S0 LSI_SAS3i;LSI_SAS3i; C:\Windows\System32\drivers\lsi_sas3i.sys [2018-04-12 128408]
S0 megasas2i;megasas2i; C:\Windows\System32\drivers\MegaSas2i.sys [2018-04-12 75160]
S0 megasas35i;megasas35i; C:\Windows\System32\drivers\megasas35i.sys [2018-04-12 82328]
S0 percsas2i;percsas2i; C:\Windows\System32\drivers\percsas2i.sys [2018-04-12 58776]
S0 percsas3i;percsas3i; C:\Windows\System32\drivers\percsas3i.sys [2018-04-12 61848]
S0 Ramdisk;Windows RAM Disk Driver; C:\Windows\system32\DRIVERS\ramdisk.sys [2018-04-12 39840]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\Windows\System32\drivers\scmbus.sys [2018-08-03 128920]
S1 BHDrvx64;BHDrvx64; \??\C:\Program Files\Norton Security\NortonData\22.14.1.6\Definitions\BASHDefs\20190206.001\BHDrvx64.sys []
S1 IDSVia64;IDSVia64; \??\C:\Program Files\Norton Security\NortonData\22.14.1.6\Definitions\IPSDefs\20190208.061\IDSvia64.sys []
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\Windows\System32\drivers\AcpiDev.sys [2018-04-12 20480]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\Windows\system32\drivers\applockerfltr.sys [2018-04-12 18432]
S3 bindflt;@%systemroot%\system32\drivers\bindflt.sys,-100; C:\Windows\system32\drivers\bindflt.sys [2018-12-08 92688]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\Windows\System32\drivers\BTHport.sys [2018-12-08 1097728]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\Windows\System32\drivers\buttonconverter.sys [2018-04-12 39936]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\Windows\System32\drivers\capimg.sys [2018-04-12 123392]
S3 dg_ssudbus;@oem51.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2017-05-18 131984]
S3 epmntdrv;epmntdrv; C:\Windows\system32\epmntdrv.sys [2018-10-18 34496]
S3 EuGdiDrv;EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [2018-12-10 14728]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\Windows\System32\drivers\genericusbfn.sys [2018-04-12 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\Windows\System32\drivers\hidinterrupt.sys [2018-04-12 50592]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\Windows\system32\drivers\hvservice.sys [2019-01-01 76088]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\Windows\System32\Drivers\mshwnclx.sys [2018-04-12 27136]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\Windows\System32\drivers\cht4vx64.sys [2018-04-12 1836952]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\Windows\System32\drivers\iagpio.sys [2018-04-12 36864]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\Windows\System32\drivers\iai2c.sys [2018-04-12 91648]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys [2018-04-12 79360]
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2018-04-12 88576]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [2018-04-12 171520]
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\Windows\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2018-04-12 174592]
S3 iaStorAfs;@oem3.inf,%iaStorAfs.DisplayName%;iaStorAfs; C:\Windows\System32\drivers\iaStorAfs.sys [2018-05-28 72720]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\Windows\System32\drivers\ibbus.sys [2018-04-12 526232]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\Windows\System32\drivers\IndirectKmd.sys [2018-04-12 38912]
S3 IPT;IPT; C:\Windows\System32\drivers\ipt.sys [2018-04-12 32256]
S3 irda;IrDA; C:\Windows\system32\drivers\irda.sys [2018-04-12 119808]
S3 KillerEth;@e2xw10x64.inf,%RIVET.Service.DispName%;NDIS Miniport Driver for Killer PCI-E Gigabit Ethernet Controller; C:\Windows\System32\drivers\e2xw10x64.sys [2018-04-12 145920]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\Windows\System32\drivers\mausbhost.sys [2018-04-12 505240]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\Windows\System32\drivers\mausbip.sys [2018-04-12 56736]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\Windows\System32\drivers\mlx4_bus.sys [2018-04-12 842648]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\Windows\System32\drivers\ndfltr.sys [2018-04-12 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\Windows\system32\drivers\NetAdapterCx.sys [2018-04-12 175104]
S3 nvdimm;@nvdimm.inf,%nvdimm.SvcDesc%;Microsoft NVDIMM device driver; C:\Windows\System32\drivers\nvdimm.sys [2018-04-12 104448]
S3 NVSWCFilter;@oem46.inf,%NVSWCFilter.SvcDesc%;NVIDIA SHIELD Wireless Controller Trackpad Service; C:\Windows\System32\drivers\nvswcfilter.sys [2018-08-11 35232]
S3 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\Windows\System32\drivers\pmem.sys [2018-04-12 105984]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\Windows\System32\drivers\pnpmem.sys [2018-04-12 16896]
S3 ReFSv1;ReFSv1; C:\Windows\system32\drivers\ReFSv1.sys [2018-06-15 945568]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\Windows\System32\drivers\rhproxy.sys [2018-04-12 104448]
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\Windows\System32\drivers\SDFRd.sys [2018-04-12 33176]
S3 SmbDrv;SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [2018-08-11 47656]
S4 hvcrash;hvcrash; C:\Windows\System32\drivers\hvcrash.sys [2018-04-12 33184]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\Windows\system32\svchost.exe [2018-04-12 51288]
R2 CDPUserSvc_2a3087;Uživatelská služba platformy připojených zařízení_2a3087; C:\Windows\system32\svchost.exe [2018-04-12 51288]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\Windows\system32\svchost.exe [2018-04-12 51288]
R2 cplspcon;Intel(R) Content Protection HDCP Service; C:\Windows\System32\DriverStore\FileRepository\iigd_base.inf_amd64_8fd9cf0398a5f9ee\IntelCpHDCPSvc.exe [2018-08-11 458216]
R2 DbxSvc;DbxSvc; C:\Windows\System32\DbxSvc.exe [2019-04-03 51024]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\Windows\System32\svchost.exe [2018-04-12 51288]
R2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\Windows\System32\svchost.exe [2018-04-12 51288]
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; C:\Windows\System32\svchost.exe [2018-04-12 51288]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2018-04-17 641632]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2018-05-30 17440]
R2 ibtsiva;@oem41.inf,%SERVICE_NAME%;Intel Bluetooth Service; C:\Windows\system32\ibtsiva []
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\Windows\System32\DriverStore\FileRepository\cui_comp.inf_amd64_209bd95d56b1ac2d\igfxCUIService.exe [2018-08-11 396776]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2018-06-07 218176]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2018-06-07 625728]
R2 Micro Star SCM;Micro Star SCM; C:\Windows\SysWOW64\MSIService.exe [2009-07-10 160768]
R2 NahimicService;@oem30.inf,%SERVICE_DESCRIPTION%;Nahimic service; C:\Windows\System32\NahimicService.exe [2018-08-11 1169376]
R2 NvContainerLocalSystem;NVIDIA LocalSystem Container; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2019-04-02 781680]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2019-04-09 767472]
R2 NvTelemetryContainer;NVIDIA Telemetry Container; C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [2019-04-02 782192]
R2 NzE4NzU5ODM4;NzE4NzU5ODM4; C:\Windows\ksohlbecbkdjherthcx.ksqh [2019-04-23 1843200]
R2 OneSyncSvc_2a3087;Hostitel synchronizace_2a3087; C:\Windows\system32\svchost.exe [2018-04-12 51288]
R2 Origin Web Helper Service;Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2019-02-19 3171144]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2018-04-17 156768]
R2 RstMwService;RstMwService; C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_f69aac6d52d276b0\RstMwService.exe [2018-05-28 1903120]
R2 RtkAudioUniversalService;Realtek Audio Universal Service; C:\Windows\System32\RtkAudUService64.exe [2018-08-11 771528]
R2 sedsvc;Windows Remediation Service; C:\Program Files\rempl\sedsvc.exe [2019-01-11 325432]
R2 SgrmBroker;@%SystemRoot%\System32\SgrmBroker.exe,-100; C:\Windows\system32\SgrmBroker.exe [2018-04-12 163336]
R3 BcastDVRUserService_2a3087;Uživatelská služba pro GameDVR a vysílání her_2a3087; C:\Windows\system32\svchost.exe [2018-04-12 51288]
R3 BTAGService;@%SystemRoot%\system32\BTAGService.dll,-101; C:\Windows\system32\svchost.exe [2018-04-12 51288]
R3 BthAvctpSvc;@%SystemRoot%\system32\BthAvctpSvc.dll,-101; C:\Windows\system32\svchost.exe [2018-04-12 51288]
R3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; C:\Windows\system32\svchost.exe [2018-04-12 51288]
R3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\Windows\System32\svchost.exe [2018-04-12 51288]
R3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\System32\DriverStore\FileRepository\iigd_base.inf_amd64_8fd9cf0398a5f9ee\IntelCpHeciSvc.exe [2018-08-11 489448]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2018-12-17 3644008]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2018-02-15 43648]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\Windows\System32\svchost.exe [2018-04-12 51288]
R3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\Windows\system32\svchost.exe [2018-04-12 51288]
R3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\Windows\system32\svchost.exe [2018-04-12 51288]
R3 NvContainerNetworkService;NVIDIA NetworkService Container; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2019-04-02 781680]
R3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\Windows\system32\svchost.exe [2018-04-12 51288]
R3 PimIndexMaintenanceSvc_2a3087;Data kontaktů_2a3087; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S2 dbupdate;Dropbox Update Service (dbupdate); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2019-04-23 143144]
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-12-31 156968]
S2 Intel(R) TPM Provisioning Service;Intel(R) TPM Provisioning Service; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe [2018-05-16 714952]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\Windows\System32\svchost.exe [2018-04-12 51288]
S2 NTEzYjdhYm;NTEzYjdhYm; C:\Program Files\NTEzYjdhYm\OWU3ZGFjMDNkN2.exe [2019-04-22 1019592]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2019-04-10 335416]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 BcastDVRUserService;@%SystemRoot%\system32\BcastDVRUserService.dll,-100; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 BEService;BattlEye Service; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2019-02-05 7361312]
S3 BluetoothUserService;@%SystemRoot%\system32\Microsoft.Bluetooth.UserService.dll,-101; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 BluetoothUserService_2a3087;Služba pro podporu uživatelů Bluetooth_2a3087; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 dbupdatem;Dropbox Update Service (dbupdatem); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2019-04-23 143144]
S3 DevicePickerUserSvc;@%SystemRoot%\system32\Windows.Devices.Picker.dll,-1006; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 DevicePickerUserSvc_2a3087;DevicePicker_2a3087; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 DevicesFlowUserSvc_2a3087;Tok zařízení_2a3087; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2018-08-03 90624]
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; C:\Windows\System32\svchost.exe [2018-04-12 51288]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\Windows\System32\svchost.exe [2018-04-12 51288]
S3 EasyAntiCheat;EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [2019-03-16 803456]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\Windows\System32\svchost.exe [2018-04-12 51288]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\Windows\System32\svchost.exe [2018-04-12 51288]
S3 GoogleChromeElevationService;Google Chrome Elevation Service; C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\elevation_service.exe [2019-04-04 1268720]
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; C:\Windows\System32\svchost.exe [2018-04-12 51288]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-12-31 156968]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 iaStorAfsService;@oem3.inf,%iaStorAfsWindowsService.Name%;Intel(R) Optane(TM) Memory Service; C:\Windows\System32\iaStorAfsService.exe [2018-05-28 2807824]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; C:\Windows\System32\svchost.exe [2018-04-12 51288]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe [2018-05-16 762056]
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; C:\Windows\System32\svchost.exe [2018-04-12 51288]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 LxpSvc;@%SystemRoot%\system32\LanguageOverlayServer.dll,-100; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 MessagingService_2a3087;Služba zasílání zpráv_2a3087; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2018-04-17 265824]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\Windows\System32\svchost.exe [2018-04-12 51288]
S3 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2019-02-19 2298688]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 PrintWorkflowUserSvc_2a3087;PrintWorkflow_2a3087; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; C:\Windows\System32\svchost.exe [2018-04-12 51288]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\Windows\System32\svchost.exe [2018-04-12 51288]
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\Windows\System32\svchost.exe [2018-04-12 51288]
S3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\Windows\System32\SensorDataService.exe [2018-04-12 1273344]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S3 SharedRealitySvc;@%SystemRoot%\system32\SharedRealitySvc.dll,-100; C:\Windows\system32\svchost.exe [2018-04-12 51288]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\Windows\System32\svchost.exe [2018-04-12 51288]

-----------------EOF-----------------

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118194
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: asi malware

#2 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

skimiwriter
Návštěvník
Návštěvník
Příspěvky: 58
Registrován: 24 bře 2014 13:34

Re: asi malware

#3 Příspěvek od skimiwriter »

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-04-23.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-23-2019
# Duration: 00:00:02
# OS: Windows 10 Home
# Cleaned: 20
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
Deleted C:\Users\skimi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Deleted C:\Users\skimi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

Deleted Hover Zoom

***** [ Chromium URLs ] *****

Deleted WebSearch
Deleted http://www.default-search.net?sid=476&a ... 77&src=hmp
Deleted http://www.default-search.net?sid=476&a ... 77&src=hmp
Deleted http://www.hohosearch.com/?mode=nnnb&pt ... CHQqBHEsB0..
Deleted http://www.hohosearch.com/?mode=nnnb&pt ... CHQqBHEsB0..
Deleted http://www.istartsurf.com/?type=hp&ts=1 ... J9ECA38641
Deleted http://www.mystartsearch.com/?type=hp&t ... J9ECA38641
Deleted http://www.mystartsearch.com/?type=hp&t ... J9ECA38641
Deleted http://www.mystartsearch.com/?type=hp&t ... J9ECA38641
Deleted http://www.mystartsearch.com/?type=hp&t ... J9ECA38641
Deleted http://www.mystartsearch.com/?type=hp&t ... J9ECA38641
Deleted http://www.mystartsearch.com/?type=hp&t ... J9ECA38641
Deleted http://www.mystartsearch.com/?type=hp&t ... J9ECA38641
Deleted http://www.mystartsearch.com/?type=hp&t ... J9ECA38641
Deleted https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHeCZkT1zP_DTTyEFf1PG5CbJXVOzO5H7g1HYRYETPQXrrGbLlrMFozX-2kyHtgx49Y2sapI7Z_nLgEYV0b20v5uZAzAGs8FuvULy45UtZUQG221XKlheBs_QnbYEh2zp6xFTvOaYEajL0dJAMGm_P3VKdotZPmsJH5RfOmy02EK
Deleted https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHeCZkT1zP_DTTyEFf1PG5CbJXVOzO5H7g1HYRYETPQXrrGbLlrMFozX-2kyHtgx49Y2sapI7Z_nLgEYV0b20v5uZAzAGs8FuvULy45UtZUQG221XKlheBs_QnbYEh2zp6xFTvOaYEajL0dJAMGm_P3VKdotZPmsJH5RfOmy02EK

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete IFEO
[+] Delete Tracing Keys
[+] Reset Windows Firewall
[+] Reset Hosts File
[+] Reset IPSec
[+] Reset Chromium Policies
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [8920 octets] - [23/04/2019 14:52:33]
AdwCleaner[C00].txt - [7809 octets] - [23/04/2019 14:52:47]
AdwCleaner[S01].txt - [1711 octets] - [23/04/2019 14:54:38]
AdwCleaner[C01].txt - [1841 octets] - [23/04/2019 14:54:46]
AdwCleaner[S02].txt - [1833 octets] - [23/04/2019 14:56:08]
AdwCleaner[S03].txt - [1894 octets] - [23/04/2019 14:57:25]
AdwCleaner[S04].txt - [6671 octets] - [23/04/2019 20:19:46]
AdwCleaner[C04].txt - [6199 octets] - [23/04/2019 20:19:57]
AdwCleaner[S05].txt - [2077 octets] - [23/04/2019 20:21:46]
AdwCleaner[S06].txt - [4720 octets] - [23/04/2019 21:44:52]
AdwCleaner[S07].txt - [4781 octets] - [23/04/2019 22:53:39]
AdwCleaner[S08].txt - [4842 octets] - [23/04/2019 22:54:22]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C08].txt ##########

skimiwriter
Návštěvník
Návštěvník
Příspěvky: 58
Registrován: 24 bře 2014 13:34

Re: asi malware

#4 Příspěvek od skimiwriter »

ten log na me nevyskocil takze jsem klikl na zobrazeni protokolu tak nevim jestli je to ono , ten program jsem si stahl už někdy odpoledne parkrat jsem to zkusil smazat a restartovat ale asi to moc nepomaha hned po restartu to najde nejaky 3 špatný soubory (malwery?) a po trochu delší době opět kolem 20 .

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118194
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: asi malware

#5 Příspěvek od Rudy »

OK, to je jen začátek. ADW něco smazal a ten log je správný. Teď dejte logy FRST+Addition: https://forum.viry.cz/viewtopic.php?f=13&t=154679 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

skimiwriter
Návštěvník
Návštěvník
Příspěvky: 58
Registrován: 24 bře 2014 13:34

Re: asi malware

#6 Příspěvek od skimiwriter »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.04.2019
Ran by skimi (administrator) on MSI (Micro-Star International Co., Ltd. GL63 8RD) (24-04-2019 10:36:00)
Running from D:\Plocha
Loaded Profiles: skimi (Available Profiles: skimi)
Platform: Windows 10 Home Version 1803 17134.523 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_comp.inf_amd64_209bd95d56b1ac2d\igfxCUIService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Micro-Star International Co., Ltd.) [File not signed] C:\Windows\SysWOW64\MSIService.exe
(A-Volute -> Nahimic) C:\Windows\System32\NahimicService.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_f69aac6d52d276b0\RstMwService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_base.inf_amd64_8fd9cf0398a5f9ee\IntelCpHDCPSvc.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_base.inf_amd64_8fd9cf0398a5f9ee\IntelCpHeciSvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler64.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> ) D:\Games\MSI Afterburner\MSIAfterburner.exe
(Alexey Nicolaychuk -> ) [File not signed] D:\Games\RivaTuner Statistics Server\RTSS.exe
(SoundMixer) [File not signed] C:\Users\skimi\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_comp.inf_amd64_209bd95d56b1ac2d\igfxEM.exe
(A-Volute -> Nahimic) C:\Windows\System32\NahimicSvc64.exe
(A-Volute -> Nahimic) C:\Windows\SysWOW64\NahimicSvc32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Video.UI.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPHelper.exe
(Alexey Nicolaychuk -> ) [File not signed] D:\Games\RivaTuner Statistics Server\EncoderServer.exe
(Alexey Nicolaychuk -> ) [File not signed] D:\Games\RivaTuner Statistics Server\RTSSHooksLoader64.exe
(Microsoft Corporation) [File not signed] C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Corel Corporation -> WinZip Computing) C:\Program Files\WinZip\WzPreloader.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Spotify AB -> Spotify Ltd) C:\Users\skimi\AppData\Roaming\Spotify\Spotify.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe
(Spotify AB -> Spotify Ltd) C:\Users\skimi\AppData\Roaming\Spotify\Spotify.exe
(Spotify AB -> Spotify Ltd) C:\Users\skimi\AppData\Roaming\Spotify\Spotify.exe
(Spotify AB -> Spotify Ltd) C:\Users\skimi\AppData\Roaming\Spotify\Spotify.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe
(ZONER software, a.s. -> ZONER software) D:\Photo Studio 19\Program32\ZPSTray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\QtWebEngineProcess.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_1.16.1012.0_x64__8wekyb3d8bbwe\GameBar.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [193024 2019-02-10] (Microsoft Corporation) [File not signed]
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [771528 2018-08-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [319520 2018-05-30] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc)
HKLM\...\Run: [winlogui] => C:\Windows\system32\winlogui.exe [1803776 2019-02-28] (Microsoft Corporation) [File not signed]
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-11-07] (Corel Corporation -> Corel Corporation)
HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [130624 2018-11-07] (Corel Corporation -> WinZip Computing)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [4426560 2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [731240 2018-12-17] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\...\Run: [uTorrent] => C:\Users\skimi\AppData\Roaming\uTorrent\uTorrent.exe [1998008 2019-03-22] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\...\Run: [EpicGamesLauncher] => D:\Games\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35193232 2019-04-13] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\...\Run: [Spotify] => C:\Users\skimi\AppData\Roaming\Spotify\Spotify.exe [25901288 2019-04-09] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46506040 2019-04-09] (Google LLC -> )
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\...\Run: [Discord] => C:\Users\skimi\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\...\Run: [Zoner Photo Studio Autoupdate] => D:\Photo Studio 19\Program32\ZPSTRAY.EXE [604128 2019-01-18] (ZONER software, a.s. -> ZONER software)
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\...\Run: [wlorgs] => C:\Users\skimi\AppData\Local\wlorgs.dll [15360 2019-04-23] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22515488 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\...\MountPoints2: {5051c3da-0d01-11e9-9b2d-04d3b0fd8d0a} - "E:\setup.exe"
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\...\MountPoints2: {c97897dc-0faf-11e9-9b32-04d3b0fd8d0a} - "F:\setup.exe"
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\...\MountPoints2: {d37eb8a3-121d-11e9-9b35-04d3b0fd8d0a} - "H:\setup.exe"
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\...\Winlogon: [Shell] %comspec% <==== ATTENTION
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\...\Command Processor: @mode 20,5 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & if exist "C:\Users\skimi\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" ( start /MIN "" "C:\Users\skimi\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) <==== ATTENTION
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-05] (Google LLC -> Google Inc.)
Startup: C:\Users\skimi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MSI Afterburner.lnk [2019-01-06]
ShortcutTarget: MSI Afterburner.lnk -> D:\Games\MSI Afterburner\MSIAfterburner.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> )
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04BD9295-6BB6-4B92-8B83-B3DFE06E79BB} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost
Task: {0F533F05-DF16-4B53-9C74-2B16BECA604B} - System32\Tasks\RTSS => D:\Games\RivaTuner Statistics Server\RTSS.exe [261736 2019-03-05] (Alexey Nicolaychuk -> ) [File not signed]
Task: {137AEC7B-4B0A-4965-A3C4-A9A5ABA9CA69} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648048 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1AE9524C-35E3-495E-9E29-DFD77559E6BB} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849264 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3C4BC958-7575-491F-A7FE-85698C5BCC54} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
Task: {3EDC2E70-FC12-4E0D-A424-677448B74E46} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849264 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {413B0810-AFA8-4345-A6E1-9251054F5DB0} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {41D2A21E-7EFA-4309-913D-75231EDBD4AF} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {42C07D49-3960-485A-B8B6-A33526176599} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2259832 2018-12-12] (Symantec Corporation -> Symantec Corporation)
Task: {42DF7A44-B132-4609-9CB1-CDE615787715} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3728752 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4C997906-E1B3-42A6-80C8-4C8A234559C7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-04-10] (Adobe Inc. -> Adobe)
Task: {59D713C7-5CB8-4B4B-9C41-C514ADCEE35C} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5F2F2329-DADB-4435-87F7-573CA65AA89F} - System32\Tasks\NahimicSvc64Run => C:\Windows\System32\NahimicSvc64.exe [882120 2018-08-11] (A-Volute -> Nahimic)
Task: {6E55DDB2-20FE-4029-A17E-740E588E4298} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7467CB81-9142-41AF-B6DA-39CFEAC46822} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {764FA3EF-34E8-43C2-BD41-844CA1A54E6D} - System32\Tasks\{KUHO45BP-ZJ6Y-160L-VGAE-EGO3B2JGI577} => explorer "hxxp://eroiuka.com/cl/?guid=57rqsuafco2ccft0ei16phkjobnyat9j&prid=1&pid=11_1415_0" <==== ATTENTION
Task: {76F32AEE-C4EC-470F-A1CB-C51A580D88CD} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.16.3.21\SymErr.exe
Task: {7989318E-F6EC-479F-8A0E-3C7AA4F7093E} - System32\Tasks\MSI_Dragon Center => C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe [5849896 2018-07-27] (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.)
Task: {8345BCDE-5F28-4C04-9BF4-1C16EF245166} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [590704 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {83529663-B66C-4795-AF28-32BBD4132EBD} - System32\Tasks\Dragon_Center_updater => C:\ProgramData\MSI\Dragon [Argument = Center\DragonCenter_Updater.exe DragonCenter]
Task: {852CA8EF-2F27-40DD-B6CB-DA5CB2C55620} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-11-07] (Corel Corporation -> Corel Corporation)
Task: {8D303381-8AB2-463D-90B7-10B56F9A1BD5} - System32\Tasks\MSIAfterburner => D:\Games\MSI Afterburner\MSIAfterburner.exe [739624 2018-04-23] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
Task: {921419EA-FB2E-46E5-8063-F7256A4EA36D} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-11-07] (Corel Corporation -> Corel Corporation)
Task: {A102C046-2A59-42E3-A893-7B05B0C3CB08} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\skimi\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {A4A3A4BE-C14C-4A9F-833E-74FECDF8EFE8} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2862032 2018-11-07] (Corel Corporation -> Corel Corporation)
Task: {B16F741B-D1E0-4E19-8D93-AB8CA329337F} - System32\Tasks\NahimicTask32 => C:\Windows\System32\..\SysWOW64\NahimicSvc32.exe [676808 2018-08-11] (A-Volute -> Nahimic)
Task: {B269CC74-B5B7-46A4-9E22-8D5BD6121D07} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {B65F4740-E3D4-4901-B94D-498D216BC222} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BEDFF77C-5BC2-4080-A784-5D2EBAAE83A8} - System32\Tasks\NahimicSvc32Run => C:\Windows\SysWOW64\NahimicSvc32.exe [676808 2018-08-11] (A-Volute -> Nahimic)
Task: {BFDAAA43-4091-41B1-9BC4-2471BA331F56} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16509040 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {C015B612-4904-43B3-847A-AAC3459E37E9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2018-12-31] (Google Inc -> Google Inc.)
Task: {C8B63BB2-0EC4-4187-9335-6D4A63024967} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2018-12-31] (Google Inc -> Google Inc.)
Task: {CDE0D2CA-FE78-426D-80CE-3D374806E6D1} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary
Task: {D2A74DD7-ED97-4A7F-9B2B-A8E648473E16} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
Task: {D4EA92C8-DC4D-4A01-B83B-214D12846369} - System32\Tasks\NahimicTask64 => C:\Windows\System32\.\NahimicSvc64.exe [882120 2018-08-11] (A-Volute -> Nahimic)
Task: {F025FD08-9FE4-4D5B-ADB1-AB6881E9BC99} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.16.3.21\SymErr.exe
Task: {F634A158-39BA-4366-820C-DE7306CB33F3} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.16.3.21\WSCStub.exe
Task: {F6F5BB02-56F1-4379-885B-D8E365570E03} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_171_pepper.exe [1452600 2019-04-10] (Adobe Inc. -> Adobe)
Task: {FED8EAAA-5DA9-4C4B-9BCA-0DB4B7EC41A3} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.16.3.21\SymErr.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\{KUHO45BP-ZJ6Y-160L-VGAE-EGO3B2JGI577}.job => explorerThttp /eroiuka com cl/?guid 57rqsuafco2ccft0ei16phkjobnyat9j prid pid 11_1415_0MSI skimiThis is comment

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{52e4f6a2-a453-4934-96ea-78214f1a6a47}: [DhcpNameServer] 193.212.1.10 130.67.60.68
Tcpip\..\Interfaces\{5cfea77b-114a-4857-9160-c46a9c9ae382}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHeCZkT1zP_DTTyEFf1PG5CbJXVOzO5H7g1HYRYETPQXrrGbLlrMFozX-2kyHtgx49Y2sapI7Z_nLgEYTA1BVtM0WNyWT7GwNbffXCkDqbltfbzyEd2PKNa072tLa_UqVBBUg4gVqlHu1xIvJkcQTzUDzhn6B0cS53qdS5Z1dnjk&q={searchTerms}
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHeCZkT1zP_DTTyEFf1PG5CbJXVOzO5H7g1HYRYETPQXrrGbLlrMFozX-2kyHtgx49Y2sapI7Z_nLgEUfx3u9O21jKyay9Wykh-uLsGEiOh2HArhdIbrzf8vnLeO8Ix1o4bSJk0OxDp9iup-vosJJ4KpLX9iU9wlkvio0taSwY7F
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17win10.msn.com/?pc=NMTE
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: YoutubeAdBlock -> {0A11C8B7-2333-42A8-8DB1-9A7A91832C55} -> C:\Program Files (x86)\yXYMSblVdIE\tUTjaEq.dll => No File
BHO-x32: YoutubeAdBlock -> {0A11C8B7-2333-42A8-8DB1-9A7A91832C55} -> C:\Program Files (x86)\yXYMSblVdIE\kR8Y6u1X.dll => No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssv.dll [2019-04-23] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-04-23] (Oracle America, Inc. -> Oracle Corporation)

Edge:
======
Edge Session Restore: HKU\S-1-5-21-2421848158-3972365885-1621877511-1001 -> is enabled.

FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-04-23] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-04-23] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)

Chrome:
=======
CHR HomePage: Default -> hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHeCZkT1zP_DTTyEFf1PG5CbJXVOzO5H7g1HYRYETPQXrrGbLlrMFozX-2kyHtgx49Y2sapI7Z_nLgEYV0b20v5uZAzAGs8FuvULy45UtZUQG221XKlheBs_QnbYEh2zp6xFTvOaYEajL0dJAMGm_P3VKdotZPmsJH5RfOmy02EK
CHR StartupUrls: Default -> "hxxp://www.default-search.net?sid=476&aid=113& ... oogle.com/"
CHR DefaultSearchKeyword: Default -> hxxps://www.google.cz/?gws_rd=cr&ei=m0uwur2iou3cygpeuybo
CHR Profile: C:\Users\skimi\AppData\Local\Google\Chrome\User Data\Default [2019-04-24]
CHR Extension: (Prezentace) - C:\Users\skimi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-12-31]
CHR Extension: (Dokumenty) - C:\Users\skimi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-12-31]
CHR Extension: (Disk Google) - C:\Users\skimi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-12-31]
CHR Extension: (AdGuard AdBlocker) - C:\Users\skimi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2019-04-17]
CHR Extension: (YouTube) - C:\Users\skimi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-12-31]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\skimi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-04-20]
CHR Extension: (Tabulky) - C:\Users\skimi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-12-31]
CHR Extension: (Dokumenty Google offline) - C:\Users\skimi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-01-02]
CHR Extension: (Tlačítko Uložit) - C:\Users\skimi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2019-04-24]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\skimi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2019-03-08]
CHR Extension: (MSI) - C:\Users\skimi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgbibdjmopapngkdbibajfpnipligfpa [2019-03-31]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\skimi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-12-31]
CHR Extension: (Hover Zoom) - C:\Users\skimi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2019-04-23]
CHR Extension: (Adblocker pro Youtube™) - C:\Users\skimi\AppData\Local\Google\Chrome\User Data\Default\Extensions\phadkgofggfcanainbnmbcbejlenfbpo [2019-04-23] [UpdateUrl:hxxps://clients88.google.com/service/update2/crx] <==== ATTENTION
CHR Extension: (Gmail) - C:\Users\skimi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-23]
CHR Extension: (Chrome Media Router) - C:\Users\skimi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-23]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.3.21\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.3.21\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7361312 2019-02-05] (BattlEye Innovations e.K. -> )
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-04-23] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\Windows\System32\DbxSvc.exe [51024 2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3644008 2018-12-17] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803456 2019-03-16] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 iaStorAfsService; C:\Windows\System32\iaStorAfsService.exe [2807824 2018-05-28] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17440 2018-05-30] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R2 ibtsiva; C:\Windows\system32\ibtsiva.exe [541896 2018-05-15] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe [762056 2018-05-16] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe [714952 2018-05-16] (Intel(R) Trust Services -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [218176 2018-06-07] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 Micro Star SCM; C:\Windows\SysWOW64\MSIService.exe [160768 2009-07-10] (Micro-Star International Co., Ltd.) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265824 2018-04-17] (Intel Corporation -> )
R2 NahimicService; C:\Windows\System32\NahimicService.exe [1169376 2018-08-11] (A-Volute -> Nahimic)
S2 NTEzYjdhYm; C:\Program Files\NTEzYjdhYm\OWU3ZGFjMDNkN2.exe [1019592 2019-04-22] (technologiejarbon.com -> )
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
R3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
R2 NzE4NzU5ODM4; C:\Windows\ksohlbecbkdjherthcx.ksqh [1843200 2019-04-23] () [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2298688 2019-02-19] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3171144 2019-02-19] (Electronic Arts, Inc. -> Electronic Arts)
R2 RstMwService; C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_f69aac6d52d276b0\RstMwService.exe [1903120 2018-05-28] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R2 RtkAudioUniversalService; C:\Windows\System32\RtkAudUService64.exe [771528 2018-08-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 SynTPEnhService; C:\Windows\System32\SynTPEnhService.exe [399440 2018-08-30] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3848288 2018-04-17] (Intel Corporation -> Intel® Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ccSet_NGC; C:\Windows\System32\drivers\NGCx64\1610030.015\ccSetx64.sys [189152 2018-12-12] (Symantec Corporation -> Symantec Corporation)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2018-12-31] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2018-12-31] (Disc Soft Ltd -> Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515792 2018-12-30] (Symantec Corporation -> Symantec Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [34496 2018-10-18] (CHENGDU YIWO Tech Development Co., Ltd. -> )
R0 EPMVolFlt; C:\Windows\System32\drivers\EPMVolFlt.sys [30416 2018-10-18] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows (R) Codename Longhorn DDK provider)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153296 2019-02-02] (Symantec Corporation -> Symantec Corporation)
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [14728 2018-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> )
R0 iaStorAC; C:\Windows\System32\drivers\iaStorAC.sys [967696 2018-05-28] (Intel(R) Rapid Storage Technology -> Intel Corporation)
S3 iaStorAfs; C:\Windows\System32\drivers\iaStorAfs.sys [72720 2018-05-28] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [136728 2018-05-15] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
S3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [145920 2018-04-12] (Microsoft Windows -> Qualcomm Atheros, Inc.)
R3 L1C; C:\Windows\System32\drivers\L1C63x64.sys [170672 2018-06-07] (Rivet Networks LLC -> Qualcomm Atheros, Inc.)
R3 Netwtw06; C:\Windows\System32\drivers\Netwtw06.sys [8810336 2018-05-14] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvmii.inf_amd64_32a13b27440a4d2c\nvlddmkm.sys [20747520 2019-04-10] (NVIDIA Corporation -> NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-03-28] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [35232 2018-08-11] (NVIDIA Corporation -> Windows (R) Win 7 DDK provider)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [69840 2019-03-19] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [66792 2018-10-03] (NVIDIA Corporation -> NVIDIA Corporation)
R3 RTCore64; D:\Games\MSI Afterburner\RTCore64.sys [14024 2017-08-27] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [424384 2018-08-11] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [47656 2018-08-11] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [56912 2018-08-30] (Synaptics Incorporated -> Synaptics Incorporated)
R1 SRTSP; C:\Windows\System32\drivers\NGCx64\1610030.015\SRTSP64.SYS [855256 2018-12-12] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\drivers\NGCx64\1610030.015\SRTSPX64.SYS [49880 2018-12-12] (Symantec Corporation -> Symantec Corporation)
S3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [46776 2018-12-21] (SteelSeries ApS -> )
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\Windows\System32\drivers\NGCx64\1610030.015\SYMEFASI64.SYS [1969328 2018-12-12] (Symantec Corporation -> Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NGCx64\1610030.015\SymELAM.sys [25744 2018-12-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [99920 2018-08-12] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\Windows\System32\drivers\NGCx64\1610030.015\Ironx64.SYS [308416 2018-12-12] (Symantec Corporation -> Symantec Corporation)
R1 SymNetS; C:\Windows\System32\drivers\NGCx64\1610030.015\symnets.sys [567024 2018-12-12] (Symantec Corporation -> Symantec Corporation)
S3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 VOICEMOD_Driver; C:\Windows\system32\drivers\vmdrv.sys [45408 2018-11-22] (Voicemod Sociedad Limitada -> Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Center\winio64.sys [15160 2015-06-12] (Micro-Star Int'l Co. Ltd. -> )
S3 wpCtrlDrv_NGC; C:\Windows\System32\drivers\NGCx64\1610030.015\wpCtrlDrv.sys [1011056 2018-12-12] (Symantec Corporation -> Symantec Corporation)
R1 ZjM1MjNlZDAzNGE3MTJj; C:\Windows\system32\drivers\ZjM1MjNlZDAzNGE3MTJj [78208 2019-04-22] (technologiejarbon.com -> )
S1 BHDrvx64; \??\C:\Program Files\Norton Security\NortonData\22.14.1.6\Definitions\BASHDefs\20190206.001\BHDrvx64.sys [X]
S1 IDSVia64; \??\C:\Program Files\Norton Security\NortonData\22.14.1.6\Definitions\IPSDefs\20190208.061\IDSvia64.sys [X]
S4 SymEvnt; \??\C:\Program Files\Norton Security\NortonData\22.14.1.6\SymPlatform\SymEvnt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-24 10:35 - 2019-04-24 10:36 - 000000000 ____D C:\FRST
2019-04-24 10:34 - 2019-04-24 10:34 - 002436096 _____ (Farbar) C:\Users\skimi\Downloads\FRST64.exe
2019-04-23 20:26 - 2019-04-23 20:26 - 000000000 ____D C:\rsit
2019-04-23 20:26 - 2019-04-23 20:26 - 000000000 ____D C:\Program Files\trend micro
2019-04-23 20:25 - 2019-04-23 20:25 - 001222144 _____ C:\Users\skimi\Downloads\RSITx64.exe
2019-04-23 20:08 - 2019-04-23 20:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft Launcher
2019-04-23 20:07 - 2019-04-23 20:07 - 001957888 _____ C:\Users\skimi\Downloads\MinecraftInstaller.msi
2019-04-23 19:53 - 2019-04-23 19:53 - 000000000 ___DC C:\Users\skimi\AppData\Roaming\java
2019-04-23 19:50 - 2019-04-23 19:50 - 000099192 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2019-04-23 19:50 - 2019-04-23 19:50 - 000000000 ___DC C:\Users\skimi\AppData\Roaming\Sun
2019-04-23 19:50 - 2019-04-23 19:50 - 000000000 ___DC C:\Users\skimi\AppData\LocalLow\Sun
2019-04-23 19:50 - 2019-04-23 19:50 - 000000000 ____D C:\ProgramData\Oracle
2019-04-23 19:50 - 2019-04-23 19:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-04-23 19:50 - 2019-04-23 19:50 - 000000000 ____D C:\Program Files (x86)\Java
2019-04-23 19:49 - 2019-04-23 19:49 - 002043232 _____ (Oracle Corporation) C:\Users\skimi\Downloads\JavaSetup8u211.exe
2019-04-23 15:28 - 2019-04-23 15:28 - 000000511 _____ C:\Users\skimi\Downloads\Bigger Backpacks-155-V1-0-1545112107.rar
2019-04-23 15:26 - 2019-04-23 15:29 - 158144349 _____ C:\Users\skimi\Downloads\General Modifications-95-157-1555903482.7z
2019-04-23 15:26 - 2019-04-23 15:26 - 000001861 _____ C:\Users\skimi\Downloads\Stackable Items-154-V1-0-1545109973.rar
2019-04-23 15:10 - 2019-04-23 18:59 - 000000000 ____D C:\Users\skimi\Downloads\Kenshi.v1.0.25
2019-04-23 15:07 - 2019-04-23 15:08 - 1714125114 _____ C:\Users\skimi\Downloads\Kenshi.v1.0.25.part2.rar
2019-04-23 15:03 - 2019-04-23 15:06 - 1063004405 _____ C:\Users\skimi\Downloads\Kenshi.v1.0.25.part1.rar
2019-04-23 14:53 - 2019-04-23 14:53 - 000000270 __RSH C:\Users\skimi\ntuser.pol
2019-04-23 14:52 - 2019-04-23 14:52 - 007025360 _____ (Malwarebytes) C:\Users\skimi\Downloads\adwcleaner_7.3.exe
2019-04-23 14:52 - 2019-04-23 14:52 - 000000000 ____D C:\AdwCleaner
2019-04-23 14:48 - 2019-04-23 14:48 - 000003936 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-04-23 14:48 - 2019-04-23 14:48 - 000002864 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2019-04-23 14:47 - 2019-04-23 14:48 - 000000000 ____D C:\Program Files\CCleaner
2019-04-23 14:47 - 2019-04-23 14:47 - 021254208 _____ (Piriform Software Ltd) C:\Users\skimi\Downloads\ccsetup556.exe
2019-04-23 14:47 - 2019-04-23 14:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-04-23 14:44 - 2019-04-23 14:44 - 001849376 _____ (pctonics.com) C:\Users\skimi\Downloads\wintonic.exe
2019-04-23 14:39 - 2019-04-23 14:39 - 000000270 __RSH C:\ProgramData\ntuser.pol
2019-04-23 14:39 - 2019-04-23 14:39 - 000000000 ___DC C:\Users\skimi\AppData\Roaming\Mozilla
2019-04-23 14:39 - 2019-04-23 14:39 - 000000000 ____D C:\ProgramData\{4FF79E46-0162-2ED3-1A1C-50A21AFB09F3}
2019-04-23 14:39 - 2019-04-23 14:39 - 000000000 ____D C:\ProgramData\{46D84F83-D0A7-27FC-DFCD-7FABDF2A26FA}
2019-04-23 14:38 - 2019-04-23 14:53 - 000000384 _____ C:\Windows\Tasks\{KUHO45BP-ZJ6Y-160L-VGAE-EGO3B2JGI577}.job
2019-04-23 14:38 - 2019-04-23 14:39 - 000722944 ____C C:\Users\skimi\AppData\Local\sha.db
2019-04-23 14:38 - 2019-04-23 14:38 - 007906816 ____C C:\Users\skimi\AppData\Local\agent.dat
2019-04-23 14:38 - 2019-04-23 14:38 - 002037441 ____C C:\Users\skimi\AppData\Local\AnQvoity.tst
2019-04-23 14:38 - 2019-04-23 14:38 - 001895383 ____C C:\Users\skimi\AppData\Local\Tough-Tone.bin
2019-04-23 14:38 - 2019-04-23 14:38 - 001843200 _____ C:\Windows\ksohlbecbkdjherthcx.ksqh
2019-04-23 14:38 - 2019-04-23 14:38 - 001632256 ____C (TODO: <Company name>) C:\Users\skimi\AppData\Local\Stattech.exe
2019-04-23 14:38 - 2019-04-23 14:38 - 001632256 ____C (TODO: <Company name>) C:\Users\skimi\AppData\Local\AnQvoity.exe
2019-04-23 14:38 - 2019-04-23 14:38 - 000278510 ____C C:\Users\skimi\AppData\Local\Stattech.tst
2019-04-23 14:38 - 2019-04-23 14:38 - 000140800 ____C C:\Users\skimi\AppData\Local\installer.dat
2019-04-23 14:38 - 2019-04-23 14:38 - 000126464 ____C C:\Users\skimi\AppData\Local\noah.dat
2019-04-23 14:38 - 2019-04-23 14:38 - 000070992 ____C C:\Users\skimi\AppData\Local\Config.xml
2019-04-23 14:38 - 2019-04-23 14:38 - 000015360 ____C C:\Users\skimi\AppData\Local\wlorgs.dll
2019-04-23 14:38 - 2019-04-23 14:38 - 000005568 ____C C:\Users\skimi\AppData\Local\md.xml
2019-04-23 14:38 - 2019-04-23 14:38 - 000003462 _____ C:\Windows\System32\Tasks\{KUHO45BP-ZJ6Y-160L-VGAE-EGO3B2JGI577}
2019-04-23 14:38 - 2019-04-23 14:38 - 000000000 ____D C:\ProgramData\fb
2019-04-23 14:38 - 2019-04-23 14:38 - 000000000 ____D C:\Program Files\NTEzYjdhYm
2019-04-23 11:25 - 2019-04-23 11:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-04-23 11:24 - 2019-04-23 13:01 - 000000914 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2019-04-23 11:24 - 2019-04-23 13:01 - 000000910 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2019-04-23 11:24 - 2019-04-23 11:26 - 000000000 ___DC C:\Users\skimi\AppData\Local\Dropbox
2019-04-23 11:24 - 2019-04-23 11:25 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-04-23 11:24 - 2019-04-23 11:24 - 000694184 _____ (Dropbox, Inc.) C:\Users\skimi\Downloads\DropboxInstaller.exe
2019-04-23 11:24 - 2019-04-23 11:24 - 000003974 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2019-04-23 11:24 - 2019-04-23 11:24 - 000003742 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2019-04-23 11:24 - 2019-04-23 11:24 - 000000000 ___DC C:\Users\skimi\AppData\Roaming\Dropbox
2019-04-23 11:24 - 2019-04-23 11:24 - 000000000 ____D C:\ProgramData\Dropbox
2019-04-23 10:47 - 2019-04-23 10:47 - 000041344 _____ C:\Users\skimi\Downloads\Skattemelding 2018.pdf
2019-04-22 22:53 - 2019-04-22 22:53 - 000051105 _____ C:\Users\skimi\Downloads\Milan_Skurek_-_Resume_-_Flislegger.pdf
2019-04-22 22:49 - 2019-04-22 22:49 - 000000000 ____D C:\Users\skimi\Downloads\Documentation
2019-04-22 22:48 - 2019-04-22 22:48 - 000026656 _____ C:\Users\skimi\Downloads\Plain-But-Trendy-Resume.zip
2019-04-22 21:17 - 2019-04-22 21:17 - 000086092 _____ C:\Users\skimi\Downloads\CV-cz.pdf
2019-04-22 10:23 - 2019-04-22 10:23 - 001097728 _____ C:\Windows\NmVlNDk3MDE.exe
2019-04-22 10:23 - 2019-04-22 10:23 - 000098205 _____ C:\Windows\uninstaller.dat
2019-04-22 10:23 - 2019-04-22 10:23 - 000078208 _____ C:\Windows\system32\Drivers\ZjM1MjNlZDAzNGE3MTJj
2019-04-22 06:51 - 2019-04-22 06:51 - 000000000 ____D C:\Users\Default\AppData\Local\Google
2019-04-22 06:51 - 2019-04-22 06:51 - 000000000 ____D C:\Users\Default User\AppData\Local\Google
2019-04-19 21:29 - 2019-04-23 14:36 - 000000000 ___DC C:\Users\skimi\AppData\LocalLow\uTorrent
2019-04-19 21:29 - 2019-04-19 21:29 - 000019501 _____ C:\Users\skimi\Downloads\[CzT]Otec_a_otec_Les_Comperes.torrent
2019-04-13 21:11 - 2019-04-13 21:11 - 000000000 ___DC C:\Users\skimi\AppData\Roaming\CPY_SAVES
2019-04-13 19:20 - 2019-04-13 19:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metro Exodus
2019-04-13 19:06 - 2019-04-13 19:06 - 000000000 ___DC C:\Users\skimi\AppData\Local\IsolatedStorage
2019-04-13 16:11 - 2019-04-13 16:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unrest Indigo
2019-04-13 15:41 - 2019-04-13 15:41 - 000538444 _____ C:\Users\skimi\Downloads\Unrest.Indigo-PLAZA.torrent
2019-04-13 15:39 - 2019-04-13 15:39 - 000130375 _____ C:\Users\skimi\Downloads\Metro.Exodus-CPY-[rarbg.to].torrent
2019-04-13 03:37 - 2019-04-10 12:44 - 001007008 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2019-04-13 03:37 - 2019-04-10 12:44 - 001007008 _____ C:\Windows\system32\vulkan-1.dll
2019-04-13 03:37 - 2019-04-10 12:44 - 000870304 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2019-04-13 03:37 - 2019-04-10 12:44 - 000870304 _____ C:\Windows\SysWOW64\vulkan-1.dll
2019-04-13 03:37 - 2019-04-10 12:44 - 000552328 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2019-04-13 03:37 - 2019-04-10 12:44 - 000457096 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2019-04-13 03:37 - 2019-04-10 12:44 - 000286624 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2019-04-13 03:37 - 2019-04-10 12:44 - 000286624 _____ C:\Windows\system32\vulkaninfo.exe
2019-04-13 03:37 - 2019-04-10 12:44 - 000260512 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-04-13 03:37 - 2019-04-10 12:44 - 000260512 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2019-04-13 03:37 - 2019-04-10 12:42 - 005275848 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2019-04-13 03:37 - 2019-04-10 12:42 - 002032896 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2019-04-13 03:37 - 2019-04-10 12:42 - 001535936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2019-04-13 03:37 - 2019-04-10 12:42 - 001465224 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2019-04-13 03:37 - 2019-04-10 12:42 - 001130376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2019-04-13 03:37 - 2019-04-10 12:42 - 000991488 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2019-04-13 03:37 - 2019-04-10 12:42 - 000668456 _____ C:\Windows\system32\nvofapi64.dll
2019-04-13 03:37 - 2019-04-10 12:42 - 000631688 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2019-04-13 03:37 - 2019-04-10 12:42 - 000566480 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2019-04-13 03:37 - 2019-04-10 12:42 - 000534728 _____ C:\Windows\SysWOW64\nvofapi.dll
2019-04-13 03:37 - 2019-04-10 12:42 - 000521936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2019-04-13 03:37 - 2019-04-10 12:42 - 000448904 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2019-04-13 03:37 - 2019-04-10 12:41 - 040421280 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2019-04-13 03:37 - 2019-04-10 12:41 - 035268512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2019-04-13 03:37 - 2019-04-10 12:41 - 020107920 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2019-04-13 03:37 - 2019-04-10 12:41 - 010320528 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2019-04-13 03:37 - 2019-04-10 12:41 - 008785944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2019-04-13 03:37 - 2019-04-10 12:41 - 004625344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2019-04-13 03:37 - 2019-04-10 12:41 - 001471816 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll
2019-04-13 03:37 - 2019-04-10 12:41 - 001462240 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2019-04-13 03:37 - 2019-04-10 12:41 - 001169336 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2019-04-13 03:37 - 2019-04-10 12:41 - 001152200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2019-04-13 03:37 - 2019-04-10 12:41 - 001145752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2019-04-13 03:37 - 2019-04-10 12:41 - 000915304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2019-04-13 03:37 - 2019-04-10 12:41 - 000858256 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2019-04-13 03:37 - 2019-04-10 12:41 - 000794656 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2019-04-13 03:37 - 2019-04-10 12:41 - 000638392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2019-04-13 03:37 - 2019-04-10 12:40 - 017432992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2019-04-13 03:37 - 2019-04-10 12:40 - 004304672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2019-04-13 03:37 - 2019-04-09 15:44 - 000047312 _____ C:\Windows\system32\nvinfo.pb
2019-04-13 03:04 - 2019-04-13 03:04 - 000000000 ____D C:\Windows\LastGood.Tmp
2019-04-11 20:20 - 2019-04-11 20:20 - 000000100 _____ C:\Users\skimi\Downloads\Epic Games Account Two-Factor backup codes.txt
2019-04-08 23:47 - 2019-04-08 23:47 - 000218028 _____ C:\Users\skimi\Downloads\tmp9e7.tmp
2019-04-08 23:41 - 2019-04-08 23:41 - 000477729 _____ C:\Users\skimi\Downloads\tmp56de.tmp
2019-04-08 23:28 - 2019-04-08 23:28 - 000657766 _____ C:\Users\skimi\Downloads\353450314.zip
2019-04-08 23:16 - 2019-04-08 23:16 - 000906151 _____ C:\Users\skimi\Downloads\1702722463.zip
2019-04-08 23:14 - 2019-04-08 23:14 - 000001503 _____ C:\Users\skimi\Downloads\swd.user.js
2019-04-05 18:53 - 2019-04-05 18:53 - 000000000 ___DC C:\Users\skimi\Documents\State of Decay 2
2019-04-05 02:45 - 2019-04-16 01:45 - 000000000 ___DC C:\Users\skimi\AppData\Roaming\SpaceEngineers
2019-04-05 02:29 - 2019-04-05 02:29 - 000000000 ___DC C:\Users\skimi\AppData\Local\JourneyOfLife_419
2019-04-05 01:43 - 2019-04-05 02:22 - 2345982353 _____ C:\Users\skimi\Downloads\Journey.Of.Life.v0.0.8.2.6.zip
2019-04-04 22:51 - 2019-04-04 22:51 - 000000000 ___DC C:\Users\skimi\AppData\Local\PSJoyServer
2019-04-04 13:17 - 2019-04-04 13:17 - 000000000 ___DC C:\Users\skimi\AppData\Local\CallOfCthulhu
2019-04-04 12:12 - 2019-04-04 12:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Cthulhu
2019-04-04 11:56 - 2019-04-04 11:56 - 931619150 _____ C:\Users\skimi\Downloads\Outward.Update.1-BAT.zip
2019-04-04 11:54 - 2019-04-04 11:54 - 000000000 ___DC C:\Users\skimi\AppData\Local\TheWarhorn
2019-04-04 11:48 - 2019-04-04 11:54 - 000000000 ___DC C:\Users\skimi\AppData\Local\WinZip
2019-04-04 11:48 - 2019-04-04 11:48 - 000003614 _____ C:\Windows\System32\Tasks\WinZip Update Notifier 2
2019-04-04 11:48 - 2019-04-04 11:48 - 000003612 _____ C:\Windows\System32\Tasks\WinZip Update Notifier 3
2019-04-04 11:48 - 2019-04-04 11:48 - 000003612 _____ C:\Windows\System32\Tasks\WinZip Update Notifier 1
2019-04-04 11:48 - 2019-04-04 11:48 - 000001997 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip.lnk
2019-04-04 11:48 - 2019-04-04 11:48 - 000000000 ____D C:\ProgramData\WinZip
2019-04-04 11:48 - 2019-04-04 11:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2019-04-04 11:48 - 2019-04-04 11:48 - 000000000 ____D C:\Program Files\WinZip
2019-04-04 11:47 - 2019-04-04 11:47 - 000757248 _____ (WinZip Computing, S.L.) C:\Users\skimi\Downloads\winzip23.exe
2019-04-04 11:47 - 2019-04-04 11:47 - 000000000 ____D C:\ProgramData\UniqueId
2019-04-04 11:41 - 2019-04-04 11:41 - 000017676 _____ C:\Users\skimi\Downloads\The.Warhorn.Early.Access.torrent
2019-04-04 11:36 - 2019-04-04 11:36 - 000060931 _____ C:\Users\skimi\Downloads\Call.of.Cthulhu-CODEX-[rarbg.to].torrent
2019-04-03 22:59 - 2019-04-03 22:59 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2019-04-03 22:59 - 2019-04-03 22:59 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2019-04-03 22:59 - 2019-04-03 22:59 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2019-04-03 22:59 - 2019-04-03 22:59 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2019-04-01 12:16 - 2019-04-01 12:16 - 000000000 ___DC C:\Users\skimi\AppData\Roaming\HelloGames
2019-04-01 12:03 - 2019-04-01 12:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\No Mans Sky The Abyss
2019-03-28 17:23 - 2019-03-28 17:23 - 000000801 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Zoner Photo Studio X.lnk
2019-03-28 17:04 - 2019-03-28 17:06 - 089420784 _____ (ZONER software ) C:\Users\skimi\Downloads\zpsx_cz.exe
2019-03-28 12:58 - 2019-04-04 12:03 - 000000000 ____D C:\Users\skimi\Downloads\Outward.Update.1-BAT
2019-03-28 10:37 - 2019-03-28 10:37 - 000000000 ____D C:\ProgramData\Steam
2019-03-28 10:26 - 2019-04-05 01:40 - 000000427 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outward.lnk
2019-03-26 13:04 - 2018-11-22 17:37 - 000045408 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\vmdrv.sys

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-24 10:35 - 2018-08-08 20:35 - 000751818 _____ C:\Windows\system32\prfh0416.dat
2019-04-24 10:35 - 2018-08-08 20:35 - 000148650 _____ C:\Windows\system32\prfc0416.dat
2019-04-24 10:35 - 2018-08-08 20:33 - 000774268 _____ C:\Windows\system32\perfh015.dat
2019-04-24 10:35 - 2018-08-08 20:33 - 000152104 _____ C:\Windows\system32\perfc015.dat
2019-04-24 10:35 - 2018-08-08 20:26 - 000717314 _____ C:\Windows\system32\perfh005.dat
2019-04-24 10:35 - 2018-08-08 20:26 - 000145070 _____ C:\Windows\system32\perfc005.dat
2019-04-24 10:35 - 2018-08-08 20:25 - 003519670 _____ C:\Windows\system32\PerfStringBackup.INI
2019-04-24 10:35 - 2018-04-12 01:36 - 000000000 ____D C:\Windows\INF
2019-04-24 10:34 - 2018-08-12 01:04 - 000000000 ____D C:\ProgramData\NVIDIA
2019-04-24 10:32 - 2019-03-08 18:19 - 000000000 ___RD C:\Users\skimi\Disk Google
2019-04-24 10:32 - 2019-01-09 18:35 - 000000000 ___DC C:\Users\skimi\AppData\Roaming\Spotify
2019-04-24 10:32 - 2018-12-31 15:12 - 000003112 _____ C:\Windows\System32\Tasks\NahimicTask32
2019-04-24 10:32 - 2018-12-31 15:12 - 000003092 _____ C:\Windows\System32\Tasks\NahimicTask64
2019-04-24 10:32 - 2018-12-31 15:11 - 000000000 __SHD C:\Users\skimi\IntelGraphicsProfiles
2019-04-24 10:29 - 2018-08-08 20:16 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-04-24 10:29 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-04-24 02:11 - 2018-04-11 23:04 - 000786432 _____ C:\Windows\system32\config\BBI
2019-04-23 23:44 - 2019-01-03 00:23 - 000000000 ___DC C:\Users\skimi\AppData\Local\CrashDumps
2019-04-23 23:04 - 2019-03-02 12:52 - 000003074 _____ C:\Windows\System32\Tasks\RTSS
2019-04-23 23:04 - 2019-01-06 14:52 - 000003090 _____ C:\Windows\System32\Tasks\MSIAfterburner
2019-04-23 22:54 - 2018-12-31 15:41 - 000002320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-23 22:53 - 2019-01-09 18:36 - 000000000 ___DC C:\Users\skimi\AppData\Local\Spotify
2019-04-23 22:53 - 2018-12-31 15:46 - 000000000 ____D C:\Program Files (x86)\Steam
2019-04-23 21:33 - 2018-08-08 20:16 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-04-23 20:19 - 2019-01-01 19:25 - 000000000 ___DC C:\Users\skimi\AppData\Roaming\Twitch
2019-04-23 20:08 - 2019-01-01 19:23 - 000000000 ___DC C:\Users\skimi\AppData\Roaming\.minecraft
2019-04-23 19:34 - 2019-01-01 19:03 - 000000000 ___DC C:\Users\skimi\AppData\Local\NVIDIA
2019-04-23 15:22 - 2019-02-05 20:46 - 000000000 ___DC C:\Users\skimi\AppData\Roaming\SmartSteamEmu
2019-04-23 14:53 - 2018-12-31 15:04 - 000000000 ____D C:\Users\skimi
2019-04-23 14:51 - 2018-12-31 19:10 - 000000000 ___DC C:\Users\skimi\AppData\Roaming\uTorrent
2019-04-23 14:49 - 2018-08-08 21:15 - 000000000 ____D C:\Windows\Panther
2019-04-23 14:39 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\system32\GroupPolicy
2019-04-23 13:02 - 2019-03-17 01:00 - 000000000 ___DC C:\Users\skimi\AppData\Roaming\Discord
2019-04-22 10:37 - 2019-01-23 19:37 - 000000000 ___DC C:\Users\skimi\AppData\Local\Ubisoft Game Launcher
2019-04-22 06:53 - 2019-03-08 18:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2019-04-20 01:06 - 2019-02-17 13:13 - 000000000 ___DC C:\Users\skimi\AppData\Local\ElevatedDiagnostics
2019-04-13 21:11 - 2019-01-02 22:40 - 000000000 ___DC C:\Users\skimi\AppData\Local\D3DSCache
2019-04-13 21:11 - 2018-12-31 15:13 - 000000000 ___DC C:\Users\skimi\AppData\Local\NVIDIA Corporation
2019-04-13 13:02 - 2018-08-12 01:04 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-04-13 03:38 - 2018-08-12 01:04 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2019-04-13 03:04 - 2018-08-12 01:13 - 000004308 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-13 03:04 - 2018-08-12 01:13 - 000004106 _____ C:\Windows\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-13 03:04 - 2018-08-12 01:13 - 000003976 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-13 03:04 - 2018-08-12 01:13 - 000003940 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-13 03:04 - 2018-08-12 01:04 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-13 03:04 - 2018-08-12 01:04 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-13 03:04 - 2018-08-12 01:04 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-13 03:04 - 2018-08-12 01:04 - 000003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-13 03:04 - 2018-08-12 01:04 - 000003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-13 03:04 - 2018-08-12 01:04 - 000003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-13 03:04 - 2018-08-12 01:04 - 000003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-13 03:04 - 2018-08-12 01:04 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-04-13 03:04 - 2018-08-12 01:04 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-04-10 12:40 - 2018-08-12 01:04 - 005045712 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2019-04-10 04:13 - 2019-03-12 10:37 - 000004642 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-04-10 04:13 - 2019-03-12 10:37 - 000004506 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2019-04-10 04:13 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-04-10 04:13 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\system32\Macromed
2019-04-09 13:43 - 2018-08-12 01:04 - 005365744 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2019-04-09 13:43 - 2018-08-12 01:04 - 002624824 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2019-04-09 13:43 - 2018-08-12 01:04 - 001767736 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2019-04-09 13:43 - 2018-08-12 01:04 - 000651576 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2019-04-09 13:43 - 2018-08-12 01:04 - 000450872 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2019-04-09 13:43 - 2018-08-12 01:04 - 000124784 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2019-04-09 13:43 - 2018-08-12 01:04 - 000082984 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2019-04-09 13:42 - 2018-08-12 01:04 - 008530822 _____ C:\Windows\system32\nvcoproc.bin
2019-04-05 18:50 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\AppReadiness
2019-04-05 18:44 - 2018-12-31 15:11 - 000000000 ___DC C:\Users\skimi\AppData\Local\Packages
2019-04-05 02:47 - 2019-02-03 22:18 - 000000000 ___DC C:\Users\skimi\AppData\Local\GameAnalytics
2019-04-04 11:54 - 2019-01-09 12:49 - 000000000 ___DC C:\Users\skimi\AppData\Local\UnrealEngine
2019-04-04 11:36 - 2019-03-22 23:18 - 000000000 ___DC C:\Users\skimi\AppData\Local\BitTorrentHelper
2019-04-04 11:31 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\system32\NDF
2019-04-03 19:32 - 2019-03-23 16:04 - 000000000 ___DC C:\Users\skimi\AppData\Local\FactoryGame
2019-04-02 19:00 - 2018-08-12 01:13 - 002769264 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2019-04-02 19:00 - 2018-08-12 01:13 - 002149232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2019-04-02 19:00 - 2018-08-12 01:13 - 001322864 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2019-04-02 17:25 - 2018-08-12 01:04 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2019-03-30 11:37 - 2018-08-12 01:04 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2019-03-28 20:12 - 2018-12-31 15:13 - 000000000 ___DC C:\Users\skimi\AppData\Local\PlaceholderTileLogoFolder
2019-03-28 19:55 - 2018-08-12 01:02 - 000000000 ____D C:\ProgramData\Package Cache
2019-03-28 19:46 - 2018-12-31 15:40 - 000003470 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-03-28 19:46 - 2018-12-31 15:40 - 000003346 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-03-27 12:15 - 2019-01-03 18:05 - 000000000 ___DC C:\Users\skimi\AppData\Local\Bluestacks
2019-03-25 09:46 - 2019-03-13 12:18 - 000000000 ____D C:\Windows\Minidump
2019-03-25 09:36 - 2019-02-28 10:18 - 001931264 _____ (Microsoft Corporation) C:\Windows\system32\winscomrssrv.dll
2019-03-25 09:36 - 2019-02-10 20:10 - 000000024 _____ C:\Windows\system32\WinUpdates105.dat

==================== Files in the root of some directories =======

2019-02-16 20:05 - 2019-02-16 20:05 - 000000000 ____C () C:\Users\skimi\AppData\Roaming\FC29FA0894FE.ini
2019-04-23 14:38 - 2019-04-23 14:38 - 007906816 ____C () C:\Users\skimi\AppData\Local\agent.dat
2019-04-23 14:38 - 2019-04-23 14:38 - 001632256 ____C (TODO: <Company name>) C:\Users\skimi\AppData\Local\AnQvoity.exe
2019-04-23 14:38 - 2019-04-23 14:38 - 002037441 ____C () C:\Users\skimi\AppData\Local\AnQvoity.tst
2019-04-23 14:38 - 2019-04-23 14:38 - 000070992 ____C () C:\Users\skimi\AppData\Local\Config.xml
2019-04-23 14:38 - 2019-04-23 14:38 - 000140800 ____C () C:\Users\skimi\AppData\Local\installer.dat
2019-04-23 14:38 - 2019-04-23 14:38 - 000005568 ____C () C:\Users\skimi\AppData\Local\md.xml
2019-04-23 14:38 - 2019-04-23 14:38 - 000126464 ____C () C:\Users\skimi\AppData\Local\noah.dat
2019-04-23 14:38 - 2019-04-23 14:39 - 000722944 ____C () C:\Users\skimi\AppData\Local\sha.db
2019-04-23 14:38 - 2019-04-23 14:38 - 001632256 ____C (TODO: <Company name>) C:\Users\skimi\AppData\Local\Stattech.exe
2019-04-23 14:38 - 2019-04-23 14:38 - 000278510 ____C () C:\Users\skimi\AppData\Local\Stattech.tst
2019-04-23 14:38 - 2019-04-23 14:38 - 001895383 ____C () C:\Users\skimi\AppData\Local\Tough-Tone.bin
2019-04-23 14:38 - 2019-04-23 14:38 - 000032038 ____C () C:\Users\skimi\AppData\Local\uninstall_temp.ico
2019-04-23 14:38 - 2019-04-23 14:38 - 000015360 ____C () C:\Users\skimi\AppData\Local\wlorgs.dll

Some files in TEMP:
====================
2019-04-23 14:38 - 2019-04-23 14:38 - 000673792 ____C () C:\Users\skimi\AppData\Local\Temp\6521584522.exe
2019-04-23 14:37 - 2019-04-23 14:37 - 000024649 ____C (Testa) C:\Users\skimi\AppData\Local\Temp\Bloomberg.exe
2019-04-23 14:37 - 2019-04-23 14:37 - 002544128 ____C () C:\Users\skimi\AppData\Local\Temp\DixVid.exe
2019-04-23 14:38 - 2019-04-23 14:38 - 000541696 ____C () C:\Users\skimi\AppData\Local\Temp\kosmix.exe
2019-04-23 14:38 - 2019-04-23 14:38 - 001423496 ____C ( ) C:\Users\skimi\AppData\Local\Temp\Roeblingu.exe
2019-04-23 14:38 - 2019-04-23 14:38 - 000550400 ____C () C:\Users\skimi\AppData\Local\Temp\seescenicelfe.exe
2019-04-23 14:38 - 2019-04-23 14:38 - 000096256 ____C () C:\Users\skimi\AppData\Local\Temp\setup.exe
2019-04-23 14:37 - 2019-04-23 14:37 - 005478175 ____C () C:\Users\skimi\AppData\Local\Temp\wGenus.exe
2019-04-23 14:38 - 2019-04-23 14:38 - 000675884 ____C (ZRFXRD ) C:\Users\skimi\AppData\Local\Temp\xelPi.exe
2019-04-23 14:38 - 2019-04-23 14:38 - 001317888 ____C () C:\Users\skimi\AppData\Local\Temp\Xvid.exe
2019-04-23 14:37 - 2019-04-23 14:37 - 003786762 ____C () C:\Users\skimi\AppData\Local\Temp\zernvo.exe
2019-04-23 14:38 - 2019-04-23 14:38 - 000020480 ____C (Comfort) C:\Users\skimi\AppData\Local\Temp\zero.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)



ATTENTION: ==> Could not access BCD.
==================== End of FRST.txt ============================

skimiwriter
Návštěvník
Návštěvník
Příspěvky: 58
Registrován: 24 bře 2014 13:34

Re: asi malware

#7 Příspěvek od skimiwriter »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23.04.2019
Ran by skimi (24-04-2019 10:36:58)
Running from D:\Plocha
Windows 10 Home Version 1803 17134.523 (X64) (2018-12-31 12:56:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2421848158-3972365885-1621877511-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2421848158-3972365885-1621877511-503 - Limited - Disabled)
Guest (S-1-5-21-2421848158-3972365885-1621877511-501 - Limited - Disabled)
skimi (S-1-5-21-2421848158-3972365885-1621877511-1001 - Administrator - Enabled) => C:\Users\skimi
WDAGUtilityAccount (S-1-5-21-2421848158-3972365885-1621877511-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\...\uTorrent) (Version: 3.5.5.45146 - BitTorrent Inc.)
6b264507-ba91-4d85-86c9-1e827315cbe0 (HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\...\6b264507-ba91-4d85-86c9-1e827315cbe0) (Version: - Alt0C10ud)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.171 - Adobe)
Aktualizace NVIDIA 36.0.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 36.0.0.0 - NVIDIA Corporation) Hidden
Apex Legends (HKLM-x32\...\{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.0.0.4 - Electronic Arts, Inc.)
AR8171 Driver Installation (HKLM-x32\...\{1E672F6A-B698-48A2-AE8C-427F97AF8F0E}) (Version: 1.0.0.41 - Rivet Networks)
AR8171 Drivers (HKLM\...\{8386D032-4BA5-4BDA-A86D-22A2761881AA}) (Version: 1.0.0.41 - Rivet Networks) Hidden
Backup and Sync from Google (HKLM\...\{F9EEDE46-6409-4ECC-8AB6-7062464987A4}) (Version: 3.43.4275.9540 - Google, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Call of Cthulhu (HKLM-x32\...\Call of Cthulhu_is1) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.56 - Piriform)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.9.0.0677 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\...\Discord) (Version: 0.0.305 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 425.31 - NVIDIA Corporation) Hidden
Dragon Center (HKLM-x32\...\{C65B26BC-5A6F-4135-9678-55A877655471}) (Version: 2.3.1807.2601 - Micro-Star International Co., Ltd.) Hidden
Dragon Center (HKLM-x32\...\InstallShield_{C65B26BC-5A6F-4135-9678-55A877655471}) (Version: 2.3.1807.2601 - Micro-Star International Co., Ltd.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 70.4.93 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden
EaseUS Partition Master 13.0 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
Epic Games Launcher (HKLM-x32\...\{0E63B233-DC24-442C-BD38-0B91D90FEC5B}) (Version: 1.1.167.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.103 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Cheat Engine 6.8.2 (HKLM-x32\...\Cheat Engine 6.8.2_is1) (Version: - Cheat Engine)
Intel(R) Chipset Device Software (HKLM-x32\...\{eb0d4a41-3065-42b0-a868-c60d42d3ea98}) (Version: 10.1.17695.8086 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1823.12.0.1137 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.5.0.1027 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.50.295.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{c700a043-5a4c-4d61-aa88-6c4191f25b64}) (Version: 1.50.295.0 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000060-0200-1033-84C8-B8D95FA3C8C3}) (Version: 20.60.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{b67c644b-bbfa-45cf-a1fa-2e1ef2f99be6}) (Version: 20.60.0 - Intel Corporation)
Java 8 Update 211 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180211F0}) (Version: 8.0.2110.12 - Oracle Corporation)
KB9X Radio Switch Driver (HKLM\...\7A70B8EDE77ED614C261B89A36D4C656443FD153) (Version: 1.1.8.0 - ENE TECHNOLOGY INC.)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Mass Effect™: Andromeda (HKLM-x32\...\{72BBCA87-9350-48BC-9E2F-6DBC1E80C993}) (Version: 1.0.0.4 - Electronic Arts)
Metro Exodus (HKLM-x32\...\{F25D08D9-EBE0-4C15-AAD2-50B446E85B17}_is1) (Version: - 4A Games)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26405 (HKLM-x32\...\{ec9c2282-a836-48a6-9e41-c2f0bf8d678b}) (Version: 14.14.26405.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{E154B2C8-2F3E-4763-B3D5-E7D34AE39C6B}) (Version: 1.0.0.0 - Mojang)
MSI Afterburner 4.5.0 (HKLM-x32\...\Afterburner) (Version: 4.5.0 - MSI Co., LTD)
No Mans Sky The Abyss (HKLM-x32\...\No Mans Sky The Abyss_is1) (Version: - )
Norton Security (HKLM-x32\...\NGC) (Version: 22.16.3.21 - Symantec Corporation)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.15 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.18.0.102 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.18.0.102 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 425.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 425.31 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.35.22222 - Electronic Arts, Inc.)
Outward Update 1 (HKLM\...\b3V0d2FyZA_is1) (Version: 1 - )
Ovládací panel NVIDIA 425.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 425.31 - NVIDIA Corporation) Hidden
PS4 Remote Play (HKLM-x32\...\{692D6A0A-FC43-4453-B469-D502946785C4}) (Version: 2.8.0.03041 - Sony Interactive Entertainment Inc.)
PSJoy Server (HKLM-x32\...\{c0505dfc-65ea-11e8-adc0-fa7ae01bbebc}_is1) (Version: 1.0.3 - Florian Grill)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.17134.31242 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8496 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 7.2.1 (HKLM-x32\...\RTSS) (Version: 7.2.1 - Unwinder)
SafeFinder (HKLM-x32\...\{80CE126B-DC90-4C1F-B51A-B95570D25410}) (Version: 1.0.0.0 - Linkury) <==== ATTENTION
SearchAwesome (HKLM-x32\...\NTEzYjdhYm) (Version: 13.14.1.316 (i1.0) - SearchAwesome) <==== ATTENTION
Sekiro Shadows Die Twice version final (HKLM-x32\...\Sekiro Shadows Die Twice_is1) (Version: final - The)
Spotify (HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\...\Spotify) (Version: 1.1.4.197.g92d52c4f - Spotify AB)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
State of Decay 2 [FULL REMOVAL] (HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\...\{CA2279C5-4639-4D05-B274-8792AB07AC35}_is1) (Version: 1.3160.34.2 - Microsoft Studios)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 2.6.3.0 - Zenimax Online Studios)
Tom Clancy's The Division (HKLM-x32\...\Uplay Install 568) (Version: - Ubisoft)
Tom Clancy's The Division 2 (HKLM-x32\...\Uplay Install 4932) (Version: - Ubisoft)
Twitch (HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 - Twitch Interactive, Inc.)
Unrest Indigo (HKLM-x32\...\Unrest Indigo_is1) (Version: - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 73.0 - Ubisoft)
WinZip 23.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2411D}) (Version: 23.0.13300 - Corel Corporation)
Zoner Photo Studio X (HKLM\...\ZonerPhotoStudioX_CZ_is1) (Version: 19.1809.2.93 - ZONER software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2421848158-3972365885-1621877511-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.WinZipExpressForOffice.dll (Corel Corporation -> )
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-04-09] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-04-09] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-04-09] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => -> No File
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => -> No File
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => -> No File
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => -> No File
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => -> No File
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-04-09] (Google LLC -> Google)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers1: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2018-11-07] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-12-17] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => -> No File
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-12-17] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-04-09] (Google LLC -> Google)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2018-11-07] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\System32\DriverStore\FileRepository\cui_comp.inf_amd64_209bd95d56b1ac2d\igfxDTCM.dll [2018-08-11] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2019-04-09] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => -> No File
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers6: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2018-11-07] (Corel Corporation -> WinZip Computing)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\skimi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\skimi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%

==================== Loaded Modules (Whitelisted) ==============

2009-07-10 00:54 - 2009-07-10 00:54 - 000160768 _____ (Micro-Star International Co., Ltd.) [File not signed] C:\Windows\SysWOW64\MSIService.exe
2018-12-31 15:12 - 2018-12-17 18:59 - 000413696 _____ () [File not signed] C:\ProgramData\A-Volute\A-Volute.Nahimic\Modules\Regular\x64\DataSystemRPCDaemonModule.dll
2019-03-05 16:02 - 2019-03-05 16:02 - 000508520 _____ (Alexey Nicolaychuk -> ) [File not signed] D:\Games\RivaTuner Statistics Server\RTSSHooks64.dll
2019-03-05 16:02 - 2019-03-05 16:02 - 000261736 _____ (Alexey Nicolaychuk -> ) [File not signed] D:\Games\RivaTuner Statistics Server\RTSS.exe
2019-03-23 11:28 - 2019-03-23 11:28 - 289924110 ____C (SoundMixer) [File not signed] C:\Users\skimi\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe
2019-01-04 22:49 - 2018-11-20 09:58 - 000265728 _____ (Nahimic) [File not signed] C:\ProgramData\A-Volute\A-Volute.Nahimic\Modules\Scheduled\x64\GfxOverlayDaemonModule.dll
2019-03-05 16:02 - 2019-03-05 16:02 - 000068200 _____ (Alexey Nicolaychuk -> ) [File not signed] D:\Games\RivaTuner Statistics Server\EncoderServer.exe
2019-03-05 16:02 - 2019-03-05 16:02 - 000065640 _____ (Alexey Nicolaychuk -> ) [File not signed] D:\Games\RivaTuner Statistics Server\RTSSHooksLoader64.exe
2018-04-12 01:33 - 2019-02-10 11:58 - 000193024 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Windows Defender\MSASCuiL.exe
2019-04-24 10:32 - 2019-04-24 10:32 - 003042304 ____C (Python Software Foundation) [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\python27.dll
2019-04-24 10:32 - 2019-04-24 10:32 - 000113664 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\_ctypes.pyd
2019-04-24 10:32 - 2019-04-24 10:32 - 000080896 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\bz2.pyd
2019-04-24 10:32 - 2019-04-24 10:32 - 001792512 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\_hashlib.pyd
2019-04-24 10:32 - 2019-04-24 10:32 - 000128512 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\win32api.pyd
2019-04-24 10:32 - 2019-04-24 10:32 - 000137728 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\pywintypes27.dll
2019-04-24 10:32 - 2019-04-24 10:32 - 000548864 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\pythoncom27.dll
2019-04-24 10:32 - 2019-04-24 10:32 - 000689664 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\unicodedata.pyd
2019-04-24 10:32 - 2019-04-24 10:32 - 000438784 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\win32com.shell.shell.pyd
2019-04-24 10:32 - 2019-04-24 10:32 - 001489408 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\wx._core_.pyd
2019-04-24 10:32 - 2019-04-24 10:32 - 000202240 ____C (wxWidgets development team) [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\wxbase30u_net_vc90_x64.dll
2019-04-24 10:32 - 2019-04-24 10:32 - 002831872 ____C (wxWidgets development team) [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\wxbase30u_vc90_x64.dll
2019-04-24 10:32 - 2019-04-24 10:32 - 006542336 ____C (wxWidgets development team) [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\wxmsw30u_core_vc90_x64.dll
2019-04-24 10:32 - 2019-04-24 10:32 - 001654784 ____C (wxWidgets development team) [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\wxmsw30u_adv_vc90_x64.dll
2019-04-24 10:32 - 2019-04-24 10:32 - 001007104 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\wx._gdi_.pyd
2019-04-24 10:32 - 2019-04-24 10:32 - 001039872 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\wx._windows_.pyd
2019-04-24 10:32 - 2019-04-24 10:32 - 000773632 ____C (wxWidgets development team) [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\wxmsw30u_html_vc90_x64.dll
2019-04-24 10:32 - 2019-04-24 10:32 - 001325056 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\wx._controls_.pyd
2019-04-24 10:32 - 2019-04-24 10:32 - 000916992 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\wx._misc_.pyd
2019-04-24 10:32 - 2019-04-24 10:32 - 001084416 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\pysqlite2._sqlite.pyd
2019-04-24 10:32 - 2019-04-24 10:32 - 000149504 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\win32file.pyd
2019-04-24 10:32 - 2019-04-24 10:32 - 000136192 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\win32security.pyd
2019-04-24 10:32 - 2019-04-24 10:32 - 000007680 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\hashobjs_ext.pyd
2019-04-24 10:32 - 2019-04-24 10:32 - 000020992 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\thumbnails_ext.pyd
2019-04-24 10:32 - 2019-04-24 10:32 - 000118784 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\usb_ext.pyd
2019-04-24 10:32 - 2019-04-24 10:32 - 000047616 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\_socket.pyd
2019-04-24 10:32 - 2019-04-24 10:32 - 002224640 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\_ssl.pyd
2019-04-24 10:32 - 2019-04-24 10:32 - 000014848 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\common.time34.pyd
2019-04-24 10:32 - 2019-04-24 10:32 - 000023040 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\win32event.pyd
2019-04-24 10:32 - 2019-04-24 10:32 - 000034304 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\windows.conditional.pyd
2019-04-24 10:32 - 2019-04-24 10:32 - 000020480 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\windows.winwrap.pyd
2019-04-24 10:32 - 2019-04-24 10:32 - 000110080 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\windows.volumes.pyd
2019-04-24 10:32 - 2019-04-24 10:32 - 000223232 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\win32gui.pyd
2019-04-24 10:32 - 2019-04-24 10:32 - 000173568 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\_elementtree.pyd
2019-04-24 10:32 - 2019-04-24 10:32 - 000169472 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\pyexpat.pyd
2019-04-24 10:32 - 2019-04-24 10:32 - 000048128 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\win32inet.pyd
2019-04-24 10:32 - 2019-04-24 10:32 - 000103424 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\wx._html2.pyd
2019-04-24 10:32 - 2019-04-24 10:32 - 000137216 ____C (wxWidgets development team) [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\wxmsw30u_webview_vc90_x64.dll
2019-04-24 10:32 - 2019-04-24 10:32 - 000046080 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\_psutil_windows.pyd
2019-04-24 10:32 - 2019-04-24 10:32 - 000011776 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\win32crypt.pyd
2019-04-24 10:32 - 2019-04-24 10:32 - 000301568 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\PIL._imaging.pyd
2019-04-24 10:32 - 2019-04-24 10:32 - 000032256 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\_multiprocessing.pyd
2019-04-24 10:32 - 2019-04-24 10:32 - 005752320 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\cello.pyd
2019-04-24 10:32 - 2019-04-24 10:32 - 000026112 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\_yappi.pyd
2019-04-24 10:32 - 2019-04-24 10:32 - 000044032 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\win32process.pyd
2019-04-24 10:32 - 2019-04-24 10:32 - 000027648 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\win32pipe.pyd
2019-04-24 10:32 - 2019-04-24 10:32 - 000010752 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\select.pyd
2019-04-24 10:32 - 2019-04-24 10:32 - 000029696 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\win32pdh.pyd
2019-04-24 10:32 - 2019-04-24 10:32 - 000038400 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\windows.connectivity.pyd
2019-04-24 10:32 - 2019-04-24 10:32 - 000073216 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\windows.device_monitor.pyd
2019-04-24 10:32 - 2019-04-24 10:32 - 000020480 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\win32profile.pyd
2019-04-24 10:32 - 2019-04-24 10:32 - 000026624 ____C () [File not signed] C:\Users\skimi\AppData\Local\Temp\_MEI132202\win32ts.pyd
2015-06-12 04:35 - 2015-06-12 04:35 - 000047816 _____ (MICRO-STAR INTERNATIONAL CO., LTD -> www.internals.com) [File not signed] C:\Program Files (x86)\MSI\Dragon Center\WinIo64.dll
2017-12-27 20:00 - 2017-12-27 20:00 - 000105984 _____ (A-Volute) [File not signed] C:\Program Files (x86)\MSI\Dragon Center\YooMixCOM.dll
2019-02-05 20:28 - 2019-02-05 20:28 - 001177600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2019-02-05 20:28 - 2019-02-05 20:28 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2019-02-05 20:28 - 2019-02-05 20:28 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2019-02-05 20:28 - 2019-02-05 20:28 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2019-02-05 20:28 - 2019-02-05 20:28 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
2019-02-05 20:28 - 2019-02-05 20:28 - 001548288 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2019-02-05 20:28 - 2019-02-05 20:28 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2019-02-05 20:28 - 2019-02-05 20:28 - 000395776 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2019-04-23 14:38 - 2019-04-23 14:38 - 001843200 _____ () [File not signed] C:\Windows\ksohlbecbkdjherthcx.ksqh
2018-04-23 17:13 - 2018-04-23 17:13 - 000232448 _____ () [File not signed] D:\Games\MSI Afterburner\RTCore.dll
2018-04-23 17:13 - 2018-04-23 17:13 - 000057344 _____ () [File not signed] D:\Games\MSI Afterburner\RTFC.dll
2018-04-23 17:13 - 2018-04-23 17:13 - 000072704 _____ () [File not signed] D:\Games\MSI Afterburner\RTMUI.dll
2018-04-23 17:13 - 2018-04-23 17:13 - 000567808 _____ () [File not signed] D:\Games\MSI Afterburner\RTHAL.dll
2018-04-23 17:13 - 2018-04-23 17:13 - 000357888 _____ () [File not signed] D:\Games\MSI Afterburner\RTUI.dll
2019-03-05 16:02 - 2019-03-05 16:02 - 000468072 _____ (Alexey Nicolaychuk -> ) [File not signed] D:\Games\RivaTuner Statistics Server\RTSSHooks.dll
2019-03-05 16:00 - 2019-03-05 16:00 - 000364544 _____ () [File not signed] D:\Games\RivaTuner Statistics Server\RTUI.dll
2019-03-05 16:00 - 2019-03-05 16:00 - 000072704 _____ () [File not signed] D:\Games\RivaTuner Statistics Server\RTMUI.dll
2019-03-05 16:00 - 2019-03-05 16:00 - 000057344 _____ () [File not signed] D:\Games\RivaTuner Statistics Server\RTFC.dll
2019-01-04 22:49 - 2018-11-20 09:58 - 000636928 _____ (Nahimic) [File not signed] C:\ProgramData\A-Volute\A-Volute.Nahimic\Modules\Scheduled\DynamicSonicMapperConfiguratorDaemonModule.dll
2019-01-04 22:49 - 2018-11-20 09:58 - 000223744 _____ (Nahimic) [File not signed] C:\ProgramData\A-Volute\A-Volute.Nahimic\Modules\Scheduled\GfxOverlayDaemonModule.dll
2019-01-04 22:49 - 2018-11-20 09:58 - 000400384 _____ (Nahimic) [File not signed] C:\ProgramData\A-Volute\A-Volute.Nahimic\Modules\Scheduled\GfxStreamServerDaemonModule.dll
2019-03-28 17:23 - 2016-10-17 19:29 - 003842048 _____ (Terra Informatica Software, Inc.) [File not signed] D:\Photo Studio 19\Program32\sciter32.dll
2019-04-23 14:38 - 2019-04-23 14:38 - 000015360 ____C () [File not signed] C:\Users\skimi\AppData\Local\wlorgs.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-12 01:38 - 2019-04-23 22:54 - 000000852 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\System32\oobe\info\Wallpaper\backgroundDefault.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\...\StartupApproved\Run: => "Discord"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{D7FDBEE2-D786-41EC-8B09-34D7084240F3}C:\users\skimi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\skimi\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{538BCA36-44B4-4A44-936E-8456C8BE68D0}C:\users\skimi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\skimi\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/23/2019 11:44:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: kenshi_x64.exe, verze: 0.0.0.0, časové razítko: 0x5cb748d4
Název chybujícího modulu: PhysXCore64.dll, verze: 2.8.4.6, časové razítko: 0x4e13e0c6
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000002c5460
ID chybujícího procesu: 0x1d40
Čas spuštění chybující aplikace: 0x01d4fa1881398416
Cesta k chybující aplikaci: D:\Kenshi.v1.0.25\kenshi_x64.exe
Cesta k chybujícímu modulu: D:\Kenshi.v1.0.25\PhysXCore64.dll
ID zprávy: bba45272-61f8-45ca-8c59-c7117e961ed3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (04/23/2019 11:06:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program RtkUWP.exe verze 0.0.0.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 388c

Čas spuštění: 01d4fa16e298166b

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.1.134.0_x64__dt26b99r8h8gj\RtkUWP.exe

ID hlášení: 7a1e7fab-d096-4ab6-8142-6226b368be45

Úplný název balíčku s chybou: RealtekSemiconductorCorp.RealtekAudioControl_1.1.134.0_x64__dt26b99r8h8gj

ID aplikace související s balíčkem s chybou: App

Error: (04/23/2019 08:00:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program javaw.exe verze 8.0.2110.12 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 1774

Čas spuštění: 01d4f9fdc929f6ed

Čas ukončení: 4

Cesta k aplikaci: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe

ID hlášení: 037f4e8c-5263-468e-bd90-803b6fe51ea4

Úplný název balíčku s chybou:

ID aplikace související s balíčkem s chybou:

Error: (04/23/2019 07:37:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program RtkUWP.exe verze 0.0.0.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 4f0

Čas spuštění: 01d4f9f82b6d35e5

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.1.134.0_x64__dt26b99r8h8gj\RtkUWP.exe

ID hlášení: 61fd4872-8514-432e-a581-a121a024eb55

Úplný název balíčku s chybou: RealtekSemiconductorCorp.RealtekAudioControl_1.1.134.0_x64__dt26b99r8h8gj

ID aplikace související s balíčkem s chybou: App

Error: (04/23/2019 07:35:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program TwitchUI.exe verze 3.0.16.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 27b8

Čas spuštění: 01d4f9fa6d5b0a00

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Users\skimi\AppData\Roaming\Twitch\Bin\Electron\TwitchUI.exe

ID hlášení: 63068c01-8a56-4f1b-965f-7e3f68750f71

Úplný název balíčku s chybou:

ID aplikace související s balíčkem s chybou:

Error: (04/23/2019 07:31:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program TwitchUI.exe verze 3.0.16.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 32c0

Čas spuštění: 01d4f9f9a717f8a0

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Users\skimi\AppData\Roaming\Twitch\Bin\Electron\TwitchUI.exe

ID hlášení: 6604f9ab-c09e-4566-a6df-495eb153c3dc

Úplný název balíčku s chybou:

ID aplikace související s balíčkem s chybou:

Error: (04/23/2019 06:59:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: kenshi_x64.exe, verze: 0.0.0.0, časové razítko: 0x5cb748d4
Název chybujícího modulu: kenshi_x64.exe, verze: 0.0.0.0, časové razítko: 0x5cb748d4
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000295f9f
ID chybujícího procesu: 0x10bc
Čas spuštění chybující aplikace: 0x01d4f9dc962ba2e1
Cesta k chybující aplikaci: C:\Users\skimi\Downloads\Kenshi.v1.0.25\kenshi_x64.exe
Cesta k chybujícímu modulu: C:\Users\skimi\Downloads\Kenshi.v1.0.25\kenshi_x64.exe
ID zprávy: 1bee173a-89a6-4609-b945-db0de64420f3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (04/23/2019 03:58:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: kenshi_x64.exe, verze: 0.0.0.0, časové razítko: 0x5cb748d4
Název chybujícího modulu: PhysXCore64.dll, verze: 2.8.4.6, časové razítko: 0x4e13e0c6
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000002c5460
ID chybujícího procesu: 0x17c0
Čas spuštění chybující aplikace: 0x01d4f9db8b0273cb
Cesta k chybující aplikaci: C:\Users\skimi\Downloads\Kenshi.v1.0.25\kenshi_x64.exe
Cesta k chybujícímu modulu: C:\Users\skimi\Downloads\Kenshi.v1.0.25\PhysXCore64.dll
ID zprávy: fe4ce336-2fd5-406b-8da6-1e31360967e8
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (04/24/2019 10:36:10 AM) (Source: DCOM) (EventID: 10010) (User: MSI)
Description: Server {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} se v daném časovém limitu neregistroval u služby DCOM.

Error: (04/24/2019 10:34:10 AM) (Source: DCOM) (EventID: 10010) (User: MSI)
Description: Server {E48EDA45-43C6-48E0-9323-A7B2067D9CD5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (04/24/2019 10:33:17 AM) (Source: DCOM) (EventID: 10016) (User: MSI)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli MSI\skimi (SID: S-1-5-21-2421848158-3972365885-1621877511-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (04/24/2019 10:32:39 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (04/24/2019 10:32:30 AM) (Source: DCOM) (EventID: 10016) (User: MSI)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli MSI\skimi (SID: S-1-5-21-2421848158-3972365885-1621877511-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (04/24/2019 10:32:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba NTEzYjdhYm neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (04/24/2019 10:32:10 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby NTEzYjdhYm bylo dosaženo časového limitu (30000 ms).

Error: (04/24/2019 10:32:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.


==================== Memory info ===========================

BIOS: American Megatrends Inc. E16P6IMS.107 09/05/2018
Motherboard: Micro-Star International Co., Ltd. MS-16P6
Processor: Intel(R) Core(TM) i7-8750H CPU @ 2.20GHz
Percentage of memory in use: 33%
Total physical RAM: 16230.21 MB
Available physical RAM: 10825.23 MB
Total Virtual: 21606.21 MB
Available Virtual: 13935.03 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:117.94 GB) (Free:13.36 GB) NTFS
Drive d: (Data) (Fixed) (Total:912.76 GB) (Free:202.5 GB) NTFS
Drive z: (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.26 GB) FAT32

\\?\Volume{473e7fc5-f5a9-405f-ae34-7499bc2514e9}\ (WinRE tools) (Fixed) (Total:0.88 GB) (Free:0.5 GB) NTFS
\\?\Volume{2133cda6-146c-4b93-b6fa-4ea546b0a6cc}\ (BIOS_RVY) (Fixed) (Total:18.75 GB) (Free:0.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 4FC43474)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 4FC43456)

Partition: GPT.

==================== End of Addition.txt ============================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118194
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: asi malware

#8 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => -> No File
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => -> No File
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => -> No File
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => -> No File
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => -> No File
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => -> No File
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers1: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => -> No File
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers6: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
C:\Users\skimi\AppData\Local\Temp
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\...\Run: [wlorgs] => C:\Users\skimi\AppData\Local\wlorgs.dll [15360 2019-04-23] () [File not signed] <==== ATTENTION
C:\Users\skimi\AppData\Local\wlorgs.dll
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\...\MountPoints2: {5051c3da-0d01-11e9-9b2d-04d3b0fd8d0a} - "E:\setup.exe"
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\...\MountPoints2: {c97897dc-0faf-11e9-9b32-04d3b0fd8d0a} - "F:\setup.exe"
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\...\MountPoints2: {d37eb8a3-121d-11e9-9b35-04d3b0fd8d0a} - "H:\setup.exe"
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\...\Winlogon: [Shell] %comspec% <==== ATTENTION
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\...\Command Processor: @mode 20,5 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & if exist "C:\Users\skimi\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" ( start /MIN "" "C:\Users\skimi\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) <==== ATTENTION
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {764FA3EF-34E8-43C2-BD41-844CA1A54E6D} - System32\Tasks\{KUHO45BP-ZJ6Y-160L-VGAE-EGO3B2JGI577} => explorer "hxxp://eroiuka.com/cl/?guid=57rqsuafco2ccft0ei16phkjobnyat9j&prid=1&pid=11_1415_0" <==== ATTENTION
Task: {C015B612-4904-43B3-847A-AAC3459E37E9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2018-12-31] (Google Inc -> Google Inc.)
Task: {C8B63BB2-0EC4-4187-9335-6D4A63024967} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2018-12-31] (Google Inc -> Google Inc.)
Task: C:\Windows\Tasks\{KUHO45BP-ZJ6Y-160L-VGAE-EGO3B2JGI577}.job => explorerThttp /eroiuka com cl/?guid 57rqsuafco2ccft0ei16phkjobnyat9j prid pid 11_1415_0MSI skimiThis is comment
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%7 ... 5Z1dnjk&q={searchTerms}
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72 ... io0taSwY7F
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17win10.msn.com/?pc=NMTE
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: YoutubeAdBlock -> {0A11C8B7-2333-42A8-8DB1-9A7A91832C55} -> C:\Program Files (x86)\yXYMSblVdIE\tUTjaEq.dll => No File
BHO-x32: YoutubeAdBlock -> {0A11C8B7-2333-42A8-8DB1-9A7A91832C55} -> C:\Program Files (x86)\yXYMSblVdIE\kR8Y6u1X.dll => No File
CHR HomePage: Default -> hxxps://%66%65%65%64.%68%65%6C%70%65%72 ... 5RfOmy02EK
CHR StartupUrls: Default -> "hxxp://www.default-search.net?sid=476&aid=113& ... oogle.com/"
S2 NTEzYjdhYm; C:\Program Files\NTEzYjdhYm\OWU3ZGFjMDNkN2.exe [1019592 2019-04-22] (technologiejarbon.com -> )
C:\Program Files\NTEzYjdhYm
R2 NzE4NzU5ODM4; C:\Windows\ksohlbecbkdjherthcx.ksqh [1843200 2019-04-23] () [File not signed]
C:\Windows\ksohlbecbkdjherthcx.ksqh
R1 ZjM1MjNlZDAzNGE3MTJj; C:\Windows\system32\drivers\ZjM1MjNlZDAzNGE3MTJj [78208 2019-04-22] (technologiejarbon.com -> )
C:\Windows\system32\drivers\ZjM1MjNlZDAzNGE3MTJj
C:\ProgramData\{4FF79E46-0162-2ED3-1A1C-50A21AFB09F3}
C:\ProgramData\{46D84F83-D0A7-27FC-DFCD-7FABDF2A26FA}
C:\Windows\Tasks\{KUHO45BP-ZJ6Y-160L-VGAE-EGO3B2JGI577}.job
C:\Windows\LastGood.Tmp
C:\Users\skimi\Downloads\tmp9e7.tmp
C:\Users\skimi\Downloads\tmp56de.tmp
C:\Users\skimi\AppData\Roaming\FC29FA0894FE.ini

EmptyTemp:
End
Uložte do D:\Plocha jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

skimiwriter
Návštěvník
Návštěvník
Příspěvky: 58
Registrován: 24 bře 2014 13:34

Re: asi malware

#9 Příspěvek od skimiwriter »

Fix result of Farbar Recovery Scan Tool (x64) Version: 23.04.2019
Ran by skimi (24-04-2019 14:25:00) Run:1
Running from D:\Plocha
Loaded Profiles: skimi (Available Profiles: skimi)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => -> No File
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => -> No File
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => -> No File
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => -> No File
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => -> No File
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => -> No File
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers1: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => -> No File
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers6: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
C:\Users\skimi\AppData\Local\Temp
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\...\Run: [wlorgs] => C:\Users\skimi\AppData\Local\wlorgs.dll [15360 2019-04-23] () [File not signed] <==== ATTENTION
C:\Users\skimi\AppData\Local\wlorgs.dll
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\...\MountPoints2: {5051c3da-0d01-11e9-9b2d-04d3b0fd8d0a} - "E:\setup.exe"
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\...\MountPoints2: {c97897dc-0faf-11e9-9b32-04d3b0fd8d0a} - "F:\setup.exe"
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\...\MountPoints2: {d37eb8a3-121d-11e9-9b35-04d3b0fd8d0a} - "H:\setup.exe"
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\...\Winlogon: [Shell] %comspec% <==== ATTENTION
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\...\Command Processor: @mode 20,5 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & if exist "C:\Users\skimi\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" ( start /MIN "" "C:\Users\skimi\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) <==== ATTENTION
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {764FA3EF-34E8-43C2-BD41-844CA1A54E6D} - System32\Tasks\{KUHO45BP-ZJ6Y-160L-VGAE-EGO3B2JGI577} => explorer "hxxp://eroiuka.com/cl/?guid=57rqsuafco2ccft0ei16phkjobnyat9j&prid=1&pid=11_1415_0" <==== ATTENTION
Task: {C015B612-4904-43B3-847A-AAC3459E37E9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2018-12-31] (Google Inc -> Google Inc.)
Task: {C8B63BB2-0EC4-4187-9335-6D4A63024967} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2018-12-31] (Google Inc -> Google Inc.)
Task: C:\Windows\Tasks\{KUHO45BP-ZJ6Y-160L-VGAE-EGO3B2JGI577}.job => explorerThttp /eroiuka com cl/?guid 57rqsuafco2ccft0ei16phkjobnyat9j prid pid 11_1415_0MSI skimiThis is comment
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%7 ... 5Z1dnjk&q={searchTerms}
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72 ... io0taSwY7F
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17win10.msn.com/?pc=NMTE
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: YoutubeAdBlock -> {0A11C8B7-2333-42A8-8DB1-9A7A91832C55} -> C:\Program Files (x86)\yXYMSblVdIE\tUTjaEq.dll => No File
BHO-x32: YoutubeAdBlock -> {0A11C8B7-2333-42A8-8DB1-9A7A91832C55} -> C:\Program Files (x86)\yXYMSblVdIE\kR8Y6u1X.dll => No File
CHR HomePage: Default -> hxxps://%66%65%65%64.%68%65%6C%70%65%72 ... 5RfOmy02EK
CHR StartupUrls: Default -> "hxxp://www.default-search.net?sid=476&aid=113& ... oogle.com/"
S2 NTEzYjdhYm; C:\Program Files\NTEzYjdhYm\OWU3ZGFjMDNkN2.exe [1019592 2019-04-22] (technologiejarbon.com -> )
C:\Program Files\NTEzYjdhYm
R2 NzE4NzU5ODM4; C:\Windows\ksohlbecbkdjherthcx.ksqh [1843200 2019-04-23] () [File not signed]
C:\Windows\ksohlbecbkdjherthcx.ksqh
R1 ZjM1MjNlZDAzNGE3MTJj; C:\Windows\system32\drivers\ZjM1MjNlZDAzNGE3MTJj [78208 2019-04-22] (technologiejarbon.com -> )
C:\Windows\system32\drivers\ZjM1MjNlZDAzNGE3MTJj
C:\ProgramData\{4FF79E46-0162-2ED3-1A1C-50A21AFB09F3}
C:\ProgramData\{46D84F83-D0A7-27FC-DFCD-7FABDF2A26FA}
C:\Windows\Tasks\{KUHO45BP-ZJ6Y-160L-VGAE-EGO3B2JGI577}.job
C:\Windows\LastGood.Tmp
C:\Users\skimi\Downloads\tmp9e7.tmp
C:\Users\skimi\Downloads\tmp56de.tmp
C:\Users\skimi\AppData\Roaming\FC29FA0894FE.ini

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OverlayExcluded => not found
HKLM\Software\Classes\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OverlayPending => not found
HKLM\Software\Classes\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OverlayProtected => not found
HKLM\Software\Classes\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OverlayExcluded => not found
HKLM\Software\Wow6432Node\Classes\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OverlayPending => not found
HKLM\Software\Wow6432Node\Classes\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OverlayProtected => not found
HKLM\Software\Wow6432Node\Classes\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BUContextMenu => removed successfully
HKLM\Software\Classes\CLSID\{F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu => removed successfully
HKLM\Software\Classes\CLSID\{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR => removed successfully
HKLM\Software\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 => removed successfully
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => not found
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu => removed successfully
HKLM\Software\Classes\CLSID\{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BUContextMenu => removed successfully
HKLM\Software\Classes\CLSID\{F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu => removed successfully
HKLM\Software\Classes\CLSID\{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR => removed successfully
HKLM\Software\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 => removed successfully
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => not found
C:\Users\skimi\AppData\Local\Temp => moved successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\Software\Microsoft\Windows\CurrentVersion\Run\\wlorgs" => removed successfully
C:\Users\skimi\AppData\Local\wlorgs.dll => moved successfully
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5051c3da-0d01-11e9-9b2d-04d3b0fd8d0a} => removed successfully
HKLM\Software\Classes\CLSID\{5051c3da-0d01-11e9-9b2d-04d3b0fd8d0a} => not found
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c97897dc-0faf-11e9-9b32-04d3b0fd8d0a} => removed successfully
HKLM\Software\Classes\CLSID\{c97897dc-0faf-11e9-9b32-04d3b0fd8d0a} => not found
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d37eb8a3-121d-11e9-9b35-04d3b0fd8d0a} => removed successfully
HKLM\Software\Classes\CLSID\{d37eb8a3-121d-11e9-9b35-04d3b0fd8d0a} => not found
"HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell" => removed successfully
"HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\Software\Microsoft\Command Processor\\AutoRun" => removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{764FA3EF-34E8-43C2-BD41-844CA1A54E6D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{764FA3EF-34E8-43C2-BD41-844CA1A54E6D}" => removed successfully
C:\Windows\System32\Tasks\{KUHO45BP-ZJ6Y-160L-VGAE-EGO3B2JGI577} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{KUHO45BP-ZJ6Y-160L-VGAE-EGO3B2JGI577}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C015B612-4904-43B3-847A-AAC3459E37E9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C015B612-4904-43B3-847A-AAC3459E37E9}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C8B63BB2-0EC4-4187-9335-6D4A63024967}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8B63BB2-0EC4-4187-9335-6D4A63024967}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
C:\Windows\Tasks\{KUHO45BP-ZJ6Y-160L-VGAE-EGO3B2JGI577}.job => moved successfully
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2421848158-3972365885-1621877511-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0A11C8B7-2333-42A8-8DB1-9A7A91832C55} => removed successfully
HKLM\Software\Classes\CLSID\{0A11C8B7-2333-42A8-8DB1-9A7A91832C55} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0A11C8B7-2333-42A8-8DB1-9A7A91832C55} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0A11C8B7-2333-42A8-8DB1-9A7A91832C55} => removed successfully
"Chrome HomePage" => removed successfully
"Chrome StartupUrls" => removed successfully
HKLM\System\CurrentControlSet\Services\NTEzYjdhYm => removed successfully
NTEzYjdhYm => service removed successfully
C:\Program Files\NTEzYjdhYm => moved successfully
HKLM\System\CurrentControlSet\Services\NzE4NzU5ODM4 => removed successfully
NzE4NzU5ODM4 => service removed successfully
C:\Windows\ksohlbecbkdjherthcx.ksqh => moved successfully
ZjM1MjNlZDAzNGE3MTJj => Unable to stop service.
HKLM\System\CurrentControlSet\Services\ZjM1MjNlZDAzNGE3MTJj => removed successfully
ZjM1MjNlZDAzNGE3MTJj => service removed successfully
C:\Windows\system32\drivers\ZjM1MjNlZDAzNGE3MTJj => moved successfully
C:\ProgramData\{4FF79E46-0162-2ED3-1A1C-50A21AFB09F3} => moved successfully
C:\ProgramData\{46D84F83-D0A7-27FC-DFCD-7FABDF2A26FA} => moved successfully
"C:\Windows\Tasks\{KUHO45BP-ZJ6Y-160L-VGAE-EGO3B2JGI577}.job" => not found
C:\Windows\LastGood.Tmp => moved successfully
C:\Users\skimi\Downloads\tmp9e7.tmp => moved successfully
C:\Users\skimi\Downloads\tmp56de.tmp => moved successfully
C:\Users\skimi\AppData\Roaming\FC29FA0894FE.ini => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 12083200 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 40521100 B
Java, Flash, Steam htmlcache => 251001468 B
Windows/system/drivers => 1184633 B
Edge => 4234358 B
Chrome => 243235288 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 3610 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
skimi => 87273336 B

RecycleBin => 0 B
EmptyTemp: => 609.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:25:42 ====

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118194
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: asi malware

#10 Příspěvek od Rudy »

OK. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

skimiwriter
Návštěvník
Návštěvník
Příspěvky: 58
Registrován: 24 bře 2014 13:34

Re: asi malware

#11 Příspěvek od skimiwriter »

no už se sami neotevírají okna ve chromu takže asi ok :) tak děkuji kdyby něco ještě napíšu a pošlu vám 300 ,- jestli je to adekvátní cena :D

skimiwriter
Návštěvník
Návštěvník
Příspěvky: 58
Registrován: 24 bře 2014 13:34

Re: asi malware

#12 Příspěvek od skimiwriter »

ještě jenom dotaz ? kamarád mi radil že je lepší nemít antivir. že prej windows defender to v pohodě zvládá. tak jestli je to pravda nebo mi něco doporučíte ?

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118194
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: asi malware

#13 Příspěvek od Rudy »

skimiwriter píše:no už se sami neotevírají okna ve chromu takže asi ok :) tak děkuji kdyby něco ještě napíšu a pošlu vám 300 ,- jestli je to adekvátní cena :D
My děláme zde tuto službu zcela dobrovolně. Je jen na vás, zda a kolik nám chcete přispět. Pokud ano, klikněte vpravo dole na "Přispějete na provoz fóra" a dále postupujte podle pokynů. Nemáte zač! :)
skimiwriter píše:ještě jenom dotaz ? kamarád mi radil že je lepší nemít antivir. že prej windows defender to v pohodě zvládá. tak jestli je to pravda nebo mi něco doporučíte ?
Ve vašem případě bych vám antivir třetí strany doporučil. Zřejmě chodíte i do "temných zákoutí" internetu (soudím podle té hitparády šmejdů, které jsme mazali) a tam WindowsDefender slabý. Pro vás, jako home usera postačí nějaký free (Avira, Avast)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Odpovědět