VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Virus, který dělá zástupce na flash HDD

https://forum.viry.cz:443/viewtopic.php?t=153312

Stránka 1 z 1

Virus, který dělá zástupce na flash HDD

Napsal: 02 pro 2017 19:46
od Euronymous
Zdravím,

mám NB, do kterého když se zapojí flash HDD, udělá ze všech souborů lnk (zástupce). Zkoušel jsem USBFix, dle zdejěího návodu a přikládám log z USBfixu.
V návodu je tlačítko Clean, ale to jsem v programu neměl. Pouze Run An Analysis, a ten mi vytvoří níže uvedený log.
Dále jsem chtěl přiložit RSIT (FRST), ale po stažení mi tyto programy nejdou spustit. Píše mi to, že v tomto operačním systému nelze spustit, ať se obratím na výrobce programu.
NB se chová poměrně v pořádku, až to přepisování zástupců u všech flashdisků, které připojím.

Děkuji za rady a tipy.

############################## | UsbFix Premium V 10.001 | [Research]

User: Lenka Maturová (Administrator) # SÝKORKA
Updated 01/12/2017 by SOSVirus
Started at 19:41:54 | 02/12/2017

Website : https://www.usb-antivirus.com/
Contact : https://www.usb-antivirus.com/contact/

################## | System information |

MB: Quanta (30D2)
CPU: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz
RAM -> [Total : 2046 Mo | Free : 634 Mo]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft™ Windows 10 Pro (6.3.16299 32-Bit)
WB: Internet Explorer : 11.00.16299.15
WB: Microsoft Edge : 11.00.16299.15 (WinBuild.160101.0800)
WB: Mozilla Firefox : 46.0.1

################## | Security Information |

AV: Windows Defender [Enabled |Updated]
AS: Windows Defender [Enabled |Updated]
FW: Windows Firewall [Enabled]
SC: Security Center [Enabled]
WU: Windows Update [Enabled]

################## | Disk Information |

C:\ (%SystemDrive%) -> Fixed disk # 47 Gb (24 Gb free - 52%) [] # NTFS
D:\ -> Fixed disk # 101 Gb (18 Gb free - 17%) [] # NTFS
F:\ -> Removable disk # 4 Gb (4 Gb free - 96%) [] # FAT32

################## | Autorun |


################## | Generic Research |


################## | Regedit Run |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [Google Update] C:\Users\Lenka Maturová\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe
04 - HKCU\..\Run : [OneDrive] "C:\Users\Lenka Maturová\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
04 - HKCU\..\RunOnce : [Uninstall 17.3.7076.1026] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Lenka Maturová\AppData\Local\Microsoft\OneDrive\17.3.7076.1026"
04 - HKLM\..\Run : [SecurityHealth] %ProgramFiles%\Windows Defender\MSASCuiL.exe
04 - HKLM\..\Run : [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Run : [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
04 - HKLM\..\Run : [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
04 - HKLM\..\Run : [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
04 - HKU\S-1-5-19\..\Run : [OneDriveSetup] C:\Windows\System32\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-20\..\Run : [OneDriveSetup] C:\Windows\System32\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-21-2046678828-953098315-1064776845-1000\..\Run : [Google Update] C:\Users\Lenka Maturová\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe
04 - HKU\S-1-5-21-2046678828-953098315-1064776845-1000\..\Run : [OneDrive] "C:\Users\Lenka Maturová\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
04 - HKU\S-1-5-21-2046678828-953098315-1064776845-1000\..\RunOnce : [Uninstall 17.3.7076.1026] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Lenka Maturová\AppData\Local\Microsoft\OneDrive\17.3.7076.1026"
04GS - Bluetooth.lnk : C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

################## | E.O.F |

Re: Virus, který dělá zástupce na flash HDD

Napsal: 02 pro 2017 19:53
od Rudy
Zdravím!
Bez logu FRST nemohu takřka nic řešit. Udělejte tedy kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Pžedem nic nemažte.

Re: Virus, který dělá zástupce na flash HDD

Napsal: 02 pro 2017 20:13
od Euronymous
Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 02.12.17
Čas skenování: 19:59
Logovací soubor: e4b6ce56-d792-11e7-8bf9-001b24d05d3a.json
Správce: Ano

-Informace o softwaru-
Verze: 3.3.1.2183
Verze komponentů: 1.0.236
Aktualizovat verzi balíku komponent: 1.0.3396
Licence: Zkušební

-Systémová informace-
OS: Windows 10 (Build 16299.64)
CPU: x86
Systém souborů: NTFS
Uživatel: S\u00c3\u00bdkorka\Lenka Maturov\u00c3\u00a1

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 232678
Zjištěné hrozby: 48
Hrozby umístěné do karantény: 0
(Nebyly zjištěny žádné škodlivé položky)
Uplynulý čas: 11 min, 49 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 12
PUP.Optional.SProtector, HKU\S-1-5-21-2046678828-953098315-1064776845-1000\SOFTWARE\APPDATALOW\SProtector, Žádná uživatelská akce, [5263], [243450],1.0.3396
PUP.Optional.DataMngr.AppFlsh, HKLM\SOFTWARE\DataMngr, Žádná uživatelská akce, [8690], [253614],1.0.3396
Adware.Yontoo, HKLM\SOFTWARE\Tarma Installer, Žádná uživatelská akce, [130], [382206],1.0.3396
PUP.Optional.Delta.ShrtCln, HKU\S-1-5-21-2046678828-953098315-1064776845-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Žádná uživatelská akce, [8393], [233310],1.0.3396
PUP.Optional.BabylonToolBar, HKU\S-1-5-21-2046678828-953098315-1064776845-1000\SOFTWARE\BabylonToolbar, Žádná uživatelská akce, [6000], [235657],1.0.3396
PUP.Optional.DataMngr.AppFlsh, HKU\S-1-5-21-2046678828-953098315-1064776845-1000\SOFTWARE\DataMngr, Žádná uživatelská akce, [8690], [253612],1.0.3396
Trojan.Agent.VBS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WindowsUpda2ta, Žádná uživatelská akce, [682], [254254],1.0.3396
Trojan.Agent.VBS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8679EA67-5319-41C9-BD42-D4B8352E7D8A}, Žádná uživatelská akce, [682], [306341],1.0.3396
PUP.Optional.MixiDJToolbar, HKLM\SOFTWARE\CLASSES\APPID\{A2773ED4-83BD-488A-A186-73590706C916}, Žádná uživatelská akce, [9817], [168549],1.0.3396
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\INTERFACE\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}, Žádná uživatelská akce, [219], [169264],1.0.3396
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\INTERFACE\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}, Žádná uživatelská akce, [219], [169264],1.0.3396
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, Žádná uživatelská akce, [219], [169264],1.0.3396

Hodnota v registru: 4
PUP.Optional.DataMngr.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Žádná uživatelská akce, [8690], [-1],0.0.0
PUP.Optional.Delta.ShrtCln, HKU\S-1-5-21-2046678828-953098315-1064776845-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|URL, Žádná uživatelská akce, [8393], [233310],1.0.3396
PUP.Optional.Babylon, HKU\S-1-5-21-2046678828-953098315-1064776845-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|FAVICONURL, Žádná uživatelská akce, [1630], [235650],1.0.3396
Trojan.Agent.VBS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8679EA67-5319-41C9-BD42-D4B8352E7D8A}|PATH, Žádná uživatelská akce, [682], [306341],1.0.3396

Data registrů: 1
PUP.Optional.StartPage, HKU\S-1-5-21-2046678828-953098315-1064776845-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Žádná uživatelská akce, [39], [292762],1.0.3396

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 9
PUP.Optional.OpenCandy, C:\Users\Lenka Maturová\AppData\Roaming\OpenCandy\OpenCandy_BFBB27C5E61D4162BE6E438C6109AD80, Žádná uživatelská akce, [470], [173202],1.0.3396
PUP.Optional.OpenCandy, C:\Users\Lenka Maturová\AppData\Roaming\OpenCandy\BFBB27C5E61D4162BE6E438C6109AD80, Žádná uživatelská akce, [470], [173202],1.0.3396
PUP.Optional.OpenCandy, C:\USERS\LENKA MATUROVá\APPDATA\ROAMING\OPENCANDY, Žádná uživatelská akce, [470], [173202],1.0.3396
PUP.Optional.BrowseToSave, C:\PROGRAM FILES\BROWSETOSAVE, Žádná uživatelská akce, [10417], [175917],1.0.3396
PUP.Optional.IBUpdater, C:\PROGRAMDATA\IBUPDATERSERVICE, Žádná uživatelská akce, [10441], [177713],1.0.3396
PUP.Optional.MyPCBackup, C:\PROGRAM FILES\MYPC BACKUP, Žádná uživatelská akce, [194], [178618],1.0.3396
PUP.Optional.Yontoo, C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache, Žádná uživatelská akce, [33], [181476],1.0.3396
PUP.Optional.Yontoo, C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}, Žádná uživatelská akce, [33], [181476],1.0.3396
PUP.Optional.Yontoo, C:\PROGRAMDATA\TARMA INSTALLER, Žádná uživatelská akce, [33], [181476],1.0.3396

Soubor: 22
PUP.Optional.OpenCandy, C:\Users\Lenka Maturová\AppData\Roaming\OpenCandy\BFBB27C5E61D4162BE6E438C6109AD80\TuneUpUtilities2013-2200329_cs-CZ.exe, Žádná uživatelská akce, [470], [173202],1.0.3396
PUP.Optional.IBUpdater, C:\ProgramData\IBUpdaterService\repository.xml, Žádná uživatelská akce, [10441], [177713],1.0.3396
Trojan.Agent.VBS, C:\WINDOWS\SYSTEM32\TASKS\WINDOWSUPDA2TA, Žádná uživatelská akce, [682], [254252],1.0.3396
Trojan.Agent.VBS, C:\USERS\LENKA MATUROVá\APPDATA\ROAMING\MICROSOFT\activator office 2013.vbs, Žádná uživatelská akce, [682], [254251],1.0.3396
PUP.Optional.MyPCBackup, C:\Program Files\MyPC Backup\DEL_UnRegisterExtensions.exe, Žádná uživatelská akce, [194], [178618],1.0.3396
PUP.Optional.Yontoo, C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat, Žádná uživatelská akce, [33], [181476],1.0.3396
PUP.Optional.Yontoo, C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe, Žádná uživatelská akce, [33], [181476],1.0.3396
PUP.Optional.Yontoo, C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico, Žádná uživatelská akce, [33], [181476],1.0.3396
PUP.Optional.Yontoo, C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll, Žádná uživatelská akce, [33], [181476],1.0.3396
PUP.Optional.Yontoo, C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll, Žádná uživatelská akce, [33], [181476],1.0.3396
PUP.Optional.Yontoo, C:\PROGRAMDATA\NTUSER.POL, Žádná uživatelská akce, [33], [-1],0.0.0
PUP.Optional.Yontoo, C:\WINDOWS\SYSTEM32\GROUPPOLICY\MACHINE\REGISTRY.POL, Žádná uživatelská akce, [33], [-1],0.0.0
PUP.Optional.MindSpark.Generic, C:\USERS\LENKA MATUROVá\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_fromdoctopdf.dl.tb.ask.com_0.localstorage, Žádná uživatelská akce, [772], [443123],1.0.3396
PUP.Optional.MindSpark.Generic, C:\USERS\LENKA MATUROVá\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_fromdoctopdf.dl.tb.ask.com_0.localstorage-journal, Žádná uživatelská akce, [772], [443123],1.0.3396
PUP.Optional.MindSpark.Generic, C:\USERS\LENKA MATUROVá\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_fromdoctopdf.dl.myway.com_0.localstorage, Žádná uživatelská akce, [772], [443124],1.0.3396
PUP.Optional.MindSpark.Generic, C:\USERS\LENKA MATUROVá\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_fromdoctopdf.dl.myway.com_0.localstorage-journal, Žádná uživatelská akce, [772], [443124],1.0.3396
PUP.Optional.MultiPlug, C:\PROGRAMDATA\BROIWSE2SAVE\51699B8A6175E.DLL, Žádná uživatelská akce, [219], [76947],1.0.3396
PUP.Optional.PCPerformer, C:\WINDOWS\SYSTEM32\ROBOOT.EXE, Žádná uživatelská akce, [2080], [8670],1.0.3396
PUP.Optional.Delta, C:\USERS\LENKA MATUROVá\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Žádná uživatelská akce, [3360], [455070],1.0.3396
PUP.Optional.Delta, C:\USERS\LENKA MATUROVá\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Žádná uživatelská akce, [3360], [455070],1.0.3396
PUP.Optional.Delta, C:\USERS\LENKA MATUROVá\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Žádná uživatelská akce, [3360], [455070],1.0.3396
PUP.Optional.Delta, C:\USERS\LENKA MATUROVá\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Žádná uživatelská akce, [3360], [455070],1.0.3396

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

Re: Virus, který dělá zástupce na flash HDD

Napsal: 02 pro 2017 21:16
od Rudy
Všechny nálezy smažte, restartujte a pak zkuste spustit FRST a dát log.

Re: Virus, který dělá zástupce na flash HDD

Napsal: 02 pro 2017 21:41
od Euronymous
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-11-2017
Ran by Lenka Maturová (administrator) on SÝKORKA (02-12-2017 21:33:54)
Running from C:\Users\Lenka Maturová\Desktop
Loaded Profiles: Lenka Maturová (Available Profiles: Lenka Maturová & Mcx1-SÝKORKA)
Platform: Microsoft Windows 10 Pro Version 1709 16299.64 (X86) Language: Čeština (Česko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec, Inc) C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\TouchControl.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Google Inc.) C:\Users\Lenka Maturová\AppData\Local\Google\Chrome\Application\chrome.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Google Inc.) C:\Users\Lenka Maturová\AppData\Local\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Google Inc.) C:\Users\Lenka Maturová\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lenka Maturová\AppData\Local\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Google Inc.) C:\Users\Lenka Maturová\AppData\Local\Google\Chrome\Application\chrome.exe
(Ghisler Software GmbH) C:\Program Files\TotalCmd\TOTALCMD.EXE
(Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.15_none_d02cf1b780117c58\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.257.1291.0.exe
(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [488344 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1466368 2009-05-05] (Motorola Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3536064 2016-03-30] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12361984 2015-07-03] (Realtek Semiconductor)
HKU\S-1-5-21-2046678828-953098315-1064776845-1000\...\Run: [Google Update] => C:\Users\Lenka Maturová\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-26] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-05-23]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{414263E3-86CA-4068-A8DA-AF7A1435E700}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5449ACCA-4265-4B05-A324-E5744D814B66}: [DhcpNameServer] 213.46.172.37 213.46.172.36

Internet Explorer:
==================
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-11-26] (Oracle Corporation)
BHO: No Name -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-26] (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF DefaultProfile: c3ou3nio.default
FF ProfilePath: C:\Users\Lenka Maturová\AppData\Roaming\Mozilla\Firefox\Profiles\c3ou3nio.default [2017-09-30]
FF Extension: (No Name) - C:\Users\Lenka Maturová\AppData\Roaming\Mozilla\Firefox\Profiles\c3ou3nio.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF => not found
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF => not found
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-09-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2046678828-953098315-1064776845-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Lenka Maturová\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-26] (Google Inc.)
FF Plugin HKU\S-1-5-21-2046678828-953098315-1064776845-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Lenka Maturová\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-26] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://mixidj.delta-search.com/?affID=121133&tt=gc_&babsrc=HP_ss&mntrId=D6E0001E375C5C5A
CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/?tab=wm#inbox"
CHR Profile: C:\Users\Lenka Maturová\AppData\Local\Google\Chrome\User Data\Default [2017-12-02]
CHR Extension: (HP Product Detection Plugin) - C:\Users\Lenka Maturová\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp [2013-11-04]
CHR Extension: (YouTube) - C:\Users\Lenka Maturová\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-28]
CHR Extension: (Vyhledávání Google) - C:\Users\Lenka Maturová\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-17]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Lenka Maturová\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2013-01-22] [UpdateUrl: hxxp://www.interoperabilitybridges.com/ChromeW ... pdates.xml] <==== ATTENTION
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Lenka Maturová\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-30]
CHR Extension: (Gmail) - C:\Users\Lenka Maturová\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Lenka Maturová\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-02]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
StartMenuInternet: Google Chrome.4E56RAWTMWEEW3MQYOOALN7OGQ - C:\Users\Lenka Maturová\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 FPLService; C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [265576 2012-08-30] (AuthenTec, Inc)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [263936 2015-07-03] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2867872 2017-09-30] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [227504 2016-03-30] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [279408 2017-09-29] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [86696 2017-09-29] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bthl2cap; C:\WINDOWS\system32\DRIVERS\bthl2cap.sys [64000 2017-09-29] (Microsoft Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [59896 2017-11-01] ()
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [167352 2017-12-02] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [91576 2017-12-02] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [40376 2017-12-02] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [221112 2017-12-02] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [75712 2017-12-02] (Malwarebytes)
R3 netwlv32; C:\WINDOWS\System32\drivers\netwlv32.sys [6637056 2017-09-29] (Intel Corporation)
R3 rt640x86; C:\WINDOWS\System32\drivers\rt640x86.sys [504832 2017-09-29] (Realtek )
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
S0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [691696 2013-03-05] (Duplex Secure Ltd.)
S3 taphss6; C:\WINDOWS\System32\DRIVERS\taphss6.sys [37064 2013-02-12] (Anchorfree Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37440 2017-09-29] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [253848 2017-09-29] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [98200 2017-09-29] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [186880 2017-09-29] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-02 21:33 - 2017-12-02 21:35 - 000013012 _____ C:\Users\Lenka Maturová\Desktop\FRST.txt
2017-12-02 21:33 - 2017-12-02 21:33 - 000000000 ____D C:\FRST
2017-12-02 21:31 - 2017-12-02 21:30 - 001752064 _____ (Farbar) C:\Users\Lenka Maturová\Desktop\FRST.exe
2017-12-02 21:29 - 2017-12-02 21:28 - 002391552 _____ (Farbar) C:\Users\Lenka Maturová\Desktop\FRST64.exe
2017-12-02 19:58 - 2017-12-02 21:24 - 000091576 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-12-02 19:58 - 2017-12-02 21:24 - 000075712 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-12-02 19:58 - 2017-12-02 21:24 - 000040376 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-12-02 19:58 - 2017-12-02 19:58 - 000167352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2017-12-02 19:57 - 2017-12-02 21:24 - 000221112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-12-02 19:57 - 2017-12-02 19:57 - 000002093 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-12-02 19:57 - 2017-12-02 19:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-12-02 19:57 - 2017-12-02 19:57 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-02 19:57 - 2017-12-02 19:57 - 000000000 ____D C:\Program Files\Malwarebytes
2017-12-02 19:57 - 2017-11-01 08:54 - 000059896 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2017-12-02 19:41 - 2017-12-02 19:41 - 007098112 _____ (SOSVirus) C:\Users\Lenka Maturová\Desktop\UsbFix_Free_10.0.0.1.exe
2017-12-02 19:41 - 2017-12-02 19:41 - 000003300 _____ C:\Users\Lenka Maturová\Desktop\UsbFix_Report.txt
2017-12-02 19:33 - 2017-12-02 19:33 - 000000000 ____D C:\Users\Lenka Maturová\AppData\Local\DBG
2017-12-02 19:08 - 2017-12-02 19:08 - 003061360 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\Lenka Maturová\Desktop\UsbFix_2016_8.150.exe
2017-12-02 18:24 - 2017-12-02 18:24 - 124282896 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-12-02 18:04 - 2017-12-02 19:41 - 000001904 _____ C:\Users\Lenka Maturová\Desktop\UsbFix Anti-Malware.lnk
2017-12-02 18:03 - 2017-12-02 19:41 - 000000000 ____D C:\Program Files\UsbFix
2017-12-02 17:50 - 2017-12-02 17:59 - 000000000 ____D C:\Users\Lenka Maturová\AppData\Local\PlaceholderTileLogoFolder
2017-12-02 17:49 - 2017-12-02 17:49 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-12-02 17:49 - 2017-12-02 17:49 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-11-26 16:26 - 2017-12-02 19:37 - 000002451 _____ C:\Users\Lenka Maturová\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-26 16:26 - 2017-12-02 19:37 - 000000000 ___RD C:\Users\Lenka Maturová\OneDrive
2017-11-26 16:23 - 2017-11-26 16:23 - 000000000 ____D C:\Users\Lenka Maturová\AppData\Local\Comms
2017-11-26 16:22 - 2017-09-28 18:44 - 005739008 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0009.dll
2017-11-26 16:22 - 2017-09-28 18:44 - 002629120 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0009.dll
2017-11-26 16:22 - 2017-09-28 18:38 - 005484032 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0009.dll
2017-11-26 16:12 - 2017-11-26 16:12 - 000000000 ____D C:\WINDOWS\system32\RTCOM
2017-11-26 16:12 - 2017-11-26 16:12 - 000000000 ____D C:\Program Files\Realtek
2017-11-26 16:11 - 2017-11-26 16:11 - 000000000 ____D C:\Users\Lenka Maturová\AppData\Local\PeerDistRepub
2017-11-26 16:07 - 2017-11-26 16:07 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-11-26 16:05 - 2017-11-26 16:06 - 000000000 ____D C:\Users\Lenka Maturová\AppData\Local\MicrosoftEdge
2017-11-26 16:05 - 2017-11-26 16:05 - 000000000 ___HD C:\Users\Lenka Maturová\MicrosoftEdgeBackups
2017-11-26 16:04 - 2017-11-26 16:04 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-11-26 16:04 - 2017-11-26 16:04 - 000000000 ___RD C:\Users\Lenka Maturová\3D Objects
2017-11-26 16:04 - 2017-11-26 16:04 - 000000000 ____D C:\Users\Lenka Maturová\AppData\Local\Publishers
2017-11-26 16:03 - 2017-12-02 19:52 - 000000000 ____D C:\Users\Lenka Maturová\AppData\Local\Packages
2017-11-26 16:03 - 2017-11-26 16:03 - 000000020 ___SH C:\Users\Lenka Maturová\ntuser.ini
2017-11-26 16:03 - 2017-11-26 16:03 - 000000000 ____D C:\Users\Lenka Maturová\AppData\Local\ConnectedDevicesPlatform
2017-11-26 15:26 - 2017-11-26 15:26 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2017-11-26 15:26 - 2017-11-26 15:26 - 000011433 _____ C:\WINDOWS\diagerr.xml
2017-11-26 15:24 - 2017-12-02 21:23 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-26 15:24 - 2017-11-26 15:24 - 000021496 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-11-26 15:12 - 2017-11-26 15:12 - 000001544 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-11-26 15:11 - 2017-11-26 15:11 - 000000000 ____D C:\ProgramData\USOShared
2017-11-26 15:10 - 2017-11-26 16:26 - 000000000 ____D C:\Users\Lenka Maturová
2017-11-26 15:10 - 2017-11-26 15:11 - 000000000 ____D C:\Users\Lenka Maturová\AppData\Roaming\hpqLog
2017-11-26 15:10 - 2017-11-26 15:10 - 000000000 _SHDL C:\Users\Lenka Maturová\Šablony
2017-11-26 15:10 - 2017-11-26 15:10 - 000000000 _SHDL C:\Users\Lenka Maturová\Soubory cookie
2017-11-26 15:10 - 2017-11-26 15:10 - 000000000 _SHDL C:\Users\Lenka Maturová\Poslední
2017-11-26 15:10 - 2017-11-26 15:10 - 000000000 _SHDL C:\Users\Lenka Maturová\Okolní tiskárny
2017-11-26 15:10 - 2017-11-26 15:10 - 000000000 _SHDL C:\Users\Lenka Maturová\Okolní síť
2017-11-26 15:10 - 2017-11-26 15:10 - 000000000 _SHDL C:\Users\Lenka Maturová\Nabídka Start
2017-11-26 15:10 - 2017-11-26 15:10 - 000000000 _SHDL C:\Users\Lenka Maturová\Dokumenty
2017-11-26 15:10 - 2017-11-26 15:10 - 000000000 _SHDL C:\Users\Lenka Maturová\Documents\Obrázky
2017-11-26 15:10 - 2017-11-26 15:10 - 000000000 _SHDL C:\Users\Lenka Maturová\Documents\Hudba
2017-11-26 15:10 - 2017-11-26 15:10 - 000000000 _SHDL C:\Users\Lenka Maturová\Documents\Filmy
2017-11-26 15:10 - 2017-11-26 15:10 - 000000000 _SHDL C:\Users\Lenka Maturová\Data aplikací
2017-11-26 15:10 - 2017-11-26 15:10 - 000000000 _SHDL C:\Users\Lenka Maturová\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2017-11-26 15:10 - 2017-11-26 15:10 - 000000000 _SHDL C:\Users\Lenka Maturová\AppData\Local\Data aplikací
2017-11-26 15:09 - 2017-11-26 15:22 - 000000000 ____D C:\Users\Mcx1-SÝKORKA
2017-11-26 15:09 - 2017-11-26 15:11 - 000000000 ____D C:\Users\Mcx1-SÝKORKA\AppData\Roaming\hpqLog
2017-11-26 15:09 - 2017-11-26 15:09 - 000000000 _SHDL C:\Users\Mcx1-SÝKORKA\Šablony
2017-11-26 15:09 - 2017-11-26 15:09 - 000000000 _SHDL C:\Users\Mcx1-SÝKORKA\Soubory cookie
2017-11-26 15:09 - 2017-11-26 15:09 - 000000000 _SHDL C:\Users\Mcx1-SÝKORKA\Poslední
2017-11-26 15:09 - 2017-11-26 15:09 - 000000000 _SHDL C:\Users\Mcx1-SÝKORKA\Okolní tiskárny
2017-11-26 15:09 - 2017-11-26 15:09 - 000000000 _SHDL C:\Users\Mcx1-SÝKORKA\Okolní síť
2017-11-26 15:09 - 2017-11-26 15:09 - 000000000 _SHDL C:\Users\Mcx1-SÝKORKA\Nabídka Start
2017-11-26 15:09 - 2017-11-26 15:09 - 000000000 _SHDL C:\Users\Mcx1-SÝKORKA\Dokumenty
2017-11-26 15:09 - 2017-11-26 15:09 - 000000000 _SHDL C:\Users\Mcx1-SÝKORKA\Data aplikací
2017-11-26 15:09 - 2017-11-26 15:09 - 000000000 _SHDL C:\Users\Mcx1-SÝKORKA\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2017-11-26 15:09 - 2017-11-26 15:09 - 000000000 _SHDL C:\Users\Mcx1-SÝKORKA\AppData\Local\Data aplikací
2017-11-26 15:08 - 2017-12-02 21:30 - 001985568 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-26 15:03 - 2017-11-26 15:03 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-11-26 15:03 - 2017-11-26 15:03 - 000000000 ____D C:\Program Files\Motorola
2017-11-26 15:03 - 2015-10-13 17:47 - 002553520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-11-26 15:03 - 2015-10-13 15:55 - 005972783 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-11-26 15:02 - 2017-11-26 15:03 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-11-26 15:02 - 2017-11-26 15:02 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2017-11-26 15:01 - 2017-11-26 15:01 - 000000000 ____D C:\Users\Default\AppData\Roaming\hpqLog
2017-11-26 15:01 - 2017-11-26 15:01 - 000000000 ____D C:\Users\Default User\AppData\Roaming\hpqLog
2017-11-26 14:59 - 2017-12-02 17:48 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-26 14:59 - 2017-11-26 15:19 - 000311032 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-26 14:43 - 2017-11-26 14:43 - 000000000 ____D C:\Program Files\Common Files\SpeechEngines
2017-11-26 14:42 - 2017-11-26 14:42 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-11-26 14:40 - 2017-11-26 14:40 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-11-26 14:38 - 2017-11-26 14:38 - 019339776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 018914304 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 012687360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 006403480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-11-26 14:38 - 2017-11-26 14:38 - 006035968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 006015200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 004648528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 004145488 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 003679232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-26 14:38 - 2017-11-26 14:38 - 002869248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 002474584 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 002467840 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 002465848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 002392576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 002341376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 002174976 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 002116504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-26 14:38 - 2017-11-26 14:38 - 001996184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-26 14:38 - 2017-11-26 14:38 - 001959424 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 001627600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 001626112 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-26 14:38 - 2017-11-26 14:38 - 001587200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 001506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 001454568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 001448864 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 001377080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 001323840 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 001322496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 001287680 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 001280000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 001261864 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 001132032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 001015008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 000900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 000817152 _____ C:\WINDOWS\system32\FaceProcessor.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 000797696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-11-26 14:38 - 2017-11-26 14:38 - 000728064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 000661504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2017-11-26 14:38 - 2017-11-26 14:38 - 000649728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-11-26 14:38 - 2017-11-26 14:38 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-11-26 14:38 - 2017-11-26 14:38 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswstr10.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 000612736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 000597160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 000591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 000538768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-11-26 14:38 - 2017-11-26 14:38 - 000517528 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 000506256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 000499608 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 000480768 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 000478616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-26 14:38 - 2017-11-26 14:38 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 000456232 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-11-26 14:38 - 2017-11-26 14:38 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 000435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-11-26 14:38 - 2017-11-26 14:38 - 000433560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-11-26 14:38 - 2017-11-26 14:38 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 000353688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 000353176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-11-26 14:38 - 2017-11-26 14:38 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-11-26 14:38 - 2017-11-26 14:38 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\msexcl40.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 000295488 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2017-11-26 14:38 - 2017-11-26 14:38 - 000271768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-11-26 14:38 - 2017-11-26 14:38 - 000233368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-11-26 14:38 - 2017-11-26 14:38 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-11-26 14:38 - 2017-11-26 14:38 - 000213840 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 000203160 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 000155544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-11-26 14:38 - 2017-11-26 14:38 - 000142640 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 000116120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-11-26 14:38 - 2017-11-26 14:38 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-11-26 14:38 - 2017-11-26 14:38 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-26 14:38 - 2017-11-26 14:38 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-11-26 14:38 - 2017-11-26 14:38 - 000075776 _____ C:\WINDOWS\system32\runexehelper.exe
2017-11-26 14:38 - 2017-11-26 14:38 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 000043416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\urscx01000.sys
2017-11-26 14:38 - 2017-11-26 14:38 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdrleakdiag.exe
2017-11-26 14:38 - 2017-11-26 14:38 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-11-26 14:38 - 2017-11-26 14:38 - 000038296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2017-11-26 14:38 - 2017-11-26 14:38 - 000027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-11-26 14:38 - 2017-11-26 14:38 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcVSp1res.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msjint40.dll
2017-11-26 14:38 - 2017-11-26 14:38 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-11-26 14:33 - 2017-11-26 14:33 - 000000000 ____D C:\WINDOWS\system32\XPSViewer
2017-11-26 14:33 - 2017-11-26 14:33 - 000000000 ____D C:\WINDOWS\system32\msmq
2017-11-26 14:33 - 2017-11-26 14:33 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2017-11-26 14:33 - 2017-11-26 14:33 - 000000000 ____D C:\Program Files\Reference Assemblies
2017-11-26 14:33 - 2017-11-26 14:33 - 000000000 ____D C:\Program Files\MSBuild
2017-11-26 14:33 - 2017-11-26 14:33 - 000000000 ____D C:\inetpub
2017-11-26 14:32 - 2017-09-22 18:19 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-11-26 14:32 - 2017-09-22 18:19 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-11-26 14:32 - 2017-09-22 18:19 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-11-26 12:30 - 2017-11-26 16:01 - 000000000 ___DC C:\WINDOWS\Panther
2017-11-26 12:21 - 2017-11-26 12:30 - 000000036 _____ C:\WINDOWS\progress.ini
2017-11-26 11:51 - 2017-11-26 16:02 - 000000000 ___HD C:\$GetCurrent
2017-11-26 11:48 - 2017-11-26 11:48 - 000000000 ____D C:\Program Files\Common Files\Java
2017-11-26 11:44 - 2017-11-26 11:43 - 000015903 _____ C:\Users\Lenka Maturová\Desktop\Seznam (1) (1).xlsx
2017-11-26 11:41 - 2017-11-26 16:03 - 000000000 ____D C:\Windows10Upgrade
2017-11-26 11:41 - 2017-11-26 11:41 - 000000694 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pomocník s aktualizací Windows 10.lnk
2017-11-26 11:41 - 2017-11-26 11:41 - 000000682 _____ C:\Users\Lenka Maturová\Desktop\Pomocník s aktualizací Windows 10.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-02 21:33 - 2017-09-29 12:55 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2017-12-02 21:30 - 2017-09-30 13:07 - 000833228 _____ C:\WINDOWS\system32\perfh005.dat
2017-12-02 21:30 - 2017-09-30 13:07 - 000185274 _____ C:\WINDOWS\system32\perfc005.dat
2017-12-02 21:25 - 2012-10-07 12:29 - 000000000 ____D C:\Users\Lenka Maturová\AppData\LocalLow\AuthenTec
2017-12-02 21:22 - 2017-09-29 06:31 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2017-12-02 21:19 - 2013-04-13 18:54 - 000000000 ____D C:\ProgramData\Broiwse2saVe
2017-12-02 21:15 - 2017-09-29 12:55 - 000000000 ____D C:\WINDOWS\rescache
2017-12-02 19:54 - 2017-09-29 12:55 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-02 19:54 - 2017-09-29 12:55 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-02 19:38 - 2017-09-30 14:02 - 000000000 ____D C:\UsbFix
2017-12-02 18:34 - 2013-07-29 17:14 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-12-02 18:23 - 2017-09-29 12:45 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-12-02 18:23 - 2012-10-05 22:08 - 124282896 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-12-02 17:59 - 2012-10-05 20:04 - 000450720 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-12-02 17:54 - 2017-09-29 12:52 - 000000000 ____D C:\WINDOWS\INF
2017-12-02 17:53 - 2012-10-05 19:46 - 000002527 _____ C:\Users\Lenka Maturová\Desktop\Google Chrome.lnk
2017-12-02 17:51 - 2017-09-29 12:55 - 000000000 ____D C:\WINDOWS\appcompat
2017-11-26 16:23 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\OCR
2017-11-26 15:27 - 2017-09-29 12:55 - 000000000 ____D C:\Program Files\windows nt
2017-11-26 15:26 - 2017-09-29 12:55 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-11-26 15:26 - 2017-09-29 06:31 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-11-26 15:25 - 2017-09-29 12:55 - 000000000 ____D C:\WINDOWS\Registration
2017-11-26 15:24 - 2017-09-29 12:55 - 000000000 __RHD C:\Users\Public\Libraries
2017-11-26 15:24 - 2017-09-29 12:55 - 000000000 ____D C:\WINDOWS\media
2017-11-26 15:21 - 2017-09-29 12:55 - 000000000 ____D C:\WINDOWS\system32\spool
2017-11-26 15:19 - 2012-10-05 19:51 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-26 15:14 - 2015-03-21 16:17 - 000000000 ____D C:\Users\Lenka Maturová\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-11-26 15:14 - 2013-03-05 09:00 - 000000000 ____D C:\Users\Lenka Maturová\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2017-11-26 15:14 - 2013-02-24 20:09 - 000000000 ____D C:\Users\Lenka Maturová\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinQSB
2017-11-26 15:14 - 2012-10-05 20:20 - 000000000 ____D C:\Users\Lenka Maturová\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
2017-11-26 15:11 - 2017-09-29 12:55 - 000000000 ____D C:\ProgramData\USOPrivate
2017-11-26 15:08 - 2017-09-29 06:31 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-11-26 15:05 - 2017-09-29 12:55 - 000000000 ___RD C:\WINDOWS\PrintDialog
2017-11-26 15:04 - 2017-09-29 12:55 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-11-26 15:04 - 2017-09-29 12:55 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-11-26 15:02 - 2012-10-05 20:17 - 000000000 ____D C:\Program Files\Hewlett-Packard
2017-11-26 15:01 - 2012-10-05 20:16 - 000000000 ____D C:\WINDOWS\QLB
2017-11-26 14:58 - 2017-09-29 12:55 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-11-26 14:49 - 2017-09-30 21:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AAA Logo
2017-11-26 14:49 - 2017-09-29 12:58 - 000000000 ____D C:\WINDOWS\Setup
2017-11-26 14:49 - 2017-09-29 12:55 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-11-26 14:49 - 2017-09-29 12:55 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-11-26 14:49 - 2017-09-29 12:55 - 000000000 ____D C:\WINDOWS\system32\es-MX
2017-11-26 14:49 - 2017-09-29 12:55 - 000000000 ____D C:\WINDOWS\System
2017-11-26 14:49 - 2017-09-29 12:55 - 000000000 ____D C:\WINDOWS\Help
2017-11-26 14:49 - 2017-09-29 12:55 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-11-26 14:49 - 2016-06-01 18:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-11-26 14:49 - 2016-02-16 22:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eTeks Sweet Home 3D
2017-11-26 14:49 - 2015-08-05 19:38 - 000000000 ____D C:\WINDOWS\system32\vbox
2017-11-26 14:49 - 2015-03-28 10:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-11-26 14:49 - 2015-03-21 16:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-11-26 14:49 - 2014-11-08 11:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-11-26 14:49 - 2014-05-23 20:33 - 000000000 ____D C:\WINDOWS\system32\es-AR
2017-11-26 14:49 - 2013-12-31 18:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium
2017-11-26 14:49 - 2013-04-06 15:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-11-26 14:49 - 2012-10-12 14:13 - 000000000 ____D C:\WINDOWS\system32\SPReview
2017-11-26 14:49 - 2012-10-12 14:11 - 000000000 ____D C:\WINDOWS\system32\EventProviders
2017-11-26 14:49 - 2012-10-07 12:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AuthenTec TrueSuite
2017-11-26 14:49 - 2012-10-06 11:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2017-11-26 14:49 - 2009-07-14 10:20 - 000000000 ___RD C:\Users\Public\Recorded TV
2017-11-26 14:49 - 2009-07-14 10:20 - 000000000 ____D C:\WINDOWS\ShellNew
2017-11-26 14:49 - 2009-07-14 05:52 - 000000000 ____D C:\Program Files\Microsoft Games
2017-11-26 14:49 - 2009-07-14 03:37 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-11-26 14:49 - 2009-07-14 03:37 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-11-26 14:45 - 2017-09-29 12:55 - 000000000 ____D C:\WINDOWS\system32\IME
2017-11-26 14:43 - 2017-09-29 12:55 - 000000000 __SHD C:\Program Files\Windows Sidebar
2017-11-26 14:43 - 2017-09-29 12:55 - 000000000 ____D C:\WINDOWS\schemas
2017-11-26 14:43 - 2016-05-18 19:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
2017-11-26 14:43 - 2015-03-08 12:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
2017-11-26 14:43 - 2015-03-08 12:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2017-11-26 14:43 - 2013-04-14 08:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CoreCodec
2017-11-26 14:43 - 2013-03-05 11:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2017-11-26 14:43 - 2012-10-20 12:06 - 000000000 ____D C:\Program Files\Synaptics
2017-11-26 14:43 - 2012-10-05 20:15 - 000000000 ____D C:\Program Files\AuthenTec
2017-11-26 14:43 - 2009-07-14 05:52 - 000000000 ____D C:\Program Files\DVD Maker
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\te-IN
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\ta-IN
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\si-LK
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\or-IN
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\km-KH
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\is-IS
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\id-ID
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\be-BY
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\as-IN
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\am-ET
2017-11-26 14:39 - 2017-09-30 13:07 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2017-11-26 14:39 - 2017-09-29 12:55 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-11-26 14:39 - 2017-09-29 12:55 - 000000000 ____D C:\WINDOWS\TextInput
2017-11-26 14:39 - 2017-09-29 12:55 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-26 14:39 - 2017-09-29 06:31 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-11-26 14:33 - 2017-09-29 12:55 - 000000000 ____D C:\WINDOWS\system32\MUI
2017-11-26 14:33 - 2017-09-29 12:55 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2017-11-26 14:33 - 2017-09-29 12:51 - 000172032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2017-11-26 14:33 - 2017-09-29 12:51 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2017-11-26 14:33 - 2017-09-29 12:51 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2017-11-26 14:33 - 2017-09-29 12:50 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2017-11-26 14:33 - 2017-09-29 12:50 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2017-11-26 14:33 - 2017-09-29 12:50 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2017-11-26 14:33 - 2017-09-29 12:50 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2017-11-26 14:33 - 2017-09-29 12:49 - 000974336 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2017-11-26 14:33 - 2017-09-29 12:49 - 000613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2017-11-26 14:33 - 2017-09-29 12:49 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2017-11-26 14:33 - 2017-09-29 12:49 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2017-11-26 14:33 - 2017-09-29 12:49 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2017-11-26 14:33 - 2017-09-29 12:49 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2017-11-26 14:33 - 2017-09-29 12:49 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2017-11-26 14:33 - 2017-09-29 12:49 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2017-11-26 14:33 - 2017-09-29 12:49 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2017-11-26 14:33 - 2017-09-29 12:49 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2017-11-26 14:33 - 2017-09-29 12:49 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2017-11-26 14:33 - 2017-09-29 12:49 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2017-11-26 14:33 - 2017-09-29 12:49 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2017-11-26 14:33 - 2017-09-29 12:49 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2017-11-26 14:33 - 2017-09-29 12:49 - 000009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2017-11-26 13:31 - 2009-07-14 05:34 - 000023632 _____ C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-26 13:31 - 2009-07-14 05:34 - 000023632 _____ C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-26 11:50 - 2015-03-28 10:17 - 000000000 ____D C:\ProgramData\Oracle
2017-11-26 11:49 - 2013-03-05 08:51 - 000000000 ____D C:\Program Files\Java
2017-11-26 11:46 - 2013-04-30 15:48 - 000095808 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2017-11-04 02:25 - 2017-09-29 12:57 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-11-04 02:25 - 2017-09-29 12:57 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2006-08-17 09:54 - 2006-08-17 09:54 - 000000029 _____ () C:\Program Files\Autorun.inf
2008-06-20 15:37 - 2008-06-20 15:37 - 000161064 _____ (Synaptics, Inc.) C:\Program Files\Setup.exe
2008-12-03 13:13 - 2008-12-03 13:13 - 000004957 _____ () C:\Program Files\SP41966.cva
2008-12-03 13:13 - 2008-12-03 13:13 - 000001324 _____ () C:\Program Files\SP41966.txt
2008-12-03 13:13 - 2008-12-03 13:13 - 000000755 _____ () C:\Program Files\WSSP41966.txt
2015-03-08 12:20 - 2015-03-08 12:20 - 000000859 _____ () C:\Users\Lenka Maturová\AppData\Roaming\coreavc.ini
2012-10-05 21:41 - 2012-10-05 21:41 - 000000000 _____ () C:\Users\Lenka Maturová\AppData\Local\AtStart.txt
2013-01-08 16:03 - 2013-01-30 16:06 - 000003584 _____ () C:\Users\Lenka Maturová\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-10-05 21:41 - 2012-10-05 21:41 - 000000000 _____ () C:\Users\Lenka Maturová\AppData\Local\DSwitch.txt
2013-05-09 10:46 - 2013-05-09 10:46 - 000000000 _____ () C:\Users\Lenka Maturová\AppData\Local\FnF4.txt
2012-10-05 21:41 - 2012-10-05 21:41 - 000000000 _____ () C:\Users\Lenka Maturová\AppData\Local\QSwitch.txt
2017-09-30 21:25 - 2017-09-30 21:25 - 000000218 _____ () C:\Users\Lenka Maturová\AppData\Local\recently-used.xbel

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-26 14:59

==================== End of FRST.txt ============================

Re: Virus, který dělá zástupce na flash HDD

Napsal: 02 pro 2017 22:40
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
BHO: No Name -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> No File
FF Extension: (No Name) - C:\Users\Lenka Maturová\AppData\Roaming\Mozilla\Firefox\Profiles\c3ou3nio.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF => not found
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF => not found
CHR HomePage: Default -> hxxp://mixidj.delta-search.com/?affID=1 ... 1E375C5C5A
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Lenka Maturová\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2013-01-22] [UpdateUrl: hxxp://www.interoperabilitybridges.com/ ... pdates.xml] <==== ATTENTION
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
C:\Users\Lenka Maturová\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [MRAICQCMenu] -> {7C9E7B90-88EC-4852-AC7A-C938268A5D04} => -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Task: {0A608570-21ED-4C64-BC2F-53BB064261B6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2046678828-953098315-1064776845-1000Core1d206b535f6fd17 => C:\Users\Lenka Maturová\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-05] (Google Inc.)
Task: {4B970F75-2817-4F35-AB7D-487A59414AB1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2046678828-953098315-1064776845-1000UA1d206b5371a72bc => C:\Users\Lenka Maturová\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-05] (Google Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2046678828-953098315-1064776845-1000Core.job => C:\Users\Lenka Maturová\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2046678828-953098315-1064776845-1000UA.job => C:\Users\Lenka Maturová\AppData\Local\Google\Update\GoogleUpdate.exe

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Virus, který dělá zástupce na flash HDD

Napsal: 02 pro 2017 22:46
od Euronymous
Na konci to napsalo program přestal pracovat, ale na ploše se objevil tento log:

Fix result of Farbar Recovery Scan Tool (x86) Version: 30-11-2017
Ran by Lenka Maturová (02-12-2017 22:43:09) Run:1
Running from C:\Users\Lenka Maturová\Desktop
Loaded Profiles: Lenka Maturová (Available Profiles: Lenka Maturová & Mcx1-SÝKORKA)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
BHO: No Name -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> No File
FF Extension: (No Name) - C:\Users\Lenka Maturov�\AppData\Roaming\Mozilla\Firefox\Profiles\c3ou3nio.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF => not found
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF => not found
CHR HomePage: Default -> hxxp://mixidj.delta-search.com/?affID=1 ... 1E375C5C5A
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Lenka Maturov�\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2013-01-22] [UpdateUrl: hxxp://www.interoperabilitybridges.com/ ... pdates.xml] <==== ATTENTION
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
C:\Users\Lenka Maturov�\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [MRAICQCMenu] -> {7C9E7B90-88EC-4852-AC7A-C938268A5D04} => -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Task: {0A608570-21ED-4C64-BC2F-53BB064261B6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2046678828-953098315-1064776845-1000Core1d206b535f6fd17 => C:\Users\Lenka Maturov�\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-05] (Google Inc.)
Task: {4B970F75-2817-4F35-AB7D-487A59414AB1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2046678828-953098315-1064776845-1000UA1d206b5371a72bc => C:\Users\Lenka Maturov�\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-05] (Google Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2046678828-953098315-1064776845-1000Core.job => C:\Users\Lenka Maturov�\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2046678828-953098315-1064776845-1000UA.job => C:\Users\Lenka Maturov�\AppData\Local\Google\Update\GoogleUpdate.exe

EmptyTemp:
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => key removed successfully.
HKLM\Software\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => key not found
C:\Users\Lenka Maturov�\AppData\Roaming\Mozilla\Firefox\Profiles\c3ou3nio.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} => not found.
HKLM\Software\Mozilla\Firefox\Extensions\\wrc@avast.com => value removed successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\sp@avast.com => value removed successfully.
Chrome HomePage => removed successfully.
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Lenka Maturov�\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2013-01-22] [UpdateUrl: hxxp://www.interoperabilitybridges.com/ ... pdates.xml] <==== ATTENTION => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\idsvc => key removed successfully.
idsvc => service removed successfully.
HKLM\System\CurrentControlSet\Services\wpcsvc => key removed successfully.
wpcsvc => service removed successfully.
"C:\Users\Lenka Maturov�\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini" => not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully.
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\avast => key removed successfully.
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MRAICQCMenu => key removed successfully.
HKLM\Software\Classes\CLSID\{7C9E7B90-88EC-4852-AC7A-C938268A5D04} => key not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avast => key removed successfully.
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => key removed successfully.
HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => key not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\avast => key removed successfully.
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found

Re: Virus, který dělá zástupce na flash HDD

Napsal: 03 pro 2017 11:28
od Rudy
OK. Mělo by to být v pořádku.

Re: Virus, který dělá zástupce na flash HDD

Napsal: 03 pro 2017 12:05
od Euronymous
Děkuji, NB se zdá být v pořádku po připojení nového flash disku. Nyní mám problém, že mám 3 USB flash disky připojeny na stolním PC a všechny ukazují pouze zástupce. O data mi na flash discích nejde, ale mám pocit, že formát pouze nepomůže. A USBfix mi po připojení USB disků dává chybu. Přikládám log z FRST ze stolního PC:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017
Ran by Pejcha Petr (administrator) on EURONYMOUS (03-12-2017 12:00:44)
Running from C:\Users\Pejcha Petr\Desktop
Loaded Profiles: Pejcha Petr (Available Profiles: Pejcha Petr)
Platform: Windows 10 Pro Version 1703 15063.726 (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 3\creator-ws.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Ghisler Software GmbH) C:\Program Files\totalcmd\TOTALCMD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Viber Media S.à r.l.) C:\Users\Pejcha Petr\AppData\Local\Viber\Viber.exe
() C:\Users\Pejcha Petr\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe
(Spotify Ltd) C:\Users\Pejcha Petr\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Fujitsu) C:\Program Files (x86)\Fujitsu Mouse\Driverap4.exe
() C:\Program Files (x86)\Fujitsu Keyboard Lock Status driver\Keyboard Lock Status driver\3.0\SkeyLock.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\sp6\LU1\LULnchr.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\sp6\LU1\LogitechUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\KMSpico\AutoPico.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040792 2015-07-15] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [XFast LAN] => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [2088872 2015-09-09] (cFos Software GmbH)
HKLM-x32\...\Run: [Fujitsu Mouse] => C:\Program Files (x86)\Fujitsu Mouse\DriverSt.exe [184393 2012-08-21] ()
HKLM-x32\...\Run: [LWBKEYLOCK] => C:\Program Files (x86)\Fujitsu Keyboard Lock Status driver\Keyboard Lock Status driver\3.0\SkeyLock.exe [310784 2008-05-02] ()
HKLM-x32\...\Run: [mncfidhSrv] => C:\WINDOWS\inf\mncfidh.vbe [1342 2014-01-19] ()
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3501514266-2958078906-2016536124-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-3501514266-2958078906-2016536124-1001\...\Run: [Viber] => C:\Users\Pejcha Petr\AppData\Local\Viber\Viber.exe [71878736 2016-06-15] (Viber Media S.à r.l.)
HKU\S-1-5-21-3501514266-2958078906-2016536124-1001\...\Run: [MiPhoneManager] => C:\Users\Pejcha Petr\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe [146224 2017-11-05] ()
HKU\S-1-5-21-3501514266-2958078906-2016536124-1001\...\Run: [Spotify Web Helper] => C:\Users\Pejcha Petr\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-11-17] (Spotify Ltd)
HKU\S-1-5-21-3501514266-2958078906-2016536124-1001\...\Run: [Spotify] => C:\Users\Pejcha Petr\AppData\Roaming\Spotify\Spotify.exe [21025392 2017-11-17] (Spotify Ltd)
HKU\S-1-5-21-3501514266-2958078906-2016536124-1001\...\MountPoints2: {7a0b98eb-9983-11e7-82d3-d050994fbc76} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3501514266-2958078906-2016536124-1001\...\MountPoints2: {81a8dfe8-6262-11e7-82c8-d050994fbc76} - "D:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3501514266-2958078906-2016536124-1001\...\MountPoints2: {97b395ba-741c-11e7-82cd-d050994fbc76} - "D:\HiSuiteDownLoader.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2786b522-0c2e-4fd7-84af-a593c8166915}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{408e1c05-8500-4feb-8f1c-c3970c5bf765}: [DhcpNameServer] 213.46.172.37 213.46.172.36

Internet Explorer:
==================
HKU\S-1-5-21-3501514266-2958078906-2016536124-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.horizon.tv/cs_cz/
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-26] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-26] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Pejcha Petr\AppData\Roaming\Mozilla\Firefox\Profiles\la0uk9f3.default-1459276641162 [2017-04-30]
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_3_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension
FF Extension: (PDF Architect 3 Creator) - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension [2015-03-30] [Lagacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-04-12] [Lagacy] [not signed]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-26] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 3 -> C:\Program Files (x86)\PDF Architect 3\np-previewer.dll [2015-03-20] (pdfforge GmbH)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Pejcha Petr\AppData\Local\Google\Chrome\User Data\Default [2017-12-03]
CHR Extension: (Prezentace) - C:\Users\Pejcha Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (Dokumenty) - C:\Users\Pejcha Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-30]
CHR Extension: (Disk Google) - C:\Users\Pejcha Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Pejcha Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Adblock Plus) - C:\Users\Pejcha Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-10-16]
CHR Extension: (Adblock na Youtube™) - C:\Users\Pejcha Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2017-06-15]
CHR Extension: (Vyhledávání Google) - C:\Users\Pejcha Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Tabulky) - C:\Users\Pejcha Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (AdBlock) - C:\Users\Pejcha Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-12-02]
CHR Extension: (Auto Replay for YouTube™) - C:\Users\Pejcha Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2017-09-18]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Pejcha Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Late Night) - C:\Users\Pejcha Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgbdhkpacgdhfabeceekiafonfkipohm [2015-03-21]
CHR Extension: (Gmail) - C:\Users\Pejcha Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Pejcha Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-17]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASRockIOMon; C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe [454656 2013-07-25] () [File not signed]
R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [726952 2015-09-09] (cFos Software GmbH)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1444544 2016-03-01] (Disc Soft Ltd)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 PDF Architect 3; C:\Program Files (x86)\PDF Architect 3\ws.exe [2243288 2015-03-20] (pdfforge GmbH)
S3 PDF Architect 3 CrashHandler; C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe [901336 2015-03-20] (pdfforge GmbH)
R2 PDF Architect 3 Creator; C:\Program Files (x86)\PDF Architect 3\creator-ws.exe [740568 2015-03-20] (pdfforge GmbH)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-05-22] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-19] (Microsoft Corporation)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-21] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2015-03-22] (ASRock Incorporation)
R0 AsrRamDisk; C:\WINDOWS\System32\drivers\AsrRamDisk.sys [40200 2013-05-09] (ASRock Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-03-15] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-03-15] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-01] ()
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2017-04-11] (Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2017-04-11] (Huawei Technologies Co., Ltd.)
R1 kpfilter; C:\WINDOWS\System32\drivers\kpfilter64.sys [40904 2016-06-06] (Kingsoft Corp. Ltd.)
R1 kpfilter; C:\Windows\SysWOW64\drivers\kpfilter64.sys [40904 2016-06-06] (Kingsoft Corp. Ltd.)
S3 lenovo_a376_diag; C:\WINDOWS\system32\DRIVERS\lenovo_a376_diag.sys [80384 2013-03-22] (DriverCoding Technology Co,Ltd.) [File not signed]
S3 lenovo_a376_muxbus; C:\WINDOWS\System32\drivers\lenovo_a376_muxbus.sys [56320 2013-03-22] (DriverCoding Incorporated) [File not signed]
S3 lenovo_a376_vmdm; C:\WINDOWS\system32\DRIVERS\lenovo_a376_vmdm.sys [82944 2012-08-21] (DriverCoding Incorporated) [File not signed]
S3 lenovo_a376_vport; C:\WINDOWS\system32\DRIVERS\lenovo_a376_vport.sys [81920 2012-08-21] (DriverCoding Incorporated) [File not signed]
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193464 2017-12-03] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-12-03] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2017-12-03] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-12-03] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-12-03] (Malwarebytes)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation)
S3 qcusbnet; C:\WINDOWS\System32\drivers\qcusbnet.sys [428600 2017-03-15] (QUALCOMM Incorporated)
S3 qcusbser; C:\WINDOWS\system32\DRIVERS\qcusbser.sys [254520 2017-03-15] (QUALCOMM Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [5707264 2017-03-18] (Realtek Semiconductor Corporation )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2015-03-21] (Basil Projects)
S1 fbftvfhx; \??\C:\WINDOWS\system32\drivers\fbftvfhx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-03 12:00 - 2017-12-03 12:01 - 000018648 _____ C:\Users\Pejcha Petr\Desktop\FRST.txt
2017-12-03 12:00 - 2017-12-03 12:00 - 000000000 ____D C:\FRST
2017-12-03 11:57 - 2017-12-03 11:57 - 000000000 ____D C:\WINDOWS\System32\Tasks\cFos
2017-12-03 11:53 - 2017-12-03 11:53 - 002391552 _____ (Farbar) C:\Users\Pejcha Petr\Desktop\FRST64.exe
2017-12-03 11:42 - 2017-12-03 11:55 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-12-03 11:42 - 2017-12-03 11:55 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-12-03 11:42 - 2017-12-03 11:42 - 000193464 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2017-12-03 11:41 - 2017-12-03 11:55 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-12-03 11:41 - 2017-12-03 11:41 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-12-03 11:41 - 2017-12-03 11:41 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-12-03 11:41 - 2017-12-03 11:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-12-03 11:41 - 2017-12-03 11:41 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-03 11:41 - 2017-12-03 11:41 - 000000000 ____D C:\Program Files\Malwarebytes
2017-12-03 11:41 - 2017-11-01 08:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-12-02 18:41 - 2017-12-02 18:41 - 000001962 _____ C:\Users\Pejcha Petr\Desktop\UsbFix Anti-Malware.lnk
2017-12-02 18:41 - 2017-12-02 18:41 - 000000000 ____D C:\Program Files (x86)\UsbFix
2017-12-02 18:40 - 2017-12-02 18:41 - 007098112 _____ (SOSVirus) C:\Users\Pejcha Petr\Desktop\UsbFix_Free_10.0.0.1.exe
2017-11-28 20:58 - 2017-11-28 20:58 - 000804469 _____ C:\Users\Pejcha Petr\Desktop\Dveře - Maturová Pejcha Lány na Důlku.pdf
2017-11-28 20:53 - 2017-11-28 20:53 - 001090598 _____ C:\Users\Pejcha Petr\Desktop\Okna - Maturová Pejcha Lány na Důlku.pdf
2017-11-25 16:35 - 2017-11-25 16:35 - 000002272 _____ C:\Users\Pejcha Petr\Desktop\Google Chrome.lnk
2017-11-20 19:29 - 2017-11-20 19:30 - 002667020 _____ C:\Users\Pejcha Petr\Desktop\Půdorys základů.pdf
2017-11-18 16:55 - 2009-09-24 12:26 - 000299008 _____ (RealWorld Graphics) C:\Users\Pejcha Petr\Desktop\PhotoResize800.exe
2017-11-18 16:47 - 2017-11-18 16:47 - 000000000 ____D C:\Users\Pejcha Petr\AppData\Roaming\FastStone
2017-11-18 16:47 - 2017-11-18 16:47 - 000000000 ____D C:\Users\Pejcha Petr\AppData\Local\FastStone
2017-11-18 09:49 - 2017-11-18 09:53 - 000000000 ____D C:\Program Files (x86)\myPHP
2017-11-17 11:22 - 2017-11-25 16:26 - 000000000 ____D C:\Users\Pejcha Petr\AppData\Local\Spotify
2017-11-17 11:22 - 2017-11-17 11:22 - 000001880 _____ C:\Users\Pejcha Petr\Desktop\Spotify.lnk
2017-11-17 11:22 - 2017-11-17 11:22 - 000001866 _____ C:\Users\Pejcha Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2017-11-17 11:21 - 2017-12-03 11:57 - 000000000 ____D C:\Users\Pejcha Petr\AppData\Roaming\Spotify
2017-11-15 09:29 - 2017-11-02 06:16 - 002398696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-11-15 09:29 - 2017-11-02 06:15 - 001239448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-11-15 09:29 - 2017-11-02 06:13 - 000546712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-15 09:29 - 2017-11-02 06:13 - 000095640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-11-15 09:29 - 2017-11-02 06:10 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-11-15 09:29 - 2017-11-02 06:04 - 001292360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-11-15 09:29 - 2017-11-02 06:03 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-11-15 09:29 - 2017-11-02 05:49 - 001838848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-11-15 09:29 - 2017-11-02 05:45 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-11-15 09:29 - 2017-11-02 05:45 - 000613136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-11-15 09:29 - 2017-11-02 05:45 - 000362144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-11-15 09:29 - 2017-11-02 05:45 - 000354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-11-15 09:29 - 2017-11-02 05:45 - 000283544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-11-15 09:29 - 2017-11-02 05:45 - 000172952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-11-15 09:29 - 2017-11-02 05:45 - 000133896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-11-15 09:29 - 2017-11-02 05:44 - 023680000 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-11-15 09:29 - 2017-11-02 05:44 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-11-15 09:29 - 2017-11-02 05:44 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-11-15 09:29 - 2017-11-02 05:43 - 020372896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-11-15 09:29 - 2017-11-02 05:36 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-11-15 09:29 - 2017-11-02 05:35 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2017-11-15 09:29 - 2017-11-02 05:35 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-11-15 09:29 - 2017-11-02 05:34 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-11-15 09:29 - 2017-11-02 05:34 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-11-15 09:29 - 2017-11-02 05:34 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-11-15 09:29 - 2017-11-02 05:34 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2017-11-15 09:29 - 2017-11-02 05:32 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-11-15 09:29 - 2017-11-02 05:31 - 020512256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-11-15 09:29 - 2017-11-02 05:30 - 013381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-15 09:29 - 2017-11-02 05:30 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-11-15 09:29 - 2017-11-02 05:30 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-11-15 09:29 - 2017-11-02 05:30 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-11-15 09:29 - 2017-11-02 05:30 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-11-15 09:29 - 2017-11-02 05:29 - 019338240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-15 09:29 - 2017-11-02 05:29 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-11-15 09:29 - 2017-11-02 05:29 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-11-15 09:29 - 2017-11-02 05:28 - 023684096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-15 09:29 - 2017-11-02 05:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-11-15 09:29 - 2017-11-02 05:27 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-11-15 09:29 - 2017-11-02 05:27 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-11-15 09:29 - 2017-11-02 05:27 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPKICmdlet.dll
2017-11-15 09:29 - 2017-11-02 05:26 - 008197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-11-15 09:29 - 2017-11-02 05:26 - 005963776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-11-15 09:29 - 2017-11-02 05:26 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-11-15 09:29 - 2017-11-02 05:26 - 001937408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2017-11-15 09:29 - 2017-11-02 05:26 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-15 09:29 - 2017-11-02 05:26 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-11-15 09:29 - 2017-11-02 05:26 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2017-11-15 09:29 - 2017-11-02 05:25 - 004727808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-15 09:29 - 2017-11-02 05:25 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-11-15 09:29 - 2017-11-02 05:25 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-11-15 09:29 - 2017-11-02 05:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-11-15 09:29 - 2017-11-02 05:24 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-11-15 09:29 - 2017-11-02 05:24 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-11-15 09:29 - 2017-11-02 05:24 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-11-15 09:29 - 2017-11-02 05:24 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-11-15 09:29 - 2017-11-02 05:24 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-11-15 09:29 - 2017-11-02 05:23 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-11-15 09:29 - 2017-11-02 05:23 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-11-15 09:29 - 2017-11-02 05:23 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-11-15 09:29 - 2017-11-02 05:23 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-11-15 09:29 - 2017-11-02 05:22 - 006254080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-11-15 09:29 - 2017-11-02 05:22 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-11-15 09:29 - 2017-11-02 05:22 - 001884160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2017-11-15 09:29 - 2017-11-02 05:22 - 001494528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-11-15 09:29 - 2017-11-02 05:21 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-11-15 09:29 - 2017-11-02 05:21 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-15 09:29 - 2017-11-02 05:21 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-11-15 09:29 - 2017-11-02 05:21 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-15 09:29 - 2017-10-25 08:40 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-15 09:29 - 2017-10-15 16:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-11-15 09:29 - 2017-10-15 16:03 - 006765728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-11-15 09:29 - 2017-10-15 16:01 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-11-15 09:29 - 2017-10-15 15:53 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-11-15 09:29 - 2017-10-15 15:49 - 000094616 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-11-15 09:29 - 2017-10-15 15:49 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-11-15 09:29 - 2017-10-15 15:45 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-11-15 09:29 - 2017-10-15 15:45 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-11-15 09:29 - 2017-10-15 15:44 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-11-15 09:29 - 2017-10-15 15:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-11-15 09:29 - 2017-10-15 15:42 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-11-15 09:29 - 2017-10-15 15:42 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-11-15 09:29 - 2017-10-15 15:41 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-11-15 09:29 - 2017-10-15 15:41 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-11-15 09:29 - 2017-10-15 15:38 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-11-15 09:29 - 2017-10-15 15:14 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-11-15 09:29 - 2017-10-15 15:10 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-11-15 09:28 - 2017-11-02 06:21 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-11-15 09:28 - 2017-11-02 06:21 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-11-15 09:28 - 2017-11-02 06:21 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-15 09:28 - 2017-11-02 06:21 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-11-15 09:28 - 2017-11-02 06:21 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-11-15 09:28 - 2017-11-02 06:21 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-11-15 09:28 - 2017-11-02 06:20 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-11-15 09:28 - 2017-11-02 06:20 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-11-15 09:28 - 2017-11-02 06:20 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-11-15 09:28 - 2017-11-02 06:20 - 000965016 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-11-15 09:28 - 2017-11-02 06:20 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-11-15 09:28 - 2017-11-02 06:20 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-15 09:28 - 2017-11-02 06:20 - 000543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-11-15 09:28 - 2017-11-02 06:20 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-11-15 09:28 - 2017-11-02 06:20 - 000469568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-11-15 09:28 - 2017-11-02 06:20 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-11-15 09:28 - 2017-11-02 06:20 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-11-15 09:28 - 2017-11-02 06:16 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-11-15 09:28 - 2017-11-02 06:16 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-15 09:28 - 2017-11-02 06:15 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-11-15 09:28 - 2017-11-02 06:14 - 000667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-11-15 09:28 - 2017-11-02 06:14 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2017-11-15 09:28 - 2017-11-02 06:13 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-11-15 09:28 - 2017-11-02 06:13 - 002443672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-15 09:28 - 2017-11-02 06:13 - 001345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-11-15 09:28 - 2017-11-02 06:13 - 000212888 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-11-15 09:28 - 2017-11-02 06:12 - 000727336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-11-15 09:28 - 2017-11-02 06:12 - 000714648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-11-15 09:28 - 2017-11-02 06:12 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-11-15 09:28 - 2017-11-02 06:12 - 000643192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-11-15 09:28 - 2017-11-02 06:12 - 000430848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-11-15 09:28 - 2017-11-02 06:12 - 000412752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-11-15 09:28 - 2017-11-02 06:12 - 000319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-11-15 09:28 - 2017-11-02 06:12 - 000144248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-11-15 09:28 - 2017-11-02 06:12 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2017-11-15 09:28 - 2017-11-02 06:12 - 000026472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-11-15 09:28 - 2017-11-02 06:11 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-11-15 09:28 - 2017-11-02 06:05 - 000871408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-11-15 09:28 - 2017-11-02 06:05 - 000187800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-11-15 09:28 - 2017-11-02 05:37 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-15 09:28 - 2017-11-02 05:37 - 001278976 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-11-15 09:28 - 2017-11-02 05:37 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-11-15 09:28 - 2017-11-02 05:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-11-15 09:28 - 2017-11-02 05:37 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-11-15 09:28 - 2017-11-02 05:36 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-11-15 09:28 - 2017-11-02 05:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-11-15 09:28 - 2017-11-02 05:35 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2017-11-15 09:28 - 2017-11-02 05:35 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-11-15 09:28 - 2017-11-02 05:34 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-11-15 09:28 - 2017-11-02 05:34 - 000438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2017-11-15 09:28 - 2017-11-02 05:34 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe
2017-11-15 09:28 - 2017-11-02 05:34 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-11-15 09:28 - 2017-11-02 05:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-11-15 09:28 - 2017-11-02 05:33 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-11-15 09:28 - 2017-11-02 05:33 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll
2017-11-15 09:28 - 2017-11-02 05:33 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2017-11-15 09:28 - 2017-11-02 05:33 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-11-15 09:28 - 2017-11-02 05:33 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPKICmdlet.dll
2017-11-15 09:28 - 2017-11-02 05:32 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-11-15 09:28 - 2017-11-02 05:32 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll
2017-11-15 09:28 - 2017-11-02 05:31 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-11-15 09:28 - 2017-11-02 05:31 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-11-15 09:28 - 2017-11-02 05:31 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2017-11-15 09:28 - 2017-11-02 05:30 - 007339008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-11-15 09:28 - 2017-11-02 05:30 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-11-15 09:28 - 2017-11-02 05:30 - 000635392 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-11-15 09:28 - 2017-11-02 05:30 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-11-15 09:28 - 2017-11-02 05:30 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-11-15 09:28 - 2017-11-02 05:30 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-11-15 09:28 - 2017-11-02 05:30 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-11-15 09:28 - 2017-11-02 05:29 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-11-15 09:28 - 2017-11-02 05:29 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-11-15 09:28 - 2017-11-02 05:29 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-11-15 09:28 - 2017-11-02 05:28 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-11-15 09:28 - 2017-11-02 05:28 - 000939008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-11-15 09:28 - 2017-11-02 05:28 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-11-15 09:28 - 2017-11-02 05:28 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-11-15 09:28 - 2017-11-02 05:27 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-11-15 09:28 - 2017-11-02 05:27 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-11-15 09:28 - 2017-11-02 05:27 - 000537600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-11-15 09:28 - 2017-11-02 05:27 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-11-15 09:28 - 2017-11-02 05:26 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-11-15 09:28 - 2017-11-02 05:26 - 003060224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-11-15 09:28 - 2017-11-02 05:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-11-15 09:28 - 2017-11-02 05:26 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-11-15 09:28 - 2017-11-02 05:25 - 012227072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-15 09:28 - 2017-11-02 05:25 - 011888128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-11-15 09:28 - 2017-11-02 05:25 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-11-15 09:28 - 2017-11-02 05:25 - 002052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-15 09:28 - 2017-11-02 05:25 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-11-15 09:28 - 2017-11-02 05:25 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-11-15 09:28 - 2017-11-02 05:25 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-11-15 09:28 - 2017-11-02 05:25 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2017-11-15 09:28 - 2017-11-02 05:25 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-11-15 09:28 - 2017-11-02 05:25 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-11-15 09:28 - 2017-11-02 05:24 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-11-15 09:28 - 2017-11-02 05:23 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-15 09:28 - 2017-11-02 05:23 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-11-15 09:28 - 2017-11-02 05:23 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-11-15 09:28 - 2017-11-02 05:22 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-11-15 09:28 - 2017-11-02 05:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-15 09:28 - 2017-10-15 15:59 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-11-15 09:28 - 2017-10-15 15:57 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-11-15 09:28 - 2017-10-15 15:57 - 000409496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-11-15 09:28 - 2017-10-15 15:56 - 000872464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-11-15 09:28 - 2017-10-15 15:55 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-11-15 09:28 - 2017-10-15 15:53 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-11-15 09:28 - 2017-10-15 15:51 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-11-15 09:28 - 2017-10-15 15:15 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-11-15 09:28 - 2017-10-15 15:13 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-11-15 09:28 - 2017-10-15 15:09 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-11-15 09:28 - 2017-10-15 15:09 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-11-15 09:28 - 2017-10-15 15:08 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-11-15 09:28 - 2017-10-15 15:08 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-11-15 09:28 - 2017-10-15 15:07 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-11-15 09:28 - 2017-10-15 15:05 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-11-15 09:28 - 2017-10-15 15:05 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-11-15 09:28 - 2017-10-15 15:04 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-11-15 09:28 - 2017-10-15 15:02 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2017-11-15 09:28 - 2017-10-15 15:00 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-11-05 20:24 - 2017-11-05 20:24 - 000001450 _____ C:\Users\Pejcha Petr\Desktop\MiPCSuite.lnk
2017-11-05 20:24 - 2017-11-05 20:24 - 000000000 ____D C:\Users\Pejcha Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xiaomi
2017-11-05 20:23 - 2017-11-05 20:24 - 000000000 ____D C:\Users\Pejcha Petr\AppData\Local\MiPhoneManager
2017-11-05 20:23 - 2017-11-05 20:23 - 000000000 ____D C:\Users\Pejcha Petr\AppData\Roaming\Xiaomi
2017-11-05 20:22 - 2017-11-05 20:24 - 000000000 ____D C:\XiaoMi
2017-11-05 20:22 - 2017-11-05 20:22 - 000002575 _____ C:\Users\Public\Desktop\XiaoMiFlash.exe.lnk
2017-11-05 20:22 - 2017-11-05 20:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XiaoMiFlash

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-03 12:01 - 2017-07-21 04:44 - 000945700 _____ C:\WINDOWS\system32\perfh005.dat
2017-12-03 12:01 - 2017-07-21 04:44 - 000210228 _____ C:\WINDOWS\system32\perfc005.dat
2017-12-03 12:01 - 2017-07-20 19:29 - 002159622 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-03 12:00 - 2016-06-24 19:23 - 000000000 ____D C:\Users\Pejcha Petr\AppData\Roaming\ViberPC
2017-12-03 12:00 - 2016-06-24 19:22 - 000000000 ____D C:\Users\Pejcha Petr\AppData\Local\Viber
2017-12-03 12:00 - 2015-03-23 19:20 - 000000000 ____D C:\Download
2017-12-03 11:55 - 2017-07-20 19:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-03 11:55 - 2015-03-21 19:01 - 000000000 __SHD C:\Users\Pejcha Petr\IntelGraphicsProfiles
2017-12-03 11:54 - 2017-07-20 19:13 - 000000000 ____D C:\Users\Pejcha Petr
2017-12-03 11:54 - 2017-03-18 12:40 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2017-12-03 11:54 - 2015-05-05 18:06 - 000002048 _____ C:\Users\Pejcha Petr\AppData\Roaming\mouse.dat
2017-12-03 11:54 - 2015-05-05 18:06 - 000000256 _____ C:\Users\Pejcha Petr\AppData\Roaming\setup.dat
2017-12-03 11:53 - 2017-03-18 22:01 - 000000000 ____D C:\WINDOWS\INF
2017-12-03 11:37 - 2017-07-20 19:11 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-03 10:19 - 2015-07-27 20:57 - 000000000 ____D C:\Users\Pejcha Petr\Documents\ViberDownloads
2017-12-03 10:15 - 2015-03-21 23:41 - 000000000 ____D C:\Users\Pejcha Petr\AppData\Local\Packages
2017-12-02 18:24 - 2015-03-26 20:41 - 000000000 ____D C:\Program Files (x86)\uTorrent
2017-12-02 18:15 - 2015-03-26 20:41 - 000001042 _____ C:\Users\Pejcha Petr\Desktop\µTorrent.lnk
2017-12-02 16:21 - 2017-03-18 22:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-02 16:21 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-30 04:26 - 2015-12-10 18:29 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-29 03:40 - 2015-03-22 00:02 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-11-29 03:31 - 2017-10-11 17:24 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-11-29 03:31 - 2015-03-22 00:02 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-11-22 07:03 - 2015-03-21 23:04 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-11-19 17:25 - 2015-04-12 16:01 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2017-11-16 19:46 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\rescache
2017-11-16 18:31 - 2015-03-23 18:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-11-16 18:27 - 2017-03-18 21:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-16 18:03 - 2017-07-20 19:26 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-11-16 17:49 - 2017-07-14 02:38 - 000000000 ___DC C:\WINDOWS\Panther
2017-11-16 17:49 - 2015-08-12 19:01 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-11-16 05:36 - 2015-03-21 23:10 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-15 17:45 - 2017-07-20 19:11 - 000243624 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-15 17:44 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-15 17:44 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-11-15 17:44 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-11-15 17:44 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-11-15 17:44 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-11-15 17:38 - 2015-03-22 09:04 - 000000000 ___RD C:\Users\Pejcha Petr\SkyDrive
2017-11-15 10:03 - 2017-07-20 19:26 - 000003470 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-15 10:03 - 2017-07-20 19:26 - 000003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-13 20:59 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-11-07 07:13 - 2017-07-28 05:32 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3501514266-2958078906-2016536124-1001
2017-11-07 07:13 - 2015-08-12 19:03 - 000002409 _____ C:\Users\Pejcha Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-05 02:40 - 2017-08-09 18:12 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-11-05 02:40 - 2017-08-09 18:12 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-05-05 18:06 - 2017-12-03 11:54 - 000002048 _____ () C:\Users\Pejcha Petr\AppData\Roaming\mouse.dat
2015-05-05 18:06 - 2017-12-03 11:54 - 000000256 _____ () C:\Users\Pejcha Petr\AppData\Roaming\setup.dat
2017-01-11 22:34 - 2017-01-11 22:34 - 000029696 _____ () C:\Users\Pejcha Petr\AppData\Local\MSGBOX.EXE

Some files in TEMP:
====================
2017-10-05 16:38 - 2017-09-28 09:42 - 000029696 _____ (Irfan Skiljan, IrfanView) C:\Users\Pejcha Petr\AppData\Local\Temp\iv_uninstall.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-30 20:20

==================== End of FRST.txt ============================

Re: Virus, který dělá zástupce na flash HDD

Napsal: 03 pro 2017 12:39
od Rudy
Format by stačit měl Požijte znovu USBFix (na každý zvlášť) a projděte všechny 3 kroky. Kromě skenu, také clean a vaccinate.

Re: Virus, který dělá zástupce na flash HDD

Napsal: 06 bře 2018 17:23
od vodass
Dobrý den všem,
naprosto stejný problém má kamarádka. Můžu požádat o pomoc zde nebo musím založit nové téma?
Předem díky za odpověď.

Re: Virus, který dělá zástupce na flash HDD

Napsal: 06 bře 2018 18:07
od Rudy
2vodass: Založte si, prosím, vlastní topic, každý, byť podobný problém může mít jiné příčiny a pak by se to mohlo plést. Děkuji.

Re: Virus, který dělá zástupce na flash HDD

Napsal: 06 bře 2018 18:10
od vodass
ok,
stáhnu ten noťas domů a pak založím nové téma,
díky.

Re: Virus, který dělá zástupce na flash HDD

Napsal: 06 bře 2018 18:18
od Rudy
Jj.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz