VIRY.CZ

zdravím, pred pár týždňami som riešil problém s neustálym vyskakovaním okien, spôsobený vírusom z USB z verejnej tlačiarne, až teraz som zistil že to isté robí aj priateľke na ntb, odkaz n topic: https://forum.viry.cz/viewtopic.php?f=1 ... 0bbf596f04

postup som zopakoval v rozsahu zakázania script hostu, a vymazaní MicrosoftSearchIndexer ako to pomohlo na mojom pc. tuna však stále hádže hlášku windows script host "prístup k programu win script host je na tomto pc vypnutý. prebehol som pc cez eset online scan, adwcleaner, jrt a stále ne pomohlo, pridávam log z frt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-06-2017 01
Ran by Miriam (administrator) on LAPTOP-730KM96J (16-06-2017 19:16:45)
Running from C:\Users\Miriam\Desktop
Loaded Profiles: Miriam (Available Profiles: Miriam)
Platform: Windows 10 Home Version 1607 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
() C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
() C:\Program Files\AVAST Software\SecureLine\vpnsvc.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16409496 2015-11-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [97512 2017-05-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [912768 2017-05-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [67680 2017-06-01] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3369260048-4190040626-483431282-1001\...\Run: [uTorrent] => C:\Users\Miriam\AppData\Roaming\uTorrent\uTorrent.exe [1980608 2017-05-21] (BitTorrent Inc.)
HKU\S-1-5-21-3369260048-4190040626-483431282-1001\...\Run: [MicrosoftSearchIndexer] => "wscript.exe //E:vbscript C:\Users\Miriam\AppData\Roaming\MicrosoftSearchIndexer"
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated)
Startup: C:\Users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zSpeedup.lnk [2017-06-16]
ShortcutTarget: zSpeedup.lnk -> C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe (Avira Operations GmbH & Co. KG)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{45861224-4c5c-4e6d-9773-6273655b73e9}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{fe01d4a4-b76c-47a1-8d30-c34220e7ee84}: [DhcpNameServer] 192.18.128.24

Internet Explorer:
==================
HKU\S-1-5-21-3369260048-4190040626-483431282-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer15.msn.com/?pc=ACTE
HKU\S-1-5-21-3369260048-4190040626-483431282-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer15.msn.com/?pc=ACTE
SearchScopes: HKU\S-1-5-21-3369260048-4190040626-483431282-1001 -> DefaultScope {3799F91A-24AE-43AF-B35E-BA1A5F7BE576} URL =
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-07-15] (Intel Security)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-07-15] (Intel Security)

FireFox:
========
FF DefaultProfile: agkj8evj.default
FF ProfilePath: C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\agkj8evj.default [2017-03-15]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\agkj8evj.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\agkj8evj.default -> about:home
FF Session Restore: Mozilla\Firefox\Profiles\agkj8evj.default -> is enabled.
FF Extension: (Avira Browser Safety) - C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\agkj8evj.default\Extensions\abs@avira.com.xpi [2017-02-11]
FF Extension: (Slovak (SK) Language Pack) - C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\agkj8evj.default\Extensions\langpack-sk@firefox.mozilla.org.xpi [2017-02-05]
FF Extension: (Mozilla Partner Defaults) - C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\agkj8evj.default\Extensions\partnerdefaults@mozilla.com [2016-07-08]
FF Extension: (Avira SafeSearch Plus) - C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\agkj8evj.default\Extensions\safesearchplus2@avira.com.xpi [2017-03-08]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-16] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-16] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=3 -> C:\Program Files (x86)\Avira\Scout Update\1.3.32.7\npScoutUpdate3.dll [2017-04-24] (Avira Operations GmbH & Co. KG)
FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=9 -> C:\Program Files (x86)\Avira\Scout Update\1.3.32.7\npScoutUpdate3.dll [2017-04-24] (Avira Operations GmbH & Co. KG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-11-23] ()

Chrome:
=======
CHR Profile: C:\Users\Miriam\AppData\Local\Google\Chrome\User Data\Default [2017-06-16]
CHR Extension: (Prezentácie Google) - C:\Users\Miriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-08]
CHR Extension: (Dokumenty Google) - C:\Users\Miriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-08]
CHR Extension: (Disk Google) - C:\Users\Miriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-08]
CHR Extension: (YouTube) - C:\Users\Miriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-08]
CHR Extension: (Tabuľky Google) - C:\Users\Miriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-08]
CHR Extension: (Avira Browser Safety) - C:\Users\Miriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-06-10]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Miriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-09]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Miriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Miriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-08]
CHR Extension: (Chrome Media Router) - C:\Users\Miriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-18]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1119712 2017-05-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [488920 2017-05-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [488920 2017-05-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1520680 2017-05-04] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [374352 2017-05-22] (Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [334064 2017-05-18] (Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [100816 2017-04-21] (Avira Operations GmbH & Co. KG)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2278152 2015-07-18] (Broadcom Corporation.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2267352 2016-08-30] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573568 2015-05-14] (Acer Incorporated)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-11-23] (WildTangent)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373720 2016-12-19] (Intel Corporation)
R3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3026584 2016-05-06] (Intel(R) Corporation)
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-07-07] (Intel Corporation)
R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [401248 2015-09-05] (Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [453984 2015-09-05] (Acer Incorporated)
S2 scupdate; C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [116312 2017-03-08] (Avira Operations GmbH & Co. KG)
S3 scupdatem; C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [116312 2017-03-08] (Avira Operations GmbH & Co. KG)
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [592392 2016-07-08] ()
R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [74800 2017-06-01] (Avira Operations GmbH & Co. KG)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [908256 2016-07-22] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-07-22] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-07-22] (McAfee, Inc.)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [247040 2015-05-27] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-28] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [161824 2017-05-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [163976 2017-05-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-05-04] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-05-04] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [48584 2017-05-04] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [199472 2015-07-18] (Broadcom Corporation.)
R3 BCMWL63A; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [11669736 2016-03-29] (Broadcom Corp)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21344 2015-09-05] (Acer Incorporated)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14688 2015-09-05] (Acer Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [889584 2015-09-23] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [408280 2015-11-17] (Realsil Semiconductor Corporation)
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [47784 2015-07-29] (Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-16 19:16 - 2017-06-16 19:17 - 00018585 _____ C:\Users\Miriam\Desktop\FRST.txt
2017-06-16 19:16 - 2017-06-16 19:16 - 00000000 ____D C:\FRST
2017-06-16 19:15 - 2017-06-16 19:16 - 02438656 _____ (Farbar) C:\Users\Miriam\Desktop\FRST64.exe
2017-06-16 19:15 - 2017-06-16 19:15 - 02438656 _____ (Farbar) C:\Users\Miriam\Downloads\FRST64.exe
2017-06-16 19:15 - 2017-06-16 19:15 - 02438656 _____ (Farbar) C:\Users\Miriam\Downloads\FRST64 (1).exe
2017-06-16 19:12 - 2017-06-16 19:12 - 01663672 _____ (Malwarebytes) C:\Users\Miriam\Downloads\JRT.exe
2017-06-16 19:12 - 2017-06-16 19:12 - 01663672 _____ (Malwarebytes) C:\Users\Miriam\Desktop\JRT.exe
2017-06-16 19:04 - 2017-06-16 19:04 - 00000000 ____D C:\Users\Miriam\AppData\LocalLow\uTorrent
2017-06-16 19:00 - 2017-06-16 19:03 - 00000000 ____D C:\AdwCleaner
2017-06-16 19:00 - 2017-06-16 19:00 - 04110280 _____ C:\Users\Miriam\Desktop\adwcleaner_6.047.exe
2017-06-16 18:59 - 2017-06-16 18:59 - 04110280 _____ C:\Users\Miriam\Downloads\adwcleaner_6.047.exe
2017-06-14 19:57 - 2017-06-14 19:57 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-06-14 15:30 - 2017-06-03 12:50 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-14 15:30 - 2017-06-03 12:16 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-14 15:30 - 2017-06-03 12:06 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-14 15:30 - 2017-06-03 11:58 - 00340832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-14 15:30 - 2017-06-03 11:55 - 00780640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-06-14 15:30 - 2017-06-03 11:54 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-14 15:30 - 2017-06-03 11:52 - 01021784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-06-14 15:30 - 2017-06-03 11:52 - 00607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2017-06-14 15:30 - 2017-06-03 11:52 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2017-06-14 15:30 - 2017-06-03 11:50 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-06-14 15:30 - 2017-06-03 11:50 - 00381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-06-14 15:30 - 2017-06-03 11:49 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-14 15:30 - 2017-06-03 11:44 - 01412640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-14 15:30 - 2017-06-03 11:44 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-14 15:30 - 2017-06-03 11:39 - 05686272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 15:30 - 2017-06-03 11:33 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-14 15:30 - 2017-06-03 11:32 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-14 15:30 - 2017-06-03 11:31 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-06-14 15:30 - 2017-06-03 11:31 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-14 15:30 - 2017-06-03 11:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-06-14 15:30 - 2017-06-03 11:28 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-06-14 15:30 - 2017-06-03 11:26 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-06-14 15:30 - 2017-06-03 11:26 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBrokerUI.dll
2017-06-14 15:30 - 2017-06-03 11:22 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-06-14 15:30 - 2017-06-03 11:22 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcorehc.dll
2017-06-14 15:30 - 2017-06-03 11:22 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
2017-06-14 15:30 - 2017-06-03 11:20 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-06-14 15:30 - 2017-06-03 11:19 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-06-14 15:30 - 2017-06-03 11:16 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2017-06-14 15:30 - 2017-06-03 11:15 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-14 15:30 - 2017-06-03 11:15 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-14 15:30 - 2017-06-03 11:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdProxy.dll
2017-06-14 15:30 - 2017-06-03 11:08 - 02643968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-14 15:30 - 2017-06-03 11:08 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-06-14 15:30 - 2017-06-03 11:05 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-06-14 15:30 - 2017-06-03 11:05 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hnetcfg.dll
2017-06-14 15:30 - 2017-06-03 11:04 - 02006528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-14 15:30 - 2017-06-03 11:04 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-14 15:30 - 2017-06-03 11:03 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-14 15:30 - 2017-06-03 11:02 - 02997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-14 15:30 - 2017-06-03 10:40 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-14 15:30 - 2017-03-04 08:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-06-14 15:30 - 2016-09-07 06:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2017-06-14 15:29 - 2017-06-03 12:50 - 00192856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-06-14 15:29 - 2017-06-03 12:14 - 01564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-06-14 15:29 - 2017-06-03 12:14 - 01214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-06-14 15:29 - 2017-06-03 12:14 - 00629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-06-14 15:29 - 2017-06-03 12:14 - 00544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-06-14 15:29 - 2017-06-03 12:14 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-14 15:29 - 2017-06-03 12:14 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-06-14 15:29 - 2017-06-03 12:14 - 00334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-06-14 15:29 - 2017-06-03 12:14 - 00233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-06-14 15:29 - 2017-06-03 12:14 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-06-14 15:29 - 2017-06-03 12:14 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-06-14 15:29 - 2017-06-03 12:14 - 00096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-06-14 15:29 - 2017-06-03 12:14 - 00034648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-06-14 15:29 - 2017-06-03 12:11 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-14 15:29 - 2017-06-03 12:11 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-14 15:29 - 2017-06-03 12:09 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-14 15:29 - 2017-06-03 12:08 - 07783256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-14 15:29 - 2017-06-03 12:01 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-14 15:29 - 2017-06-03 11:59 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-06-14 15:29 - 2017-06-03 11:59 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-14 15:29 - 2017-06-03 11:59 - 00118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-14 15:29 - 2017-06-03 11:53 - 00404824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-14 15:29 - 2017-06-03 11:51 - 02187104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-14 15:29 - 2017-06-03 11:51 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-06-14 15:29 - 2017-06-03 11:49 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-06-14 15:29 - 2017-06-03 11:49 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-14 15:29 - 2017-06-03 11:48 - 01112416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2017-06-14 15:29 - 2017-06-03 11:48 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-14 15:29 - 2017-06-03 11:48 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-14 15:29 - 2017-06-03 11:48 - 00857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2017-06-14 15:29 - 2017-06-03 11:48 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2017-06-14 15:29 - 2017-06-03 11:45 - 22220864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-14 15:29 - 2017-06-03 11:44 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-06-14 15:29 - 2017-06-03 11:40 - 01566552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-14 15:29 - 2017-06-03 11:40 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-14 15:29 - 2017-06-03 11:39 - 02532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-14 15:29 - 2017-06-03 11:39 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-14 15:29 - 2017-06-03 11:23 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-14 15:29 - 2017-06-03 11:22 - 07217152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-14 15:29 - 2017-06-03 11:18 - 22569984 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-14 15:29 - 2017-06-03 11:16 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-14 15:29 - 2017-06-03 11:16 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-14 15:29 - 2017-06-03 11:15 - 19414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-14 15:29 - 2017-06-03 11:15 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-14 15:29 - 2017-06-03 11:15 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-14 15:29 - 2017-06-03 11:14 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-14 15:29 - 2017-06-03 11:14 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-14 15:29 - 2017-06-03 11:14 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-14 15:29 - 2017-06-03 11:14 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-14 15:29 - 2017-06-03 11:11 - 00353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-06-14 15:29 - 2017-06-03 11:10 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-06-14 15:29 - 2017-06-03 11:10 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-06-14 15:29 - 2017-06-03 11:10 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBrokerUI.dll
2017-06-14 15:29 - 2017-06-03 11:09 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2017-06-14 15:29 - 2017-06-03 11:09 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcorehc.dll
2017-06-14 15:29 - 2017-06-03 11:09 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2017-06-14 15:29 - 2017-06-03 11:08 - 12187648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-14 15:29 - 2017-06-03 11:08 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-14 15:29 - 2017-06-03 11:08 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-06-14 15:29 - 2017-06-03 11:08 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-14 15:29 - 2017-06-03 11:07 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-14 15:29 - 2017-06-03 11:07 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-06-14 15:29 - 2017-06-03 11:07 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\HNetCfgClient.dll
2017-06-14 15:29 - 2017-06-03 11:06 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-14 15:29 - 2017-06-03 11:06 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-06-14 15:29 - 2017-06-03 11:04 - 06042624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-14 15:29 - 2017-06-03 11:03 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-06-14 15:29 - 2017-06-03 11:01 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-14 15:29 - 2017-06-03 11:00 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-14 15:29 - 2017-06-03 10:58 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2017-06-14 15:29 - 2017-06-03 10:56 - 13091840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-14 15:29 - 2017-06-03 10:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-06-14 15:29 - 2017-06-03 10:53 - 08125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-14 15:29 - 2017-06-03 10:52 - 03403264 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-14 15:29 - 2017-06-03 10:52 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-06-14 15:29 - 2017-06-03 10:52 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-14 15:29 - 2017-06-03 10:52 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2017-06-14 15:29 - 2017-06-03 10:51 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-06-14 15:29 - 2017-06-03 10:51 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2017-06-14 15:29 - 2017-06-03 10:50 - 04744704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-14 15:29 - 2017-06-03 10:50 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-14 15:29 - 2017-06-03 10:49 - 03615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-14 15:29 - 2017-06-03 10:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-14 15:29 - 2017-06-03 10:49 - 02475520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-14 15:29 - 2017-06-03 10:49 - 02318848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-14 15:29 - 2017-06-03 10:49 - 01845248 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-14 15:29 - 2017-06-03 10:49 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-14 15:29 - 2017-06-03 10:49 - 00903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-14 15:29 - 2017-06-03 10:49 - 00351744 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnetcfg.dll
2017-06-14 15:29 - 2017-06-03 10:48 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-06-14 15:29 - 2017-06-03 10:48 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-14 15:29 - 2017-06-03 10:48 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-14 15:29 - 2017-06-03 10:48 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-06-14 15:29 - 2017-06-03 10:46 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-14 15:29 - 2017-06-03 08:08 - 00080078 _____ C:\WINDOWS\system32\normidna.nls
2017-06-14 15:29 - 2017-05-25 07:56 - 00038752 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-06-14 15:29 - 2017-03-04 08:22 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-06-14 15:29 - 2017-03-04 08:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-06-14 15:29 - 2017-03-04 08:16 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2017-06-10 09:55 - 2017-06-16 19:04 - 00000000 ____D C:\Users\Public\Speedup Sessions
2017-06-08 14:50 - 2017-06-08 14:50 - 00011676 _____ C:\Users\Miriam\Downloads\menny-zoznam---tabulka.xlsx
2017-06-07 14:45 - 2017-06-07 14:45 - 00625381 _____ C:\Users\Miriam\Downloads\PORADIE-NA-ŠTÁTNICE-A-POKYNY (1).pdf
2017-06-07 13:57 - 2017-06-07 14:01 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-06-07 11:15 - 2017-06-07 11:15 - 00412172 _____ C:\WINDOWS\Minidump\060717-6343-01.dmp
2017-06-07 11:04 - 2017-06-07 11:04 - 00412172 _____ C:\WINDOWS\Minidump\060717-5656-01.dmp
2017-06-07 10:45 - 2017-06-07 10:45 - 00017722 _____ C:\Users\Miriam\Downloads\[CzT]Zpivej_Sing_2016_CZ_.torrent
2017-06-05 13:58 - 2017-06-07 14:29 - 00000000 ____D C:\Users\Miriam\AppData\Local\ESET
2017-06-05 13:57 - 2017-06-05 13:58 - 06754944 _____ (ESET spol. s r.o.) C:\Users\Miriam\Downloads\esetonlinescanner_enu.exe
2017-06-04 15:37 - 2017-06-04 15:37 - 00436374 _____ C:\Users\Miriam\Downloads\a418c6a3.pptx
2017-06-03 21:28 - 2017-06-05 13:54 - 00426517 _____ C:\Users\Miriam\Desktop\PrezentáciaBP_Štangová.pptx
2017-06-03 20:24 - 2017-06-03 20:24 - 01035777 _____ C:\Users\Miriam\Downloads\Hurtalova_BP.pptx
2017-06-01 12:29 - 2017-06-01 12:29 - 00061066 _____ C:\Users\Miriam\Downloads\Kalendár 2017.pptx
2017-05-31 15:00 - 2017-05-31 15:00 - 00290971 _____ C:\Users\Miriam\Downloads\DBFA4C014AB94634AA643D824D576979.pdf
2017-05-30 13:40 - 2017-05-30 13:40 - 00213895 _____ C:\Users\Miriam\Downloads\06FA134B1F6C4B8D843C39F0FBBBCDE3.pdf
2017-05-29 15:57 - 2017-05-29 15:57 - 00625381 _____ C:\Users\Miriam\Downloads\PORADIE-NA-ŠTÁTNICE-A-POKYNY.pdf
2017-05-18 20:41 - 2017-05-18 20:41 - 00835619 _____ C:\Users\Miriam\Desktop\28900320171054_Štangová.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-16 19:10 - 2016-10-18 13:03 - 00626384 _____ C:\WINDOWS\system32\perfh01B.dat
2017-06-16 19:10 - 2016-10-18 13:03 - 00186896 _____ C:\WINDOWS\system32\perfc01B.dat
2017-06-16 19:10 - 2016-07-13 10:40 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\uTorrent
2017-06-16 19:10 - 2016-01-05 08:55 - 02071478 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-16 19:04 - 2016-10-13 18:57 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-06-16 19:04 - 2016-07-08 12:52 - 00000000 __SHD C:\Users\Miriam\IntelGraphicsProfiles
2017-06-16 19:03 - 2016-10-13 19:07 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-16 19:03 - 2016-07-16 08:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-06-16 19:01 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-16 19:01 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-16 18:52 - 2017-05-08 20:41 - 00000000 ____D C:\Users\Miriam\AppData\Local\Jagex
2017-06-16 18:52 - 2017-05-03 17:37 - 00000000 ____D C:\ProgramData\Jagex
2017-06-16 18:52 - 2016-10-13 18:58 - 00000000 ____D C:\Users\Miriam
2017-06-16 18:51 - 2016-12-18 17:16 - 00004212 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{266312B4-B0F1-4B15-847E-9D0A558C6253}
2017-06-16 18:51 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-16 18:51 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-16 18:49 - 2016-01-05 08:51 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-16 18:48 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF
2017-06-16 18:47 - 2016-10-13 18:56 - 00344264 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-14 19:57 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-14 19:57 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-14 19:57 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-14 19:46 - 2016-07-09 21:03 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-14 19:44 - 2017-03-22 18:12 - 00004648 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-06-14 19:44 - 2016-07-11 19:21 - 00000000 ____D C:\Users\Miriam\AppData\Local\Adobe
2017-06-14 15:43 - 2016-07-09 21:03 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-14 15:42 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-14 15:14 - 2016-10-13 18:56 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-14 14:59 - 2016-11-12 16:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-06-14 14:59 - 2016-03-29 02:15 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-10 17:01 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-06-10 09:55 - 2016-11-12 16:43 - 00000000 ____D C:\Program Files (x86)\Avira
2017-06-07 11:15 - 2017-01-08 14:40 - 00000000 ____D C:\WINDOWS\Minidump
2017-06-07 11:15 - 2016-07-09 21:20 - 503446401 _____ C:\WINDOWS\MEMORY.DMP
2017-06-07 10:46 - 2016-07-13 10:30 - 00000000 ____D C:\Users\Miriam\Desktop\Filmy
2017-06-05 17:45 - 2016-10-03 13:47 - 00000000 ___RD C:\Users\Miriam\Desktop\Škola
2017-06-03 22:14 - 2017-03-24 14:54 - 00000000 ____D C:\Users\Miriam\Desktop\Bac
2017-06-03 08:36 - 2016-07-16 13:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-03 08:36 - 2016-07-16 13:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-17 20:57 - 2017-04-29 12:30 - 00000000 ___RD C:\Users\Miriam\Documents\Scanned Documents
2017-05-17 17:09 - 2017-03-08 20:19 - 00002288 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories =======

2016-10-13 18:57 - 2016-10-13 18:57 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-07 15:44

==================== End of FRST.txt ============================

Zdravím!
Předpokládám, že to, co nalezl ADW jsta smazal. Pokud ano, otevřte poznámkový blok a zkopírujte do něj:

Start
SearchScopes: HKU\S-1-5-21-3369260048-4190040626-483431282-1001 -> DefaultScope {3799F91A-24AE-43AF-B35E-BA1A5F7BE576} URL =
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\ProgramData\DP45977C.lfl

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-06-2017 01
Ran by Miriam (17-06-2017 09:35:18) Run:1
Running from C:\Users\Miriam\Desktop
Loaded Profiles: Miriam (Available Profiles: Miriam)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
SearchScopes: HKU\S-1-5-21-3369260048-4190040626-483431282-1001 -> DefaultScope {3799F91A-24AE-43AF-B35E-BA1A5F7BE576} URL =
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\ProgramData\DP45977C.lfl

EmptyTemp:
End
*****************

HKU\S-1-5-21-3369260048-4190040626-483431282-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 583648 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 82204297 B
Java, Flash, Steam htmlcache => 5082 B
Windows/system/drivers => 42698423 B
Edge => 38959889 B
Chrome => 512724913 B
Firefox => 377776851 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 5337549 B
systemprofile32 => 128 B
LocalService => 68406 B
NetworkService => 20410 B
Miriam => 582666914 B

RecycleBin => 2413 B
EmptyTemp: => 1.5 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 09:36:30 ====

Zatiaľ to vyzerá dobre, nevyskočilo žiadne okno za prvých minút.

OK. Vše bylo smazáno.

Po pár dňoch problém stále pretrváva, avšak otravné vyskakovacie okno sa spustí len občas,,,,niekedy zapnem ntb a hodinu som na ňom, nič mi nevyskoči a niekedy ihned po zapnutí pc. zatial som nespozoroval , ktorý úkon aktivuje okno daej otravuje, nieaké dalšie rady ???

Zkusíme vyčistit prohlížeče. Spusťte posrupně tyto utility:

1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

pridávam log zo zoek:

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Miriam on 24.06.2017 at 20:20:35,20.
Microsoft Windows 10 Home 10.0.14393 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Miriam\Downloads\zoek.exe [Scan all users] [Quick Scan] [Auto Clean]

==== System Restore Info ======================

24.06.2017 20:21:44 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\Miriam\AppData\Local\ActiveSync deleted successfully
C:\Users\Miriam\AppData\Local\AviraSpeedup deleted successfully
C:\Users\Miriam\AppData\Local\NetworkTiles deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

ProfilePath: C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\agkj8evj.default

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ----

prefs__2036_.backup

==== Deleting Files \ Folders ======================

C:\windows\SysNative\Tasks\Software Update Application deleted
C:\PROGRA~3\Package Cache deleted
C:\windows\SysNative\Tasks\Avast SecureLine deleted
C:\windows\SysNative\Tasks\avast! SL Update deleted
C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\agkj8evj.default\extensions\partnerdefaults@mozilla.com deleted

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
2017-06-16 17:34:12 B0C72A8C72E1DD8FFD9587D318F1C089 2259 ----a-w- C:\WINDOWS\epplauncher.mif
2017-06-14 13:29:20 E8B796A523D2B63A9C7BB0576DFE793E 975872 ----a-w- C:\WINDOWS\HelpPane.exe
====== C:\Users\Miriam\AppData\Local\Temp ====
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
2017-06-14 13:30:08 7E866F728EC98B40CAC7DC3211452A16 545944 ----a-w- C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-14 13:30:08 0F28A83057FB22765B58F58860312694 315744 ----a-w- C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-14 13:30:08 00EAA3BC620929BE3E6D24146C7CC1EE 483840 ----a-w- C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-14 13:30:07 FBFF9BF41479031BA892670A69E94AF8 2006528 ----a-w- C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-14 13:30:07 EB9F8A08F96CDEE70C6E85CB530ECF5B 224256 ----a-w- C:\WINDOWS\SysWOW64\ExSMime.dll
2017-06-14 13:30:07 9722B441E20C9C3B34EECA660303B3B5 780640 ----a-w- C:\WINDOWS\SysWOW64\WWAHost.exe
2017-06-14 13:30:07 59D8A8C06114DE6E5F277B4CA6039D51 368128 ----a-w- C:\WINDOWS\SysWOW64\puiobj.dll
2017-06-14 13:30:07 12D38105EF6B39287B9479A0B5D0750D 2048496 ----a-w- C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-14 13:30:06 D8DD468AD61EA092F0F9B9FA51AEA929 755712 ----a-w- C:\WINDOWS\SysWOW64\kerberos.dll
2017-06-14 13:30:06 8F638F134BEED7E1A097FF5DD4F32D33 37376 ----a-w- C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-14 13:30:06 17E04FC6F7004025AD303F884600B93F 1412640 ----a-w- C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-14 13:30:06 07680AD9B1ADC68B65FBF06BF0E07848 2997760 ----a-w- C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-14 13:30:05 1A81E067094E519882FBE65674A31DA6 20967840 ----a-w- C:\WINDOWS\SysWOW64\shell32.dll
2017-06-14 13:30:04 C772EE3E956DA3B21549C44DD1CBA022 231936 ----a-w- C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-06-14 13:30:04 2B2C59488185FCDD94C8077879F7D2EC 5686272 ----a-w- C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 13:30:04 207D69F66829C89B23BB206A1DEBFF3E 285184 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-06-14 13:30:03 DD822D3B371DA4BBAA167B9279338074 1988096 ----a-w- C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-14 13:30:03 38CD97EABCD0989375DE31C55DB64744 1221120 ----a-w- C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-06-14 13:30:02 AE3C94E8C7E0820AE6D014048F8E92F4 886272 ----a-w- C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-14 13:30:02 91D374EB0852B8D83939AF8B44056436 1021784 ----a-w- C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-06-14 13:30:02 83DB1B53D6B80A8A2219DDC661DC4AF3 607072 ----a-w- C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2017-06-14 13:30:02 804C6C0A17BC054C8FCAF3FA59C59EED 2643968 ----a-w- C:\WINDOWS\SysWOW64\tquery.dll
2017-06-14 13:30:02 613CAF12F074D723B62BCF13383EA513 709120 ----a-w- C:\WINDOWS\SysWOW64\CPFilters.dll
2017-06-14 13:30:01 D01B678C1B3DC6A8CEB1E5BE8C80F28A 181760 ----a-w- C:\WINDOWS\SysWOW64\tcpipcfg.dll
2017-06-14 13:30:01 C04621FEDE5AF0F91675AF80CF3F8D16 340832 ----a-w- C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-14 13:30:01 B7CFC1C5B3353FF0BE171E76E599B122 364544 ----a-w- C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-06-14 13:30:01 AFFA1FD1984250537436990FAB04A47C 295424 ----a-w- C:\WINDOWS\SysWOW64\hnetcfg.dll
2017-06-14 13:30:01 838192E7C51BA80217277169EEBC0BE3 327168 ----a-w- C:\WINDOWS\SysWOW64\netcorehc.dll
2017-06-14 13:30:01 66E2AA655F4E11F40362995D1E3FBE41 773120 ----a-w- C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-14 13:30:01 5181B7BE1B912B9AA50858C5D860E8D9 111968 ----a-w- C:\WINDOWS\SysWOW64\NetSetupApi.dll
2017-06-14 13:30:01 4D0BBCC85007F01B1E69B926B97D38FA 118272 ----a-w- C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2017-06-14 13:30:01 20C0C534C203004F271585F7B8A7276E 100352 ----a-w- C:\WINDOWS\SysWOW64\AuthBrokerUI.dll
2017-06-14 13:30:01 1C5F45D0C096B30660CD6478E83340E8 95232 ----a-w- C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-14 13:30:01 00D5767DC76922C810EDCA01B8C23ED6 1164288 ----a-w- C:\WINDOWS\SysWOW64\certutil.exe
2017-06-14 13:30:00 D18BFA3288DE0F05721F3C5C0EA5ADC9 232448 ----a-w- C:\WINDOWS\SysWOW64\edputil.dll
2017-06-14 13:30:00 820EFB58A8BE5D0D0901B42C5B87948D 2560 ----a-w- C:\WINDOWS\SysWOW64\tzres.dll
2017-06-14 13:30:00 4931D908A1EBFD82A6C34CD13D5EC2BA 27136 ----a-w- C:\WINDOWS\SysWOW64\fdProxy.dll
2017-06-14 13:29:57 E31E12A238ED955FCA7505436C9EA681 1706488 ----a-w- C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-14 13:29:38 EE5471ED61FCA6EBB955F69657A51E96 18364928 ----a-w- C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-14 13:29:38 46B73619AA04C2932B72274901A00C91 635904 ----a-w- C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-06-14 13:29:36 C09B9EC9CFED978918F7A0137D41AA92 3664384 ----a-w- C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-14 13:29:36 A325B781E64B9D02BA6B2E9E0DF13844 822784 ----a-w- C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-06-14 13:29:35 615F788383682C3931D89CAC00BC9D40 306688 ----a-w- C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-14 13:29:35 4B4D68731C21CB4CB5313270FCC7136E 19414016 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-14 13:29:34 82933E2FC5235A185C5FB15BD1C174E7 6042624 ----a-w- C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-14 13:29:33 3264894312F31CA89EB9BAAF46DB323B 12187648 ----a-w- C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-14 13:29:03 ACE32CBDDF2BE6B5151A02F30B8E7208 192856 ----a-w- C:\WINDOWS\SysWOW64\aepic.dll
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
2017-06-17 07:37:24 5C5A797761421CF9B72087F3BC8A5259 180 ----a-w- C:\WINDOWS\Sysnative\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-06-14 13:30:00 BE7696381EADA160D20D172D5881E011 857440 ----a-w- C:\WINDOWS\Sysnative\WWAHost.exe
2017-06-14 13:29:59 9CB576709100152AC1C5E9FB223D29B7 552960 ----a-w- C:\WINDOWS\Sysnative\MusUpdateHandlers.dll
2017-06-14 13:29:59 90F392BF1D30D878CA96B431741AD547 391168 ----a-w- C:\WINDOWS\Sysnative\wuuhext.dll
2017-06-14 13:29:59 7A2CF02E4120AA5B5465D79D78C0DEC2 2538496 ----a-w- C:\WINDOWS\Sysnative\mssrch.dll
2017-06-14 13:29:59 2F5D3B6FEF24DD0824964C36FDC7E0B7 3403264 ----a-w- C:\WINDOWS\Sysnative\tquery.dll
2017-06-14 13:29:58 E7F14801E038AD77A64AF30AC78B905A 903680 ----a-w- C:\WINDOWS\Sysnative\SearchIndexer.exe
2017-06-14 13:29:58 D10DFA27265E6E9729AC0D5963C8B7CA 1217024 ----a-w- C:\WINDOWS\Sysnative\Windows.Media.Audio.dll
2017-06-14 13:29:58 07716E97BCC70C9577425EB98D2B35BC 124416 ----a-w- C:\WINDOWS\Sysnative\mssprxy.dll
2017-06-14 13:29:57 4EE256C1721939A0240FE8550E5B7879 38752 ----a-w- C:\WINDOWS\Sysnative\OOBEUpdater.exe
2017-06-14 13:29:57 0B578557804EF663D120D63255632687 119808 ----a-w- C:\WINDOWS\Sysnative\UserDataTimeUtil.dll
2017-06-14 13:29:55 22A034F884D3A749C9F1E378D88866C3 857952 ----a-w- C:\WINDOWS\Sysnative\NetSetupEngine.dll
2017-06-14 13:29:54 D190D4F089EACA940D5233478CD94E4F 1131008 ----a-w- C:\WINDOWS\Sysnative\localspl.dll
2017-06-14 13:29:54 09788178ECBD170263A19D067DF1363B 2213760 ----a-w- C:\WINDOWS\Sysnative\KernelBase.dll
2017-06-14 13:29:53 908CC42EE5D8CC73D4C136B5577EA08D 22220864 ----a-w- C:\WINDOWS\Sysnative\shell32.dll
2017-06-14 13:29:50 E0981C2DA535C7D579601C967210E25E 266752 ----a-w- C:\WINDOWS\Sysnative\NetSetupSvc.dll
2017-06-14 13:29:50 AC6E9ED99F0D3814D3B35387709747EF 834048 ----a-w- C:\WINDOWS\Sysnative\win32spl.dll
2017-06-14 13:29:50 749F864C24C69BE5D129C34A445F32B8 100864 ----a-w- C:\WINDOWS\Sysnative\wpninprc.dll
2017-06-14 13:29:50 3FE979055667B0E488855856ABA70BB1 456192 ----a-w- C:\WINDOWS\Sysnative\puiobj.dll
2017-06-14 13:29:50 29D1A548F8544222EC7C3C50F73D8003 238592 ----a-w- C:\WINDOWS\Sysnative\MusNotification.exe
2017-06-14 13:29:49 C9779ED5EB5A97C652E77CBCE9CE51D3 98304 ----a-w- C:\WINDOWS\Sysnative\MusNotificationUx.exe
2017-06-14 13:29:49 9888D91E8B5679FAF3E4E57B5A59BD5C 148832 ----a-w- C:\WINDOWS\Sysnative\NetSetupApi.dll
2017-06-14 13:29:49 038E6D6F2C86E574556D1AAF2A99BBA6 53248 ----a-w- C:\WINDOWS\Sysnative\musdialoghandlers.dll
2017-06-14 13:29:39 25B2F6E8FCA707EEE8101D20A8587FCC 441344 ----a-w- C:\WINDOWS\Sysnative\netcorehc.dll
2017-06-14 13:29:34 2D906DD0D937EF6B3318F174DBDFF059 4744704 ----a-w- C:\WINDOWS\Sysnative\jscript9.dll
2017-06-14 13:29:33 A4C55CB11E20A04531F80603C984AF76 691200 ----a-w- C:\WINDOWS\Sysnative\ieproxy.dll
2017-06-14 13:29:32 B7AAA1FBABF23938FF429FE7D04D9399 8125440 ----a-w- C:\WINDOWS\Sysnative\Chakra.dll
2017-06-14 13:29:32 623C8989860C6162971A240A99903410 13091840 ----a-w- C:\WINDOWS\Sysnative\ieframe.dll
2017-06-14 13:29:31 FE2D97721969818E483780C9FE4333BC 1513472 ----a-w- C:\WINDOWS\Sysnative\win32kbase.sys
2017-06-14 13:29:31 5070B37B20DDC257AF93EB0BE8AB5690 1845248 ----a-w- C:\WINDOWS\Sysnative\FntCache.dll
2017-06-14 13:29:30 512FAC578366299C2DD4D94BE36F5A0D 23677440 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll
2017-06-14 13:29:29 8F176DA53E5AD6F3B9FEFDC93346EFFC 7783256 ----a-w- C:\WINDOWS\Sysnative\ntoskrnl.exe
2017-06-14 13:29:28 DDD49029DA039B2D1A9E3ACA8F2E97F0 2475520 ----a-w- C:\WINDOWS\Sysnative\DWrite.dll
2017-06-14 13:29:28 76142A00FDA4E0B192D1057BBAECF17A 2681200 ----a-w- C:\WINDOWS\Sysnative\CoreUIComponents.dll
2017-06-14 13:29:28 7478F2B823BFBFF75ECF805BC03B2C83 932864 ----a-w- C:\WINDOWS\Sysnative\kerberos.dll
2017-06-14 13:29:27 5C60B2D2144E792EC68C35DA1644C502 22569984 ----a-w- C:\WINDOWS\Sysnative\edgehtml.dll
2017-06-14 13:29:22 3C64F2BE8C71B03F4C69D4C116109E1D 418304 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.BlockedShutdown.dll
2017-06-14 13:29:21 ECB92C17AC64FF64148BE807AC29386A 337408 ----a-w- C:\WINDOWS\Sysnative\NetworkBindingEngineMigPlugin.dll
2017-06-14 13:29:21 B247CEF0A92DC1D3E377BE6AA365B01A 1121280 ----a-w- C:\WINDOWS\Sysnative\aadtb.dll
2017-06-14 13:29:20 BA247C2CCC1F037D5EF4AEB5AC23E1F5 1112416 ----a-w- C:\WINDOWS\Sysnative\AppxPackaging.dll
2017-06-14 13:29:20 B7D7188C0AD7526D5425F8F0C88C712C 353792 ----a-w- C:\WINDOWS\Sysnative\cloudAP.dll
2017-06-14 13:29:20 B06DAED17F67FFD124F397E4353D985C 404824 ----a-w- C:\WINDOWS\Sysnative\msv1_0.dll
2017-06-14 13:29:20 31BFADFB13EBC9CB06D6E250FEA0FD36 856064 ----a-w- C:\WINDOWS\Sysnative\efscore.dll
2017-06-14 13:29:19 FB30AD7EAD9E77C61778DE7E27E30C59 351744 ----a-w- C:\WINDOWS\Sysnative\hnetcfg.dll
2017-06-14 13:29:16 A64CF9D11F695E8BE7E88DB2FF9ACBE9 379232 ----a-w- C:\WINDOWS\Sysnative\atmfd.dll
2017-06-14 13:29:16 63B6CCF24C70F16976B8AD11389B4B80 628552 ----a-w- C:\WINDOWS\Sysnative\fontdrvhost.exe
2017-06-14 13:29:15 9E4231D238FF2D1F5086DC8AF934F1A2 886784 ----a-w- C:\WINDOWS\Sysnative\CPFilters.dll
2017-06-14 13:29:15 833B3B359F0206401810503E570EDEBC 1566552 ----a-w- C:\WINDOWS\Sysnative\gdi32full.dll
2017-06-14 13:29:14 B306E46465689426AC31FF472607BE62 2318848 ----a-w- C:\WINDOWS\Sysnative\wuaueng.dll
2017-06-14 13:29:14 1E287D5A69A485F23749BCE65F83018A 1600624 ----a-w- C:\WINDOWS\Sysnative\sppobjs.dll
2017-06-14 13:29:14 12F68C1BA2D9BB2239B24E16F90246FF 3615744 ----a-w- C:\WINDOWS\Sysnative\win32kfull.sys
2017-06-14 13:29:13 156DA1A406F1909107E048584021B631 1490432 ----a-w- C:\WINDOWS\Sysnative\lsasrv.dll
2017-06-14 13:29:11 9171E680ADE30F22D78AF28F84DA27D5 764392 ----a-w- C:\WINDOWS\Sysnative\CoreMessaging.dll
2017-06-14 13:29:11 85898A239780D457B73AAC42B73B4CB1 7217152 ----a-w- C:\WINDOWS\Sysnative\Windows.Data.Pdf.dll
2017-06-14 13:29:08 304AFBB7C4FB4FA26538602C02E5EA73 2510848 ----a-w- C:\WINDOWS\Sysnative\NetworkMobileSettings.dll
2017-06-14 13:29:08 0865275CF6DF73BD560C1A49600A4FA9 324608 ----a-w- C:\WINDOWS\Sysnative\Windows.ApplicationModel.LockScreen.dll
2017-06-14 13:29:06 A8AC0C570C3629718A6CF06BDCE53A55 334176 ----a-w- C:\WINDOWS\Sysnative\invagent.dll
2017-06-14 13:29:06 7D4E7B74E017D343089CE49559A159D1 233824 ----a-w- C:\WINDOWS\Sysnative\aepic.dll
2017-06-14 13:29:06 7B856A5EE257489AB7EDBC77089A836C 989024 ----a-w- C:\WINDOWS\Sysnative\hvax64.exe
2017-06-14 13:29:06 4BD676CC2DBA76D4B00C1664160F488C 1100128 ----a-w- C:\WINDOWS\Sysnative\hvix64.exe
2017-06-14 13:29:06 00F9F8F9FF615D71CC178DEA0B1ED720 1214816 ----a-w- C:\WINDOWS\Sysnative\aeinv.dll
2017-06-14 13:29:05 961E25D8F68C638F42199DDD6FA96342 455520 ----a-w- C:\WINDOWS\Sysnative\securekernel.exe
2017-06-14 13:29:05 7BD6C15F1C1CB0B74FB167042F20E0C9 1564512 ----a-w- C:\WINDOWS\Sysnative\appraiser.dll
2017-06-14 13:29:04 AA0D47B6CC0D5D3DAD069A01F3F91E86 629088 ----a-w- C:\WINDOWS\Sysnative\generaltel.dll
2017-06-14 13:29:04 32A8CD2D7B5D4F503B4F8E559FE05B13 96608 ----a-w- C:\WINDOWS\Sysnative\CompatTelRunner.exe
2017-06-14 13:29:04 18DE0596384F02237F805BD1A352FD75 544096 ----a-w- C:\WINDOWS\Sysnative\devinv.dll
2017-06-14 13:29:03 F1B41E1EB362B1FD8A8EB6011D17D58F 489472 ----a-w- C:\WINDOWS\Sysnative\NetSetupShim.dll
2017-06-14 13:29:03 BA775B101B5E6C12D4A7AE9CBFA4F008 335712 ----a-w- C:\WINDOWS\Sysnative\dcntel.dll
2017-06-14 13:29:03 0FA65256069B1B65581144F206027DE5 147456 ----a-w- C:\WINDOWS\Sysnative\winsrv.dll
2017-06-14 13:29:02 E863706E7D0E6061689D7721959C0437 136032 ----a-w- C:\WINDOWS\Sysnative\acmigration.dll
2017-06-14 13:29:02 A3E5C464520434D873BF1BD092117853 45056 ----a-w- C:\WINDOWS\Sysnative\atmlib.dll
2017-06-14 13:29:02 597C96281C55868CDBB06E22ADAEDCA9 80078 ----a-w- C:\WINDOWS\Sysnative\normidna.nls
2017-06-14 13:29:02 1503DA64D20DD3ECB18A27686B3FF7EA 34648 ----a-w- C:\WINDOWS\Sysnative\DeviceCensus.exe
2017-06-14 13:29:02 063DED567D61B4CC817CF8E69D480336 1418240 ----a-w- C:\WINDOWS\Sysnative\certutil.exe
2017-06-14 13:29:01 FAD89A8156FA444E0962BC5C2A23B103 117760 ----a-w- C:\WINDOWS\Sysnative\AuthBrokerUI.dll
2017-06-14 13:29:01 C9DAA29BDD6E2C61A6603DE75F6EE761 255488 ----a-w- C:\WINDOWS\Sysnative\HNetCfgClient.dll
2017-06-14 13:29:01 388E910ADC7F7E8BB21514FAA4A478E2 198144 ----a-w- C:\WINDOWS\Sysnative\dpapisrv.dll
2017-06-14 13:29:01 3209DC681B5F46F4CDF724C48569ED11 136024 ----a-w- C:\WINDOWS\Sysnative\ImplatSetup.dll
2017-06-14 13:29:01 2EB64622FEB3E6790FD72D06C9BEB319 252928 ----a-w- C:\WINDOWS\Sysnative\edputil.dll
2017-06-14 13:29:00 75FD10B0F7721B6548BE8D7F1F79DE04 2560 ----a-w- C:\WINDOWS\Sysnative\tzres.dll
2017-06-14 13:29:00 06C58C9B85A77AB69D9C319D690B27C8 64512 ----a-w- C:\WINDOWS\Sysnative\fdProxy.dll
====== C:\WINDOWS\Sysnative\drivers =====
2017-06-14 13:30:01 D515CD0012EBFF9EF255798F3A4BA1EE 187232 ----a-w- C:\WINDOWS\Sysnative\drivers\dumpsd.sys
2017-06-14 13:30:01 72ABA6AC74F7AA9C9A4AC61BE628ADD1 41472 ----a-w- C:\WINDOWS\Sysnative\drivers\BasicRender.sys
2017-06-14 13:30:01 58827BEFC54D4396D3FD191F5DD31C1D 381792 ----a-w- C:\WINDOWS\Sysnative\drivers\USBXHCI.SYS
2017-06-14 13:30:01 08ED027CD8A43E3412BDD134A43B13E8 279904 ----a-w- C:\WINDOWS\Sysnative\drivers\sdbus.sys
2017-06-14 13:29:55 4ED37041ADB4BD4BEEB1279AFA5808A9 2532192 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys
2017-06-14 13:29:54 A530D0C58A657BCD1629816B887661CB 1181024 ----a-w- C:\WINDOWS\Sysnative\drivers\ndis.sys
2017-06-14 13:29:50 A7C267671EDDF066E8CFBF897BC4B626 118112 ----a-w- C:\WINDOWS\Sysnative\drivers\tdx.sys
2017-06-14 13:29:31 9E407EAF1B5FFD4209C2B5F7A8B83BE5 402272 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms1.sys
2017-06-14 13:29:28 C867FABEFF1A553330093384D022F963 2187104 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys
2017-06-14 13:29:05 8360BD603D3596E1D6D9BD04E69DE5E9 624048 ----a-w- C:\WINDOWS\Sysnative\drivers\cng.sys
2017-06-14 13:29:02 0C81E5D3E37D8D350088596D23FF21A4 509280 ----a-w- C:\WINDOWS\Sysnative\drivers\storport.sys
2017-06-14 13:29:01 1065D7283659DC301AF94A47847616C4 128864 ----a-w- C:\WINDOWS\Sysnative\drivers\tm.sys
====== C:\WINDOWS\Tasks ======
2017-06-07 11:57:48 2D78977A40CC6F58D6F51167D4D5087E 214 ----a-w- C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
======= C: =====
====== C:\Users\Miriam\AppData\Roaming ======
2017-06-14 17:57:55 -------- d-----w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2017-06-14 17:57:55 -------- d-----w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2017-06-05 11:58:06 -------- d-----w- C:\Users\Miriam\AppData\Local\ESET
====== C:\Users\Miriam ======
2017-06-21 11:37:19 -------- d-----w- C:\ProgramData\TrueKey
2017-06-16 17:33:26 44986EBCA91F0F0667C2B6918BED7CA1 15085760 ----a-w- C:\Users\Miriam\Downloads\MSEInstall (1).exe
2017-06-16 17:32:43 79B0F632FDDB5FE8D5F1A90E719E7C3B 12257112 ----a-w- C:\Users\Miriam\Downloads\MSEInstall.exe
2017-06-16 17:15:50 7E487D5248A284DBC763DD8BC0F7DAFC 2438656 ----a-w- C:\Users\Miriam\Desktop\FRST64.exe
2017-06-16 17:15:46 7E487D5248A284DBC763DD8BC0F7DAFC 2438656 ----a-w- C:\Users\Miriam\Downloads\FRST64 (1).exe
2017-06-16 17:15:41 7E487D5248A284DBC763DD8BC0F7DAFC 2438656 ----a-w- C:\Users\Miriam\Downloads\FRST64.exe
2017-06-16 17:12:13 B8B83A8B45F745089DFF6FF5E30ECE25 1663672 ----a-w- C:\Users\Miriam\Desktop\JRT.exe
2017-06-16 17:12:03 B8B83A8B45F745089DFF6FF5E30ECE25 1663672 ----a-w- C:\Users\Miriam\Downloads\JRT.exe
2017-06-16 17:00:12 1ACE8128CFA67E825635012B2CF705A9 4110280 ----a-w- C:\Users\Miriam\Desktop\adwcleaner_6.047.exe
2017-06-16 16:59:35 1ACE8128CFA67E825635012B2CF705A9 4110280 ----a-w- C:\Users\Miriam\Downloads\adwcleaner_6.047.exe

====== C: exe-files ==
2017-06-21 11:39:56 9D85CD8E245989DE49CB1A7FF89EF320 26435280 ----a-w- C:\Users\Miriam\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe
2017-06-21 11:39:56 9D85CD8E245989DE49CB1A7FF89EF320 26435280 ----a-w- C:\Users\Miriam\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\OneDriveSetup.exe
2017-06-21 11:38:27 1358394DD0CF1191D726692A9372FE8F 236240 ----a-w- C:\Users\Miriam\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\FileSyncConfig.exe
2017-06-21 11:38:25 9EB92488BA203BA99FF632500689A221 229584 ----a-w- C:\Users\Miriam\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\FileCoAuth.exe
2017-06-20 19:05:02 75A171FBCAD34BBBFDE05C581A36DFFE 1243416 ----a-w- C:\Users\Miriam\AppData\Roaming\WildTangent\WildTangent Games\App\DPConfig\InstallTouchpoints-wildgames.exe
2017-06-20 19:04:48 374D5289F0F14069474C1C73FB27EA5E 36352 ----a-w- C:\Users\Miriam\AppData\Roaming\WildTangent\Updater\GameConsole\Park-{bfbbe5ba-6566-42ea-af7f-5eda816d3cea}.exe
2017-06-20 19:04:35 59BCF85090595D5E95542D2094A0BA83 2452328 ----a-w- C:\Users\Miriam\AppData\Roaming\WildTangent\Updater\GameConsole\GameConsole-4.3.1.51-to-4.4.0.83.exe
=== C: other files ==
2017-06-24 18:20:26 D651C8CFEB8D37D4C20CDAA1267E57FB 297 ----a-w- C:\ProgramData\OEM\Fub Tracking Program\Upload\_1498335626.zip
2017-06-20 19:06:07 90FEBBA28704D9108DAC86459A05ECBB 671764 ----a-w- C:\Users\Miriam\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\INetCache\89HKIV11\MSCasualGames[1].zip
2017-06-20 19:06:06 8EDD870C7F12BD70CAE4B76E2D3A16E8 3835 ----a-w- C:\Users\Miriam\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\INetCache\1RD4RXVW\manifest[1].zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-21-3369260048-4190040626-483431282-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\Miriam\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
"uTorrent"="C:\Users\Miriam\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED"
"MicrosoftSearchIndexer"="wscript.exe //E:vbscript C:\Users\Miriam\AppData\Roaming\MicrosoftSearchIndexer"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\Miriam\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
"uTorrent"="C:\Users\Miriam\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED"
"MicrosoftSearchIndexer"="wscript.exe //E:vbscript C:\Users\Miriam\AppData\Roaming\MicrosoftSearchIndexer"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"WindowsDefender"=""%ProgramFiles%\Windows Defender\MSASCuiL.exe""

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\CreateExplorerShellUnelevatedTask.job --a-------- C:\WINDOWS\explorer.exe [28.04.2017 02:34]

==== Other Scheduled Tasks ======================

"C:\WINDOWS\SysNative\tasks\ACC" [C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe]
"C:\WINDOWS\SysNative\tasks\ACCAgent" [C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe]
"C:\WINDOWS\SysNative\tasks\ACCBackgroundApplication" [C:\Program Files (x86)\Acer\Care Center\ACCStd.exe]
"C:\WINDOWS\SysNative\tasks\AcerCloud" [C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe]
"C:\WINDOWS\SysNative\tasks\Adobe Flash Player PPAPI Notifier" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_131_pepper.exe]
"C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\WINDOWS\SysNative\tasks\BacKGroundAgent" [C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe]
"C:\WINDOWS\SysNative\tasks\FUBTrackingByPLD" ["C:\OEM\Preload\FubTracking\FubTracking.exe"]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\OneDrive Standalone Update Task v2" [%localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe]
"C:\WINDOWS\SysNative\tasks\Power Management" ["C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe"]
"C:\WINDOWS\SysNative\tasks\Quick Access" ["C:\Program Files\Acer\Acer Quick Access\QALauncher.exe"]
"C:\WINDOWS\SysNative\tasks\UbtFrameworkService" ["C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe"]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{266312B4-B0F1-4B15-847E-9D0A558C6253}" [C:\WINDOWS\system32\msfeedssync.exe]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\agkj8evj.default
- Undetermined - %ProfilePath%\extensions\abs@avira.com.xpi
- Slovak SK Language Pack - %ProfilePath%\extensions\langpack-sk@firefox.mozilla.org.xpi
- Avira SafeSearch Plus - %ProfilePath%\extensions\safesearchplus2@avira.com.xpi

==== Firefox Plugins ======================

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]

Google Slides - Miriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Miriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Miriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Miriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Sheets - Miriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Avira Browser Safety - Miriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk
Google Docs Offline - Miriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Chrome Web Store Payments - Miriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Miriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Chrome Media Router - Miriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://acer15.msn.com/?pc=ACTE"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://acer15.msn.com/?pc=ACTE"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default.migrated\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Miriam\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Miriam\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Miriam\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=37 folders=33 32432494 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Miriam\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 24.06.2017 at 20:43:23,51 ======================

ak sa to ešte objavi pridám log aj z JRT

OK. Nechám to tu ještě otevřené.

výstup z JRT.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64
Ran by Miriam (Administrator) on 25.06.2017 at 10:47:16,71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 0

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.06.2017 at 10:49:21,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

spomínané okno zas začalo vyskakovat cca po hodinách práce na fb

Jak to vypadá nyní?

problém stále pretrváva, po hodine dvoch práce na pc je tu otravne okno zas

Zkuste ho vypnout podle tohoto návodu: http://wintip.cz/524-jak-vypnout-windows-script-host .

ako som písal vyššie, skor ako som tento topic založil som to už vypol, postup som teda znovu zopakoval podla navodu no problem to neriešie, okno stále vyskakuje s tým že script je vypnutý. dokonca je subor aj odstranený v nudzovom režime z registrov na hlášky sa nie a nie zbavit. zajtra odlietam na dovolenku tak porposim nezamykať topic. dva týždne budem mimo

zaskocim:
skus cez regedit najst a zmazat polozku:
HKU\S-1-5-21-3369260048-4190040626-483431282-1001\...\Run: [MicrosoftSearchIndexer] => "wscript.exe //E:vbscript C:\Users\Miriam\AppData\Roaming\MicrosoftSearchIndexer"

OK, nechám to otevřené. Hezkou dovolenou!

VIRY.CZ

script host

script host

Re: script host

Re: script host

Re: script host

Re: script host

Re: script host

Re: script host

Re: script host

Re: script host

Re: script host

Re: script host

Re: script host

Re: script host

Re: script host

Re: script host