VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Heknutý počitač

https://forum.viry.cz:443/viewtopic.php?t=155076

Stránka 2 z 3

Re: Heknutý počitač

Napsal: 04 lis 2018 18:58
od vrazda
Ale s toho AdwClener nemam po obnove sa to vimazalo.

Re: Heknutý počitač

Napsal: 04 lis 2018 19:08
od vrazda
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24.10.2018
Ran by vanek (administrator) on DESKTOP-EA8C9J8 (04-11-2018 18:59:38)
Running from C:\Users\vanek\Desktop
Loaded Profiles: vanek & (Available Profiles: vanek)
Platform: Windows 10 Pro Version 1803 17134.320 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Two Pilots) C:\Windows\VPDAgent_x64.exe
() C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
() C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Genius\ioCentre\GMouseService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Windows\SysWOW64\spdsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_a6dc7343c725f003\driver\tphkload.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe
() C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe
() C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_a6dc7343c725f003\driver\tpnumlkd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_a6dc7343c725f003\driver\tposd.exe
(Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_a6dc7343c725f003\driver\shtctky.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Printer Manager\SpoolerComp.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
() C:\Genius\ioCentre\gTaskBar.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
() C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
() C:\Genius\ioCentre\gMouseTask.exe
() C:\Genius\ioCentre\gKbdTask.exe
(ioCentre) C:\Genius\ioCentre\gIoCentreFunMgm.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Lenovo) C:\Users\vanek\AppData\Local\Apps\2.0\0K6MZR2H.R5Z\VOPYD3O7.X3D\lsb...tion_2d7b41b05b24775e_0001.0006_589ac911618caaca\LSB.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(emc) C:\Users\vanek\AppData\Roaming\uTorrent\uninstall.exe
(BitTorrent, Inc.) C:\Users\vanek\AppData\Roaming\uTorrent\utorrent.exe
(Microsoft Corporation) C:\Users\vanek\AppData\Local\Microsoft\OneDrive\18.172.0826.0010\FileCoAuth.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18389440 2018-03-17] (Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2015-07-08] (ESET)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3952800 2015-12-31] (Synaptics Incorporated)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [571928 2015-12-31] (Vimicro)
HKLM-x32\...\Run: [ioCentre] => C:\Genius\ioCentre\gTaskBar.exe [61440 2012-04-23] ()
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [425352 2016-06-03] (Acronis International GmbH)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4657312 2016-08-21] ()
HKLM-x32\...\Run: [Family Tree Builder Update] => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe [17537200 2018-06-14] (MyHeritage)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
HKLM-x32\...\RunOnce: [CCUpdate4] => C:\WINDOWS\temp\CCRunOnce.exe [213840 2018-11-04] () <==== ATTENTION
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11042018125919188\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11042018125919406\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-2575284754-612537104-1906650694-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46459080 2018-10-04] ()
HKU\S-1-5-21-2575284754-612537104-1906650694-1001\...\Run: [uTorrent] => C:\Users\vanek\AppData\Roaming\uTorrent\utorrent.exe [416168 2015-02-22] (BitTorrent, Inc.)
HKU\S-1-5-21-2575284754-612537104-1906650694-1001\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\WINDOWS\system32\eed_ec.dll,SpeedLauncher
HKU\S-1-5-21-2575284754-612537104-1906650694-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18594760 2018-09-19] (Piriform Ltd)
HKU\S-1-5-21-2575284754-612537104-1906650694-1001\...\RunOnce: [Uninstall 18.151.0729.0012\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\vanek\AppData\Local\Microsoft\OneDrive\18.151.0729.0012\amd64"
HKU\S-1-5-21-2575284754-612537104-1906650694-1001\...\RunOnce: [Uninstall 18.151.0729.0012] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\vanek\AppData\Local\Microsoft\OneDrive\18.151.0729.0012"
HKU\S-1-5-21-2575284754-612537104-1906650694-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-2575284754-612537104-1906650694-1001\...\MountPoints2: {98b68e53-90dd-11e8-9c91-84a6c826af79} - "D:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2575284754-612537104-1906650694-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11042018125919578\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46459080 2018-10-04] ()
HKU\S-1-5-21-2575284754-612537104-1906650694-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11042018125919578\...\Run: [uTorrent] => C:\Users\vanek\AppData\Roaming\uTorrent\utorrent.exe [416168 2015-02-22] (BitTorrent, Inc.)
HKU\S-1-5-21-2575284754-612537104-1906650694-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11042018125919578\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\WINDOWS\system32\eed_ec.dll,SpeedLauncher
HKU\S-1-5-21-2575284754-612537104-1906650694-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11042018125919578\...\Run: [AvastBrowserAutoLaunch_8CE0A5F04EB5B47666066381D6D0283C] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1704992 2018-10-24] (AVAST Software)
HKU\S-1-5-21-2575284754-612537104-1906650694-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11042018125919578\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18594760 2018-09-19] (Piriform Ltd)
HKU\S-1-5-21-2575284754-612537104-1906650694-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11042018125919578\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-2575284754-612537104-1906650694-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11042018125919578\...\MountPoints2: {98b68e53-90dd-11e8-9c91-84a6c826af79} - "D:\HiSuiteDownLoader.exe"
Startup: C:\Users\vanek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Odoslanie do programu OneNote.lnk [2018-03-25]
ShortcutTarget: Odoslanie do programu OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1bc5e37a-1840-4241-9e72-4f5e3d430b39}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{faca73f2-08b9-471c-8508-a0b0382072e6}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2575284754-612537104-1906650694-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2575284754-612537104-1906650694-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11042018125919578\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://dub130.mail.live.com/default.aspx
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2018-02-15] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-11-04] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-11-04] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation)

Edge:
======
Edge Extension: (Office Online) -> 2016_MicrosoftOfficeOnline_8wekyb3d8bbwe => C:\Program Files\WindowsApps\Microsoft.OfficeOnline_1.5.8.0_neutral__8wekyb3d8bbwe [2018-05-01]
Edge Extension: (Translator For Microsoft Edge) -> MicrosoftTranslate_MicrosoftTranslatorforMicrosoftEdge_8wekyb3d8bbwe => C:\Program Files\WindowsApps\Microsoft.TranslatorforMicrosoftEdge_0.91.48.0_neutral__8wekyb3d8bbwe [2018-07-21]

FireFox:
========
FF DefaultProfile: dh2s16i5.default
FF ProfilePath: C:\Users\vanek\AppData\Roaming\Mozilla\Firefox\Profiles\dh2s16i5.default [2018-11-04]
FF Homepage: Mozilla\Firefox\Profiles\dh2s16i5.default -> hxxps://outlook.live.com/owa/?path=/mail/AQMkADAwATNiZmYAZC1hNmJjLTgzYWQtMDACLTAwCgAuAAADrz92dgCANvNFq7k0xU7Srz0BACrzm3tv5uJHvQ9we%2B1ktQAAAwFaAAAA
FF Extension: (Firefox Monitor) - C:\Users\vanek\AppData\Roaming\Mozilla\Firefox\Profiles\dh2s16i5.default\features\{f8229e4d-f33b-454a-b295-55701ab5fc45}\fxmonitor@mozilla.org.xpi [2018-10-02]
FF Extension: (Telemetry coverage) - C:\Users\vanek\AppData\Roaming\Mozilla\Firefox\Profiles\dh2s16i5.default\features\{f8229e4d-f33b-454a-b295-55701ab5fc45}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-10-02] [Legacy]
FF ProfilePath: C:\Users\vanek\AppData\Roaming\Actia\diagnostic2.3.4.3\Profiles\m264m28j.default [2016-01-30]
FF ProfilePath: C:\Users\vanek\AppData\Roaming\Actia\diagnostic2.3.30.0\Profiles\lapgtlgx.default [2016-01-30]
FF ProfilePath: C:\Users\vanek\AppData\Roaming\Actia\diagnostic2.15.2.0\Profiles\w4r10nsv.default [2016-01-30]
FF ProfilePath: C:\Users\vanek\AppData\Roaming\Actia\diagnostic2.14.5.0\Profiles\9w0ljes2.default [2018-03-09]
FF ProfilePath: C:\Users\vanek\AppData\Roaming\Actia\diagnostic2.12.3.0\Profiles\p7z6o2gl.default [2016-01-30]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_108.dll [2018-09-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_108.dll [2018-09-12] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-11-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-11-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @verimatrix.com/ViewRightWeb -> C:\Program Files (x86)\Verimatrix\ViewRight Web\\npViewRight.dll [2012-12-19] (Verimatrix, Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: ditec.sk/DitecZepDViewerFb -> C:\ProgramData\Ditec\DViewer\npDitec.Zep.DViewerFb.dll [2015-03-20] (Ditec, a.s.)
FF Plugin HKU\.DEFAULT: ditec.sk/DSigXadesFb -> C:\Program Files (x86)\Ditec\DSigXades\npDitec.Zep.DSigXadesFb.dll [2014-08-20] (Ditec,a.s.)
FF Plugin HKU\S-1-5-21-2575284754-612537104-1906650694-1001: @verimatrix.com/ViewRightWeb -> C:\Program Files (x86)\Verimatrix\ViewRight Web\\npViewRight.dll [2012-12-19] (Verimatrix, Inc.)
FF Plugin HKU\S-1-5-21-2575284754-612537104-1906650694-1001: ditec.sk/DitecZepDViewerFb -> C:\ProgramData\Ditec\DViewer\npDitec.Zep.DViewerFb.dll [2015-03-20] (Ditec, a.s.)
FF Plugin HKU\S-1-5-21-2575284754-612537104-1906650694-1001: ditec.sk/DSigXadesFb -> C:\Program Files (x86)\Ditec\DSigXades\npDitec.Zep.DSigXadesFb.dll [2014-08-20] (Ditec,a.s.)
FF Plugin HKU\S-1-5-21-2575284754-612537104-1906650694-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11042018125919578: @verimatrix.com/ViewRightWeb -> C:\Program Files (x86)\Verimatrix\ViewRight Web\\npViewRight.dll [2012-12-19] (Verimatrix, Inc.)
FF Plugin HKU\S-1-5-21-2575284754-612537104-1906650694-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11042018125919578: ditec.sk/DitecZepDViewerFb -> C:\ProgramData\Ditec\DViewer\npDitec.Zep.DViewerFb.dll [2015-03-20] (Ditec, a.s.)
FF Plugin HKU\S-1-5-21-2575284754-612537104-1906650694-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11042018125919578: ditec.sk/DSigXadesFb -> C:\Program Files (x86)\Ditec\DSigXades\npDitec.Zep.DSigXadesFb.dll [2014-08-20] (Ditec,a.s.)

Chrome:
=======
CHR HomePage: Default -> hxxp://zoznam.sk/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.zoznam.sk/"
CHR Profile: C:\Users\vanek\AppData\Local\Google\Chrome\User Data\Default [2018-11-04]
CHR Extension: (Prekladač Google) - C:\Users\vanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-10-21]
CHR Extension: (Prezentácie) - C:\Users\vanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
CHR Extension: (Tlmočník pre všetky jazyky) - C:\Users\vanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\amdeidgbmcliegnpcbbkhlflkbdpomhk [2017-06-30]
CHR Extension: (Magio GO) - C:\Users\vanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\anoiechkjklgabdfompidjolhpfdpjdd [2018-10-07]
CHR Extension: (Dokumenty) - C:\Users\vanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Disk Google) - C:\Users\vanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-07]
CHR Extension: (YouTube) - C:\Users\vanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-07]
CHR Extension: (Hľadať v Google) - C:\Users\vanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-07-07]
CHR Extension: (True Key™ by McAfee) - C:\Users\vanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpaibbcbodhimfnjnakiidgbpiehfgci [2018-11-04]
CHR Extension: (Kalendár Google) - C:\Users\vanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-01-06]
CHR Extension: (YoWindow Free Weather) - C:\Users\vanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef [2017-03-19]
CHR Extension: (Tabuľky) - C:\Users\vanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
CHR Extension: (Vzdialená plocha Chrome) - C:\Users\vanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2018-10-05]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\vanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-21]
CHR Extension: (Uložiť na Disk Google) - C:\Users\vanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2016-07-07]
CHR Extension: (PDF to Word Converter App) - C:\Users\vanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jclipofobaadknkadkpgggmjkebddjam [2016-07-07]
CHR Extension: (Google Play) - C:\Users\vanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2016-07-07]
CHR Extension: (Picasa Extension (by Google)) - C:\Users\vanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhhlohbbihddnfcehbijmlnpkafmmkfp [2016-07-07]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\vanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2018-10-04]
CHR Extension: (Kontrola pošty Google) - C:\Users\vanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2016-07-07]
CHR Extension: (Office Online) - C:\Users\vanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndjpnladcallmjemlbaebfadecfhkepb [2018-04-24]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\vanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-06]
CHR Extension: (Prehliadač dokumentov PDF / PowerPoint (od spoločnosti Google)) - C:\Users\vanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2016-07-07]
CHR Extension: (Picasa) - C:\Users\vanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2016-07-07]
CHR Extension: (Gmail) - C:\Users\vanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-07]
CHR Extension: (Chrome Media Router) - C:\Users\vanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-04]
CHR Profile: C:\Users\vanek\AppData\Local\Google\Chrome\User Data\System Profile [2018-11-04]
CHR HKU\S-1-5-21-2575284754-612537104-1906650694-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2575284754-612537104-1906650694-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11042018125919578\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [anoiechkjklgabdfompidjolhpfdpjdd] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKLM\SYSTEM\CurrentControlSet\Services\aswSP <==== ATTENTION (Rootkit!)
HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt <==== ATTENTION (Rootkit!)
HKLM\SYSTEM\CurrentControlSet\Services\aswSnx <==== ATTENTION (Rootkit!)

R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1277688 2016-08-21] ()
R2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [6086744 2017-01-07] ()
R2 Agent; C:\WINDOWS\VPDAgent_x64.exe [168960 2013-08-28] (Two Pilots) [File not signed]
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-10-04] (AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-10-04] (AVAST Software)
R2 CrypKey License; C:\WINDOWS\system32\crypserv.exe [126976 2010-03-18] (CrypKey (Canada) Ltd.) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1353720 2015-07-08] (ESET)
R2 GeniusMouseService; C:\Genius\ioCentre\GMouseService.exe [16384 2010-03-11] () [File not signed]
S4 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [190784 2018-04-20] () [File not signed]
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [71408 2018-05-16] (Lenovo Group Limited)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-10-16] (Intel Corporation)
R2 LPlatSvc; C:\WINDOWS\System32\LPlatSvc.exe [774552 2018-07-08] (Lenovo.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S4 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4692840 2016-08-15] (Acronis International GmbH)
R2 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [7717528 2016-07-18] (Acronis International GmbH)
R2 mobile_backup_status_server; C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [1516920 2016-08-21] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-08-13] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324552 2018-03-17] (Realtek Semiconductor)
R2 Samsung Printer Dianostics Service; C:\WINDOWS\SysWOW64\\spdsvc.exe [499000 2016-07-17] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-15] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [9729272 2016-08-11] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [247968 2015-12-31] (Synaptics Incorporated)
R2 TPHKLOAD; C:\WINDOWS\System32\DriverStore\FileRepository\fn.inf_amd64_a6dc7343c725f003\driver\TPHKLOAD.exe [422544 2018-07-18] (Lenovo Group Limited)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\NisSrv.exe [3925648 2018-07-02] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MsMpEng.exe [100080 2018-07-02] (Microsoft Corporation)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe [473312 2017-03-20] (Wondershare)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831712 2015-08-13] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmUStor; C:\WINDOWS\system32\drivers\AmUStor.SYS [108992 2018-08-29] ()
S3 AndnetBus; C:\WINDOWS\System32\drivers\lgandnetbus64.sys [20992 2015-01-21] (LG Electronics Inc.) [File not signed]
S3 AndNetDiag; C:\WINDOWS\system32\DRIVERS\lgandnetdiag64.sys [30720 2015-01-26] (LG Electronics Inc.) [File not signed]
S3 ANDNetModem; C:\WINDOWS\system32\DRIVERS\lgandnetmodem64.sys [37376 2015-01-26] (LG Electronics Inc.) [File not signed]
S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [53904 2018-03-16] (The OpenVPN Project)
S3 dtproscsibus; C:\WINDOWS\System32\drivers\dtproscsibus.sys [30352 2015-12-31] (Disc Soft Ltd)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [255240 2015-07-14] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [251632 2015-07-14] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [178520 2015-07-14] (ESET)
R2 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [231520 2015-07-14] (ESET)
R1 EpfwLWF; C:\WINDOWS\system32\DRIVERS\EpfwLWF.sys [53360 2015-07-14] (ESET)
R0 epfwwfp; C:\WINDOWS\System32\DRIVERS\epfwwfp.sys [72400 2015-07-14] (ESET)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-09-11] (Malwarebytes)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2017-07-26] (Huawei Technologies Co., Ltd.)
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [375136 2017-01-07] (Acronis International GmbH)
S3 GemCCID; C:\WINDOWS\System32\drivers\GemCCID.sys [139632 2015-07-10] (Gemalto)
S3 gHidPnp; C:\WINDOWS\System32\Drivers\gHidPnp.Sys [25600 2016-12-02] ()
S3 gMouPS2; C:\WINDOWS\System32\drivers\gMouPS2.sys [19968 2009-06-30] ( Mouse Upfilter Driver )
S3 gMouUsb; C:\WINDOWS\System32\drivers\gMouUsb.sys [14336 2016-11-29] ()
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2018-04-20] (Huawei Technologies Co., Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [200232 2018-11-04] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [118584 2018-11-04] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [58400 2018-11-04] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [260384 2018-11-04] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [110424 2018-11-04] (Malwarebytes)
R3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-12] (Microsoft Corporation)
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3354384 2015-05-04] (Intel Corporation)
R1 NetworkX; C:\WINDOWS\System32\ckldrv.sys [30272 2010-03-19] ()
R0 PMDRVS; C:\WINDOWS\System32\drivers\pmdrvs.sys [43208 2018-07-08] (Lenovo.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1138000 2018-08-29] (Realtek )
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [44192 2015-12-31] (Synaptics Incorporated)
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1267544 2017-01-07] (Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [212320 2017-01-07] (Acronis International GmbH)
S3 tnd; C:\WINDOWS\system32\DRIVERS\tnd.sys [687968 2017-01-07] (Acronis International GmbH)
R1 VD_FileDisk; C:\Windows\System32\Drivers\VD_FileDisk.sys [30312 2011-01-26] (CaptainFlint Software)
R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [331104 2017-01-07] (Acronis International GmbH)
R3 vm331avs; C:\WINDOWS\System32\Drivers\vm331avs.sys [648872 2015-12-31] (Vimicro Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46592 2018-07-02] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [340008 2018-07-02] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59944 2018-07-02] (Microsoft Corporation)
S3 X86BDA; C:\WINDOWS\system32\DRIVERS\OEMDrv.sys [268416 2011-06-08] ( )
U1 aswbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-04 19:03 - 2018-11-04 19:03 - 000063768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-11-04 19:02 - 2018-11-04 19:03 - 000111152 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-11-04 19:02 - 2018-11-04 19:02 - 000260480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-11-04 19:02 - 2018-11-04 19:02 - 000198000 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-11-04 19:02 - 2018-11-04 19:02 - 000119136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-11-04 18:59 - 2018-11-04 19:02 - 000035653 _____ C:\Users\vanek\Desktop\FRST.txt
2018-11-04 18:58 - 2018-11-04 18:59 - 000000000 ____D C:\FRST
2018-11-04 18:50 - 2018-11-04 18:50 - 002414592 _____ (Farbar) C:\Users\vanek\Desktop\FRST64.exe
2018-11-04 18:47 - 2018-11-04 18:47 - 007592144 _____ (Malwarebytes) C:\Users\vanek\Downloads\adwcleaner_7.2.4.0 (1).exe
2018-11-04 15:17 - 2018-11-04 15:17 - 000000000 ____D C:\Users\vanek\AppData\Local\SlimWare Utilities Inc
2018-11-04 14:36 - 2018-11-04 14:36 - 000000000 ___HD C:\OneDriveTemp
2018-11-04 12:52 - 2018-11-04 12:52 - 000000000 ____D C:\WINDOWS\CSC
2018-10-07 15:00 - 2018-10-07 15:00 - 000010729 _____ C:\Users\vanek\Downloads\[CzT]Navigon_Europe_v5_7_2_2016_CZ_Android_.torrent
2018-10-07 14:38 - 2018-10-07 14:38 - 000008932 _____ C:\Users\vanek\Downloads\[CzT]StopAd_v_1_0_513_Build_25_2018_EN_Android_.torrent
2018-10-07 09:28 - 2018-10-07 09:28 - 000000000 ____D C:\Users\vanek\AppData\Local\mbam
2018-10-07 09:05 - 2018-11-04 19:01 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-10-07 09:05 - 2018-10-07 09:05 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-10-07 09:05 - 2018-10-07 09:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-10-07 09:04 - 2018-10-07 09:04 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-10-07 09:04 - 2018-10-07 09:04 - 000000000 ____D C:\Program Files\Malwarebytes
2018-10-07 08:57 - 2018-10-07 08:57 - 000000000 ____D C:\Users\vanek\AppData\Roaming\Obsidium
2018-10-07 08:41 - 2018-10-07 08:41 - 000012739 _____ C:\Users\vanek\Downloads\[CzT]Malwarebytes_Premium_v_3_6_1_2711_CZ_SK_.torrent
2018-10-07 08:36 - 2018-10-07 08:36 - 000021152 _____ C:\Users\vanek\Downloads\[CzT]Malwarebytes_Anti_Malware_Premium_v_3_2_2_2018_Final_CZ_SK_.torrent
2018-10-07 08:04 - 2018-10-07 08:04 - 000052736 _____ (Interplay Productions) C:\WINDOWS\ipuninst.exe
2018-10-05 19:06 - 2018-10-05 19:06 - 024592384 _____ C:\Users\vanek\Downloads\MagioGOBrowserPlugin-170606 (1).msi
2018-10-05 18:37 - 2018-10-05 18:37 - 000000000 ____D C:\Users\vanek\AppData\Local\mbamtray
2018-10-05 18:10 - 2018-10-05 18:12 - 000000000 ____D C:\AdwCleaner
2018-10-05 18:09 - 2018-10-05 18:10 - 007592144 _____ (Malwarebytes) C:\Users\vanek\Desktop\adwcleaner_7.2.4.0.exe
2018-10-05 09:26 - 2018-10-05 09:26 - 000013655 _____ C:\Users\vanek\Downloads\[CzT]Avast_Pro_Antivirus_Internet_Security_Premier_v11_2_2738_0_CZ_.torrent
2018-10-05 09:14 - 2018-10-05 09:14 - 000019843 _____ C:\Users\vanek\Downloads\[CzT]Avast_Premier_Antivirus_v_17_8_2318_CZ_.torrent
2018-10-05 09:13 - 2018-10-05 09:13 - 000011663 _____ C:\Users\vanek\Downloads\[CzT]Avast_Premier_Antivirus_v_18_5_3931_CZ_SK_ (1).torrent
2018-10-05 06:19 - 2018-10-05 06:19 - 000011663 _____ C:\Users\vanek\Downloads\[CzT]Avast_Premier_Antivirus_v_18_5_3931_CZ_SK_.torrent

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-04 19:02 - 2015-12-31 17:55 - 000000000 ____D C:\Users\vanek\AppData\Roaming\uTorrent
2018-11-04 18:57 - 2015-12-31 23:25 - 000000000 ____D C:\Users\vanek\Documents\Súbory programu Outlook
2018-11-04 18:54 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-04 18:41 - 2015-12-31 17:39 - 000002313 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-04 18:37 - 2018-05-02 15:13 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-11-04 18:27 - 2015-12-31 20:23 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-11-04 18:14 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-04 18:14 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-04 17:41 - 2015-12-31 20:23 - 136745976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-11-04 17:39 - 2015-12-31 23:10 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2018-11-04 17:30 - 2015-07-10 12:04 - 000000312 _____ C:\WINDOWS\win.ini
2018-11-04 17:13 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-11-04 16:09 - 2015-12-31 20:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-11-04 16:09 - 2015-12-31 18:43 - 000000000 ____D C:\Program Files (x86)\Java
2018-11-04 15:58 - 2018-10-04 13:56 - 000000000 ____D C:\ProgramData\AVAST Software
2018-11-04 15:53 - 2015-12-31 18:43 - 000098680 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2018-11-04 15:41 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-11-04 15:41 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2018-11-04 15:32 - 2018-07-22 16:53 - 000000000 ____D C:\Program Files (x86)\Hard Disk Sentinel
2018-11-04 15:23 - 2018-10-04 14:15 - 000000000 ____D C:\Users\vanek\AppData\Local\AVAST Software
2018-11-04 15:09 - 2018-07-13 06:27 - 000000000 ____D C:\ProgramData\Packages
2018-11-04 14:36 - 2015-12-31 17:11 - 000000000 ___RD C:\Users\vanek\OneDrive
2018-11-04 14:35 - 2018-05-02 15:48 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2575284754-612537104-1906650694-1001
2018-11-04 14:34 - 2018-07-21 11:44 - 000002412 _____ C:\Users\vanek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-11-04 14:27 - 2016-01-12 16:46 - 000000000 ___RD C:\Users\vanek\Disk Google
2018-11-04 13:19 - 2018-05-02 15:48 - 000002218 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-11-04 13:01 - 2017-09-25 17:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2018-11-04 13:00 - 2018-05-02 15:35 - 000838734 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-04 13:00 - 2016-01-01 09:42 - 000014784 _____ C:\WINDOWS\system32\perfh01B.dat
2018-11-04 13:00 - 2016-01-01 09:42 - 000004406 _____ C:\WINDOWS\system32\perfc01B.dat
2018-11-04 12:53 - 2018-05-02 15:20 - 000000000 ____D C:\Users\vanek
2018-11-04 12:52 - 2018-05-02 15:48 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-11-04 12:52 - 2018-03-17 12:17 - 000000468 _____ C:\WINDOWS\Tasks\DriverNavigator Scheduled Scan.job
2018-11-04 12:52 - 2016-02-02 17:09 - 000000270 _____ C:\WINDOWS\Tasks\ASC9_SkipUac_vanek.job
2018-11-04 12:52 - 2016-01-30 15:29 - 000000000 ____D C:\TMP
2018-10-07 12:51 - 2018-05-02 15:48 - 000003338 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-10-07 12:50 - 2018-05-02 15:48 - 000003810 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-10-07 12:50 - 2018-05-02 15:48 - 000003662 _____ C:\WINDOWS\System32\Tasks\DriverNavigator Scheduled Scan
2018-10-07 12:50 - 2018-05-02 15:48 - 000003642 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-10-07 12:50 - 2018-05-02 15:48 - 000003542 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-10-07 12:50 - 2018-05-02 15:48 - 000002248 _____ C:\WINDOWS\System32\Tasks\ASC9_SkipUac_vanek
2018-10-07 09:30 - 2018-10-04 19:30 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-10-07 09:01 - 2018-04-11 22:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-10-07 08:52 - 2017-05-29 16:40 - 000000000 ____D C:\Users\vanek\AppData\Local\CrashDumps
2018-10-07 08:32 - 2015-12-31 22:29 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-10-07 08:29 - 2018-10-04 14:20 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-10-07 08:29 - 2018-05-02 15:48 - 000003384 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-10-07 08:29 - 2018-05-02 15:48 - 000003160 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-10-07 08:29 - 2018-05-02 15:48 - 000002274 _____ C:\WINDOWS\System32\Tasks\{06102D60-82A3-4C20-AF00-137B7F6336FC}
2018-10-05 18:15 - 2016-09-17 18:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-10-05 18:13 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-10-05 18:13 - 2016-02-02 17:09 - 000000000 ____D C:\Users\vanek\AppData\LocalLow\IObit
2018-10-05 18:13 - 2016-02-02 17:08 - 000000000 ____D C:\Users\vanek\AppData\Roaming\IObit
2018-10-05 18:13 - 2016-02-02 17:08 - 000000000 ____D C:\ProgramData\IObit
2018-10-05 09:50 - 2018-10-04 13:56 - 000000000 ____D C:\Program Files\AVAST Software

==================== Files in the root of some directories =======

2018-01-30 18:38 - 2018-04-10 13:52 - 000000239 _____ () C:\ProgramData\fontcacheev1.dat
2017-05-13 14:40 - 2016-11-29 20:12 - 000000308 _____ () C:\Users\vanek\AppData\Roaming\License.dat
2017-05-13 14:40 - 2016-11-29 20:12 - 000000543 _____ () C:\Users\vanek\AppData\Roaming\settings.dat
2017-05-27 19:19 - 2017-05-27 19:19 - 000000036 _____ () C:\Users\vanek\AppData\Local\housecall.guid.cache
2017-01-07 18:08 - 2017-01-07 18:08 - 000000001 _____ () C:\Users\vanek\AppData\Local\RawCopy.1.10.agreement
2017-01-07 18:08 - 2017-01-07 18:08 - 000000001 _____ () C:\Users\vanek\AppData\Local\RawCopy.sourcedisk.index
2017-11-15 19:37 - 2018-04-19 12:37 - 000008250 _____ () C:\Users\vanek\AppData\Local\Tempduplic_4_loc_dashbleft1_dba_ellemeet.svgz
2017-11-15 19:37 - 2018-04-19 12:37 - 000004294 _____ () C:\Users\vanek\AppData\Local\TempFuse_Berlingo 2008_1.svgz
2017-11-15 19:39 - 2018-04-19 12:38 - 000001435 _____ () C:\Users\vanek\AppData\Local\TempFuse_Berlingo 2008_2.svgz
2018-04-19 12:40 - 2018-04-19 12:40 - 000001258 _____ () C:\Users\vanek\AppData\Local\TempFuse_Berlingo 2008_6.svgz
2018-04-19 12:38 - 2018-04-19 12:38 - 000009264 _____ () C:\Users\vanek\AppData\Local\TempFUSE_C5(X7)_3.svgz
2017-11-15 19:39 - 2017-11-15 19:39 - 000013479 _____ () C:\Users\vanek\AppData\Local\TempFuse_Centre.svgz
2017-11-15 19:39 - 2017-11-15 19:39 - 000008246 _____ () C:\Users\vanek\AppData\Local\TempFuse_Partner 2008_3_loc.svgz
2018-04-19 12:38 - 2018-04-19 12:38 - 000008249 _____ () C:\Users\vanek\AppData\Local\TempFuse_Partner 2008_4_loc.svgz
2018-04-19 12:40 - 2018-04-19 12:40 - 000008249 _____ () C:\Users\vanek\AppData\Local\TempFuse_Partner 2008_5_loc.svgz
2018-04-19 12:40 - 2018-04-19 12:40 - 000003674 _____ () C:\Users\vanek\AppData\Local\TempFUSE_PEUGEOT_308_07+_4.svgz
2016-02-01 16:54 - 2018-04-19 12:37 - 000006983 _____ () C:\Users\vanek\AppData\Local\TempGP_PARTNER_2008+.svgz
2016-01-21 13:35 - 2018-04-19 12:33 - 000009634 _____ () C:\Users\vanek\AppData\Local\Temphonda crv 97-02_dba_romania.svgz
2017-11-15 19:39 - 2018-04-19 12:38 - 000008258 _____ () C:\Users\vanek\AppData\Local\Temploc_dashbleft3_dba_ellemeet.svgz
2016-01-21 13:38 - 2018-04-19 12:36 - 000009695 _____ () C:\Users\vanek\AppData\Local\TempPARTNER 2008.svgz
2016-02-01 16:42 - 2018-04-19 12:46 - 000028497 _____ () C:\Users\vanek\AppData\Local\TempPEUGEOT_206_DV6TED4_04+_EXH.svgz
2016-01-21 13:37 - 2016-01-21 13:37 - 000025194 _____ () C:\Users\vanek\AppData\Local\TempPEUGEOT_3008_09+_9HZ_OPS.svgz
2016-01-21 13:37 - 2018-04-19 12:46 - 000028925 _____ () C:\Users\vanek\AppData\Local\TempPeugeot_308_2007+_(9HY 9HZ 9HV)_ENG.svgz
2016-01-21 13:37 - 2016-01-21 13:37 - 000027414 _____ () C:\Users\vanek\AppData\Local\TempPEUGEOT_PARTNER_08+_DV6ATED4.svgz
2016-02-01 16:42 - 2018-04-19 12:46 - 000028211 _____ () C:\Users\vanek\AppData\Local\TempPEUGEOT_PARTNER_08+_DV6TED4B.svgz
2017-11-15 19:40 - 2018-04-19 12:41 - 000007510 _____ () C:\Users\vanek\AppData\Local\TempRELAY_Partner 2008_loc.svgz

Files to move or delete:
====================
C:\WINDOWS\temp\CCRunOnce.exe


Some files in TEMP:
====================
2018-11-04 15:51 - 2018-11-04 15:51 - 001892728 _____ (Oracle Corporation) C:\Users\vanek\AppData\Local\Temp\jre-8u191-windows-au.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-02 15:13

==================== End of FRST.txt ============================

Re: Heknutý počitač

Napsal: 04 lis 2018 19:09
od vrazda
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24.10.2018
Ran by vanek (04-11-2018 19:04:32)
Running from C:\Users\vanek\Desktop
Windows 10 Pro Version 1803 17134.320 (X64) (2018-05-02 14:50:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2575284754-612537104-1906650694-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2575284754-612537104-1906650694-503 - Limited - Disabled)
Guest (S-1-5-21-2575284754-612537104-1906650694-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2575284754-612537104-1906650694-1006 - Limited - Enabled)
vanek (S-1-5-21-2575284754-612537104-1906650694-1001 - Administrator - Enabled) => C:\Users\vanek
WDAGUtilityAccount (S-1-5-21-2575284754-612537104-1906650694-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personální firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acronis True Image (HKLM-x32\...\{1D97407D-1C0C-4749-8A57-A57C17C71D45}) (Version: 20.0.5534 - Acronis)
Acronis Disk Director 12 (HKLM-x32\...\{AE372858-B1BD-49EF-8308-648322846008}) (Version: 12.0.3223 - Acronis)
Adobe Acrobat Reader DC - Slovak (HKLM-x32\...\{AC76BA86-7AD7-1051-7B44-AC0F074E4100}) (Version: 19.008.20071 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.108 - Adobe Systems Incorporated)
Adobe Flash Player 31 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 31.0.0.108 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.)
Alcor Micro USB Card Reader Driver (HKLM-x32\...\{304BCF39-F1F8-4DD2-8BF3-40417F1C6204}) (Version: 20.7.20117.44409 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{304BCF39-F1F8-4DD2-8BF3-40417F1C6204}) (Version: 20.7.20117.44409 - Alcor Micro Corp.)
Ashampoo Burning Studio 18 (HKLM-x32\...\{91B33C97-AF35-C3DC-976E-8A253D817482}_is1) (Version: 18.0.3 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio 2015 v.1.15.0 (HKLM-x32\...\{91B33C97-21E3-DF34-9630-2EE80DDE1648}_is1) (Version: 1.15.0 - Ashampoo GmbH & Co. KG)
Asistent pri inovácii na Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17384 - Microsoft Corporation)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 69.1.867.101 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.154.333 - AVAST Software) Hidden
Backup and Sync from Google (HKLM\...\{608EBDC6-D18A-4CF6-AD54-EE6B71D29065}) (Version: 3.43.1584.4446 - Google, Inc.)
Battlefield 2(TM) (HKLM-x32\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.47 - Piriform)
Common Desktop Agent (HKLM\...\{031A0E14-0413-4C97-9772-2639B782F46F}) (Version: 1.62.0 - OEM) Hidden
D.Signer/XAdES v3.0.0.0 with plugins (HKLM-x32\...\{D0EDD681-F0AA-4C83-A2F1-96036C45687C}) (Version: 1.0.0 - Ditec, a.s.)
D.Viewer .NET v3.1 (HKLM-x32\...\{9440B71A-E2E5-46D6-9710-1586DB82907E}) (Version: 1.0.0 - Ditec, a.s.)
DiagBox Update V7.44 to V7.49 Update DiagBox (HKLM-x32\...\DiagBox Update V7.44 to V7.49 Update DiagBox) (Version: Update DiagBox - Scarymistake & Luis-Andre)
DiagBox Update V7.49 to V7.53 Update DiagBox (HKLM-x32\...\DiagBox Update V7.49 to V7.53 Update DiagBox) (Version: Update DiagBox - Scarymistake & Luis-Andre)
DiagBox Update V7.49 to V7.57 Update DiagBox (HKLM-x32\...\DiagBox Update V7.49 to V7.57 Update DiagBox) (Version: Update DiagBox - Scarymistake & Luis-Andre)
DiagBox Update V7.XX to V7.44 V7 (HKLM-x32\...\DiagBox Update V7.XX to V7.44 V7) (Version: V7 - SCARYMISTAKE)
DirectX for Managed Code Update (Summer 2004) (HKLM-x32\...\{E9E34215-82EF-4909-BE2F-F581F0DC9062}) (Version: 9.02.2904 - Microsoft) Hidden
DocBackupAP (HKLM-x32\...\DocBackupAP) (Version: - )
DriverNavigator 3.6.9 (HKLM\...\DriverNavigator_is1) (Version: 3.6.9.0 - Easeware)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
eID klient (HKLM-x32\...\{445F2A31-7BA0-4C32-A653-F75D12E4D978}) (Version: 1.9.4 - MV SR, NASES)
ESET Smart Security (HKLM\...\{4D8E383E-0AB7-482D-9327-BB92D53312B4}) (Version: 8.0.319.1 - ESET, spol s r. o.)
FORM studio (HKLM-x32\...\FSCZ_is1) (Version: - KASTNER software s.r.o.)
FormatFactory 4.3.0.0 (HKLM-x32\...\FormatFactory) (Version: 4.3.0.0 - Free Time)
Fushicai VIDEO DVR (HKLM-x32\...\{989BAFE8-E777-43D7-9749-9810E0E9FF48}) (Version: 2013.5.6 - Fushicai)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
GemPcCCID (HKLM\...\{7567A068-2F02-40D1-A34C-16D79ECD35A6}) (Version: 2.0.3 - Gemalto)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.77 - Spoločnosť Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
GreenCloud Printer 7.8.4.0 (HKLM\...\{F36B43F0-3BE6-48BA-A22D-3C098092BB3F}_is1) (Version: 7.8.4.0 - ObviousIdea)
HiSuite (HKLM-x32\...\Hi Suite) (Version: 8.0.1.300 - Huawei Technologies Co.,Ltd)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.5.1192 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{b3f1cf39-774a-4ffa-b500-2b11c63ac001}) (Version: 10.1.2.77 - Intel(R) Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{d9719db8-d532-496c-9f2b-eeb1f69f7d89}) (Version: 10.1.1.34 - Intel(R) Corporation) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{cc892976-0919-4ba9-ab52-ae15d2127a12}) (Version: 18.21.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
ioCentre (HKLM-x32\...\{A2B4621B-CEB9-4E44-95FD-3500D4DB3727}) (Version: 1.02.000 - KYE)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 3.15.0414.1 - Vimicro)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.12.24 - Lenovo) Hidden
Lenovo Service Bridge (HKU\S-1-5-21-2575284754-612537104-1906650694-1001\...\dda9ca0b023f4c56) (Version: 1.6.4.0 - Lenovo)
Lenovo Service Bridge (HKU\S-1-5-21-2575284754-612537104-1906650694-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11042018125919578\...\dda9ca0b023f4c56) (Version: 1.6.4.0 - Lenovo)
LG Mobile Drivers (HKLM-x32\...\{01DC2C23-5D76-4744-A771-2F454C5DD872}) (Version: 4.1.1 - LG Electronics)
Malwarebytes verzia 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft Office 2013 Professional Plus (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2575284754-612537104-1906650694-1001\...\OneDriveSetup.exe) (Version: 18.172.0826.0010 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2575284754-612537104-1906650694-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11042018125919578\...\OneDriveSetup.exe) (Version: 18.151.0729.0012 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Moto assistant 1.5 (HKLM-x32\...\{B36DF239-A12D-4C3C-B588-E09DA71F3BCC}_is1) (Version: - )
Mozilla Firefox 62.0.3 (x64 sk) (HKLM\...\Mozilla Firefox 62.0.3 (x64 sk)) (Version: 62.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.2.1 - Mozilla)
Mozilla Thunderbird 60.2.1 (x86 sk) (HKLM-x32\...\Mozilla Thunderbird 60.2.1 (x86 sk)) (Version: 60.2.1 - Mozilla)
MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 8.0.0.8463 - MyHeritage.com)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (HKLM\...\{90150000-001F-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (HKLM\...\{90150000-001F-041B-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
NAVIGON Fresh 3.5.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON)
Need for Speed™ Most Wanted (HKLM-x32\...\{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}) (Version: - )
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.11100.8.0 - Nero AG)
NFS: Most Wanted CZ (HKLM-x32\...\NFS: Most Wanted) (Version: CZ - Sub - Zero)
PC-CCID (HKLM\...\{3DCDFCDB-4D96-4CF0-9BB3-C91DAE9073F3}) (Version: 2.0.0 - Gemalto)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8383 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.)
Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.06.46 (30.10.2014) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.06.00.08(07.09.2016) - Samsung Electronics Co., Ltd.)
Samsung M2070 Series (HKLM-x32\...\Samsung M2070 Series) (Version: 1.21 (02.07.2015) - Samsung Electronics Co., Ltd.)
Samsung OCR Software (HKLM-x32\...\Samsung OCR Software) (Version: 1.00.14 (02.08.2013) - Samsung Electronics Co., Ltd.)
Samsung Printer Diagnostics (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.4.7.04 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (HKLM-x32\...\Samsung Scan Process Machine) (Version: 1.03.05.18 - Samsung Electronics Co., Ltd.) Hidden
SEDREAP (HKLM-x32\...\SEDREAP) (Version: - )
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Skype™ 7.41 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.41.101 - Skype Technologies S.A.)
SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
Soldier of Fortune Platinum (HKLM-x32\...\Soldier of Fortune Platinum) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.1 - Synaptics Incorporated)
Total Commander Ultima Prime 7.1 (HKLM-x32\...\TC UP) (Version: 7.1.0.1266 - TC UP Team)
Tvůrce spouštěcích médií Acronis Universal Restore (HKLM-x32\...\{0198C85F-9407-4892-BC4D-C8C8ACD309FF}) (Version: 11.5.40028 - Acronis)
Update for Skype for Business 2015 (KB4461446) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BFBBF6D0-F140-40E9-B5AE-BDE708FC4817}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4461446) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BFBBF6D0-F140-40E9-B5AE-BDE708FC4817}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4461446) 64-Bit Edition (HKLM\...\{90150000-012B-041B-1000-0000000FF1CE}_Office15.PROPLUS_{BFBBF6D0-F140-40E9-B5AE-BDE708FC4817}) (Version: - Microsoft)
Verbatim GREEN BUTTON 1.68 (HKLM-x32\...\Verbatim GREEN BUTTON_is1) (Version: - Verbatim)
Verbatim Hard Drive Eraser 1.08 (HKLM-x32\...\Verbatim Hard Drive Eraser_is1) (Version: - Verbatim)
Verbatim Hard Drive Info 1.04 (HKLM-x32\...\Verbatim Hard Drive Info_is1) (Version: - Verbatim)
Verbatim Product Update 1.06 (HKLM-x32\...\Verbatim Product Update_is1) (Version: - Verbatim)
View User's Guide (HKLM-x32\...\View User Guide) (Version: 3.60.45.0 - )
ViewRight Web PC (HKLM-x32\...\{B62D5F4C-BEB2-4DCD-A8B4-EE21CCAEC28A}) (Version: 3.3.0.0 - Verimatrix, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN)
voBrowserPluginHelper (HKLM-x32\...\{AA2FEC35-4881-4786-B4C2-43F11E50128D}) (Version: 3.23.0.10109 - VisualOn Inc.)
Windows 10 Manager (HKU\S-1-5-21-2575284754-612537104-1906650694-1001\...\Windows 10 Manager 2.0.0) (Version: 2.0.0 - Yamicsoft)
Windows 10 Manager (HKU\S-1-5-21-2575284754-612537104-1906650694-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11042018125919578\...\Windows 10 Manager 2.0.0) (Version: 2.0.0 - Yamicsoft)
Windows Driver Package - ACTIA Automotive ACTIA USB Devices Driver Installation Media (06/16/2010 1.00.00) (HKLM\...\06330AEC489EF74CA815EB51EB0BFB271730A066) (Version: 06/16/2010 1.00.00 - ACTIA Automotive)
WinRAR 5.00 (64-bitová verzia) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Ziacik v3.1 (HKLM-x32\...\Ziacik v3.1) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2575284754-612537104-1906650694-1001_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2575284754-612537104-1906650694-1001_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\vanek\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-2575284754-612537104-1906650694-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\vanek\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-10-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-10-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-10-04] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-08-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-08-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-08-09] (Acronis)
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Smart Security\shellExt.dll [2015-07-08] (ESET)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-10-04] (Google)
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2015-01-10] (IObit)
ContextMenuHandlers1: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:\Program Files (x86)\Acronis\TrueImageHome\x64\versions_page.dll [2016-08-09] (Acronis International GmbH)
ContextMenuHandlers1: [WinRAR] -> [CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers1: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Smart Security\shellExt.dll [2015-07-08] (ESET)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-10-04] (Google)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Intel Corporation)
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Smart Security\shellExt.dll [2015-07-08] (ESET)
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2015-01-10] (IObit)
ContextMenuHandlers6: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:\Program Files (x86)\Acronis\TrueImageHome\x64\versions_page.dll [2016-08-09] (Acronis International GmbH)
ContextMenuHandlers6: [WinRAR] -> [CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers6: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {140B32C4-8F9A-4A98-8501-FA7AAFA54B0A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {1516FEE1-BA99-47A0-A407-C896E7D187EA} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-2575284754-612537104-1906650694-1001 => "C:\WINDOWS\system32\rundll32.exe" dfshim.dll,ShOpenVerbShortcut C:\Users\vanek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
Task: {25662BEE-3529-4518-B6C4-41AC40F0B6C8} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [2018-05-16] (Lenovo Group Limited)
Task: {378D6B08-B896-4183-836A-50962433FFF3} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\d014ccf0-4665-4861-bcf8-8f89a9740d9a => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-05-16] (Lenovo Group Limited)
Task: {37E0B15D-D383-4D16-ADCF-98C3E10D0612} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-10-04] (AVAST Software)
Task: {3FABFC54-8E12-4984-AD68-8688B1498DB5} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\815294ef-a7b7-4136-846f-e0b8ce8a5874 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-05-16] (Lenovo Group Limited)
Task: {482F3743-811D-44A1-A6AD-9C4CB1EC4E22} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {4DF941A3-B25E-4B43-9663-6DBB1EC0740C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-19] (Piriform Ltd)
Task: {4F7D1625-B724-4FBE-838E-FB0FF4DFEA8F} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_108_pepper.exe [2018-09-12] (Adobe Systems Incorporated)
Task: {54C10D9C-8D00-4BBC-8D6D-9CE730B99B0B} - System32\Tasks\ASC9_SkipUac_vanek => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
Task: {5BC3E7C8-D839-4F0C-8A08-DB3E9693CD08} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {66FF8BCC-686B-4531-B33B-8E2C717D299F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-09-12] (Adobe Systems Incorporated)
Task: {82294509-81EF-44C4-BDBC-4ECAD2A11BED} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {86B8ED27-233C-4893-9412-7E39E19D43B1} - System32\Tasks\{06102D60-82A3-4C20-AF00-137B7F6336FC} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\SEDREAP\start.exe" -d "C:\Program Files\SEDREAP"
Task: {92FCFD05-F3AF-42EC-AADF-DCCA8C307191} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {A389C74D-0F29-4353-8A8E-7154F271815A} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService
Task: {A6F98CF6-B627-4390-9CEA-044DA36A8BA7} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_108_Plugin.exe [2018-09-12] (Adobe Systems Incorporated)
Task: {ABEE7BF1-E142-4929-ABEC-9A2A35B34F2A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-31] (Google Inc.)
Task: {B71335CC-BBBC-48D8-ADA7-3548A850DEFE} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-10-06] (AVAST Software)
Task: {CB2D7FE8-032F-42A7-B2F3-20611750484A} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-10-04] (AVAST Software)
Task: {D2F8434E-F560-471E-B01D-EF9164160A92} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\a7fac38a-177a-4fd1-80e1-bd423d75b7cd => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-05-16] (Lenovo Group Limited)
Task: {DBC5A8CC-DA17-40CB-81A8-72A74739D60A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-31] (Google Inc.)
Task: {E204E8AC-21CE-4F4B-B2A7-62F0D6BB8436} - System32\Tasks\DriverNavigator Scheduled Scan => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe [2016-12-12] (Easeware)
Task: {E7E03C10-2DFF-47C7-8055-EA2BD009C42C} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\dfaad8c9-2afe-4011-97ed-74ff6b5053a6 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-05-16] (Lenovo Group Limited)
Task: {ED3CC6F5-09F6-4A14-BA48-27EB1DE6A72A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-19] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\ASC9_SkipUac_vanek.job => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DriverNavigator Scheduled Scan.job => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\vanek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Spúšťač aplikácií Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\vanek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikácie Chrome\Vzdialená plocha Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->

==================== Loaded Modules (Whitelisted) ==============

2018-07-08 17:47 - 2012-03-06 15:05 - 000054784 _____ () C:\WINDOWS\System32\gcprpm.dll
2017-06-23 19:34 - 2015-06-11 14:58 - 000022528 _____ () C:\WINDOWS\System32\ssm4mlm.dll
2016-08-21 12:38 - 2016-08-21 12:38 - 001277688 _____ () C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
2017-01-07 11:30 - 2017-01-07 11:30 - 006086744 _____ () C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
2016-01-09 20:31 - 2010-03-11 11:33 - 000016384 _____ () C:\Genius\ioCentre\GMouseService.exe
2017-06-23 20:20 - 2016-07-17 21:43 - 000499000 _____ () C:\WINDOWS\SysWOW64\spdsvc.exe
2018-10-07 09:05 - 2018-11-04 19:01 - 002695360 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-10-07 09:05 - 2018-11-04 19:01 - 002821952 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-08-21 12:37 - 2016-08-21 12:37 - 001516920 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe
2016-08-11 12:29 - 2016-08-11 12:29 - 009729272 _____ () C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-10-02 12:08 - 2018-09-21 04:38 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2014-09-08 12:39 - 2014-09-08 12:39 - 000464608 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2014-09-08 12:38 - 2014-09-08 12:38 - 000051200 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2017-03-09 01:16 - 2017-03-09 01:16 - 000112264 _____ () C:\Windows\System32\IccLibDll_x64.dll
2018-10-04 19:44 - 2018-10-04 19:44 - 046459080 _____ () C:\Program Files\Google\Drive\googledrivesync.exe
2016-01-09 20:31 - 2012-04-23 17:10 - 000061440 _____ () C:\Genius\ioCentre\gTaskBar.exe
2016-01-09 20:31 - 2009-09-03 10:45 - 000161280 _____ () C:\Genius\ioCentre\GenXML.dll
2016-08-21 13:11 - 2016-08-21 13:11 - 004657312 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
2016-01-09 20:31 - 2013-05-09 18:02 - 000978432 _____ () C:\Genius\ioCentre\gMouseTask.exe
2016-01-09 20:31 - 2009-09-03 11:22 - 000063488 _____ () C:\Genius\ioCentre\gfMedia.dll
2016-01-09 20:31 - 2011-06-09 14:26 - 000052224 _____ () C:\Genius\ioCentre\gfBrowser.dll
2016-01-09 20:31 - 2009-09-03 11:23 - 000020992 _____ () C:\Genius\ioCentre\gfOffice.dll
2016-01-09 20:31 - 2009-09-03 11:24 - 000027648 _____ () C:\Genius\ioCentre\gfSystem.dll
2016-01-09 20:31 - 2009-09-03 11:18 - 000040960 _____ () C:\Genius\ioCentre\gfEmail.dll
2016-01-09 20:31 - 2011-08-04 16:45 - 000266752 _____ () C:\Genius\ioCentre\gDevMgm.dll
2016-01-09 20:31 - 2011-08-04 16:48 - 000758784 _____ () C:\Genius\ioCentre\gKbdTask.exe
2016-01-09 20:31 - 2009-09-03 10:55 - 000069120 _____ () C:\Genius\ioCentre\gAutoScroll.dll
2016-01-09 20:31 - 2009-09-03 10:54 - 000249344 _____ () C:\Genius\ioCentre\gAutoPan.dll
2016-01-09 20:31 - 2009-09-03 11:06 - 000259072 _____ () C:\Genius\ioCentre\gZoom.dll
2016-01-09 20:31 - 2009-09-03 11:25 - 000025088 _____ () C:\Genius\ioCentre\gIoCentreHook.dll
2016-01-09 20:31 - 2009-09-03 11:05 - 000048640 _____ () C:\Genius\ioCentre\gTaskSwitch.dll
2016-01-09 20:31 - 2012-03-13 16:43 - 000268288 _____ () C:\Genius\ioCentre\gDeskMgm.dll
2016-01-09 20:31 - 2009-09-03 11:02 - 000246784 _____ () C:\Genius\ioCentre\gKbStatus.dll
2016-01-09 20:31 - 2009-09-03 10:59 - 000053760 _____ () C:\Genius\ioCentre\gIMMgm.dll
2016-01-09 20:31 - 2009-09-03 11:02 - 000143360 _____ () C:\Genius\ioCentre\gPreset.dll
2016-01-09 20:31 - 2009-09-03 10:58 - 000044544 _____ () C:\Genius\ioCentre\gIMHook.dll
2016-01-09 20:31 - 2009-09-03 11:04 - 000056832 _____ () C:\Genius\ioCentre\gTabSwitch.dll
2013-02-17 18:35 - 2012-12-21 19:33 - 000020288 _____ () C:\Program Files\CCleaner\branding.dll
2018-09-19 09:12 - 2018-09-19 09:12 - 000083784 _____ () C:\Program Files\CCleaner\lang\lang-1051.dll
2018-11-04 13:18 - 2018-11-04 13:18 - 000113664 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\_ctypes.pyd
2018-11-04 13:18 - 2018-11-04 13:18 - 000080896 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\bz2.pyd
2018-11-04 13:18 - 2018-11-04 13:18 - 001792512 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\_hashlib.pyd
2018-11-04 13:18 - 2018-11-04 13:18 - 000128512 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\win32api.pyd
2018-11-04 13:18 - 2018-11-04 13:18 - 000137728 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\pywintypes27.dll
2018-11-04 13:18 - 2018-11-04 13:18 - 000548864 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\pythoncom27.dll
2018-11-04 13:18 - 2018-11-04 13:18 - 000689664 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\unicodedata.pyd
2018-11-04 13:18 - 2018-11-04 13:18 - 000438784 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\win32com.shell.shell.pyd
2018-11-04 13:19 - 2018-11-04 13:19 - 001489408 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\wx._core_.pyd
2018-11-04 13:19 - 2018-11-04 13:19 - 001007104 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\wx._gdi_.pyd
2018-11-04 13:19 - 2018-11-04 13:19 - 001039872 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\wx._windows_.pyd
2018-11-04 13:19 - 2018-11-04 13:19 - 001325056 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\wx._controls_.pyd
2018-11-04 13:19 - 2018-11-04 13:19 - 000916992 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\wx._misc_.pyd
2018-11-04 13:18 - 2018-11-04 13:18 - 001084416 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\pysqlite2._sqlite.pyd
2018-11-04 13:18 - 2018-11-04 13:18 - 000149504 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\win32file.pyd
2018-11-04 13:18 - 2018-11-04 13:18 - 000136192 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\win32security.pyd
2018-11-04 13:18 - 2018-11-04 13:18 - 000007680 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\hashobjs_ext.pyd
2018-11-04 13:18 - 2018-11-04 13:18 - 000020992 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\thumbnails_ext.pyd
2018-11-04 13:18 - 2018-11-04 13:18 - 000118784 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\usb_ext.pyd
2018-11-04 13:18 - 2018-11-04 13:18 - 000047616 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\_socket.pyd
2018-11-04 13:18 - 2018-11-04 13:18 - 002224640 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\_ssl.pyd
2018-11-04 13:18 - 2018-11-04 13:18 - 000014848 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\common.time34.pyd
2018-11-04 13:18 - 2018-11-04 13:18 - 000023040 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\win32event.pyd
2018-11-04 13:18 - 2018-11-04 13:18 - 000034304 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\windows.conditional.pyd
2018-11-04 13:18 - 2018-11-04 13:18 - 000020480 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\windows.winwrap.pyd
2018-11-04 13:18 - 2018-11-04 13:18 - 000110080 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\windows.volumes.pyd
2018-11-04 13:18 - 2018-11-04 13:18 - 000223232 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\win32gui.pyd
2018-11-04 13:18 - 2018-11-04 13:18 - 000173568 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\_elementtree.pyd
2018-11-04 13:18 - 2018-11-04 13:18 - 000169472 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\pyexpat.pyd
2018-11-04 13:18 - 2018-11-04 13:18 - 000048128 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\win32inet.pyd
2018-11-04 13:19 - 2018-11-04 13:19 - 000103424 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\wx._html2.pyd
2018-11-04 13:18 - 2018-11-04 13:18 - 000046080 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\_psutil_windows.pyd
2018-11-04 13:18 - 2018-11-04 13:18 - 000633272 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\windows._cacheinvalidation.pyd
2018-11-04 13:18 - 2018-11-04 13:18 - 000011776 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\win32crypt.pyd
2018-11-04 13:18 - 2018-11-04 13:18 - 000301568 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\PIL._imaging.pyd
2018-11-04 13:18 - 2018-11-04 13:18 - 000032256 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\_multiprocessing.pyd
2018-11-04 13:18 - 2018-11-04 13:18 - 005752320 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\cello.pyd
2018-11-04 13:18 - 2018-11-04 13:18 - 000026112 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\_yappi.pyd
2018-11-04 13:18 - 2018-11-04 13:18 - 000044032 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\win32process.pyd
2018-11-04 13:18 - 2018-11-04 13:18 - 000027648 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\win32pipe.pyd
2018-11-04 13:18 - 2018-11-04 13:18 - 000010752 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\select.pyd
2018-11-04 13:18 - 2018-11-04 13:18 - 000029696 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\win32pdh.pyd
2018-11-04 13:18 - 2018-11-04 13:18 - 000038400 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\windows.connectivity.pyd
2018-11-04 13:18 - 2018-11-04 13:18 - 000073216 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\windows.device_monitor.pyd
2018-11-04 13:18 - 2018-11-04 13:18 - 000020480 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\win32profile.pyd
2018-11-04 13:18 - 2018-11-04 13:18 - 000026624 _____ () C:\Users\vanek\AppData\Local\Temp\_MEI121962\win32ts.pyd
2018-10-04 05:55 - 2018-10-04 06:01 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2018-11-04 15:01 - 2018-11-04 15:07 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2018-11-04 15:02 - 2018-11-04 15:08 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2018-11-04 15:02 - 2018-11-04 15:08 - 000183808 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-09-26 16:48 - 2018-09-26 16:49 - 000479232 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-09-26 16:48 - 2018-09-26 16:48 - 069128192 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2018-09-26 16:48 - 2018-09-26 16:49 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-05-04 16:22 - 2018-05-04 16:24 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2017-11-11 18:32 - 2017-11-11 18:41 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-09-01 15:02 - 2018-09-01 15:03 - 003699200 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-09-01 15:02 - 2018-09-01 15:03 - 000035328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-08-21 13:22 - 2018-08-21 13:24 - 002480640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\opencv_imgproc320.dll
2018-08-21 13:22 - 2018-08-21 13:24 - 002280960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\opencv_core320.dll
2018-04-06 22:38 - 2018-04-06 22:40 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-09-26 16:48 - 2018-09-26 16:49 - 014171648 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-09-01 15:02 - 2018-09-01 15:03 - 003544576 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-09-26 16:48 - 2018-09-26 16:48 - 002866176 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-09-01 15:02 - 2018-09-01 15:03 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-07-29 16:57 - 2018-07-29 16:58 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-11-04 18:40 - 2018-10-23 22:24 - 005020504 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.77\libglesv2.dll
2018-11-04 18:39 - 2018-10-23 22:24 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.77\libegl.dll
2016-06-22 09:27 - 2016-06-22 09:27 - 000217008 _____ () C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\pcs_io.dll
2016-07-02 19:30 - 2016-07-02 19:30 - 000376240 _____ () C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\archive3.dll
2016-03-09 08:28 - 2016-03-09 08:28 - 000042416 _____ () C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\winpthreads4.dll
2016-08-21 12:27 - 2016-08-21 12:27 - 000391088 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\resource.dll
2016-08-03 13:47 - 2016-08-03 13:47 - 000685488 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\sqlite3.dll
2016-06-14 15:24 - 2016-06-14 15:24 - 000444336 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2016-06-22 07:16 - 2016-06-22 07:16 - 000115632 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\expat.dll
2016-04-04 11:03 - 2016-07-26 12:02 - 003650048 _____ () C:\Program Files (x86)\Samsung\Easy Printer Manager\sf.dll
2016-07-26 12:06 - 2016-07-26 12:06 - 000310272 _____ () C:\Program Files (x86)\Samsung\Easy Printer Manager\sslog.dll
2016-04-04 11:03 - 2016-07-26 12:02 - 000300032 _____ () C:\Program Files (x86)\Samsung\Easy Printer Manager\log4cplus.dll
2016-08-21 12:27 - 2016-08-21 12:27 - 006068656 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_resources.dll
2016-07-23 15:15 - 2016-07-23 15:15 - 000129968 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\afcdpapi.dll
2014-12-09 23:33 - 2016-08-21 13:05 - 020655296 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
2016-08-21 12:27 - 2016-08-21 12:27 - 000049072 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\rpc_client.dll
2016-08-11 12:14 - 2016-08-11 12:14 - 000248752 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\sync_agent_api.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:B801D4E2 [362]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2575284754-612537104-1906650694-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2575284754-612537104-1906650694-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2575284754-612537104-1906650694-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2575284754-612537104-1906650694-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2575284754-612537104-1906650694-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2575284754-612537104-1906650694-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2575284754-612537104-1906650694-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2575284754-612537104-1906650694-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2575284754-612537104-1906650694-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2575284754-612537104-1906650694-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2575284754-612537104-1906650694-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2575284754-612537104-1906650694-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2575284754-612537104-1906650694-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2575284754-612537104-1906650694-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2575284754-612537104-1906650694-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2575284754-612537104-1906650694-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2575284754-612537104-1906650694-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2575284754-612537104-1906650694-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2575284754-612537104-1906650694-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2575284754-612537104-1906650694-1001\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.

IE restricted site: HKU\S-1-5-21-2575284754-612537104-1906650694-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11042018125919578\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2575284754-612537104-1906650694-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11042018125919578\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2575284754-612537104-1906650694-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11042018125919578\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2575284754-612537104-1906650694-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11042018125919578\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2575284754-612537104-1906650694-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11042018125919578\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2575284754-612537104-1906650694-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11042018125919578\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2575284754-612537104-1906650694-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11042018125919578\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2575284754-612537104-1906650694-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11042018125919578\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2575284754-612537104-1906650694-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11042018125919578\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2575284754-612537104-1906650694-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11042018125919578\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2575284754-612537104-1906650694-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11042018125919578\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2575284754-612537104-1906650694-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11042018125919578\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2575284754-612537104-1906650694-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11042018125919578\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2575284754-612537104-1906650694-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11042018125919578\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2575284754-612537104-1906650694-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11042018125919578\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2575284754-612537104-1906650694-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11042018125919578\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2575284754-612537104-1906650694-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11042018125919578\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2575284754-612537104-1906650694-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11042018125919578\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2575284754-612537104-1906650694-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11042018125919578\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2575284754-612537104-1906650694-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11042018125919578\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 12:04 - 2018-10-07 08:57 - 000001163 ____R C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0 activation.acronis.com
0.0.0.0 web-api-tih.acronis.com
0.0.0.0 web-api-tie.acronis.com
0.0.0.0 web-api-vmp.acronis.com
0.0.0.0 cloud-rs-ru2.acronis.com
0.0.0.0 cloud-fes-ru2.acronis.com
0.0.0.0 rpc.acronis.com
0.0.0.0 keystone.mwbsys.com
0.0.0.0 telemetry.malwarebytes.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11042018125919188\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11042018125919406\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2575284754-612537104-1906650694-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\vanek\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\{5b734aa6-89f8-4909-a250-fab9d240f467}.jpg
HKU\S-1-5-21-2575284754-612537104-1906650694-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11042018125919578\Control Panel\Desktop\\Wallpaper -> C:\Users\vanek\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\{5b734aa6-89f8-4909-a250-fab9d240f467}.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\StartupFolder: => "TVR Scheduler.lnk"
HKLM\...\StartupApproved\Run32: => "Family Tree Builder Update"
HKU\S-1-5-21-2575284754-612537104-1906650694-1001\...\StartupApproved\StartupFolder: => "Odoslanie do programu OneNote.lnk"
HKU\S-1-5-21-2575284754-612537104-1906650694-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11042018125919578\...\StartupApproved\StartupFolder: => "Odoslanie do programu OneNote.lnk"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{85753CC4-2131-47BC-B448-4634B842CEA3}] => (Allow) LPort=1688
FirewallRules: [{4138D357-FC09-49A4-AEE0-80436647C4ED}] => (Allow) C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{9C4DF012-499B-49E0-B874-3EACEAA3A2B2}] => (Allow) C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
FirewallRules: [{639FAA1A-6FC1-462E-A53D-31584C8776B1}] => (Allow) C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
FirewallRules: [{D77AC2B9-51B3-4391-B062-6F27C92184E2}] => (Allow) C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{CBDFBDBB-4BFD-4534-8FBC-3A448AC5E9AD}] => (Allow) C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
FirewallRules: [{977CA684-F982-4595-B366-983321991785}] => (Allow) C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{A1444A46-842E-4D20-BB28-C77A04D0D7AB}] => (Allow) C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
FirewallRules: [{160EB4FE-0C18-428B-B9D3-9679D8ED136A}] => (Allow) C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{55BE3203-78F8-4EA3-82E9-D3EABB3D984E}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe
FirewallRules: [{1821887C-7CE3-40A8-9B26-3A263E709BF3}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe
FirewallRules: [{D140C77B-635B-4B0D-8572-A0867B306A07}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
FirewallRules: [{A731C67F-5CDC-4E38-9E39-1782C232C309}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{9D7B077F-7F45-407D-8483-A11559C1C5EF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{505E9A11-B04F-4C8A-8F78-0DD4D5BCB2BF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{836F972E-9037-451A-8E82-9B46BC43983F}] => (Allow) C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
FirewallRules: [{3A14AD38-3EC3-411D-9229-4F08CB8B78D1}] => (Allow) C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{0928E9EB-24EC-40C9-AEFA-B9C6D02C6097}] => (Allow) C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{A82890D7-BE5A-430B-AB2D-CCEFE7F5F979}] => (Allow) C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
FirewallRules: [{880286C1-57D8-4100-97BB-15B1D8BAF8F2}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D0D42BA6-B48D-4FC6-8F5F-DEFE59F12CE5}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{E1E59F30-9767-49FF-ADDF-C8D30AEC9095}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{DFF05E67-D18D-4A8E-BC3C-57271FC9AAD1}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{74EC3D30-6EFE-4FEE-9257-015BCCB9F270}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{A9EF50F5-D5B5-46F8-AE34-25D585E6CF3B}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{2963A5BB-F640-47A2-A1C9-BB39954D0B71}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{FECA344F-82D3-413F-B0C6-BB7A4249B557}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{3D2F8762-F6D0-4754-A124-4A2970B24BFA}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{B2BF85EF-ABBE-4C44-961F-1AE02EEEC275}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{EF5BBAA8-0FF2-4D61-89BF-15B4504AE3DA}] => (Allow) LPort=1886
FirewallRules: [{7E9C5432-838C-4AAB-B98F-E3D36C279214}] => (Allow) LPort=1886
FirewallRules: [{06D80ADE-6758-4428-8303-73B815C49009}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{C53031D0-FB6B-4B50-9E27-4A7513059C89}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{A633FD7E-7195-4DD4-9D6B-609F867311DE}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{F3831E01-95AE-488D-9CA5-1B1E0795F208}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{B92F433B-943B-4C52-8FAA-D7D80F8305CF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{4E36CB62-A8E5-45B4-B10D-8B2425B75064}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{90502441-DF11-4743-BE15-479E3E156961}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{3B1F240F-7E60-4CD3-B55C-040A1E274823}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{A79DFB48-73BD-4641-B3D2-715FE08B3F95}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{C53C50A2-DE53-48BE-9B95-772C952A0502}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{6DFC3654-3B5D-4FD9-BAAB-3FF3176CC987}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{FB0587F4-DBC0-499A-947C-3B133296592D}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{49A3E5DE-9F38-46CF-893C-67968CB8F21E}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{D8E970EC-DF45-48FE-96A6-739FEDB044B9}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{0955F2FC-7A17-4F90-98D1-BA3E73C0DE23}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{B1DE9F6D-D914-4834-88B5-E7E7AE3967F8}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{DD88FBFB-EF94-4ADD-A13E-698E0A00D5EB}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [TCP Query User{BB71803D-5E3C-43CF-9613-7A8B764284BD}C:\users\vanek\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\vanek\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{C1E8B41D-BBFE-4B62-A436-3D3B36281C79}C:\users\vanek\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\vanek\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{8E55AE6D-AECA-41B9-846A-90FB9AD5B213}] => (Allow) C:\Program Files (x86)\EA GAMES\Battlefield 2\BF2.exe
FirewallRules: [{5033C142-400F-48CD-8510-1EF4841D564C}] => (Allow) C:\Program Files (x86)\EA GAMES\Battlefield 2\BF2.exe
FirewallRules: [{4AC4CCAB-51A2-48FB-93A1-3A942AB713E6}] => (Allow) C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
FirewallRules: [{FA2EB6BD-FFC6-4BD7-BC2E-89480038C928}] => (Allow) C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{EACCC6A8-AA0E-4E87-9562-2669B88A4835}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E64D7F27-E3C2-48CF-B1AE-32663BCA575A}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{724D2841-DD49-48C5-AC97-911EA3D3601D}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{34FAB32E-9D26-4047-8002-E8EF87CE79C4}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{8E86AEAB-F917-4107-81B5-C82BB2423842}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{8BB34C61-2446-4365-8527-322FA556357F}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
FirewallRules: [{A4C829B5-9BD7-4956-8996-31AAA4DA1009}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
FirewallRules: [{41CF2B54-B4A6-4662-8FD0-CDAFE33D19F9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

04-11-2018 15:17:53 Removed Avast Driver Updater

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/04/2018 06:09:40 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Cryptographic Services zlyhala pri spracovávaní volania OnIdentity() v objekte System Writer.

Details:
AddWin32ServiceFiles: Unable to back up image of service LiveUpdate since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (11/04/2018 06:09:40 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Cryptographic Services zlyhala pri spracovávaní volania OnIdentity() v objekte System Writer.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Firewall Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (11/04/2018 06:09:40 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Cryptographic Services zlyhala pri spracovávaní volania OnIdentity() v objekte System Writer.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (11/04/2018 06:09:40 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Cryptographic Services zlyhala pri spracovávaní volania OnIdentity() v objekte System Writer.

Details:
AddWin32ServiceFiles: Unable to back up image of service aswbIDSAgent since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (11/04/2018 06:09:40 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Cryptographic Services zlyhala pri spracovávaní volania OnIdentity() v objekte System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary aswVmm.

System Error:
The system cannot find the file specified.
.

Error: (11/04/2018 06:09:40 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Cryptographic Services zlyhala pri spracovávaní volania OnIdentity() v objekte System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary aswStm.

System Error:
The system cannot find the file specified.
.

Error: (11/04/2018 06:09:40 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Cryptographic Services zlyhala pri spracovávaní volania OnIdentity() v objekte System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSP.

System Error:
The system cannot find the file specified.
.

Error: (11/04/2018 06:09:40 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Cryptographic Services zlyhala pri spracovávaní volania OnIdentity() v objekte System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSnx.

System Error:
The system cannot find the file specified.
.


System errors:
=============
Error: (11/04/2018 06:53:24 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-EA8C9J8)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user DESKTOP-EA8C9J8\vanek SID (S-1-5-21-2575284754-612537104-1906650694-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (11/04/2018 06:42:20 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-EA8C9J8)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-EA8C9J8\vanek SID (S-1-5-21-2575284754-612537104-1906650694-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/04/2018 03:50:06 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-EA8C9J8)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-EA8C9J8\vanek SID (S-1-5-21-2575284754-612537104-1906650694-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/04/2018 03:40:06 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-EA8C9J8)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-EA8C9J8\vanek SID (S-1-5-21-2575284754-612537104-1906650694-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/04/2018 02:52:42 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-EA8C9J8)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user DESKTOP-EA8C9J8\vanek SID (S-1-5-21-2575284754-612537104-1906650694-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (11/04/2018 02:51:53 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-EA8C9J8)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user DESKTOP-EA8C9J8\vanek SID (S-1-5-21-2575284754-612537104-1906650694-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (11/04/2018 02:49:29 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-EA8C9J8)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user DESKTOP-EA8C9J8\vanek SID (S-1-5-21-2575284754-612537104-1906650694-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (11/04/2018 02:41:54 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-EA8C9J8)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-EA8C9J8\vanek SID (S-1-5-21-2575284754-612537104-1906650694-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2018-07-02 14:44:26.473
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: HackTool:MSIL/AutoKMS
ID: 2147711767
Severity: Vysoká
Category: Nástroj
Path: file:_C:\Program Files\KMSpico\AutoPico.exe;file:_C:\Program Files\KMSpico\KMSELDI.exe;file:_C:\Program Files\KMSpico\Service_KMS.exe;file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\AutoPico.lnk;file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\KMSpico.lnk;file:_C:\WINDOWS\System32\Tasks\AutoPico Daily Restart;process:_pid:4240,ProcessStart:131749396622168329;regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C16D8C5-8BE0-4444-B5A3-615838848CED};regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart;regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1;service:_Service KMSELDI;startup:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\AutoPico.lnk;startup:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\KMSpico.lnk;taskscheduler:_C:\WINDOWS\System32\Tasks\AutoPico Daily Restart;uninstall:_HKLM\SOFTWARE\MICROSOFT\W
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: C:\Program Files\KMSpico\Service_KMS.exe
Signature Version: AV: 1.271.328.0, AS: 1.271.328.0, NIS: 1.271.328.0
Engine Version: AM: 1.1.15000.2, NIS: 1.1.15000.2

Date: 2018-07-01 19:43:09.097
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: HackTool:MSIL/AutoKMS
ID: 2147711767
Severity: Stredná
Category: Nástroj
Path: file:_C:\Program Files\KMSpico\AutoPico.exe;file:_C:\Program Files\KMSpico\KMSELDI.exe;file:_C:\Program Files\KMSpico\Service_KMS.exe;file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\AutoPico.lnk;file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\KMSpico.lnk;file:_C:\WINDOWS\System32\Tasks\AutoPico Daily Restart;process:_pid:4240,ProcessStart:131749396622168329;regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C16D8C5-8BE0-4444-B5A3-615838848CED};regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart;regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1;startup:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\AutoPico.lnk;startup:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\KMSpico.lnk;taskscheduler:_C:\WINDOWS\System32\Tasks\AutoPico Daily Restart;uninstall:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNI
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: C:\Program Files\KMSpico\Service_KMS.exe
Signature Version: AV: 1.263.48.0, AS: 1.263.48.0, NIS: 1.263.48.0
Engine Version: AM: 1.1.14600.4, NIS: 1.1.14600.4

Date: 2018-07-01 19:42:47.834
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: HackTool:MSIL/AutoKMS
ID: 2147711767
Severity: Stredná
Category: Nástroj
Path: file:_C:\Program Files\KMSpico\Service_KMS.exe;process:_pid:4240,ProcessStart:131749396622168329
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: C:\Program Files\KMSpico\Service_KMS.exe
Signature Version: AV: 1.263.48.0, AS: 1.263.48.0, NIS: 1.263.48.0
Engine Version: AM: 1.1.14600.4, NIS: 1.1.14600.4

Date: 2018-05-02 19:05:23.039
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: HackTool:MSIL/AutoKMS
ID: 2147711767
Severity: Stredná
Category: Nástroj
Path: file:_C:\Program Files\KMSpico\KMSELDI.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
Signature Version: AV: 1.263.48.0, AS: 1.263.48.0, NIS: 1.263.48.0
Engine Version: AM: 1.1.14600.4, NIS: 1.1.14600.4

Date: 2018-05-02 18:57:21.388
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: HackTool:MSIL/AutoKMS
ID: 2147711767
Severity: Stredná
Category: Nástroj
Path: file:_C:\Program Files\KMSpico\AutoPico.exe;file:_C:\Program Files\KMSpico\KMSELDI.exe;file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\AutoPico.lnk;file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\KMSpico.lnk;file:_C:\WINDOWS\System32\Tasks\AutoPico Daily Restart;regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C16D8C5-8BE0-4444-B5A3-615838848CED};regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart;regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1;startup:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\AutoPico.lnk;startup:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\KMSpico.lnk;taskscheduler:_C:\WINDOWS\System32\Tasks\AutoPico Daily Restart;uninstall:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.263.48.0, AS: 1.263.48.0, NIS: 1.263.48.0
Engine Version: AM: 1.1.14600.4, NIS: 1.1.14600.4

Date: 2018-07-02 14:36:19.586
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU B820 @ 1.70GHz
Percentage of memory in use: 76%
Total physical RAM: 4892.18 MB
Available physical RAM: 1165.25 MB
Total Virtual: 10012.18 MB
Available Virtual: 5520.71 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:249.72 GB) (Free:95.8 GB) NTFS
Drive g: () (Fixed) (Total:215 GB) (Free:172.57 GB) NTFS

\\?\Volume{77ae964f-726d-432e-8b4a-0fc364cc1b5e}\ (Obnovenie) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\\?\Volume{b88bea74-0a87-43ad-8e3b-3c2a93ac4921}\ () (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Re: Heknutý počitač

Napsal: 04 lis 2018 19:27
od vrazda
# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-10-31.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 11-04-2018
# Duration: 00:00:33
# OS: Windows 10 Pro
# Scanned: 32026
# Detected: 3


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.AdvancedSystemCare C:\Users\vanek\AppData\Roaming\IObit\Advanced SystemCare V7
PUP.Optional.SlimCleanerPlus C:\Users\vanek\AppData\Local\slimware utilities inc

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

PUP.Optional.Legacy slunecnice.cz

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [5975 octets] - [05/10/2018 19:11:41]
AdwCleaner[C00].txt - [5215 octets] - [05/10/2018 19:13:12]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########

Tu som urobil sken ale som nedalsom to vičistit az co nato povieš

Re: Heknutý počitač

Napsal: 04 lis 2018 23:16
od Conder
:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
VirusTotal: C:\WINDOWS\temp\CCRunOnce.exe
File: C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
File: C:\Genius\ioCentre\gTaskBar.exe
File: C:\WINDOWS\system32\eed_ec.dll
File: C:\WINDOWS\VPDAgent_x64.exe
File: C:\WINDOWS\system32\crypserv.exe
File: C:\Genius\ioCentre\GMouseService.exe
File: C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
File: C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
File: C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
File: C:\WINDOWS\System32\drivers\lgandnetbus64.sys
File: C:\WINDOWS\system32\DRIVERS\lgandnetdiag64.sys
File: C:\WINDOWS\system32\DRIVERS\lgandnetmodem64.sys
File: C:\WINDOWS\temp\CCRunOnce.exe
File: C:\Program Files\SEDREAP\start.exe
File: C:\WINDOWS\System32\gcprpm.dll
File: C:\WINDOWS\System32\ssm4mlm.dll
ExportKey: HKLM\SYSTEM\CurrentControlSet\Services\aswSP
ExportKey: HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt
ExportKey: HKLM\SYSTEM\CurrentControlSet\Services\aswSnx

HKLM-x32\...\RunOnce: [CCUpdate4] => C:\WINDOWS\temp\CCRunOnce.exe [213840 2018-11-04] () <==== ATTENTION
HKU\S-1-5-21-2575284754-612537104-1906650694-1001\...\RunOnce: [Uninstall 18.151.0729.0012\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\vanek\AppData\Local\Microsoft\OneDrive\18.151.0729.0012\amd64"
HKU\S-1-5-21-2575284754-612537104-1906650694-1001\...\RunOnce: [Uninstall 18.151.0729.0012] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\vanek\AppData\Local\Microsoft\OneDrive\18.151.0729.0012"
HKU\S-1-5-21-2575284754-612537104-1906650694-1001\...\MountPoints2: {98b68e53-90dd-11e8-9c91-84a6c826af79} - "D:\HiSuiteDownLoader.exe" 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-2575284754-612537104-1906650694-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11042018125919578\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://dub130.mail.live.com/default.aspx
FF Homepage: Mozilla\Firefox\Profiles\dh2s16i5.default -> hxxps://outlook.live.com/owa/?path=/mail/AQMkADAwATNiZmYAZC1hNmJjLTgzYWQtMDACLTAwCgAuAAADrz92dgCANvNFq7k0xU7Srz0BACrzm3tv5uJHvQ9we%2B1ktQAAAwFaAAAA
CHR HomePage: Default -> hxxp://zoznam.sk/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.zoznam.sk/"
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys
U1 aswbdisk; no ImagePath
2018-11-04 15:17 - 2018-11-04 15:17 - 000000000 ____D C:\Users\vanek\AppData\Local\SlimWare Utilities Inc
2018-11-04 12:52 - 2016-02-02 17:09 - 000000270 _____ C:\WINDOWS\Tasks\ASC9_SkipUac_vanek.job
2018-10-07 12:50 - 2018-05-02 15:48 - 000002248 _____ C:\WINDOWS\System32\Tasks\ASC9_SkipUac_vanek
2018-10-05 18:13 - 2016-02-02 17:09 - 000000000 ____D C:\Users\vanek\AppData\LocalLow\IObit
2018-10-05 18:13 - 2016-02-02 17:08 - 000000000 ____D C:\Users\vanek\AppData\Roaming\IObit
2018-10-05 18:13 - 2016-02-02 17:08 - 000000000 ____D C:\ProgramData\IObit
2018-01-30 18:38 - 2018-04-10 13:52 - 000000239 _____ () C:\ProgramData\fontcacheev1.dat
2017-05-27 19:19 - 2017-05-27 19:19 - 000000036 _____ () C:\Users\vanek\AppData\Local\housecall.guid.cache
2017-01-07 18:08 - 2017-01-07 18:08 - 000000001 _____ () C:\Users\vanek\AppData\Local\RawCopy.1.10.agreement
2017-01-07 18:08 - 2017-01-07 18:08 - 000000001 _____ () C:\Users\vanek\AppData\Local\RawCopy.sourcedisk.index
C:\WINDOWS\temp\CCRunOnce.exe

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2015-01-10] (IObit)
ContextMenuHandlers1: [WinRAR] -> [CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers1: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2015-01-10] (IObit)
ContextMenuHandlers6: [WinRAR] -> [CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers6: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
Task: {54C10D9C-8D00-4BBC-8D6D-9CE730B99B0B} - System32\Tasks\ASC9_SkipUac_vanek => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
Task: C:\WINDOWS\Tasks\ASC9_SkipUac_vanek.job => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
Task: C:\WINDOWS\Tasks\DriverNavigator Scheduled Scan.job => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:B801D4E2 [362]
C:\WINDOWS\System32\IObitSmartDefragExtension.dll
C:\Program Files\KMSpico

C:\Program Files\IObit
C:\Program Files (x86)\IObit
C:\Program Files\Common Files\IObit
C:\ProgramData\IObit
C:\ProgramData\ProductData
C:\Users\vanek\AppData\Roaming\IObit
C:\Users\vanek\AppData\LocalLow\IObit
C:\Users\vanek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*Driver Booster*
C:\Users\vanek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*Advanced SystemCare*
C:\Users\Default\AppData\Roaming\IObit
C:\Users\Default\AppData\LocalLow\IObit
C:\Users\Public\Desktop\*Driver Booster*
C:\Users\Public\Desktop\*Advanced SystemCare*
C:\Windows\IObit
C:\Windows\Tasks\ImCleanDisabled
C:\ProgramData\{13CFD044-61E4-4EAC-AD61-02536D961216}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 5
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare

Hosts:
EmptyTemp:
End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

Re: Heknutý počitač

Napsal: 05 lis 2018 05:04
od vrazda
A čo mi teraz radiš
Dnes mi prišiel zas ten mail

Re: Heknutý počitač

Napsal: 05 lis 2018 09:44
od JaRon
pokial sa ukaze kolega skontroluj PC s TDSSKiller https://support.kaspersky.com/viruses/u ... TDSSKiller

Re: Heknutý počitač

Napsal: 05 lis 2018 16:32
od vrazda
Fix result of Farbar Recovery Scan Tool (x64) Version: 24.10.2018
Ran by vanek (05-11-2018 16:12:33) Run:1
Running from C:\Users\vanek\Desktop
Loaded Profiles: vanek (Available Profiles: vanek)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
VirusTotal: C:\WINDOWS\temp\CCRunOnce.exe
File: C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
File: C:\Genius\ioCentre\gTaskBar.exe
File: C:\WINDOWS\system32\eed_ec.dll
File: C:\WINDOWS\VPDAgent_x64.exe
File: C:\WINDOWS\system32\crypserv.exe
File: C:\Genius\ioCentre\GMouseService.exe
File: C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
File: C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
File: C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
File: C:\WINDOWS\System32\drivers\lgandnetbus64.sys
File: C:\WINDOWS\system32\DRIVERS\lgandnetdiag64.sys
File: C:\WINDOWS\system32\DRIVERS\lgandnetmodem64.sys
File: C:\WINDOWS\temp\CCRunOnce.exe
File: C:\Program Files\SEDREAP\start.exe
File: C:\WINDOWS\System32\gcprpm.dll
File: C:\WINDOWS\System32\ssm4mlm.dll
ExportKey: HKLM\SYSTEM\CurrentControlSet\Services\aswSP
ExportKey: HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt
ExportKey: HKLM\SYSTEM\CurrentControlSet\Services\aswSnx

HKLM-x32\...\RunOnce: [CCUpdate4] => C:\WINDOWS\temp\CCRunOnce.exe [213840 2018-11-04] () <==== ATTENTION
HKU\S-1-5-21-2575284754-612537104-1906650694-1001\...\RunOnce: [Uninstall 18.151.0729.0012\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\vanek\AppData\Local\Microsoft\OneDrive\18.151.0729.0012\amd64"
HKU\S-1-5-21-2575284754-612537104-1906650694-1001\...\RunOnce: [Uninstall 18.151.0729.0012] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\vanek\AppData\Local\Microsoft\OneDrive\18.151.0729.0012"
HKU\S-1-5-21-2575284754-612537104-1906650694-1001\...\MountPoints2: {98b68e53-90dd-11e8-9c91-84a6c826af79} - "D:\HiSuiteDownLoader.exe"
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2575284754-612537104-1906650694-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11042018125919578\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://dub130.mail.live.com/default.aspx
FF Homepage: Mozilla\Firefox\Profiles\dh2s16i5.default -> hxxps://outlook.live.com/owa/?path=/mail/AQMkADAwATNiZmYAZC1hNmJjLTgzYWQtMDACLTAwCgAuAAADrz92dgCANvNFq7k0xU7Srz0BACrzm3tv5uJHvQ9we%2B1ktQAAAwFaAAAA
CHR HomePage: Default -> hxxp://zoznam.sk/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.zoznam.sk/"
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys
U1 aswbdisk; no ImagePath
2018-11-04 15:17 - 2018-11-04 15:17 - 000000000 ____D C:\Users\vanek\AppData\Local\SlimWare Utilities Inc
2018-11-04 12:52 - 2016-02-02 17:09 - 000000270 _____ C:\WINDOWS\Tasks\ASC9_SkipUac_vanek.job
2018-10-07 12:50 - 2018-05-02 15:48 - 000002248 _____ C:\WINDOWS\System32\Tasks\ASC9_SkipUac_vanek
2018-10-05 18:13 - 2016-02-02 17:09 - 000000000 ____D C:\Users\vanek\AppData\LocalLow\IObit
2018-10-05 18:13 - 2016-02-02 17:08 - 000000000 ____D C:\Users\vanek\AppData\Roaming\IObit
2018-10-05 18:13 - 2016-02-02 17:08 - 000000000 ____D C:\ProgramData\IObit
2018-01-30 18:38 - 2018-04-10 13:52 - 000000239 _____ () C:\ProgramData\fontcacheev1.dat
2017-05-27 19:19 - 2017-05-27 19:19 - 000000036 _____ () C:\Users\vanek\AppData\Local\housecall.guid.cache
2017-01-07 18:08 - 2017-01-07 18:08 - 000000001 _____ () C:\Users\vanek\AppData\Local\RawCopy.1.10.agreement
2017-01-07 18:08 - 2017-01-07 18:08 - 000000001 _____ () C:\Users\vanek\AppData\Local\RawCopy.sourcedisk.index
C:\WINDOWS\temp\CCRunOnce.exe

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2015-01-10] (IObit)
ContextMenuHandlers1: [WinRAR] -> [CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers1: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2015-01-10] (IObit)
ContextMenuHandlers6: [WinRAR] -> [CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers6: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
Task: {54C10D9C-8D00-4BBC-8D6D-9CE730B99B0B} - System32\Tasks\ASC9_SkipUac_vanek => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
Task: C:\WINDOWS\Tasks\ASC9_SkipUac_vanek.job => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
Task: C:\WINDOWS\Tasks\DriverNavigator Scheduled Scan.job => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:B801D4E2 [362]
C:\WINDOWS\System32\IObitSmartDefragExtension.dll
C:\Program Files\KMSpico

C:\Program Files\IObit
C:\Program Files (x86)\IObit
C:\Program Files\Common Files\IObit
C:\ProgramData\IObit
C:\ProgramData\ProductData
C:\Users\vanek\AppData\Roaming\IObit
C:\Users\vanek\AppData\LocalLow\IObit
C:\Users\vanek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*Driver Booster*
C:\Users\vanek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*Advanced SystemCare*
C:\Users\Default\AppData\Roaming\IObit
C:\Users\Default\AppData\LocalLow\IObit
C:\Users\Public\Desktop\*Driver Booster*
C:\Users\Public\Desktop\*Advanced SystemCare*
C:\Windows\IObit
C:\Windows\Tasks\ImCleanDisabled
C:\ProgramData\{13CFD044-61E4-4EAC-AD61-02536D961216}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 5
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========



Count : 5964
Average :
Sum : 16333947159
Maximum :
Minimum :
Property : Length




========= End of Powershell: =========

VirusTotal: C:\WINDOWS\temp\CCRunOnce.exe => https://www.virustotal.com/file/d41e142 ... 541175170/

========================= File: C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe ========================

C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
File is digitally signed
MD5: 8CC5E4DB25E4C22A308E2820E69D4950
Creation and modification date: 2014-09-08 12:39 - 2014-09-08 12:39
Size: 000464608
Attributes: ----A
Company Name:
Internal Name: CDASrv
Original Name: CDASrv.exe
Product: Common Desktop Agent
Description: CDA Server
File Version: 1.62.0.0
Product Version: 1.62.0.0
Copyright: Copyright © 2010. All rights reserved.
VirusTotal: https://www.virustotal.com/file/a53bbe0 ... 541195288/

====== End of File: ======


========================= File: C:\Genius\ioCentre\gTaskBar.exe ========================

C:\Genius\ioCentre\gTaskBar.exe
File not signed
MD5: CC119E603E73D6B1FBF1156BA13FEC37
Creation and modification date: 2016-01-09 20:31 - 2012-04-23 17:10
Size: 000061440
Attributes: ----A
Company Name:
Internal Name: gTaskBar.exe
Original Name: gTaskBar.exe
Product:
Description: ioCentre
File Version: 1.3.0.0
Product Version: 1.3.0.0
Copyright:
VirusTotal: https://www.virustotal.com/file/041666d ... 518476359/

====== End of File: ======


========================= File: C:\WINDOWS\system32\eed_ec.dll ========================

C:\WINDOWS\system32\eed_ec.dll
File is digitally signed
MD5: 1AEC452250C459B163D2B2F9A9AB17D2
Creation and modification date: 2017-06-23 19:34 - 2015-06-11 14:58
Size: 001848320
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: https://www.virustotal.com/file/e8aaffb ... 539485810/

====== End of File: ======


========================= File: C:\WINDOWS\VPDAgent_x64.exe ========================

C:\WINDOWS\VPDAgent_x64.exe
File not signed
MD5: A43C611391DA6D7A9BD28A16287444DC
Creation and modification date: 2016-07-08 16:56 - 2013-08-28 19:05
Size: 000168960
Attributes: ----A
Company Name: Two Pilots
Internal Name: VPDAgent_x64
Original Name: VPDAgent_x64.exe
Product: Virtual Printer Driver
Description: Virtual Printer Driver component
File Version: 4, 5, 0, 0
Product Version: 7, 3, 0, 0
Copyright: Copyright (C) Two Pilots 2012
VirusTotal: 0

====== End of File: ======


========================= File: C:\WINDOWS\system32\crypserv.exe ========================

C:\WINDOWS\system32\crypserv.exe
File not signed
MD5: 2177A0F611584BCA1DFDD7EEB35C0224
Creation and modification date: 2016-01-20 13:04 - 2010-03-18 21:25
Size: 000126976
Attributes: ----A
Company Name: CrypKey (Canada) Ltd.
Internal Name: crypserv
Original Name: crypserv.exe
Product: CrypKey Software Licensing System
Description: CrypKey License Service
File Version: 1, 1, 0, 6
Product Version: 7,1,0,0
Copyright: Copyright © 2000
VirusTotal: 0

====== End of File: ======


========================= File: C:\Genius\ioCentre\GMouseService.exe ========================

C:\Genius\ioCentre\GMouseService.exe
File not signed
MD5: 294E57711DE7DBF1555E105F22708E9F
Creation and modification date: 2016-01-09 20:31 - 2010-03-11 11:33
Size: 000016384
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======


========================= File: C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe ========================

C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
File not signed
MD5: 9CEE2BBB060DC4B7062BE4461774A7A0
Creation and modification date: 2018-04-20 07:28 - 2018-04-20 07:28
Size: 000190784
Attributes: ----A
Company Name:
Internal Name: DCSHOST
Original Name: HuaweiHiSuiteService.EXE
Product: HuaweiHiSuiteService
Description: HuaweiHiSuiteService
File Version: 2, 0, 0, 42
Product Version: 2, 0, 0, 42
Copyright: Copyright (C) 2008
VirusTotal: 0

====== End of File: ======


========================= File: C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe ========================

C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
File not signed
MD5: 8213094EA736A9C575AB0E22AD09B0BA
Creation and modification date: 2015-05-19 09:11 - 2015-05-19 09:11
Size: 000335872
Attributes: ----A
Company Name: Intel Corporation
Internal Name: isa.exe
Original Name: isa.exe
Product: Intel(R) Security Assist
Description: Intel(R) Security Assist
File Version: 1.0.0.532
Product Version: 1.0.0.532
Copyright: Copyright © 2014
VirusTotal: 0

====== End of File: ======


========================= File: C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe ========================

C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
File not signed
MD5: 1DFC3CCA51785254C5604238BB1A5467
Creation and modification date: 2015-05-19 09:11 - 2015-05-19 09:11
Size: 000007680
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======


========================= File: C:\WINDOWS\System32\drivers\lgandnetbus64.sys ========================

C:\WINDOWS\System32\drivers\lgandnetbus64.sys
File not signed
MD5: 34BBA51A066D55C948EDDAE065553CD1
Creation and modification date: 2015-01-21 12:55 - 2015-01-21 12:55
Size: 000020992
Attributes: ----A
Company Name: LG Electronics Inc.
Internal Name: ANDNETBUS
Original Name: lgandnetbus64.sys
Product: LGE AndroidNet Driver
Description: LGE AndroidNet Driver
File Version: Ver 3.14
Product Version: Ver 3.14
Copyright: LG Electronics Inc. Seoul, Korea.
VirusTotal: 0

====== End of File: ======


========================= File: C:\WINDOWS\system32\DRIVERS\lgandnetdiag64.sys ========================

C:\WINDOWS\system32\DRIVERS\lgandnetdiag64.sys
File not signed
MD5: DB9374B42A0203DF3B13F7909742F18E
Creation and modification date: 2015-01-26 08:22 - 2015-01-26 08:22
Size: 000030720
Attributes: ----A
Company Name: LG Electronics Inc.
Internal Name: lgandnetdiag64
Original Name: lgandnetdiag64.sys
Product: LGE AndroidNet Driver
Description: LGE AndroidNet Driver
File Version: Ver 3.14.0.0
Product Version: Ver 3.14.0.0
Copyright: LG Electronics Inc. Seoul, Korea.
VirusTotal: 0

====== End of File: ======


========================= File: C:\WINDOWS\system32\DRIVERS\lgandnetmodem64.sys ========================

C:\WINDOWS\system32\DRIVERS\lgandnetmodem64.sys
File not signed
MD5: 362169798009F467211D8BB9EBC6BE17
Creation and modification date: 2015-01-26 08:23 - 2015-01-26 08:23
Size: 000037376
Attributes: ----A
Company Name: LG Electronics Inc.
Internal Name: lgandnetmodem64
Original Name: lgandnetmodem64.sys
Product: LGE AndroidNet Driver
Description: LGE AndroidNet Driver
File Version: Ver 3.14.0.0
Product Version: Ver 3.14.0.0
Copyright: LG Electronics Inc. Seoul, Korea.
VirusTotal: 0

====== End of File: ======


========================= File: C:\WINDOWS\temp\CCRunOnce.exe ========================

C:\WINDOWS\temp\CCRunOnce.exe
File is digitally signed
MD5: 25B05B60E7E0693E3116D029D8F50014
Creation and modification date: 2018-11-04 14:43 - 2018-11-04 14:42
Size: 000213840
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======


========================= File: C:\Program Files\SEDREAP\start.exe ========================

C:\Program Files\SEDREAP\start.exe
File not signed
MD5: D5651B12BBCF90A655BE9B7C1CC2D032
Creation and modification date: 2016-07-16 15:47 - 2009-02-27 16:00
Size: 000040960
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======


========================= File: C:\WINDOWS\System32\gcprpm.dll ========================

C:\WINDOWS\System32\gcprpm.dll
File not signed
MD5: F2C842254CABEF54E55D77DF8863A0C6
Creation and modification date: 2018-07-08 17:47 - 2012-03-06 15:05
Size: 000054784
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product: GreenCloud
Description: Port Monitor DLL
File Version: 1.0
Product Version: 1.0
Copyright:
VirusTotal: 0

====== End of File: ======


========================= File: C:\WINDOWS\System32\ssm4mlm.dll ========================

C:\WINDOWS\System32\ssm4mlm.dll
File is digitally signed
MD5: DBAB523742E598670B37A65B16528CE1
Creation and modification date: 2017-06-23 19:34 - 2015-06-11 14:58
Size: 000022528
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product: Language Monitor for Status Monitor
Description: Language Monitor for Status Monitor
File Version: 1.4.9.0
Product Version: 1.4.9.0
Copyright:
VirusTotal: 0

====== End of File: ======

================== ExportKey: ===================

"HKLM\SYSTEM\CurrentControlSet\Services\aswSP" => not found

=== End of ExportKey ===
================== ExportKey: ===================

"HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt" => not found

=== End of ExportKey ===
================== ExportKey: ===================

"HKLM\SYSTEM\CurrentControlSet\Services\aswSnx" => not found

=== End of ExportKey ===
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\CCUpdate4" => not found
"HKU\S-1-5-21-2575284754-612537104-1906650694-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 18.151.0729.0012\amd64" => not found
"HKU\S-1-5-21-2575284754-612537104-1906650694-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 18.151.0729.0012" => not found
HKU\S-1-5-21-2575284754-612537104-1906650694-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98b68e53-90dd-11e8-9c91-84a6c826af79} => removed successfully
HKLM\Software\Classes\CLSID\{98b68e53-90dd-11e8-9c91-84a6c826af79} => not found
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKU\S-1-5-21-2575284754-612537104-1906650694-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11042018125919578\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://dub130.mail.live.com/default.aspx => Error: No automatic fix found for this entry.
"Firefox homepage" => removed successfully
"Chrome HomePage" => removed successfully
"Chrome StartupUrls" => removed successfully
SmartDefragDriver => Unable to stop service.
HKLM\System\CurrentControlSet\Services\SmartDefragDriver => removed successfully
SmartDefragDriver => service removed successfully
C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys => moved successfully
HKLM\System\CurrentControlSet\Services\aswbdisk => removed successfully
aswbdisk => service removed successfully
C:\Users\vanek\AppData\Local\SlimWare Utilities Inc => moved successfully
C:\WINDOWS\Tasks\ASC9_SkipUac_vanek.job => moved successfully
C:\WINDOWS\System32\Tasks\ASC9_SkipUac_vanek => moved successfully
C:\Users\vanek\AppData\LocalLow\IObit => moved successfully
C:\Users\vanek\AppData\Roaming\IObit => moved successfully
C:\ProgramData\IObit => moved successfully
C:\ProgramData\fontcacheev1.dat => moved successfully
C:\Users\vanek\AppData\Local\housecall.guid.cache => moved successfully
C:\Users\vanek\AppData\Local\RawCopy.1.10.agreement => moved successfully
C:\Users\vanek\AppData\Local\RawCopy.sourcedisk.index => moved successfully
C:\WINDOWS\temp\CCRunOnce.exe => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\SmartDefragExtension => removed successfully
HKLM\Software\Classes\CLSID\{189F1E63-33A7-404B-B2F6-8C76A452CC54} => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR => removed successfully
HKLM\Software\Classes\CLSID\[CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 => removed successfully
HKLM\Software\Classes\CLSID\[CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\SmartDefragExtension => removed successfully
HKLM\Software\Classes\CLSID\{189F1E63-33A7-404B-B2F6-8C76A452CC54} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR => removed successfully
HKLM\Software\Classes\CLSID\[CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 => removed successfully
HKLM\Software\Classes\CLSID\[CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54C10D9C-8D00-4BBC-8D6D-9CE730B99B0B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54C10D9C-8D00-4BBC-8D6D-9CE730B99B0B}" => removed successfully
"C:\WINDOWS\System32\Tasks\ASC9_SkipUac_vanek" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC9_SkipUac_vanek" => removed successfully
"C:\WINDOWS\Tasks\ASC9_SkipUac_vanek.job" => not found
C:\WINDOWS\Tasks\DriverNavigator Scheduled Scan.job => moved successfully
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`26hfm" ADS removed successfully
C:\ProgramData\TEMP => ":B801D4E2" ADS removed successfully
C:\WINDOWS\System32\IObitSmartDefragExtension.dll => moved successfully
C:\Program Files\KMSpico => moved successfully
"C:\Program Files\IObit" => not found
"C:\Program Files (x86)\IObit" => not found
"C:\Program Files\Common Files\IObit" => not found
"C:\ProgramData\IObit" => not found
C:\ProgramData\ProductData => moved successfully
"C:\Users\vanek\AppData\Roaming\IObit" => not found
"C:\Users\vanek\AppData\LocalLow\IObit" => not found

=========== "C:\Users\vanek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*Driver Booster*" ==========

not found

========= End -> "C:\Users\vanek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*Driver Booster*" ========


=========== "C:\Users\vanek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*Advanced SystemCare*" ==========

not found

========= End -> "C:\Users\vanek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*Advanced SystemCare*" ========

"C:\Users\Default\AppData\Roaming\IObit" => not found
"C:\Users\Default\AppData\LocalLow\IObit" => not found

=========== "C:\Users\Public\Desktop\*Driver Booster*" ==========

not found

========= End -> "C:\Users\Public\Desktop\*Driver Booster*" ========


=========== "C:\Users\Public\Desktop\*Advanced SystemCare*" ==========

not found

========= End -> "C:\Users\Public\Desktop\*Advanced SystemCare*" ========

"C:\Windows\IObit" => not found
C:\Windows\Tasks\ImCleanDisabled => moved successfully
"C:\ProgramData\{13CFD044-61E4-4EAC-AD61-02536D961216}" => not found
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 5" => not found
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 9461760 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 32495621 B
Java, Flash, Steam htmlcache => 1124 B
Windows/system/drivers => 268755687 B
Edge => 963 B
Chrome => 61042649 B
Firefox => 229376 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 904 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
vanek => 91504998 B

RecycleBin => 0 B
EmptyTemp: => 442 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:16:46 ====

Re: Heknutý počitač

Napsal: 05 lis 2018 21:01
od Conder
:arrow: OK, preskenuj to este s TDSSKillerom ako pisal kolega.

:arrow: Stiahni TDSSKiller: http://www.bleepingcomputer.com/download/tdsskiller/
  • Uloz na plochu a spusti ako spravca
  • Potvrd licencne podmienky
  • Klikni na Change parameters a zaskrtni "Loaded modules"
  • Potvrd restart PC
  • Po restartovani klikni na "Start Scan"
  • V pripade nalezu vyber u vsetkych nalezov "Skip" a klikni na "Continue"
  • Klikni na "Report" (vpravo hore) a tento log sem skopiruj

Re: Heknutý počitač

Napsal: 06 lis 2018 16:38
od vrazda
Ten program nic nenašiel je to dobré?A čo teras, k tomu mailu pisal som mu o mojom probleme a on mi odpisal:
Dobry den pan Vanek,

Nemozeme s tym nic spravit, len Vam zasa zmenime heslo.

Pokial su Vase pristupove udaje opakovane zneuzite, musite hladat problem v svojom PC – dokladna virusova kontrola.

Skuste do odstranenia pouzivat iba webmail, ako som Vam uz pisal predtym.

Ja som mu napisal: Dobrý deň ale mne hlási že vaša stránka webmail je nezabespečena. Tak preto sa už bojím ísť tam na mail.

A on mne:...je to len certifikat na subdomene, nie je s tym problem. Mozete webmail pouzivat.
Ja tomu nerozumiem

Re: Heknutý počitač

Napsal: 06 lis 2018 23:37
od Conder
:arrow: Je to dobre, PC vyzera cisty, podla FRST logov aj podla TDSSKiller. V PC je este nainstalovany Malwarebytes, tak mozes urobit uplny sken (aj ked nemyslim, ze to najde nieco vazne):
:arrow: Urob v MBAM uplny sken
  • Stiahni a nainstaluj Malwarebytes (MBAM): https://www.malwarebytes.com/mwb-download/thankyou/
  • Ignoruj skusobnu trial verziu
  • Otvor MBAM a vlavo klikni na "Skenovat"
  • Klikni na "Vlastne skenovanie" a potom na "Nakonfigurovat skenovanie" (Nastavit sken)
  • Vpravo oznac vsetky disky v PC a vlavo oznac moznost "Vyhladavat rootkity"
  • Klikni na Skenovat teraz a pockaj na dokoncenie
  • Po dokonceni klikni na Exportovat zhrnutie -> Textovy subor, zadaj nejaky nazov suboru a uloz na plochu
  • Obsah tohto suboru sem skopiruj
  • Obrazkovy navod (bohuzial pre starsiu verziu): https://forum.viry.cz/viewtopic.php?f=29&t=144868
:arrow: Co sa tyka toho emailu, skusil som ti na tu emailovu adresu v****@t********.sk poslat skusobny email s podvrhnutym odosielatom, pozri ci prisiel. Pokial sa pri tomto emaili nezobrazuje ziadne upozornenie ani nie je detekovany ako spam, tak by som povedal, ze chyba je skor na strane toho poskytovatela emailovej adresy, kedze zrejme nemaju nasadenu podporu SPF a ani DKIM, teda ich servery zjavne nekontroluju ci napr. emailova adresa odosielatela nie je falosna/vymyslena a mail sa tak iba tvari, ze bol odoslany z danej adresy, aj ked nebol. V tom pripade by som dalej tie emaily od udajneho "utocnika" dalej neriesil a ignoroval.

:arrow: Tu hlasku ze "stranka webmail nie je zabezpecena" ti hlasi prehliadac? Skus poslat screen.

Re: Heknutý počitač

Napsal: 07 lis 2018 15:49
od vrazda
To je tem sken. Ktomu emailu prisiel mi ako ten predtim skusil som odpovedat a vratil sa mi spet. Nič to nezachytilo že by to bol spam ale vitvoril som si pravidlo ze ked pride z mojej adresi mail tak to hodi do nevižiadanej pošty.

Re: Heknutý počitač

Napsal: 07 lis 2018 18:10
od Conder
:arrow: Neposlal si vysledky zo skenu Malwarebytes.

:arrow: Su este aj nejake ine problemy s PC?

Re: Heknutý počitač

Napsal: 07 lis 2018 18:41
od vrazda
Ja viem ze nie ale stále mi roby ten sken už viac ako 3 hodiny. Ako náhle to skončí tak to sem hneď dám
.Zatiaľ mi našiel iba toto:PUP. Optional. Reimage

Malwarebytes
http://www.malwarebytes.com

-Podrobnosti denníka-
Dátum skenovania: 7. 11. 2018
Čas skenovania: 15:58
Súbor denníka: 88e4efba-e29d-11e8-822c-3c970e0a7a76.json

-Údaje o softvéri-
Verzia: 3.6.1.2711
Verzia súčastí: 1.0.482
Aktualizovať verziu balíka: 1.0.7737
Licencia: Zadarmo

-Systémové informácie-
OS: Windows 10 (Build 17134.376)
Procesor: x64
Systém súborov: NTFS
Používateľ: DESKTOP-EA8C9J8\vanek

-Zhrnutie skenovania-
Typ skenovania: Vlastné skenovanie
Skenovanie bolo spustené: Manuálne
Výsledok: Dokončené
Preskenované objekty: 838844
Zistené hrozby: 2
Hrozby umiestnené do karantény: 0
Uplynulý čas: 8 h, 3 min, 7 s

-Možnosti skenovania-
Pamäť: Povolené
Spúšťanie: Povolené
Systém súborov: Povolené
Archívy: Povolené
Rootkity: Povolené
Heuristika: Povolené
PUP: Zistiť
PUM: Zistiť

-Podrobnosti skenovania-
Proces: 0
(Nezistili sa nijaké škodlivé položky)

Modul: 0
(Nezistili sa nijaké škodlivé položky)

Kľúč databázy Registry: 0
(Nezistili sa nijaké škodlivé položky)

Hodnota databázy Registry: 0
(Nezistili sa nijaké škodlivé položky)

Údaje databázy Registry: 0
(Nezistili sa nijaké škodlivé položky)

Prúd údajov: 0
(Nezistili sa nijaké škodlivé položky)

Priečinok: 0
(Nezistili sa nijaké škodlivé položky)

Súbor: 2
PUP.Optional.Reimage, C:\ADWCLEANER\QUARANTINE\V1\20181005.191251\32\REIMAGE\REIMAGE PROTECTOR\REIGUARD.EXE#A609E9ADB746846F, Bez zásahu používateľa, [1400], [327181],1.0.7737
RiskWare.Tool.CK, G:\STIAHNUTE\BATTLEFIELD 2 CZ\BATTLFIELD 2 KEYGEN.EXE, Bez zásahu používateľa, [5780], [294249],1.0.7737

Fyzický sektor: 0
(Nezistili sa nijaké škodlivé položky)

WMI: 0
(Nezistili sa nijaké škodlivé položky)


(end)


Co by si mi odporučil na bezpečnosť PC

Re: Heknutý počitač

Napsal: 08 lis 2018 17:02
od Conder
:arrow: Nalezy Malwarebytes mozes zmazat (ten prvy PUA nalez je v karantene AdwCleaneru takze to je neskodne, druhy nalez radsej tiez zmazat)

:arrow: Co sa tyka tej bezpecnosti, ak myslis antivirus tak podla logov je v PC uz nainstalovany ESET, co je kvalitny AV. Pripadne ine odporucania napr. tu: https://forum.viry.cz/viewtopic.php?f=29&t=152926
Všechny časy jsou v UTC+01:00
Stránka 2 z 3

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz