VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

preventivka

https://forum.viry.cz:443/viewtopic.php?t=153865

Stránka 1 z 2

preventivka

Napsal: 01 bře 2018 07:50
od butthead2507
Ahoj, chcel by som poprosit o preventivnu kontrolu logu .... PC je spomalene .... Dakujem velmi pekne

Logfile of random's system information tool 1.16 (written by random/random)
Run by Marek at 2018-03-01 07:43:56
Microsoft Windows 10 Pro
System drive C: has 123 GB (37%) free of 328 GB
Total RAM: 3199 MB (41% free)
X86

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:44:08, on 1.3.2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.16299.0192)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe
\MIRADSERVER\mksqlbin\exe\appsql.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\System32\smartscreen.exe
\MIRADSERVER\mksqlbin\exe\appsql.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Users\Marek\Desktop\RSIT.exe
C:\Program Files\trend micro\Marek_RSIT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.omniboxes.com/?type=hp&ts=14 ... R27TLR27TL
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.omniboxes.com/web/?type=ds&t ... earchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.omniboxes.com/web/?type=ds&t ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.omniboxes.com/?type=hp&ts=14 ... R27TLR27TL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.omniboxes.com/web/?type=ds&t ... earchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.omniboxes.com/web/?type=ds&t ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.omniboxes.com/?type=hp&ts=14 ... R27TLR27TL
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\Microsoft Office\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SecurityHealth] %ProgramFiles%\Windows Defender\MSASCuiL.exe
O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [ShadowPlay] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap.dll,ShadowPlayOnSystemStart
O4 - HKLM\..\Run: [iSkysoft Helper Compact.exe] C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Marek\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Startup: appsql.exe - odkaz.lnk = exe\appsql.exe
O4 - Startup: Google Chrome.lnk = C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - Startup: Mozilla Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Program Files\Microsoft Office\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\Program Files\Microsoft Office\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{ac49ff1d-f373-4efb-93a2-e0532eb61734}: NameServer = 195.146.128.60,195.146.132.58,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Endpoint Antivirus\ekrn.exe
O23 - Service: ESET SHA Service (ESHASRV) - ESET - C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe
O23 - Service: fischer FIXPERIENCE Update Service (fixperienceUpdateSvc) - fischerwerke Gmbh & Co. KG - C:\Program Files\fischer\FIXPERIENCE\Update\fischer.Update.Service.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvvsvc.exe
O23 - Service: Corel License Validation Service V2, Powered by arvato (PSI_SVC_2) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer\TeamViewer_Service.exe

--
End of file - 9315 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1d0921c6995940a.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\system32\tasks\Adobe Acrobat Update Task - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\tasks\Driver Booster SkipUAC (Marek) - C:\Program Files\IObit\Driver Booster\DriverBooster.exe /skipuac
C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineCore1d0921c6995940a - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineCore1d0bfa7909c1577 - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\system32\tasks\OneDrive Standalone Update Task-S-1-5-21-1090461368-3718612229-1242190663-1001 - %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
C:\WINDOWS\system32\tasks\User_Feed_Synchronization-{3DFB6FE0-F755-4C97-B772-708AFFFD92CA} - C:\WINDOWS\system32\msfeedssync.exe sync
C:\WINDOWS\system32\tasks\{B6E3A6BA-558E-422F-8111-58333F138B76} - C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\Ashampoo\Ashampoo Burning Studio 6 FREE\unins000.exe"
C:\WINDOWS\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask - %systemroot%\system32\sc.exe start osppsvc
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTask - %windir%\System32\XblGameSaveTask.exe standby
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon - %windir%\System32\XblGameSaveTask.exe logon
C:\WINDOWS\system32\tasks\Microsoft\Windows\WwanSvc\NotificationTask - %SystemRoot%\System32\WiFiTask.exe wwan
C:\WINDOWS\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join - %SystemRoot%\System32\dsregcmd.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join - %SystemRoot%\System32\AutoWorkplace.exe join
C:\WINDOWS\system32\tasks\Microsoft\Windows\Workplace Join\Recovery-Check - %SystemRoot%\System32\dsregcmd.exe /checkrecovery
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\WINDOWS\system32\sc.exe start wuauserv
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network - C:\WINDOWS\system32\sc.exe start wuauserv
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sih - %systemroot%\System32\sihclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sihboot - %systemroot%\System32\sihclient.exe /boot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -upload
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCleanup
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan - %ProgramFiles%\Windows Defender\MpCmdRun.exe Scan -ScheduleJob
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdVerification
C:\WINDOWS\system32\tasks\Microsoft\Windows\WCM\WiFiTask - %SystemRoot%\System32\WiFiTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WaaSMedic\PerformRemediation - %systemroot%\System32\WaaSMedic.exe None
C:\WINDOWS\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\AC Power Download - %systemroot%\system32\usoclient.exe StartDownload
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval - C:\WINDOWS\system32\MusNotification.exe Display
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Reboot - %systemroot%\system32\MusNotification.exe Reboot
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan - %systemroot%\system32\usoclient.exe StartScan
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_Broker_Display - %systemroot%\system32\MusNotification.exe Display
C:\WINDOWS\system32\tasks\Microsoft\Windows\UNP\RunUpdateNotificationMgr - %windir%\System32\UNP\UpdateNotificationMgr.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone - %windir%\system32\tzsync.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\WINDOWS\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation
C:\WINDOWS\system32\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Subscription\EnableLicenseAcquisition - %SystemRoot%\system32\ClipRenew.exe -e
C:\WINDOWS\system32\tasks\Microsoft\Windows\Subscription\LicenseAcquisition - %SystemRoot%\system32\ClipRenew.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization - %windir%\system32\defrag.exe -c -h -g -# -m 8 -i 13500
C:\WINDOWS\system32\tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask - %windir%\system32\speech_onecore\common\SpeechModelDownload.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceManagerTask - %windir%\system32\spaceman.exe /Work
C:\WINDOWS\system32\tasks\Microsoft\Windows\SMB\UninstallSMB1ClientTask - %windir%\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& %windir%\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Client"
C:\WINDOWS\system32\tasks\Microsoft\Windows\SMB\UninstallSMB1ServerTask - %windir%\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& %windir%\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Server"
C:\WINDOWS\system32\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - %windir%\System32\wpcmon.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SharedPC\Account Cleanup - %windir%\System32\rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\rempl\shell-usoscan - %ProgramFiles%\rempl\remsh.exe /RunUsoScanOnly
C:\WINDOWS\system32\tasks\Microsoft\Windows\RemovalTools\MRT_HB - C:\WINDOWS\system32\MRT.exe /EHB /Q
C:\WINDOWS\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\PushToInstall\LoginCheck - %windir%\system32\sc.exe start pushtoinstall login
C:\WINDOWS\system32\tasks\Microsoft\Windows\PushToInstall\Registration - %windir%\system32\sc.exe start pushtoinstall registration
C:\WINDOWS\system32\tasks\Microsoft\Windows\Printing\EduPrintProv - %windir%\system32\eduprintprov.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\WINDOWS\system32\tasks\Microsoft\Windows\NlaSvc\WiFiTask - %SystemRoot%\System32\WiFiTask.exe nla
C:\WINDOWS\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\WINDOWS\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - %SystemRoot%\System32\MbaeParserTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Management\Provisioning\Cellular - %windir%\system32\ProvTool.exe /turn 7 /source CellStateChangeTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Management\Provisioning\Logon - %windir%\system32\ProvTool.exe /turn 5 /source LogonIdleTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotificationWindows.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\WindowsActionDialog - %windir%\System32\WindowsActionDialog.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClient - %windir%\system32\dmclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload - %windir%\system32\dmclient.exe utcwnf
C:\WINDOWS\system32\tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask - %windir%\system32\MDMAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DUSM\dusmtask - %SystemRoot%\System32\dusmtask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskFootprint\Diagnostics - %windir%\system32\disksnapshot.exe -z
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskCleanup\SilentCleanup - %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive%
C:\WINDOWS\system32\tasks\Microsoft\Windows\Device Information\Device - %windir%\system32\devicecensus.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -o -$
C:\WINDOWS\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Clip\License Validation - %SystemRoot%\system32\ClipUp.exe -p -s -o
C:\WINDOWS\system32\tasks\Microsoft\Windows\Chkdsk\SyspartRepair - %windir%\system32\bcdboot.exe %windir% /sysrepair
C:\WINDOWS\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - %windir%\system32\rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierdaily - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierinstall - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup - %windir%\system32\dstokenclean.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattelrunner.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\StartupAppTask - %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe

=========Google Chrome=========

C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Web Store 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty 0.10
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension coobgpohoikkiipiblmjeljniedjpjpf 1 Google Search 0.0.0.60
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension efaidnbmnnnibpcajpcglclefindmkaj 1 Adobe Acrobat 15.1.0.6
Extension ennkphjdgehloodpbhlhldgbnhmacadg 1 Settings 0.2
Extension felcaaldnbdncclmgdcncolpebgiejap 1 Tabuľky 1.2
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google v režime offline 1.4
Extension gpdjojdkbbmdfjfahjcgigfpmkopogic 1 Tlačidlo Uložiť na Pintereste 3.0.81
Extension jlhmfgmfgeifomenelglieieghnjghma 1 Cisco WebEx Extension 1.0.12
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.46
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mfffpogegjflfpflabcdkioaeobkgjik 1 GaiaAuthExtension 0.0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf 1 Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.6
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.3
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 6417.1211.0.0
Homepage: https://www.google.sk/
default_search_provider.search_url:
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj]
"Path"=


======Registry dump======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={33BB0A4E-99AF-4226-BDF6-49120163DE86}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"URL"=http://www.omniboxes.com/web/?type=ds&t ... earchTerms}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-10-18 473152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-10-18 186944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\Program Files\Windows Defender\MSASCuiL.exe [2017-09-29 488344]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2016-05-31 14696704]
"NvBackend"=C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2015-06-29 2585744]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]
"ShadowPlay"=C:\WINDOWS\system32\nvspcap.dll [2015-06-29 1278920]
"iSkysoft Helper Compact.exe"=C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2014-10-31 2066432]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2016-06-22 598552]
"egui"=C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe [2013-10-07 3159744]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\Marek\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2018-01-31 1554080]
"DAEMON Tools Lite Automount"=C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2015-06-18 3576664]

C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
appsql.exe - odkaz.lnk - \\MIRADSERVER\mksqlbin\exe\appsql.exe
Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
Mozilla Thunderbird.lnk - C:\Program Files\Mozilla Thunderbird\thunderbird.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=1
"EnableFullTrustStartupTasks"=2
"EnableUIADesktopToggle"=0
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1
"undockwithoutlogon"=1
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSimpleNetIDList"=1
"NoDriveTypeAutoRun"=221

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"StubPath"=%SystemRoot%\inf\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files\Google\Chrome\Application\64.0.3282.186\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.cvid"=iccvid.dll
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"vidc.XVID"=xvidvfw.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2018-03-01 07:43:56 ----D---- C:\rsit
2018-03-01 07:43:56 ----D---- C:\Program Files\trend micro
2018-02-14 11:51:49 ----A---- C:\WINDOWS\system32\drivers\appid.sys
2018-02-14 11:51:07 ----A---- C:\WINDOWS\system32\iernonce.dll
2018-02-14 11:51:06 ----A---- C:\WINDOWS\system32\iesetup.dll
2018-02-14 11:50:54 ----A---- C:\WINDOWS\system32\jsproxy.dll
2018-02-14 11:49:21 ----A---- C:\WINDOWS\system32\wuuhosdeployment.dll
2018-02-14 11:49:21 ----A---- C:\WINDOWS\system32\virtdisk.dll
2018-02-14 11:49:21 ----A---- C:\WINDOWS\system32\nlaapi.dll
2018-02-14 11:49:21 ----A---- C:\WINDOWS\system32\Chakradiag.dll
2018-02-14 11:49:21 ----A---- C:\WINDOWS\system32\evr.dll
2018-02-14 11:49:21 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-02-14 11:49:20 ----A---- C:\WINDOWS\system32\wuuhext.dll
2018-02-14 11:49:20 ----A---- C:\WINDOWS\system32\TileDataRepository.dll
2018-02-14 11:49:20 ----A---- C:\WINDOWS\system32\nshhttp.dll
2018-02-14 11:49:20 ----A---- C:\WINDOWS\system32\nlasvc.dll
2018-02-14 11:49:20 ----A---- C:\WINDOWS\system32\drivers\winnat.sys
2018-02-14 11:49:20 ----A---- C:\WINDOWS\system32\drivers\ndis.sys
2018-02-14 11:49:20 ----A---- C:\WINDOWS\system32\drivers\http.sys
2018-02-14 11:49:20 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-02-14 11:49:19 ----A---- C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-02-14 11:49:19 ----A---- C:\WINDOWS\system32\mfsvr.dll
2018-02-14 11:49:19 ----A---- C:\WINDOWS\system32\lsasrv.dll
2018-02-14 11:49:19 ----A---- C:\WINDOWS\system32\jscript9diag.dll
2018-02-14 11:49:19 ----A---- C:\WINDOWS\system32\edgeIso.dll
2018-02-14 11:49:19 ----A---- C:\WINDOWS\system32\drivers\mrxsmb.sys
2018-02-14 11:49:19 ----A---- C:\WINDOWS\system32\drivers\afd.sys
2018-02-14 11:49:18 ----A---- C:\WINDOWS\system32\WpAXHolder.dll
2018-02-14 11:49:18 ----A---- C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-02-14 11:49:18 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2018-02-14 11:49:17 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-02-14 11:49:16 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2018-02-14 11:49:15 ----A---- C:\WINDOWS\system32\wuaueng.dll
2018-02-14 11:49:14 ----A---- C:\WINDOWS\system32\dbgeng.dll
2018-02-14 11:49:13 ----A---- C:\WINDOWS\system32\sppsvc.exe
2018-02-14 11:49:12 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-02-14 11:49:12 ----A---- C:\WINDOWS\system32\AcGenral.dll
2018-02-14 11:49:11 ----A---- C:\WINDOWS\system32\dwmcore.dll
2018-02-14 11:49:10 ----A---- C:\WINDOWS\system32\wininet.dll
2018-02-14 11:49:10 ----A---- C:\WINDOWS\system32\drivers\tcpip.sys
2018-02-14 11:49:09 ----A---- C:\WINDOWS\system32\msIso.dll
2018-02-14 11:49:07 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2018-02-14 11:49:06 ----A---- C:\WINDOWS\system32\mfcore.dll
2018-02-14 11:49:06 ----A---- C:\WINDOWS\system32\jscript9.dll
2018-02-14 11:49:05 ----A---- C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-02-14 11:49:04 ----A---- C:\WINDOWS\system32\iertutil.dll
2018-02-14 11:49:03 ----A---- C:\WINDOWS\system32\mshtmled.dll
2018-02-14 11:49:02 ----A---- C:\WINDOWS\system32\edgehtml.dll
2018-02-14 11:49:02 ----A---- C:\WINDOWS\system32\dxtrans.dll
2018-02-14 11:48:58 ----A---- C:\WINDOWS\system32\Chakra.dll
2018-02-14 11:48:56 ----A---- C:\WINDOWS\system32\mshtml.dll
2018-02-14 11:48:54 ----A---- C:\WINDOWS\system32\win32kbase.sys
2018-02-14 11:48:54 ----A---- C:\WINDOWS\system32\tetheringservice.dll
2018-02-14 11:48:54 ----A---- C:\WINDOWS\system32\StorSvc.dll
2018-02-14 11:48:54 ----A---- C:\WINDOWS\system32\CloudExperienceHost.dll
2018-02-14 11:48:54 ----A---- C:\WINDOWS\system32\audiosrv.dll
2018-02-14 11:48:54 ----A---- C:\WINDOWS\system32\AudioEng.dll
2018-02-14 11:48:54 ----A---- C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-02-14 11:48:54 ----A---- C:\WINDOWS\system32\audiodg.exe
2018-02-14 11:48:54 ----A---- C:\WINDOWS\system32\AppLockerCSP.dll
2018-02-14 11:48:53 ----A---- C:\WINDOWS\system32\WebRuntimeManager.dll
2018-02-14 11:48:53 ----A---- C:\WINDOWS\system32\InputService.dll
2018-02-14 11:48:53 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2018-02-14 11:48:53 ----A---- C:\WINDOWS\system32\halmacpi.dll
2018-02-14 11:48:53 ----A---- C:\WINDOWS\system32\AudioSes.dll
2018-02-14 11:48:52 ----A---- C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-02-14 11:48:52 ----A---- C:\WINDOWS\system32\mfps.dll
2018-02-14 11:48:52 ----A---- C:\WINDOWS\system32\MFMediaEngine.dll
2018-02-14 11:48:52 ----A---- C:\WINDOWS\system32\ISM.dll
2018-02-14 11:48:52 ----A---- C:\WINDOWS\system32\bisrv.dll
2018-02-14 11:48:51 ----A---- C:\WINDOWS\system32\win32kfull.sys
2018-02-14 11:48:51 ----A---- C:\WINDOWS\system32\hal.dll
2018-02-14 11:48:51 ----A---- C:\WINDOWS\system32\drivers\npfs.sys
2018-02-14 11:48:50 ----A---- C:\WINDOWS\system32\ntdll.dll
2018-02-14 11:48:50 ----A---- C:\WINDOWS\system32\drivers\pci.sys
2018-02-14 11:48:50 ----A---- C:\WINDOWS\system32\drivers\ksecpkg.sys
2018-02-14 11:48:50 ----A---- C:\WINDOWS\system32\drivers\ks.sys
2018-02-14 11:48:50 ----A---- C:\WINDOWS\system32\drivers\clfs.sys
2018-02-14 11:48:49 ----A---- C:\WINDOWS\system32\urlmon.dll
2018-02-14 11:48:49 ----A---- C:\WINDOWS\system32\msfeeds.dll
2018-02-14 11:48:49 ----A---- C:\WINDOWS\system32\ieproxy.dll
2018-02-14 11:48:49 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2018-02-14 11:48:48 ----A---- C:\WINDOWS\system32\Windows.Media.dll
2018-02-14 11:48:48 ----A---- C:\WINDOWS\system32\modernexecserver.dll
2018-02-14 11:48:47 ----A---- C:\WINDOWS\system32\Windows.UI.Immersive.dll
2018-02-14 11:48:47 ----A---- C:\WINDOWS\system32\twinui.pcshell.dll
2018-02-14 11:48:47 ----A---- C:\WINDOWS\system32\LogonController.dll
2018-02-14 11:48:47 ----A---- C:\WINDOWS\system32\LockAppBroker.dll
2018-02-14 11:48:46 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2018-02-14 11:48:44 ----A---- C:\WINDOWS\system32\windows.storage.dll
2018-02-14 11:48:44 ----A---- C:\WINDOWS\system32\ExplorerFrame.dll
2018-02-14 11:48:43 ----A---- C:\WINDOWS\system32\twinui.dll
2018-02-14 11:48:43 ----A---- C:\WINDOWS\system32\comdlg32.dll
2018-02-14 11:48:42 ----A---- C:\WINDOWS\system32\ieframe.dll
2018-02-14 11:48:42 ----A---- C:\WINDOWS\explorer.exe
2018-02-14 11:48:41 ----A---- C:\WINDOWS\system32\shell32.dll
2018-02-14 11:48:29 ----A---- C:\WINDOWS\system32\SRH.dll
2018-02-14 11:48:28 ----A---- C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2018-02-14 11:48:28 ----A---- C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-02-14 11:48:28 ----A---- C:\WINDOWS\system32\d3d11.dll
2018-02-14 11:48:27 ----A---- C:\WINDOWS\system32\winresume.exe
2018-02-14 11:48:27 ----A---- C:\WINDOWS\system32\winload.exe
2018-02-14 11:48:27 ----A---- C:\WINDOWS\system32\drivers\vhdmp.sys
2018-02-14 11:48:27 ----A---- C:\WINDOWS\system32\drivers\fvevol.sys
2018-02-14 11:48:27 ----A---- C:\WINDOWS\system32\drivers\cldflt.sys
2018-02-14 11:48:26 ----A---- C:\WINDOWS\system32\UpdateAgent.dll
2018-02-14 11:48:26 ----A---- C:\WINDOWS\system32\RecoveryDrive.exe
2018-02-14 11:48:26 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2018-02-14 11:48:26 ----A---- C:\WINDOWS\system32\ci.dll
2018-02-14 11:48:25 ----A---- C:\WINDOWS\system32\win32appinventorycsp.dll
2018-02-14 11:48:25 ----A---- C:\WINDOWS\system32\vac.exe
2018-02-14 11:48:25 ----A---- C:\WINDOWS\system32\ucrtbase.dll
2018-02-14 11:48:25 ----A---- C:\WINDOWS\system32\AppVEntSubsystems32.dll
2018-02-14 11:48:24 ----A---- C:\WINDOWS\system32\generaltel.dll
2018-02-14 11:48:24 ----A---- C:\WINDOWS\system32\devinv.dll
2018-02-14 11:48:24 ----A---- C:\WINDOWS\system32\AppVOrchestration.dll
2018-02-14 11:48:24 ----A---- C:\WINDOWS\system32\AppVCatalog.dll
2018-02-14 11:48:24 ----A---- C:\WINDOWS\system32\appraiser.dll
2018-02-14 11:48:24 ----A---- C:\WINDOWS\system32\acmigration.dll
2018-02-14 11:48:23 ----A---- C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-02-14 11:48:23 ----A---- C:\WINDOWS\system32\TokenBroker.dll
2018-02-14 11:48:23 ----A---- C:\WINDOWS\system32\sppobjs.dll
2018-02-14 11:48:23 ----A---- C:\WINDOWS\system32\ipnathlp.dll
2018-02-14 11:48:23 ----A---- C:\WINDOWS\system32\InstallService.dll
2018-02-14 11:48:23 ----A---- C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2018-02-14 11:48:23 ----A---- C:\WINDOWS\system32\browserbroker.dll
2018-02-14 11:48:23 ----A---- C:\WINDOWS\system32\AppVEntVirtualization.dll
2018-02-14 11:48:22 ----A---- C:\WINDOWS\system32\wimserv.exe
2018-02-14 11:48:22 ----A---- C:\WINDOWS\system32\wimgapi.dll
2018-02-14 11:48:22 ----A---- C:\WINDOWS\system32\usocore.dll
2018-02-14 11:48:22 ----A---- C:\WINDOWS\system32\updatepolicy.dll
2018-02-14 11:48:22 ----A---- C:\WINDOWS\system32\SecurityHealthService.exe
2018-02-14 11:48:22 ----A---- C:\WINDOWS\system32\rascustom.dll
2018-02-14 11:48:22 ----A---- C:\WINDOWS\system32\efscore.dll
2018-02-14 11:48:22 ----A---- C:\WINDOWS\system32\drivers\dxgmms2.sys
2018-02-14 11:48:22 ----A---- C:\WINDOWS\system32\dnsapi.dll
2018-02-14 11:48:22 ----A---- C:\WINDOWS\system32\AppVIntegration.dll
2018-02-14 11:48:22 ----A---- C:\WINDOWS\system32\AppVEntSubsystemController.dll
2018-02-14 11:48:22 ----A---- C:\WINDOWS\system32\AppVEntStreamingManager.dll
2018-02-14 11:48:21 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2018-02-14 11:48:21 ----A---- C:\WINDOWS\system32\usercpl.dll
2018-02-14 11:48:21 ----A---- C:\WINDOWS\system32\pcasvc.dll
2018-02-14 11:48:21 ----A---- C:\WINDOWS\system32\msmpeg2vdec.dll
2018-02-14 11:48:21 ----A---- C:\WINDOWS\system32\AUDIOKSE.dll
2018-02-14 11:48:21 ----A---- C:\WINDOWS\system32\AppVClient.exe
2018-02-14 11:48:21 ----A---- C:\WINDOWS\system32\aeinv.dll
2018-02-14 11:48:20 ----A---- C:\WINDOWS\system32\webplatstorageserver.dll
2018-02-14 11:48:20 ----A---- C:\WINDOWS\system32\StateRepository.Core.dll
2018-02-14 11:48:20 ----A---- C:\WINDOWS\system32\sppwinob.dll
2018-02-14 11:48:20 ----A---- C:\WINDOWS\system32\rtmpltfm.dll
2018-02-14 11:48:20 ----A---- C:\WINDOWS\system32\ncsi.dll
2018-02-14 11:48:20 ----A---- C:\WINDOWS\system32\AppVReporting.dll
2018-02-14 11:48:19 ----A---- C:\WINDOWS\system32\Windows.StateRepository.dll
2018-02-14 11:48:19 ----A---- C:\WINDOWS\system32\mssrch.dll
2018-02-14 11:48:18 ----A---- C:\WINDOWS\system32\tquery.dll
2018-02-14 11:48:18 ----A---- C:\WINDOWS\system32\AppVPublishing.dll
2018-02-14 11:48:17 ----A---- C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-02-14 11:48:17 ----A---- C:\WINDOWS\system32\rasapi32.dll
2018-02-14 11:48:17 ----A---- C:\WINDOWS\system32\MusNotification.exe
2018-02-14 11:48:17 ----A---- C:\WINDOWS\system32\MSVP9DEC.dll
2018-02-14 11:48:17 ----A---- C:\WINDOWS\system32\FSClient.dll
2018-02-14 11:48:17 ----A---- C:\WINDOWS\system32\ClipSVC.dll
2018-02-14 11:48:17 ----A---- C:\WINDOWS\system32\aepic.dll
2018-02-14 11:48:16 ----A---- C:\WINDOWS\system32\xpsrchvw.exe
2018-02-14 11:48:16 ----A---- C:\WINDOWS\system32\Wpc.dll
2018-02-14 11:48:16 ----A---- C:\WINDOWS\system32\MusNotificationUx.exe
2018-02-14 11:48:16 ----A---- C:\WINDOWS\system32\invagent.dll
2018-02-14 11:48:16 ----A---- C:\WINDOWS\system32\dcntel.dll
2018-02-14 11:48:15 ----A---- C:\WINDOWS\system32\StructuredQuery.dll
2018-02-14 11:48:15 ----A---- C:\WINDOWS\system32\mmcndmgr.dll
2018-02-14 11:48:15 ----A---- C:\WINDOWS\system32\D3D12.dll
2018-02-14 11:48:15 ----A---- C:\WINDOWS\system32\cldapi.dll
2018-02-14 11:48:15 ----A---- C:\WINDOWS\system32\aitstatic.exe
2018-02-14 11:48:14 ----A---- C:\WINDOWS\system32\wpncore.dll
2018-02-14 11:48:14 ----A---- C:\WINDOWS\system32\WpcMon.exe
2018-02-14 11:48:14 ----A---- C:\WINDOWS\system32\wcimage.dll
2018-02-14 11:48:14 ----A---- C:\WINDOWS\system32\VSSVC.exe
2018-02-14 11:48:14 ----A---- C:\WINDOWS\system32\uDWM.dll
2018-02-14 11:48:14 ----A---- C:\WINDOWS\system32\Taskmgr.exe
2018-02-14 11:48:14 ----A---- C:\WINDOWS\system32\rtmpal.dll
2018-02-14 11:48:14 ----A---- C:\WINDOWS\system32\mmc.exe
2018-02-14 11:48:14 ----A---- C:\WINDOWS\system32\CompatTelRunner.exe
2018-02-14 11:48:13 ----A---- C:\WINDOWS\system32\setupapi.dll
2018-02-14 11:48:13 ----A---- C:\WINDOWS\system32\lsm.dll
2018-02-14 11:48:13 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2018-02-14 11:48:12 ----A---- C:\WINDOWS\system32\Windows.UI.Search.dll
2018-02-14 11:48:12 ----A---- C:\WINDOWS\system32\FntCache.dll
2018-02-14 11:48:12 ----A---- C:\WINDOWS\system32\authui.dll
2018-02-14 11:48:11 ----A---- C:\WINDOWS\system32\wuauclt.exe
2018-02-14 11:48:11 ----A---- C:\WINDOWS\system32\wintrust.dll
2018-02-14 11:48:11 ----A---- C:\WINDOWS\system32\Windows.StateRepositoryPS.dll
2018-02-14 11:48:11 ----A---- C:\WINDOWS\system32\shutdownux.dll
2018-02-14 11:48:11 ----A---- C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-02-14 11:48:11 ----A---- C:\WINDOWS\system32\SearchIndexer.exe
2018-02-14 11:48:11 ----A---- C:\WINDOWS\system32\rtmcodecs.dll
2018-02-14 11:48:11 ----A---- C:\WINDOWS\system32\policymanager.dll
2018-02-14 11:48:11 ----A---- C:\WINDOWS\system32\msvcp_win.dll
2018-02-14 11:48:11 ----A---- C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-02-14 11:48:11 ----A---- C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-02-14 11:48:10 ----A---- C:\WINDOWS\system32\Windows.Payments.dll
2018-02-14 11:48:10 ----A---- C:\WINDOWS\system32\winbrand.dll
2018-02-14 11:48:10 ----A---- C:\WINDOWS\system32\UserLanguagesCpl.dll
2018-02-14 11:48:10 ----A---- C:\WINDOWS\system32\SEMgrSvc.dll
2018-02-14 11:48:10 ----A---- C:\WINDOWS\system32\rdpcorets.dll
2018-02-14 11:48:10 ----A---- C:\WINDOWS\system32\rasdlg.dll
2018-02-14 11:48:10 ----A---- C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2018-02-14 11:48:10 ----A---- C:\WINDOWS\system32\LicensingWinRT.dll
2018-02-14 11:48:10 ----A---- C:\WINDOWS\system32\drivers\sdstor.sys
2018-02-14 11:48:10 ----A---- C:\WINDOWS\system32\drivers\dxgmms1.sys
2018-02-14 11:48:09 ----A---- C:\WINDOWS\system32\WMVXENCD.DLL
2018-02-14 11:48:09 ----A---- C:\WINDOWS\system32\TransportDSA.dll
2018-02-14 11:48:09 ----A---- C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2018-02-14 11:48:09 ----A---- C:\WINDOWS\system32\srcore.dll
2018-02-14 11:48:09 ----A---- C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-02-14 11:48:09 ----A---- C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-02-14 11:48:09 ----A---- C:\WINDOWS\system32\mfsensorgroup.dll
2018-02-14 11:48:09 ----A---- C:\WINDOWS\system32\localspl.dll
2018-02-14 11:48:09 ----A---- C:\WINDOWS\system32\FrameServer.dll
2018-02-14 11:48:09 ----A---- C:\WINDOWS\system32\efswrt.dll
2018-02-14 11:48:09 ----A---- C:\WINDOWS\system32\drivers\netio.sys
2018-02-14 11:48:09 ----A---- C:\WINDOWS\system32\DeviceCensus.exe
2018-02-14 11:48:08 ----A---- C:\WINDOWS\system32\wldp.dll
2018-02-14 11:48:08 ----A---- C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2018-02-14 11:48:08 ----A---- C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2018-02-14 11:48:08 ----A---- C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2018-02-14 11:48:08 ----A---- C:\WINDOWS\system32\webio.dll
2018-02-14 11:48:08 ----A---- C:\WINDOWS\system32\updatehandlers.dll
2018-02-14 11:48:08 ----A---- C:\WINDOWS\system32\sppcomapi.dll
2018-02-14 11:48:08 ----A---- C:\WINDOWS\system32\SettingSync.dll
2018-02-14 11:48:08 ----A---- C:\WINDOWS\system32\rtmmvrortc.dll
2018-02-14 11:48:08 ----A---- C:\WINDOWS\system32\rasmans.dll
2018-02-14 11:48:08 ----A---- C:\WINDOWS\system32\ortcengine.dll
2018-02-14 11:48:08 ----A---- C:\WINDOWS\system32\NetSetupSvc.dll
2018-02-14 11:48:08 ----A---- C:\WINDOWS\system32\Magnify.exe
2018-02-14 11:48:08 ----A---- C:\WINDOWS\system32\gameux.dll
2018-02-14 11:48:08 ----A---- C:\WINDOWS\system32\drivers\msiscsi.sys
2018-02-14 11:48:08 ----A---- C:\WINDOWS\system32\drivers\hidparse.sys
2018-02-14 11:48:08 ----A---- C:\WINDOWS\system32\CloudNotifications.exe
2018-02-14 11:48:08 ----A---- C:\WINDOWS\system32\AppVScripting.dll
2018-02-14 11:48:07 ----A---- C:\WINDOWS\system32\WMVSENCD.DLL
2018-02-14 11:48:07 ----A---- C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2018-02-14 11:48:07 ----A---- C:\WINDOWS\system32\WebClnt.dll
2018-02-14 11:48:07 ----A---- C:\WINDOWS\system32\wbiosrvc.dll
2018-02-14 11:48:07 ----A---- C:\WINDOWS\system32\vssapi.dll
2018-02-14 11:48:07 ----A---- C:\WINDOWS\system32\twinapi.dll
2018-02-14 11:48:07 ----A---- C:\WINDOWS\system32\SyncCenter.dll
2018-02-14 11:48:07 ----A---- C:\WINDOWS\system32\sud.dll
2018-02-14 11:48:07 ----A---- C:\WINDOWS\system32\rdpudd.dll
2018-02-14 11:48:07 ----A---- C:\WINDOWS\system32\rastls.dll
2018-02-14 11:48:07 ----A---- C:\WINDOWS\system32\rasgcw.dll
2018-02-14 11:48:07 ----A---- C:\WINDOWS\system32\PCShellCommonProxyStub.dll
2018-02-14 11:48:07 ----A---- C:\WINDOWS\system32\netlogon.dll
2018-02-14 11:48:07 ----A---- C:\WINDOWS\system32\InputSwitch.dll
2018-02-14 11:48:07 ----A---- C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-02-14 11:48:07 ----A---- C:\WINDOWS\system32\edputil.dll
2018-02-14 11:48:07 ----A---- C:\WINDOWS\system32\DeviceReactivation.dll
2018-02-14 11:48:07 ----A---- C:\WINDOWS\system32\cscui.dll
2018-02-14 11:48:07 ----A---- C:\WINDOWS\system32\bcastdvr.exe
2018-02-14 11:48:07 ----A---- C:\WINDOWS\system32\AppVClientPS.dll
2018-02-14 11:48:06 ----A---- C:\WINDOWS\system32\zipfldr.dll
2018-02-14 11:48:06 ----A---- C:\WINDOWS\system32\winsku.dll
2018-02-14 11:48:06 ----A---- C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2018-02-14 11:48:06 ----A---- C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-02-14 11:48:06 ----A---- C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-02-14 11:48:06 ----A---- C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2018-02-14 11:48:06 ----A---- C:\WINDOWS\system32\twext.dll
2018-02-14 11:48:06 ----A---- C:\WINDOWS\system32\shsetup.dll
2018-02-14 11:48:06 ----A---- C:\WINDOWS\system32\SharedPCCSP.dll
2018-02-14 11:48:06 ----A---- C:\WINDOWS\system32\SearchProtocolHost.exe
2018-02-14 11:48:06 ----A---- C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-02-14 11:48:06 ----A---- C:\WINDOWS\system32\OneCoreCommonProxyStub.dll
2018-02-14 11:48:06 ----A---- C:\WINDOWS\system32\mssvp.dll
2018-02-14 11:48:06 ----A---- C:\WINDOWS\system32\mssprxy.dll
2018-02-14 11:48:06 ----A---- C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-02-14 11:48:06 ----A---- C:\WINDOWS\system32\FontProvider.dll
2018-02-14 11:48:06 ----A---- C:\WINDOWS\system32\EdgeManager.dll
2018-02-14 11:48:06 ----A---- C:\WINDOWS\system32\drivers\mskssrv.sys
2018-02-14 11:48:06 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2018-02-14 11:48:06 ----A---- C:\WINDOWS\system32\DevicePairing.dll
2018-02-14 11:48:06 ----A---- C:\WINDOWS\system32\davclnt.dll
2018-02-14 11:48:06 ----A---- C:\WINDOWS\system32\AppManagementConfiguration.dll
2018-02-14 11:48:05 ----A---- C:\WINDOWS\system32\wups2.dll
2018-02-14 11:48:05 ----A---- C:\WINDOWS\system32\Windows.Media.Playback.ProxyStub.dll
2018-02-14 11:48:05 ----A---- C:\WINDOWS\system32\SettingsHandlers_User.dll
2018-02-14 11:48:05 ----A---- C:\WINDOWS\system32\sendmail.dll
2018-02-14 11:48:05 ----A---- C:\WINDOWS\system32\SearchFilterHost.exe
2018-02-14 11:48:05 ----A---- C:\WINDOWS\system32\regsvr32.exe
2018-02-14 11:48:05 ----A---- C:\WINDOWS\system32\netplwiz.dll
2018-02-14 11:48:05 ----A---- C:\WINDOWS\system32\musdialoghandlers.dll
2018-02-14 11:48:05 ----A---- C:\WINDOWS\system32\mspaint.exe
2018-02-14 11:48:05 ----A---- C:\WINDOWS\system32\mmcbase.dll
2018-02-14 11:48:05 ----A---- C:\WINDOWS\system32\ListSvc.dll
2018-02-14 11:48:05 ----A---- C:\WINDOWS\system32\hgcpl.dll
2018-02-14 11:48:05 ----A---- C:\WINDOWS\system32\eShims.dll
2018-02-14 11:48:05 ----A---- C:\WINDOWS\system32\EnterpriseAppMgmtClient.dll
2018-02-14 11:48:05 ----A---- C:\WINDOWS\system32\AppxSysprep.dll
2018-02-14 11:48:05 ----A---- C:\WINDOWS\system32\AppCapture.dll
2018-02-14 11:48:04 ----A---- C:\WINDOWS\system32\tzres.dll
2018-02-14 11:48:04 ----A---- C:\WINDOWS\system32\EditionUpgradeHelper.dll
2018-02-14 11:48:04 ----A---- C:\WINDOWS\system32\authz.dll
2018-02-14 10:23:05 ----D---- C:\Users\Marek\AppData\Roaming\webex
2018-02-14 10:22:28 ----D---- C:\ProgramData\WebEx
2018-02-07 08:54:15 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe

======List of files/folders modified in the last 1 month======

2018-03-01 07:43:56 ----RD---- C:\Program Files
2018-03-01 07:43:46 ----D---- C:\WINDOWS\Temp
2018-03-01 07:35:56 ----D---- C:\WINDOWS\system32\SleepStudy
2018-03-01 07:10:08 ----D---- C:\WINDOWS\system32\sru
2018-03-01 07:06:10 ----D---- C:\WINDOWS\system32\LogFiles
2018-03-01 07:06:10 ----D---- C:\WINDOWS\Logs
2018-03-01 07:06:09 ----D---- C:\Windows
2018-03-01 07:05:29 ----RD---- C:\WINDOWS\Microsoft.NET
2018-03-01 07:04:15 ----D---- C:\WINDOWS\Prefetch
2018-03-01 07:04:06 ----SHD---- C:\WINDOWS\Installer
2018-03-01 07:04:05 ----D---- C:\WINDOWS\system32\Tasks
2018-02-28 06:33:18 ----D---- C:\WINDOWS\System32
2018-02-28 06:33:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2018-02-28 06:26:45 ----D---- C:\ProgramData\NVIDIA
2018-02-27 10:08:01 ----D---- C:\WINDOWS\system32\config
2018-02-27 06:22:18 ----D---- C:\WINDOWS\AppReadiness
2018-02-23 07:51:01 ----SHD---- C:\System Volume Information
2018-02-22 07:12:48 ----D---- C:\WINDOWS\DeliveryOptimization
2018-02-22 07:11:53 ----HD---- C:\Program Files\WindowsApps
2018-02-21 15:11:24 ----D---- C:\WINDOWS\system32\DriverStore
2018-02-21 14:07:27 ----D---- C:\WINDOWS\WinSxS
2018-02-19 15:50:17 ----D---- C:\WINDOWS\rescache
2018-02-19 15:26:31 ----D---- C:\WINDOWS\INF
2018-02-16 17:42:34 ----SHD---- C:\Boot
2018-02-16 17:41:46 ----D---- C:\WINDOWS\system32\drivers
2018-02-16 17:40:47 ----D---- C:\WINDOWS\system32\catroot2
2018-02-16 17:39:47 ----D---- C:\WINDOWS\TextInput
2018-02-16 17:39:44 ----D---- C:\WINDOWS\system32\wbem
2018-02-16 17:39:44 ----D---- C:\WINDOWS\system32\oobe
2018-02-16 17:39:44 ----D---- C:\WINDOWS\system32\migration
2018-02-16 17:39:44 ----D---- C:\WINDOWS\system32\Boot
2018-02-16 17:39:44 ----D---- C:\WINDOWS\system32\appraiser
2018-02-16 17:39:36 ----D---- C:\WINDOWS\ShellExperiences
2018-02-16 17:39:36 ----D---- C:\WINDOWS\PolicyDefinitions
2018-02-16 17:39:34 ----D---- C:\WINDOWS\bcastdvr
2018-02-16 17:39:34 ----D---- C:\WINDOWS\AppPatch
2018-02-16 17:39:24 ----D---- C:\WINDOWS\system32\drivers\UMDF
2018-02-16 15:31:22 ----AD---- C:\Program Files\TeamViewer
2018-02-16 06:54:51 ----D---- C:\ProgramData\Microsoft Help
2018-02-14 12:09:16 ----D---- C:\WINDOWS\system32\MRT
2018-02-14 12:00:33 ----AC---- C:\WINDOWS\system32\MRT-KB890830.exe
2018-02-14 12:00:23 ----AC---- C:\WINDOWS\system32\MRT.exe
2018-02-14 11:54:37 ----D---- C:\WINDOWS\CbsTemp
2018-02-14 10:22:29 ----D---- C:\Users\Marek\AppData\Roaming\Mozilla
2018-02-14 10:22:28 ----HD---- C:\ProgramData
2018-02-12 07:13:54 ----D---- C:\Windows.old
2018-02-06 07:12:37 ----D---- C:\Program Files\Mozilla Maintenance Service
2018-02-06 07:12:36 ----AD---- C:\Program Files\Mozilla Thunderbird
2018-02-02 15:51:09 ----RD---- C:\WINDOWS\assembly

File C:\WINDOWS\system32\winlogon.exe is digitally signed
File C:\WINDOWS\system32\wininit.exe is digitally signed
File C:\WINDOWS\explorer.exe is digitally signed
File C:\WINDOWS\system32\svchost.exe is digitally signed
File C:\WINDOWS\system32\services.exe is digitally signed
File C:\WINDOWS\system32\User32.dll is digitally signed
File C:\WINDOWS\system32\userinit.exe is digitally signed
File C:\WINDOWS\system32\rpcss.dll is digitally signed
File C:\WINDOWS\system32\Drivers\volsnap.sys is digitally signed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 edevmon;edevmon; C:\WINDOWS\system32\DRIVERS\edevmon.sys [2013-09-09 173864]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\WINDOWS\system32\drivers\iorate.sys [2017-09-29 43552]
R0 MsSecFlt;@%SystemRoot%\System32\Drivers\mssecflt.sys,-1001; C:\WINDOWS\system32\drivers\mssecflt.sys [2017-09-30 210328]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\WINDOWS\system32\drivers\bam.sys [2018-01-01 49560]
R1 eamonm;eamonm; C:\WINDOWS\system32\DRIVERS\eamonm.sys [2013-10-25 177472]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2013-09-09 128056]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\WINDOWS\system32\drivers\HWiNFO32.SYS [2015-11-23 23840]
R2 CldFlt;Windows Cloud Files Filter Driver; C:\WINDOWS\system32\drivers\cldflt.sys [2018-02-10 308736]
R2 DLPortIO;DriverLINX Port I/O Driver; C:\WINDOWS\system32\drivers\DLPortIO.sys [1996-09-27 3584]
R2 DriverX;DriverX; C:\WINDOWS\System32\Drivers\driverx.sys [2001-06-11 52512]
R2 epfwwfpr;epfwwfpr; C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys [2013-09-09 113088]
R2 NPF;Sadp Driver (NPF); \??\C:\WINDOWS\system32\drivers\npf.sys [2016-08-17 36600]
R2 Parvdm;Parvdm; C:\WINDOWS\System32\drivers\parvdm.sys [2017-09-29 9216]
R3 AtcL001;@netl160x.inf,%AtcL001.Service.DispName%;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\WINDOWS\System32\drivers\l160x86.sys [2017-09-29 55808]
R3 dtlitescsibus;@oem16.inf,%DTLITESCSIBUS.DeviceDesc%;DAEMON Tools Lite Virtual SCSI Bus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [2015-10-27 25016]
R3 MTsensor;@oem29.inf,%ASACPI.DisplayName%;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys [2016-12-09 10720832]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-09-29 56728]
S0 Ramdisk;Windows RAM Disk Driver; C:\WINDOWS\system32\DRIVERS\ramdisk.sys [2017-09-29 32152]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2017-09-29 13312]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2017-09-29 13312]
S3 AppvStrm;@%systemroot%\system32\drivers\AppvStrm.sys,-101; C:\WINDOWS\system32\drivers\AppvStrm.sys [2017-09-30 92056]
S3 AppvVemgr;@%systemroot%\system32\drivers\AppvVemgr.sys,-101; C:\WINDOWS\system32\drivers\AppvVemgr.sys [2017-09-30 116632]
S3 AppvVfs;@%systemroot%\system32\drivers\AppvVfs.sys,-101; C:\WINDOWS\system32\drivers\AppvVfs.sys [2017-09-30 109464]
S3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\WINDOWS\System32\drivers\CAD.sys [2017-09-29 51608]
S3 GPIO;@iaiogpio.inf,%GPIO.SVCDESC%;Intel SoC GPIO Controller Driver; C:\WINDOWS\System32\drivers\iaiogpio.sys [2017-09-29 22016]
S3 HTCAND32;HTC Device Driver; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [2016-04-19 30248]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\WINDOWS\System32\Drivers\mshwnclx.sys [2017-09-29 18944]
S3 HyperVideo;HyperVideo; C:\WINDOWS\System32\drivers\HyperVideo.sys [2018-01-01 21504]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2017-09-29 28672]
S3 iaioi2c;@iaioi2c.inf,%Driver_Service.Desc%;Intel(R) Atom(TM) Processor I2C Controller Service; C:\WINDOWS\System32\drivers\iaioi2c.sys [2017-09-29 57856]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2017-09-29 30208]
S3 IPT;IPT; C:\WINDOWS\System32\drivers\ipt.sys [2017-09-29 19456]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2018-01-01 92672]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\WINDOWS\System32\drivers\mausbhost.sys [2017-09-29 405024]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\WINDOWS\System32\drivers\mausbip.sys [2017-09-29 42904]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2017-09-29 91648]
S3 netvsc;netvsc; C:\WINDOWS\System32\drivers\netvsc.sys [2018-01-01 136192]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\WINDOWS\System32\drivers\pnpmem.sys [2017-09-29 13312]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\WINDOWS\System32\drivers\rhproxy.sys [2017-09-29 71680]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\WINDOWS\system32\drivers\tsusbhub.sys [2017-09-30 89600]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension; C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys [2017-09-29 100864]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CDPUserSvc_947533;Connected Devices Platform User Service_947533; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p;"ServiceDll"=%SystemRoot%\System32\dusmsvc.dll
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Endpoint Antivirus\ekrn.exe [2013-10-07 1025584]
R2 fixperienceUpdateSvc;fischer FIXPERIENCE Update Service; C:\Program Files\fischer\FIXPERIENCE\Update\fischer.Update.Service.exe [2017-02-13 5255680]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvvsvc.exe [2016-11-14 677312]
R2 OneSyncSvc_947533;Sync Host_947533; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
R2 PSI_SVC_2;Corel License Validation Service V2, Powered by arvato; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2013-09-13 277360]
R2 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\WINDOWS\system32\SecurityHealthService.exe [2018-02-10 414824]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2016-11-14 426040]
R2 TeamViewer;TeamViewer 12; C:\Program Files\TeamViewer\TeamViewer_Service.exe [2017-12-18 10803440]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; %SystemRoot%\system32\svchost.exe -k LocalService -p;"ServiceDll"=%SystemRoot%\system32\SEMgrSvc.dll
R3 TimeBrokerSvc;@%windir%\system32\TimeBrokerServer.dll,-1001; %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p;"ServiceDll"=%SystemRoot%\System32\TimeBrokerServer.dll
R3 TokenBroker;@%systemroot%\system32\tokenbroker.dll,-100; %SystemRoot%\system32\svchost.exe -k netsvcs -p;"ServiceDll"=%SystemRoot%\System32\TokenBroker.dll
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=%SystemRoot%\System32\CDPUserSvc.dll
S3 AssignedAccessManagerSvc;@%SystemRoot%\system32\assignedaccessmanagersvc.dll,-100; %SystemRoot%\system32\svchost.exe -k AssignedAccessManagerSvc;"ServiceDll"=%SystemRoot%\System32\assignedaccessmanagersvc.dll
S3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; %SystemRoot%\system32\svchost.exe -k appmodel -p;"ServiceDll"=%SystemRoot%\system32\CapabilityAccessManager.dll
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; %SystemRoot%\system32\svchost.exe -k DevicesFlow;"ServiceDll"=%SystemRoot%\System32\DevicesFlowBroker.dll
S3 DevicesFlowUserSvc_947533;DevicesFlow_947533; C:\WINDOWS\system32\svchost.exe -k DevicesFlow;"ServiceDll"=
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; %SystemRoot%\System32\svchost.exe -k diagnostics;"ServiceDll"=%systemroot%\system32\DiagSvc.dll
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe [2013-10-07 34296]
S3 ESHASRV;ESET SHA Service; C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe [2013-10-07 185104]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2018-01-26 43648]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; %SystemRoot%\System32\svchost.exe -k Camera;"ServiceDll"=%SystemRoot%\system32\FrameServer.dll
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; %SystemRoot%\System32\svchost.exe -k GraphicsPerfSvcGroup;"ServiceDll"=%SystemRoot%\System32\GraphicsPerfSvc.dll
S3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; %SystemRoot%\System32\svchost.exe -k netsvcs -p;"ServiceDll"=%SystemRoot%\system32\InstallService.dll
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p;"ServiceDll"=%SystemRoot%\System32\IpxlatCfg.dll
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p;"ServiceDll"=%SystemRoot%\System32\irmon.dll
S3 MessagingService_947533;MessagingService_947533; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; %SystemRoot%\system32\svchost.exe -k netsvcs -p;"ServiceDll"=%SystemRoot%\System32\NaturalAuth.dll
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2017-09-12 159960]
S3 PimIndexMaintenanceSvc_947533;Kontaktné údaje_947533; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; %SystemRoot%\system32\svchost.exe -k PrintWorkflow;"ServiceDll"=%SystemRoot%\System32\PrintWorkflowService.dll
S3 PrintWorkflowUserSvc_947533;PrintWorkflow_947533; C:\WINDOWS\system32\svchost.exe -k PrintWorkflow;"ServiceDll"=
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; %SystemRoot%\System32\svchost.exe -k netsvcs -p;"ServiceDll"=%SystemRoot%\system32\PushToInstall.dll
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\RMapi.dll
S3 Sense;@%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2018-01-26 2891976]
S3 SharedRealitySvc;@%SystemRoot%\system32\SharedRealitySvc.dll,-100; %SystemRoot%\system32\svchost.exe -k LocalService -p;"ServiceDll"=%SystemRoot%\System32\SharedRealitySvc.dll
S3 spectrum;@%systemroot%\system32\spectrum.exe,-101; C:\WINDOWS\system32\spectrum.exe [2018-01-01 661504]
S4 AppVClient;@%systemroot%\system32\AppVClient.exe,-102; C:\WINDOWS\system32\AppVClient.exe [2018-02-10 635800]
S4 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [2015-06-18 1034584]
S4 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-06-29 915600]
S4 LiveUpdateSvc;LiveUpdate; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2016-05-30 2960672]
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2018-02-06 175056]
S4 NvNetworkService;NVIDIA Network Service; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-06-29 1706128]
S4 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2015-06-29 19775632]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; %SystemRoot%\System32\svchost.exe -k netsvcs -p;"ServiceDll"=%systemroot%\system32\Windows.SharedPC.AccountManager.dll
S4 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

-----------------EOF-----------------

Re: preventivka

Napsal: 01 bře 2018 15:26
od Conder
Ahoj :)

:arrow: Odinstaluj vsetky programy od IObit (Advanced SystemCare, Driver Booster...) - su to cinske smejdy, ktore mozu poskodit system.

:arrow: Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
  • Uloz na plochu a ukonci vsetky programy
  • Spusti AdwCleaner ako spravca
  • Odsuhlas licencne podmienky
  • Klikni na Scan (Skenovanie) a pockaj na dokoncenie
  • Klikni na Clean (Cistenie) a potvrd kliknutim na OK
  • AdwCleaner si vyziada restart PC, potvrd kliknutim na Restart Now (Restartovat teraz)
  • Po dokonceni a restartovani PC vyskoci log, jeho obsah sem skopiruj

Re: preventivka

Napsal: 05 bře 2018 11:21
od butthead2507
dakujem velmi pekne ....
veci od IObit by mali byt vymazene

prikladam log :

# AdwCleaner 7.0.8.0 - Logfile created on Mon Mar 05 10:14:08 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 10 Pro (X86)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\ProgramData\IObit\Advanced SystemCare
Deleted: C:\Program Files\Common Files\IObit\Advanced SystemCare
Deleted: C:\Users\All Users\IObit\Advanced SystemCare
Deleted: C:\Users\Default\AppData\LocalLow\IObit\Advanced SystemCare
Deleted: C:\Users\Default\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\Users\Default User\AppData\LocalLow\IObit\Advanced SystemCare
Deleted: C:\Users\Default User\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\Users\Marek\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\ProgramData\IObit\Advanced SystemCare
Deleted: C:\Program Files\Common Files\IObit\Advanced SystemCare
Deleted: C:\Users\All Users\IObit\Advanced SystemCare
Deleted: C:\Users\Default\AppData\LocalLow\IObit\Advanced SystemCare
Deleted: C:\Users\Default\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\Users\Default User\AppData\LocalLow\IObit\Advanced SystemCare
Deleted: C:\Users\Default User\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\Users\Marek\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\ProgramData\IObit\Advanced SystemCare V8
Deleted: C:\Program Files\Common Files\IObit\Advanced SystemCare V8
Deleted: C:\Users\All Users\IObit\Advanced SystemCare V8
Deleted: C:\Users\Default\AppData\LocalLow\IObit\Advanced SystemCare V8
Deleted: C:\Users\Default\AppData\Roaming\IObit\Advanced SystemCare V8
Deleted: C:\Users\Default User\AppData\LocalLow\IObit\Advanced SystemCare V8
Deleted: C:\Users\Default User\AppData\Roaming\IObit\Advanced SystemCare V8
Deleted: C:\Users\Marek\AppData\LocalLow\IObit\Advanced SystemCare V8
Deleted: C:\Users\Marek\AppData\Roaming\IObit\Advanced SystemCare V8
Deleted: C:\Users\Marek\AppData\Roaming\eCyber
Deleted: C:\ProgramData\IObit\ASCDownloader
Deleted: C:\Users\All Users\IObit\ASCDownloader
Deleted: C:\Users\Marek\AppData\Roaming\Picexa Viewer
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
Deleted: C:\Users\Marek\AppData\Roaming\WinZipper
Deleted: C:\Users\Marek\AppData\Roaming\istartsurf
Deleted: C:\ProgramData\cWMiniProc
Deleted: C:\ProgramData\iWdsManProi
Deleted: C:\ProgramData\OWMiniProO
Deleted: C:\ProgramData\pWMiniProp


***** [ Files ] *****

Deleted: C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Deleted: C:\Users\All Users\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\winzipersvc
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKLM\SOFTWARE\IOBIT\ASC
Deleted: [Key] - HKLM\SOFTWARE\IObit\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\IObit\ASC
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
Deleted: [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect
Deleted: [Data] - HKCU\Software\Microsoft\Internet Explorer\Main|Search Page [http:\\www.omniboxes.com\web\?type=ds&ts=1448350672&z=a69274592a60da6d809a466g3z0zbb1c7w1e7qemdg&from=ient07031&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F2LR27TLR27TL&q={searchTerms}]
Deleted: [Data] - HKCU\Software\Microsoft\Internet Explorer\Main|Default_Page_URL [http:\\www.omniboxes.com\?type=hp&ts=1448350672&z=a69274592a60da6d809a466g3z0zbb1c7w1e7qemdg&from=ient07031&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F2LR27TLR27TL]
Deleted: [Data] - HKCU\Software\Microsoft\Internet Explorer\Main|Default_Search_URL [http:\\www.omniboxes.com\web\?type=ds&ts=1448350672&z=a69274592a60da6d809a466g3z0zbb1c7w1e7qemdg&from=ient07031&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F2LR27TLR27TL&q={searchTerms}]
Deleted: [Data] - HKCU\Software\Microsoft\Internet Explorer\Main|Start Page_TIMESTAMP [��累껎ǒ:\\www.omniboxes.com\web\?type=ds&ts=1448350672&z=a69274592a60da6d809a466g3z0zbb1c7w1e7qemdg&from=ient07031&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F2LR27TLR27TL&q={searchTerms}]
Deleted: [Data] - HKCU\Software\Microsoft\Internet Explorer\Main|SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms\browserpolicy [��累껎ǒ:\\www.omniboxes.com\web\?type=ds&ts=1448350672&z=a69274592a60da6d809a466g3z0zbb1c7w1e7qemdg&from=ient07031&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F2LR27TLR27TL&q={searchTerms}]
Deleted: [Data] - HKCU\Software\Microsoft\Internet Explorer\Main|IE11EdgeNotifyTime [♖죍璟Ǔ:\\www.omniboxes.com\web\?type=ds&ts=1448350672&z=a69274592a60da6d809a466g3z0zbb1c7w1e7qemdg&from=ient07031&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F2LR27TLR27TL&q={searchTerms}]
Deleted: [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL [http:\\www.omniboxes.com\?type=hp&ts=1448350672&z=a69274592a60da6d809a466g3z0zbb1c7w1e7qemdg&from=ient07031&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F2LR27TLR27TL]
Deleted: [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL [http:\\www.omniboxes.com\web\?type=ds&ts=1447136248&z=602ddb7cd201fa72a194b55gazez3magdcbq0ofofw&from=wpm07163&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F2LR27TLR27TL&q={searchTerms}]
Deleted: [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page [http:\\www.omniboxes.com\web\?type=ds&ts=1447136248&z=602ddb7cd201fa72a194b55gazez3magdcbq0ofofw&from=wpm07163&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F2LR27TLR27TL&q={searchTerms}]
Deleted: [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page [http:\\www.omniboxes.com\?type=hp&ts=1448350672&z=a69274592a60da6d809a466g3z0zbb1c7w1e7qemdg&from=ient07031&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F2LR27TLR27TL]
Deleted: [Key] - HKLM\SOFTWARE\hdcode
Deleted: [Key] - HKLM\SOFTWARE\V9
Deleted: [Key] - HKLM\SOFTWARE\TSv
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|CommonToolkitTray
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
Deleted: [Key] - HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper
Deleted: [Key] - HKLM\SOFTWARE\PicexaSvc
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKLM\SOFTWARE\istartsurfSoftware
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinZipper
Deleted: [Key] - HKLM\SOFTWARE\WdsManPro
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKU\.DEFAULT\Software\PRODUCTSETUP
Deleted: [Key] - HKU\S-1-5-18\Software\PRODUCTSETUP
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinZipper
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZipper.001
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZipper.7z
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZipper.arj
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZipper.bz2
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZipper.bzip2
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZipper.cab
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZipper.cpio
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZipper.deb
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZipper.dmg
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZipper.fat
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZipper.gz
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZipper.gzip
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZipper.hfs
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZipper.iso
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZipper.lha
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZipper.lzh
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZipper.lzma
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZipper.ntfs
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZipper.rar
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZipper.rpm
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZipper.squashfs
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZipper.swm
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZipper.tar
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZipper.taz
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZipper.tbz
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZipper.tbz2
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZipper.tgz
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZipper.tpz
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZipper.txz
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZipper.vhd
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZipper.wim
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZipper.xar
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZipper.xz
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZipper.z
Deleted: [Key] - HKLM\SOFTWARE\Classes\WinZipper.zip
Deleted: [Data] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinZipper|DisplayIcon []
Deleted: [Data] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinZipper|DisplayName []


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [11486 B] - [2018/3/5 10:13:5]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

Re: preventivka

Napsal: 05 bře 2018 15:27
od Conder
:arrow: Poprosim o obidva logy z FRST podla tohto navodu (FRST.txt a Addition.txt): https://forum.viry.cz/viewtopic.php?f=13&t=152707

:arrow: V pripade, ze sa FRSTLauncher nebude dat stiahnut alebo spustit, pouzi iba samotny FRST.

:arrow: Ak sa logy nezmestia do jedneho prispevku, zabal ich do archivu RAR alebo ZIP a posli ako prilohu.

Re: preventivka

Napsal: 06 bře 2018 09:36
od butthead2507
Dakujem

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04.03.2018
Ran by Marek (administrator) on PC-MAREL (06-03-2018 09:03:36)
Running from C:\Users\Marek\Desktop
Loaded Profiles: Marek (Available Profiles: Marek)
Platform: Microsoft Windows 10 Pro Version 1709 16299.248 (X86) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\ekrn.exe
(fischerwerke Gmbh & Co. KG) C:\Program Files\fischer\FIXPERIENCE\Update\fischer.Update.Service.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() \\MIRADSERVER\mksqlbin\exe\appsql.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [488344 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [14696704 2016-05-31] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-06-29] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe [3159744 2013-10-07] (ESET)
HKU\S-1-5-21-1090461368-3718612229-1242190663-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [3576664 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-1090461368-3718612229-1242190663-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [8003664 2018-02-07] (Piriform Ltd)
HKU\S-1-5-21-1090461368-3718612229-1242190663-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-1090461368-3718612229-1242190663-1001\...\MountPoints2: {dd82208f-72c6-11e7-8aab-001bfc2113bd} - "G:\HiSuiteDownLoader.exe"
Startup: C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\appsql.exe - odkaz.lnk [2017-01-17]
ShortcutTarget: appsql.exe - odkaz.lnk -> \\MIRADSERVER\mksqlbin\exe\appsql.exe (No File)
Startup: C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Chrome.lnk [2017-01-11]
ShortcutTarget: Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
Startup: C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk [2017-01-11]
ShortcutTarget: Mozilla Thunderbird.lnk -> C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 albert.apple.com
Tcpip\..\Interfaces\{ac49ff1d-f373-4efb-93a2-e0532eb61734}: [NameServer] 195.146.128.60,195.146.132.58,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1090461368-3718612229-1242190663-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.sk/
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.omniboxes.com/web/?type=ds&ts=14471 ... earchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.omniboxes.com/web/?type=ds&ts=14471 ... earchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-10-18] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-10-18] (Oracle Corporation)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-1090461368-3718612229-1242190663-1001 -> hxxp://www.omniboxes.com/?type=hp&ts=144835067 ... R27TLR27TL

FireFox:
========
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird
FF Extension: (ESET Endpoint Security Extension) - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird [2016-12-16] [Legacy] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-10-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-10-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: ditec.sk/DitecZepDViewerFb -> C:\ProgramData\Ditec\DViewer\npDitec.Zep.DViewerFb.dll [2015-03-20] (Ditec, a.s.)
FF Plugin HKU\S-1-5-21-1090461368-3718612229-1242190663-1001: ditec.sk/DitecZepDViewerFb -> C:\ProgramData\Ditec\DViewer\npDitec.Zep.DViewerFb.dll [2015-03-20] (Ditec, a.s.)
FF Plugin ProgramFiles/Appdata: C:\Users\Marek\AppData\Roaming\mozilla\plugins\npatgpc.dll [2018-02-14] (Cisco WebEx LLC)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.sk/
CHR StartupUrls: Default -> "hxxp://www.radia.sk/radia/fun.html","hxxp://mi ... google.sk/"
CHR Profile: C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default [2018-03-06]
CHR Extension: (Dokumenty) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Disk Google) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-11]
CHR Extension: (YouTube) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-11]
CHR Extension: (Google Search) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-11]
CHR Extension: (Adobe Acrobat) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-07]
CHR Extension: (Tabuľky) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Tlačidlo Uložiť na Pintereste) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-11-16]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2018-02-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-11]
CHR Extension: (Chrome Media Router) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-08]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1034584 2015-06-18] (Disc Soft Ltd)
S3 EhttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe [34296 2013-10-07] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\ekrn.exe [1025584 2013-10-07] (ESET)
S3 ESHASRV; C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe [185104 2013-10-07] (ESET)
R2 fixperienceUpdateSvc; C:\Program Files\fischer\FIXPERIENCE\Update\fischer.Update.Service.exe [5255680 2017-02-13] (fischerwerke Gmbh & Co. KG) [File not signed]
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915600 2015-06-29] (NVIDIA Corporation)
S4 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-06-29] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19775632 2015-06-29] (NVIDIA Corporation)
R2 PSI_SVC_2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [277360 2013-09-13] (arvato digital services llc)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2891976 2018-01-26] (Microsoft Corporation)
S4 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10803440 2017-12-18] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [279408 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [86696 2017-09-29] (Microsoft Corporation)
S4 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 DLPortIO; C:\WINDOWS\system32\Drivers\DLPortIO.sys [3584 1996-09-27] () [File not signed]
R2 DriverX; C:\WINDOWS\System32\Drivers\driverx.sys [52512 2001-06-11] (Microsoft Corporation) [File not signed]
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [25016 2015-10-27] (Disc Soft Ltd)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [177472 2013-10-25] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [173864 2013-09-09] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [128056 2013-09-09] (ESET)
R2 epfwwfpr; C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys [113088 2013-09-09] (ESET)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2015-11-23] (REALiX(tm))
R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [36600 2016-08-17] (Riverbed Technology, Inc.)
S3 USBAAPL; C:\WINDOWS\System32\Drivers\usbaapl.sys [45056 2015-06-17] (Apple, Inc.) [File not signed]
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37440 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [253848 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [98200 2017-09-29] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [186880 2017-09-29] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-06 09:03 - 2018-03-06 09:04 - 000016399 _____ C:\Users\Marek\Desktop\FRST.txt
2018-03-06 09:03 - 2018-03-06 09:03 - 000000000 ____D C:\FRST
2018-03-06 09:00 - 2018-03-06 09:00 - 001763328 _____ (Farbar) C:\Users\Marek\Desktop\FRST.exe
2018-03-06 07:33 - 2018-03-06 07:33 - 000742601 _____ C:\Users\Marek\Downloads\EPH121222782_adresne_stitky_a4.pdf
2018-03-05 14:43 - 2018-03-05 15:33 - 000139708 _____ C:\Users\Marek\Desktop\Kópia - Kópia - Nahranie cien SPIN 2018-1.xlsx
2018-03-05 14:40 - 2018-03-05 14:42 - 000037376 _____ C:\Users\Marek\Desktop\cennik_predl_ms.xls
2018-03-05 14:04 - 2017-12-05 13:58 - 004404624 _____ C:\Users\Marek\AppData\Local\Tempappsql.chm
2018-03-05 12:08 - 2018-03-05 12:08 - 000019594 _____ C:\Users\Marek\Desktop\ravak.csv
2018-03-05 11:58 - 2018-03-05 11:58 - 000078756 _____ C:\Users\Marek\Desktop\OVCP18000079_Vyžiadanie cenovej ponuky.pdf
2018-03-05 11:16 - 2018-03-05 11:16 - 000009861 _____ C:\Users\Marek\Desktop\AdwCleaner[C0].txt
2018-03-05 11:13 - 2018-03-05 11:13 - 000011495 _____ C:\Users\Marek\Desktop\AdwCleaner[S0].txt
2018-03-05 11:08 - 2018-03-05 11:14 - 000000000 ____D C:\AdwCleaner
2018-03-05 11:07 - 2018-03-05 11:07 - 008222496 _____ (Malwarebytes) C:\Users\Marek\Downloads\adwcleaner_7.0.8.0.exe
2018-03-05 10:49 - 2018-03-05 10:49 - 000001038 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-03-05 10:49 - 2018-03-05 10:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-03-05 10:49 - 2018-03-05 10:49 - 000000000 ____D C:\Program Files\CCleaner
2018-03-05 10:46 - 2018-03-05 10:47 - 011217568 _____ (Piriform Ltd) C:\Users\Marek\Downloads\ccsetup540.exe
2018-03-05 09:08 - 2018-03-05 11:02 - 000096677 _____ C:\Users\Marek\Desktop\ravak.xlsx
2018-03-05 08:53 - 2018-03-05 08:53 - 003971660 _____ C:\Users\Marek\Downloads\DTR - SIGMA EKOPELL SIGMA EKOPELL NZ WYD. XXI - wrzesień 2017.pdf
2018-03-05 08:40 - 2018-03-05 08:40 - 003095882 _____ C:\Users\Marek\Downloads\DTR - DEFRO KOMPAKT EKOPELL DEFRO KOMPAKT EKOPELL F - WYD. XXI - lipiec 2017.pdf
2018-03-05 08:36 - 2018-03-05 08:36 - 003240409 _____ C:\Users\Marek\Downloads\DTR - SMART EKOPELL - WYD. X - lipiec 2017.pdf
2018-03-05 08:36 - 2018-03-05 08:36 - 000378449 _____ C:\Users\Marek\Downloads\Certyfikat SMART EKOPELL 12, 16, 20, 24, 28, 38 (5 klasa).pdf
2018-03-05 07:14 - 2018-03-05 07:14 - 001018025 _____ C:\Users\Marek\Downloads\1518423593.pdf
2018-03-05 07:11 - 2018-03-05 07:11 - 000277741 _____ C:\Users\Marek\Downloads\16471_478__ps_65Navod-Zefiro.pdf
2018-03-02 10:00 - 2018-03-02 10:00 - 000742573 _____ C:\Users\Marek\Downloads\EPH120967820_adresne_stitky_a4.pdf
2018-03-01 09:30 - 2018-03-01 09:30 - 000742589 _____ C:\Users\Marek\Downloads\EPH120844397_adresne_stitky_a4.pdf
2018-03-01 07:43 - 2018-03-01 07:44 - 000000000 ____D C:\rsit
2018-03-01 07:43 - 2018-03-01 07:44 - 000000000 ____D C:\Program Files\trend micro
2018-03-01 07:43 - 2018-03-01 07:43 - 001206272 _____ C:\Users\Marek\Desktop\RSIT.exe
2018-02-26 10:01 - 2018-02-26 13:43 - 000201728 _____ C:\Users\Marek\Desktop\predzlav10.xls
2018-02-26 09:18 - 2018-02-26 09:18 - 000004608 _____ C:\Users\Marek\Downloads\listOfReservedNL.xls
2018-02-26 06:37 - 2018-02-26 06:37 - 000002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-21 12:16 - 2017-12-28 13:23 - 048539558 _____ C:\Users\Marek\Desktop\odberatelia_A2.pdf
2018-02-21 12:16 - 2017-12-08 12:24 - 047788632 _____ C:\Users\Marek\Desktop\odberatelia_A.pdf
2018-02-20 12:47 - 2018-02-20 15:10 - 000181619 _____ C:\Users\Marek\Desktop\cennik ALCA INGEMA 2018 NEW.xlsx
2018-02-20 12:35 - 2018-02-20 12:35 - 000180820 _____ C:\Users\Marek\Desktop\Kópia - cennik ALCA MIRAD 2018 NEW1.xlsx
2018-02-20 10:38 - 2018-02-20 10:56 - 000384000 _____ C:\Users\Marek\Downloads\Ziadost-o-registraciu-zariadenia-Zelena-domacnostiam-09122016.xls
2018-02-20 10:36 - 2018-02-20 10:56 - 000309321 _____ C:\Users\Marek\Downloads\zoznam_zariadeni-zelena-domacnostiam-01-02-2018.xlsx
2018-02-20 10:25 - 2018-02-20 10:25 - 012574271 _____ C:\Users\Marek\Downloads\DEFRO katalog PL.pdf
2018-02-19 12:25 - 2018-02-19 12:25 - 000330000 _____ C:\Users\Marek\Downloads\zasielacie-podmienky-medzinarodneho-styku.xlsx
2018-02-19 12:11 - 2018-02-19 14:14 - 000030208 _____ C:\Users\Marek\Desktop\Zoznam neobrátkových položiek podla sortimentovREMS.xls
2018-02-19 12:10 - 2018-02-19 12:43 - 000027648 _____ C:\Users\Marek\Desktop\Zoznam neobrátkových položiek podla sortimentovHERZpoprad.xls
2018-02-19 12:09 - 2018-02-19 12:36 - 000038400 _____ C:\Users\Marek\Desktop\Zoznam neobrátkových položiek podla sortimentovHERZ.xls
2018-02-16 17:42 - 2018-02-10 06:37 - 000398090 __RSH C:\bootmgr
2018-02-16 17:42 - 2017-09-29 12:49 - 000000001 ___SH C:\BOOTNXT
2018-02-16 15:06 - 2018-02-16 15:20 - 000106496 _____ C:\Users\Marek\Desktop\hon_neob.xls
2018-02-16 12:35 - 2018-02-16 12:35 - 000052224 _____ C:\Users\Marek\Desktop\cennikhoneywell.xls
2018-02-15 12:46 - 2018-02-15 12:46 - 000005120 _____ C:\Users\Marek\Desktop\cennikhon.xls
2018-02-15 12:44 - 2018-02-15 12:44 - 000006656 _____ C:\Users\Marek\Desktop\cennikherz.xls
2018-02-15 12:43 - 2018-02-15 12:43 - 000004096 _____ C:\Users\Marek\Desktop\cennikdanf.xls
2018-02-14 11:51 - 2018-02-14 11:51 - 000160664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2018-02-14 11:51 - 2018-02-14 11:51 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2018-02-14 11:51 - 2018-02-14 11:51 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2018-02-14 11:50 - 2018-02-14 11:50 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2018-02-14 11:49 - 2018-02-10 06:12 - 000965016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-02-14 11:49 - 2018-02-10 06:09 - 002117528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-02-14 11:49 - 2018-02-10 06:08 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-02-14 11:49 - 2018-02-10 06:07 - 000434072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-02-14 11:49 - 2018-02-10 06:06 - 006481640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-02-14 11:49 - 2018-02-10 06:06 - 004670728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-02-14 11:49 - 2018-02-10 06:05 - 004937224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-02-14 11:49 - 2018-02-10 06:05 - 001149272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-02-14 11:49 - 2018-02-10 06:05 - 000662208 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-02-14 11:49 - 2018-02-10 06:05 - 000074992 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-02-14 11:49 - 2018-02-10 06:03 - 002172312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-02-14 11:49 - 2018-02-10 06:03 - 000758168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-02-14 11:49 - 2018-02-10 06:03 - 000506264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-02-14 11:49 - 2018-02-10 05:47 - 013704192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-02-14 11:49 - 2018-02-10 05:46 - 002393600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-02-14 11:49 - 2018-02-10 05:46 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-02-14 11:49 - 2018-02-10 05:44 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\virtdisk.dll
2018-02-14 11:49 - 2018-02-10 05:43 - 018923008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-02-14 11:49 - 2018-02-10 05:43 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-02-14 11:49 - 2018-02-10 05:43 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-02-14 11:49 - 2018-02-10 05:43 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-02-14 11:49 - 2018-02-10 05:43 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-02-14 11:49 - 2018-02-10 05:42 - 000397824 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-02-14 11:49 - 2018-02-10 05:42 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-02-14 11:49 - 2018-02-10 05:42 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2018-02-14 11:49 - 2018-02-10 05:41 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-02-14 11:49 - 2018-02-10 05:41 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-02-14 11:49 - 2018-02-10 05:41 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-02-14 11:49 - 2018-02-10 05:40 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-02-14 11:49 - 2018-02-10 05:40 - 000297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-02-14 11:49 - 2018-02-10 05:38 - 006567936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-02-14 11:49 - 2018-02-10 05:37 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-02-14 11:49 - 2018-02-10 05:37 - 003678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-02-14 11:49 - 2018-02-10 05:37 - 002650624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-02-14 11:49 - 2018-02-10 05:37 - 001771520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-02-14 11:49 - 2018-02-10 05:37 - 001232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-02-14 11:49 - 2018-02-10 05:36 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-02-14 11:49 - 2018-02-10 05:36 - 002464768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-02-14 11:49 - 2018-02-10 05:36 - 002341888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-02-14 11:49 - 2018-02-10 05:36 - 001132032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-02-14 11:49 - 2018-02-10 05:36 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-02-14 11:49 - 2018-02-10 05:35 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-02-14 11:49 - 2018-02-10 05:35 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-02-14 11:48 - 2018-02-10 06:22 - 000239000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-02-14 11:48 - 2018-02-10 06:20 - 001322904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-02-14 11:48 - 2018-02-10 06:20 - 000915320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-02-14 11:48 - 2018-02-10 06:20 - 000799592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-02-14 11:48 - 2018-02-10 06:19 - 000603544 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-02-14 11:48 - 2018-02-10 06:19 - 000119192 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-02-14 11:48 - 2018-02-10 06:19 - 000062360 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-02-14 11:48 - 2018-02-10 06:19 - 000030616 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-02-14 11:48 - 2018-02-10 06:18 - 001902496 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-02-14 11:48 - 2018-02-10 06:18 - 001384288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-02-14 11:48 - 2018-02-10 06:18 - 000517016 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-02-14 11:48 - 2018-02-10 06:18 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-02-14 11:48 - 2018-02-10 06:17 - 002255112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-02-14 11:48 - 2018-02-10 06:17 - 000597160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-02-14 11:48 - 2018-02-10 06:17 - 000542856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryPS.dll
2018-02-14 11:48 - 2018-02-10 06:17 - 000542104 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-02-14 11:48 - 2018-02-10 06:17 - 000348056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-02-14 11:48 - 2018-02-10 06:17 - 000320416 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-02-14 11:48 - 2018-02-10 06:17 - 000211864 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-02-14 11:48 - 2018-02-10 06:16 - 006412184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-02-14 11:48 - 2018-02-10 06:16 - 001627600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-02-14 11:48 - 2018-02-10 06:16 - 001116728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-02-14 11:48 - 2018-02-10 06:16 - 000975216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-02-14 11:48 - 2018-02-10 06:16 - 000358808 _____ (Microsoft Corporation) C:\WINDOWS\system32\halmacpi.dll
2018-02-14 11:48 - 2018-02-10 06:16 - 000358808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-02-14 11:48 - 2018-02-10 06:15 - 001145624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-02-14 11:48 - 2018-02-10 06:13 - 000376216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2018-02-14 11:48 - 2018-02-10 06:13 - 000271768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-02-14 11:48 - 2018-02-10 06:12 - 004382032 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2018-02-14 11:48 - 2018-02-10 06:12 - 000142744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-02-14 11:48 - 2018-02-10 06:11 - 001250528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Taskmgr.exe
2018-02-14 11:48 - 2018-02-10 06:11 - 000612736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-02-14 11:48 - 2018-02-10 06:11 - 000416152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-02-14 11:48 - 2018-02-10 06:10 - 000445336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2018-02-14 11:48 - 2018-02-10 06:10 - 000422592 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2018-02-14 11:48 - 2018-02-10 06:09 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-02-14 11:48 - 2018-02-10 06:09 - 003485392 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-02-14 11:48 - 2018-02-10 06:09 - 002338776 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-02-14 11:48 - 2018-02-10 06:09 - 001123456 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-02-14 11:48 - 2018-02-10 06:09 - 000806808 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2018-02-14 11:48 - 2018-02-10 06:09 - 000608152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-02-14 11:48 - 2018-02-10 06:09 - 000559976 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2018-02-14 11:48 - 2018-02-10 06:09 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2018-02-14 11:48 - 2018-02-10 06:09 - 000339360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-02-14 11:48 - 2018-02-10 06:09 - 000320312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2018-02-14 11:48 - 2018-02-10 06:09 - 000203672 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-02-14 11:48 - 2018-02-10 06:08 - 003980720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2018-02-14 11:48 - 2018-02-10 06:08 - 001852312 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-02-14 11:48 - 2018-02-10 06:08 - 000718488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2018-02-14 11:48 - 2018-02-10 06:08 - 000592792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2018-02-14 11:48 - 2018-02-10 06:08 - 000534936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-02-14 11:48 - 2018-02-10 06:07 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-02-14 11:48 - 2018-02-10 06:07 - 000575392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-02-14 11:48 - 2018-02-10 06:07 - 000543920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-02-14 11:48 - 2018-02-10 06:07 - 000538768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-02-14 11:48 - 2018-02-10 06:07 - 000527864 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2018-02-14 11:48 - 2018-02-10 06:07 - 000414824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-02-14 11:48 - 2018-02-10 06:07 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-02-14 11:48 - 2018-02-10 06:07 - 000279456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-02-14 11:48 - 2018-02-10 06:07 - 000170904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-02-14 11:48 - 2018-02-10 06:07 - 000123808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2018-02-14 11:48 - 2018-02-10 06:07 - 000089504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2018-02-14 11:48 - 2018-02-10 06:07 - 000083216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbrand.dll
2018-02-14 11:48 - 2018-02-10 06:07 - 000076184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-02-14 11:48 - 2018-02-10 06:07 - 000061024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2018-02-14 11:48 - 2018-02-10 06:07 - 000040856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-02-14 11:48 - 2018-02-10 06:07 - 000040840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2018-02-14 11:48 - 2018-02-10 06:06 - 006014688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-02-14 11:48 - 2018-02-10 06:06 - 000982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-02-14 11:48 - 2018-02-10 06:06 - 000078232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-02-14 11:48 - 2018-02-10 06:05 - 001360992 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-02-14 11:48 - 2018-02-10 06:05 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-02-14 11:48 - 2018-02-10 06:05 - 001006192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2018-02-14 11:48 - 2018-02-10 06:05 - 000718488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2018-02-14 11:48 - 2018-02-10 06:05 - 000718232 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-02-14 11:48 - 2018-02-10 06:05 - 000654456 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-02-14 11:48 - 2018-02-10 06:05 - 000456232 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-02-14 11:48 - 2018-02-10 06:05 - 000386424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-02-14 11:48 - 2018-02-10 06:05 - 000322968 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2018-02-14 11:48 - 2018-02-10 06:05 - 000295488 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2018-02-14 11:48 - 2018-02-10 06:05 - 000225176 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2018-02-14 11:48 - 2018-02-10 06:05 - 000193248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2018-02-14 11:48 - 2018-02-10 06:05 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-02-14 11:48 - 2018-02-10 06:05 - 000079256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2018-02-14 11:48 - 2018-02-10 06:05 - 000077552 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudNotifications.exe
2018-02-14 11:48 - 2018-02-10 06:04 - 001491352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems32.dll
2018-02-14 11:48 - 2018-02-10 06:04 - 001270680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2018-02-14 11:48 - 2018-02-10 06:04 - 000635800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2018-02-14 11:48 - 2018-02-10 06:04 - 000622488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2018-02-14 11:48 - 2018-02-10 06:04 - 000577944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2018-02-14 11:48 - 2018-02-10 06:04 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2018-02-14 11:48 - 2018-02-10 06:04 - 000369560 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2018-02-14 11:48 - 2018-02-10 06:04 - 000286104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2018-02-14 11:48 - 2018-02-10 06:04 - 000027032 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClientPS.dll
2018-02-14 11:48 - 2018-02-10 06:03 - 001121176 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2018-02-14 11:48 - 2018-02-10 06:03 - 000938392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2018-02-14 11:48 - 2018-02-10 06:03 - 000533400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2018-02-14 11:48 - 2018-02-10 06:03 - 000505160 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2018-02-14 11:48 - 2018-02-10 06:03 - 000483224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2018-02-14 11:48 - 2018-02-10 05:47 - 000942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-02-14 11:48 - 2018-02-10 05:46 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-02-14 11:48 - 2018-02-10 05:46 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-02-14 11:48 - 2018-02-10 05:46 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-02-14 11:48 - 2018-02-10 05:46 - 000733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2018-02-14 11:48 - 2018-02-10 05:46 - 000651776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-02-14 11:48 - 2018-02-10 05:46 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-02-14 11:48 - 2018-02-10 05:46 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-02-14 11:48 - 2018-02-10 05:46 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-02-14 11:48 - 2018-02-10 05:46 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-02-14 11:48 - 2018-02-10 05:46 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-02-14 11:48 - 2018-02-10 05:46 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-02-14 11:48 - 2018-02-10 05:45 - 002890240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2018-02-14 11:48 - 2018-02-10 05:45 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtClient.dll
2018-02-14 11:48 - 2018-02-10 05:44 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-02-14 11:48 - 2018-02-10 05:44 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2018-02-14 11:48 - 2018-02-10 05:44 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-02-14 11:48 - 2018-02-10 05:44 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-02-14 11:48 - 2018-02-10 05:44 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2018-02-14 11:48 - 2018-02-10 05:44 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2018-02-14 11:48 - 2018-02-10 05:44 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-02-14 11:48 - 2018-02-10 05:43 - 006466560 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-02-14 11:48 - 2018-02-10 05:43 - 000247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsku.dll
2018-02-14 11:48 - 2018-02-10 05:43 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2018-02-14 11:48 - 2018-02-10 05:43 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsetup.dll
2018-02-14 11:48 - 2018-02-10 05:43 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2018-02-14 11:48 - 2018-02-10 05:43 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2018-02-14 11:48 - 2018-02-10 05:43 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-02-14 11:48 - 2018-02-10 05:43 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCShellCommonProxyStub.dll
2018-02-14 11:48 - 2018-02-10 05:42 - 001130496 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-02-14 11:48 - 2018-02-10 05:42 - 000731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2018-02-14 11:48 - 2018-02-10 05:42 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-02-14 11:48 - 2018-02-10 05:42 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2018-02-14 11:48 - 2018-02-10 05:42 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2018-02-14 11:48 - 2018-02-10 05:42 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2018-02-14 11:48 - 2018-02-10 05:42 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-02-14 11:48 - 2018-02-10 05:42 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2018-02-14 11:48 - 2018-02-10 05:41 - 019352576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-02-14 11:48 - 2018-02-10 05:41 - 000504832 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2018-02-14 11:48 - 2018-02-10 05:41 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2018-02-14 11:48 - 2018-02-10 05:41 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-02-14 11:48 - 2018-02-10 05:41 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-02-14 11:48 - 2018-02-10 05:41 - 000345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_User.dll
2018-02-14 11:48 - 2018-02-10 05:41 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2018-02-14 11:48 - 2018-02-10 05:41 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-02-14 11:48 - 2018-02-10 05:41 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-02-14 11:48 - 2018-02-10 05:41 - 000253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-02-14 11:48 - 2018-02-10 05:41 - 000222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2018-02-14 11:48 - 2018-02-10 05:41 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2018-02-14 11:48 - 2018-02-10 05:41 - 000201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2018-02-14 11:48 - 2018-02-10 05:41 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-02-14 11:48 - 2018-02-10 05:41 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppManagementConfiguration.dll
2018-02-14 11:48 - 2018-02-10 05:41 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2018-02-14 11:48 - 2018-02-10 05:40 - 001171456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-02-14 11:48 - 2018-02-10 05:40 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrSvc.dll
2018-02-14 11:48 - 2018-02-10 05:40 - 000940544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-02-14 11:48 - 2018-02-10 05:40 - 000886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2018-02-14 11:48 - 2018-02-10 05:40 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2018-02-14 11:48 - 2018-02-10 05:40 - 000642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-02-14 11:48 - 2018-02-10 05:40 - 000602624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2018-02-14 11:48 - 2018-02-10 05:40 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-02-14 11:48 - 2018-02-10 05:40 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2018-02-14 11:48 - 2018-02-10 05:40 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2018-02-14 11:48 - 2018-02-10 05:40 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreCommonProxyStub.dll
2018-02-14 11:48 - 2018-02-10 05:39 - 011925504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-02-14 11:48 - 2018-02-10 05:39 - 003702784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2018-02-14 11:48 - 2018-02-10 05:39 - 002677760 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-02-14 11:48 - 2018-02-10 05:39 - 000721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-02-14 11:48 - 2018-02-10 05:39 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2018-02-14 11:48 - 2018-02-10 05:39 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2018-02-14 11:48 - 2018-02-10 05:39 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2018-02-14 11:48 - 2018-02-10 05:39 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-02-14 11:48 - 2018-02-10 05:39 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl
2018-02-14 11:48 - 2018-02-10 05:39 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\twext.dll
2018-02-14 11:48 - 2018-02-10 05:39 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvr32.exe
2018-02-14 11:48 - 2018-02-10 05:38 - 002184192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-02-14 11:48 - 2018-02-10 05:38 - 000830976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-02-14 11:48 - 2018-02-10 05:38 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2018-02-14 11:48 - 2018-02-10 05:38 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-02-14 11:48 - 2018-02-10 05:38 - 000653312 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2018-02-14 11:48 - 2018-02-10 05:38 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-02-14 11:48 - 2018-02-10 05:38 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2018-02-14 11:48 - 2018-02-10 05:38 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-02-14 11:48 - 2018-02-10 05:38 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2018-02-14 11:48 - 2018-02-10 05:37 - 003419136 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-02-14 11:48 - 2018-02-10 05:37 - 003287040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2018-02-14 11:48 - 2018-02-10 05:37 - 003227648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-02-14 11:48 - 2018-02-10 05:37 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2018-02-14 11:48 - 2018-02-10 05:37 - 000721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2018-02-14 11:48 - 2018-02-10 05:37 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-02-14 11:48 - 2018-02-10 05:37 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2018-02-14 11:48 - 2018-02-10 05:37 - 000199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2018-02-14 11:48 - 2018-02-10 05:36 - 006031360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-02-14 11:48 - 2018-02-10 05:36 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2018-02-14 11:48 - 2018-02-10 05:36 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-02-14 11:48 - 2018-02-10 05:36 - 001623552 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-02-14 11:48 - 2018-02-10 05:36 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-02-14 11:48 - 2018-02-10 05:36 - 001342464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2018-02-14 11:48 - 2018-02-10 05:36 - 001230848 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2018-02-14 11:48 - 2018-02-10 05:36 - 000973312 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-02-14 11:48 - 2018-02-10 05:36 - 000915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-02-14 11:48 - 2018-02-10 05:36 - 000900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2018-02-14 11:48 - 2018-02-10 05:36 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2018-02-14 11:48 - 2018-02-10 05:36 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2018-02-14 11:48 - 2018-02-10 05:36 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2018-02-14 11:48 - 2018-02-10 05:36 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2018-02-14 11:48 - 2018-02-10 05:36 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-02-14 11:48 - 2018-02-10 05:35 - 004384768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2018-02-14 11:48 - 2018-02-10 05:35 - 002413568 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2018-02-14 11:48 - 2018-02-10 05:35 - 002349568 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-02-14 11:48 - 2018-02-10 05:35 - 002013184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-02-14 11:48 - 2018-02-10 05:35 - 001630208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2018-02-14 11:48 - 2018-02-10 05:35 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-02-14 11:48 - 2018-02-10 05:35 - 000854016 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-02-14 11:48 - 2018-02-10 05:35 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2018-02-14 11:48 - 2018-02-10 05:35 - 000826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-02-14 11:48 - 2018-02-10 05:35 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2018-02-14 11:48 - 2018-02-10 05:35 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2018-02-14 11:48 - 2018-02-10 05:35 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2018-02-14 11:48 - 2018-02-10 05:35 - 000402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2018-02-14 11:48 - 2018-02-10 05:35 - 000348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-02-14 11:48 - 2018-02-10 05:35 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2018-02-14 11:48 - 2018-02-10 05:34 - 006532096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2018-02-14 11:48 - 2018-02-10 05:34 - 004249600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-02-14 11:48 - 2018-02-10 05:34 - 001762304 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-02-14 11:48 - 2018-02-10 05:34 - 001352192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2018-02-14 11:48 - 2018-02-10 05:34 - 001288704 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-02-14 11:48 - 2018-02-10 05:34 - 000603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2018-02-14 11:48 - 2018-02-10 05:34 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-02-14 11:48 - 2018-02-10 05:34 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2018-02-14 11:48 - 2018-02-10 05:34 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2018-02-14 11:48 - 2018-02-10 05:33 - 001509888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2018-02-14 11:48 - 2018-02-10 05:33 - 000676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-02-14 11:48 - 2018-02-10 05:33 - 000621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2018-02-14 11:48 - 2018-02-10 05:33 - 000620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-02-14 11:48 - 2018-02-10 05:33 - 000604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2018-02-14 11:48 - 2018-02-10 05:33 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-02-14 11:48 - 2018-02-10 05:32 - 002427904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcndmgr.dll
2018-02-14 11:48 - 2018-02-10 05:32 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL
2018-02-14 11:48 - 2018-02-10 05:32 - 000576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2018-02-14 11:48 - 2018-02-10 05:32 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL
2018-02-14 11:48 - 2018-02-10 05:32 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.ProxyStub.dll
2018-02-14 11:48 - 2018-02-10 05:31 - 001488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmc.exe
2018-02-14 11:48 - 2018-02-10 05:31 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2018-02-14 11:48 - 2018-02-10 05:31 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2018-02-14 11:48 - 2018-02-10 05:31 - 001104384 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2018-02-14 11:48 - 2018-02-10 05:31 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2018-02-14 11:48 - 2018-02-10 05:31 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcbase.dll
2018-02-14 11:48 - 2018-02-10 05:31 - 000190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2018-02-14 11:48 - 2018-02-10 05:31 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2018-02-14 11:48 - 2018-02-10 05:31 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2018-02-14 11:48 - 2018-02-10 05:30 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2018-02-14 11:48 - 2018-02-10 04:03 - 000804240 _____ C:\WINDOWS\system32\locale.nls
2018-02-14 11:48 - 2018-02-02 04:36 - 003903944 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2018-02-14 11:48 - 2018-02-02 04:36 - 000921032 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2018-02-14 11:48 - 2018-02-02 04:36 - 000854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2018-02-14 11:48 - 2018-02-02 04:36 - 000649672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2018-02-14 11:48 - 2018-02-02 04:36 - 000054720 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2018-02-14 10:23 - 2018-02-14 10:23 - 000000000 __SHD C:\Users\Marek\Documents\cache
2018-02-14 10:23 - 2018-02-14 10:23 - 000000000 ____D C:\Users\Marek\AppData\Roaming\webex
2018-02-14 10:22 - 2018-02-14 11:15 - 000000000 ____D C:\Users\Marek\AppData\LocalLow\WebEx
2018-02-14 10:22 - 2018-02-14 10:22 - 000000000 ____D C:\Users\Marek\AppData\Local\WebEx
2018-02-14 10:22 - 2018-02-14 10:22 - 000000000 ____D C:\ProgramData\WebEx
2018-02-12 14:55 - 2018-02-12 14:56 - 000000000 ____D C:\Users\Marek\Desktop\cox
2018-02-12 09:10 - 2018-02-12 09:19 - 000082944 _____ C:\Users\Marek\Desktop\cennikUO18.xls
2018-02-08 14:55 - 2018-02-08 15:06 - 000135680 _____ C:\Users\Marek\Desktop\cennikodpad18.xls
2018-02-07 11:45 - 2018-02-07 12:35 - 000034816 _____ C:\Users\Marek\Desktop\OVCP18000044_Vystavená objednávka (bez cien).xls
2018-02-07 08:54 - 2018-02-06 03:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2018-02-07 08:54 - 2018-02-06 03:49 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2018-02-06 08:32 - 2018-02-06 08:32 - 000151106 _____ C:\Users\Marek\Desktop\zp_hpu_uraz_choroba_17_02-17_03_01_activereader_iban.pdf
2018-02-05 10:40 - 2018-02-05 10:40 - 000879405 _____ C:\Users\Marek\Desktop\SKM_C224e18020511521.pdf
2018-02-05 10:40 - 2018-02-05 10:40 - 000706495 _____ C:\Users\Marek\Desktop\SKM_C224e18020511520.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-06 09:02 - 2017-05-25 05:43 - 000000000 ____D C:\Users\Marek\AppData\LocalLow\Mozilla
2018-03-06 07:22 - 2018-01-29 08:15 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-06 06:57 - 2017-09-29 12:55 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-05 15:33 - 2018-01-09 11:30 - 000000000 ____D C:\Users\Marek\Documents\Súbory programu Outlook
2018-03-05 11:15 - 2018-01-29 08:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-05 11:15 - 2017-07-20 06:09 - 000000000 ____D C:\ProgramData\NVIDIA
2018-03-05 11:14 - 2017-09-29 06:31 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2018-03-05 11:14 - 2015-10-12 08:55 - 000000000 ____D C:\ProgramData\IObit
2018-03-05 11:13 - 2016-09-30 08:15 - 000000000 ____D C:\Users\Default\AppData\Roaming\IObit
2018-03-05 11:13 - 2016-09-30 08:15 - 000000000 ____D C:\Users\Default\AppData\LocalLow\IObit
2018-03-05 11:13 - 2016-09-30 08:15 - 000000000 ____D C:\Users\Default User\AppData\Roaming\IObit
2018-03-05 11:13 - 2016-09-30 08:15 - 000000000 ____D C:\Users\Default User\AppData\LocalLow\IObit
2018-03-05 11:13 - 2015-10-12 08:55 - 000000000 ____D C:\Users\Marek\AppData\LocalLow\IObit
2018-03-05 11:13 - 2015-10-12 08:55 - 000000000 ____D C:\Program Files\Common Files\IObit
2018-03-05 11:13 - 2015-10-12 08:54 - 000000000 ____D C:\Users\Marek\AppData\Roaming\IObit
2018-03-05 11:11 - 2018-01-29 08:41 - 001933698 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-05 11:11 - 2015-10-22 14:20 - 000756248 _____ C:\WINDOWS\system32\perfh01B.dat
2018-03-05 11:11 - 2015-10-22 14:20 - 000230340 _____ C:\WINDOWS\system32\perfc01B.dat
2018-03-05 11:04 - 2018-01-29 08:15 - 004340984 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-05 09:08 - 2017-12-14 11:40 - 000000000 ____D C:\inst
2018-03-02 06:55 - 2017-09-29 12:55 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-02 06:55 - 2017-09-29 12:55 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-03-01 15:29 - 2018-01-29 08:22 - 000000000 ____D C:\Users\Marek
2018-02-28 06:22 - 2015-04-21 20:07 - 000002259 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-27 14:51 - 2016-05-05 11:05 - 000000000 ____D C:\Users\Marek\Desktop\osmapoprad
2018-02-27 13:23 - 2017-12-13 07:22 - 000014695 _____ C:\Users\Marek\Desktop\obedy1.xlsx
2018-02-27 06:24 - 2015-05-05 05:39 - 000002286 ____H C:\Users\Marek\Documents\Default.rdp
2018-02-19 15:50 - 2017-09-29 12:55 - 000000000 ____D C:\WINDOWS\rescache
2018-02-19 15:26 - 2017-09-29 12:52 - 000000000 ____D C:\WINDOWS\INF
2018-02-16 17:43 - 2018-01-29 08:46 - 000000000 ___RD C:\Users\Marek\3D Objects
2018-02-16 17:43 - 2015-08-10 08:49 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-02-16 17:39 - 2017-09-29 12:55 - 000000000 ____D C:\WINDOWS\TextInput
2018-02-16 17:39 - 2017-09-29 12:55 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-02-16 17:39 - 2017-09-29 12:55 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-02-16 17:39 - 2017-09-29 12:55 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-02-16 17:39 - 2017-09-29 12:55 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-02-16 17:39 - 2017-09-29 12:55 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-02-16 15:31 - 2015-04-22 10:21 - 000000000 ____D C:\Program Files\TeamViewer
2018-02-14 12:09 - 2015-04-21 20:09 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-02-14 12:00 - 2017-10-11 07:21 - 127229528 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-02-14 12:00 - 2015-04-21 20:09 - 127229528 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-02-14 11:54 - 2017-09-29 12:45 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-02-14 10:22 - 2015-04-21 20:23 - 000000000 ____D C:\Users\Marek\AppData\Roaming\Mozilla
2018-02-12 07:13 - 2018-01-29 08:08 - 000000000 ____D C:\Windows.old
2018-02-08 14:29 - 2016-01-15 09:11 - 000000000 ____D C:\Users\Marek\Desktop\Cenniky
2018-02-08 13:51 - 2018-01-04 13:59 - 000013221 _____ C:\Users\Marek\Desktop\invent.2017.xlsx
2018-02-06 07:12 - 2016-01-08 10:44 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2018-02-06 07:12 - 2015-04-21 20:21 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-02-05 15:32 - 2015-08-10 08:53 - 000000000 __RDL C:\Users\Marek\OneDrive

==================== Files in the root of some directories =======

2016-08-12 13:12 - 2017-11-27 09:42 - 000000132 _____ () C:\Users\Marek\AppData\Roaming\Adobe BMP Format CS6 Prefs
2017-03-10 12:50 - 2017-08-15 07:15 - 000000132 _____ () C:\Users\Marek\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-11-16 11:57 - 2015-11-16 11:57 - 029361616 _____ (Sony Mobile Communications ) C:\Users\Marek\AppData\Local\pcc.exe
2018-03-05 14:04 - 2017-12-05 13:58 - 004404624 _____ () C:\Users\Marek\AppData\Local\Tempappsql.chm

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-02 07:02

==================== End of FRST.txt ============================

Re: preventivka

Napsal: 06 bře 2018 14:13
od Conder
:arrow: V PC je nainstalovana zastarala verzia Javy (Java 8 Update 101), odporucam odinstalovat. Ak Javu potrebujes, nainstaluj aktualnu verziu (momentalne Java 8 Update 161) z https://java.com/en/download/

:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
CloseProcesses:
CreateRestorePoint:

VirusTotal: C:\Users\Marek\AppData\Local\Tempappsql.chm
File: C:\Users\Marek\AppData\Local\Tempappsql.chm

HKU\S-1-5-21-1090461368-3718612229-1242190663-1001\...\MountPoints2: {dd82208f-72c6-11e7-8aab-001bfc2113bd} - "G:\HiSuiteDownLoader.exe" 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1447136248&z=602ddb7cd201fa72a194b55gazez3magdcbq0ofofw&from=wpm07163&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F2LR27TLR27TL&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1447136248&z=602ddb7cd201fa72a194b55gazez3magdcbq0ofofw&from=wpm07163&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F2LR27TLR27TL&q={searchTerms}
Edge HomeButtonPage: HKU\S-1-5-21-1090461368-3718612229-1242190663-1001 -> hxxp://www.omniboxes.com/?type=hp&ts=1448350672&z=a69274592a60da6d809a466g3z0zbb1c7w1e7qemdg&from=ient07031&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F2LR27TLR27TL
S4 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [X]
2018-03-05 11:14 - 2015-10-12 08:55 - 000000000 ____D C:\ProgramData\IObit
2018-03-05 11:13 - 2016-09-30 08:15 - 000000000 ____D C:\Users\Default\AppData\Roaming\IObit
2018-03-05 11:13 - 2016-09-30 08:15 - 000000000 ____D C:\Users\Default\AppData\LocalLow\IObit
2018-03-05 11:13 - 2016-09-30 08:15 - 000000000 ____D C:\Users\Default User\AppData\Roaming\IObit
2018-03-05 11:13 - 2016-09-30 08:15 - 000000000 ____D C:\Users\Default User\AppData\LocalLow\IObit
2018-03-05 11:13 - 2015-10-12 08:55 - 000000000 ____D C:\Users\Marek\AppData\LocalLow\IObit
2018-03-05 11:13 - 2015-10-12 08:55 - 000000000 ____D C:\Program Files\Common Files\IObit
2018-03-05 11:13 - 2015-10-12 08:54 - 000000000 ____D C:\Users\Marek\AppData\Roaming\IObit

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [iSkysoftVideoConverterFileOpreation] -> {B5FA2AE6-7A94-4382-8EA9-58C725AAB854} =>  -> No File
ContextMenuHandlers1: [Print602] -> {D5F8CFC7-1A45-4517-A565-E42CDE7880CF} =>  -> No File
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} =>  -> No File
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} =>  -> No File
Task: {092F0DF8-955B-4221-8DDD-79B569429F7A} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {1DCCE241-C6BF-4FE3-92DD-A123D5DBECCA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {3AE9EC60-0615-4A2C-A6F9-EC72C4528694} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {49A8D7E5-0B81-41EC-9B47-F0EF105E0E54} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4CA4E52B-3734-4921-A82E-74213958DC45} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {638F5574-9603-49B3-8A66-7746A94C9DA7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {65867F58-8ED2-441B-B665-B0CDCB7FB738} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {7D05CDA9-641F-4C4C-B8D8-8D75F4262EE8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {8A79BA0F-6DB4-43A3-8BD1-5AD55678430A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {A243422F-0D00-4996-844A-87CD819AC26A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B11E981C-5E51-43C7-9145-3EFF0155E177} - \WPD\SqmUpload_S-1-5-21-1090461368-3718612229-1242190663-1001 -> No File <==== ATTENTION
Task: {D556EEB1-863B-47FA-8DBD-32B5820923C7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F235E0E3-B8DC-4DDC-AE07-9FD995B367D1} - System32\Tasks\Driver Booster SkipUAC (Marek) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe
Task: {F308DCA4-05C8-48B0-A056-DDD2C3057BAB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Marek\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [106]
MSCONFIG\Services: LiveUpdateSvc => 2
HKLM\...\StartupApproved\Run: => "IObit Malware Fighter"
HKU\S-1-5-21-1090461368-3718612229-1242190663-1001\...\StartupApproved\Run: => "Advanced SystemCare Ultimate"

C:\Program Files\IObit
C:\Program Files\Common Files\IObit
C:\ProgramData\IObit
C:\ProgramData\Application Data\IObit
C:\Users\All Users\IObit
C:\Windows\IObit
C:\ProgramData\ProductData
DeleteKey: HKU\S-1-5-21-1090461368-3718612229-1242190663-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains

Hosts:
EmptyTemp:
End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

Re: preventivka

Napsal: 07 bře 2018 07:37
od butthead2507
Dakujem ....

Fix result of Farbar Recovery Scan Tool (x86) Version: 04.03.2018
Ran by Marek (07-03-2018 07:20:36) Run:1
Running from C:\Users\Marek\Desktop
Loaded Profiles: Marek (Available Profiles: Marek)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

VirusTotal: C:\Users\Marek\AppData\Local\Tempappsql.chm
File: C:\Users\Marek\AppData\Local\Tempappsql.chm

HKU\S-1-5-21-1090461368-3718612229-1242190663-1001\...\MountPoints2: {dd82208f-72c6-11e7-8aab-001bfc2113bd} - "G:\HiSuiteDownLoader.exe"
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.omniboxes.com/web/?type=ds&ts=14471 ... earchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.omniboxes.com/web/?type=ds&ts=14471 ... earchTerms}
Edge HomeButtonPage: HKU\S-1-5-21-1090461368-3718612229-1242190663-1001 -> hxxp://www.omniboxes.com/?type=hp&ts=144835067 ... R27TLR27TL
S4 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [X]
2018-03-05 11:14 - 2015-10-12 08:55 - 000000000 ____D C:\ProgramData\IObit
2018-03-05 11:13 - 2016-09-30 08:15 - 000000000 ____D C:\Users\Default\AppData\Roaming\IObit
2018-03-05 11:13 - 2016-09-30 08:15 - 000000000 ____D C:\Users\Default\AppData\LocalLow\IObit
2018-03-05 11:13 - 2016-09-30 08:15 - 000000000 ____D C:\Users\Default User\AppData\Roaming\IObit
2018-03-05 11:13 - 2016-09-30 08:15 - 000000000 ____D C:\Users\Default User\AppData\LocalLow\IObit
2018-03-05 11:13 - 2015-10-12 08:55 - 000000000 ____D C:\Users\Marek\AppData\LocalLow\IObit
2018-03-05 11:13 - 2015-10-12 08:55 - 000000000 ____D C:\Program Files\Common Files\IObit
2018-03-05 11:13 - 2015-10-12 08:54 - 000000000 ____D C:\Users\Marek\AppData\Roaming\IObit

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [iSkysoftVideoConverterFileOpreation] -> {B5FA2AE6-7A94-4382-8EA9-58C725AAB854} => -> No File
ContextMenuHandlers1: [Print602] -> {D5F8CFC7-1A45-4517-A565-E42CDE7880CF} => -> No File
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => -> No File
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => -> No File
Task: {092F0DF8-955B-4221-8DDD-79B569429F7A} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {1DCCE241-C6BF-4FE3-92DD-A123D5DBECCA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {3AE9EC60-0615-4A2C-A6F9-EC72C4528694} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {49A8D7E5-0B81-41EC-9B47-F0EF105E0E54} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4CA4E52B-3734-4921-A82E-74213958DC45} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {638F5574-9603-49B3-8A66-7746A94C9DA7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {65867F58-8ED2-441B-B665-B0CDCB7FB738} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {7D05CDA9-641F-4C4C-B8D8-8D75F4262EE8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {8A79BA0F-6DB4-43A3-8BD1-5AD55678430A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {A243422F-0D00-4996-844A-87CD819AC26A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B11E981C-5E51-43C7-9145-3EFF0155E177} - \WPD\SqmUpload_S-1-5-21-1090461368-3718612229-1242190663-1001 -> No File <==== ATTENTION
Task: {D556EEB1-863B-47FA-8DBD-32B5820923C7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F235E0E3-B8DC-4DDC-AE07-9FD995B367D1} - System32\Tasks\Driver Booster SkipUAC (Marek) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe
Task: {F308DCA4-05C8-48B0-A056-DDD2C3057BAB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Marek\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [106]
MSCONFIG\Services: LiveUpdateSvc => 2
HKLM\...\StartupApproved\Run: => "IObit Malware Fighter"
HKU\S-1-5-21-1090461368-3718612229-1242190663-1001\...\StartupApproved\Run: => "Advanced SystemCare Ultimate"

C:\Program Files\IObit
C:\Program Files\Common Files\IObit
C:\ProgramData\IObit
C:\ProgramData\Application Data\IObit
C:\Users\All Users\IObit
C:\Windows\IObit
C:\ProgramData\ProductData
DeleteKey: HKU\S-1-5-21-1090461368-3718612229-1242190663-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.
VirusTotal: C:\Users\Marek\AppData\Local\Tempappsql.chm => (3) Error

========================= File: C:\Users\Marek\AppData\Local\Tempappsql.chm ========================

C:\Users\Marek\AppData\Local\Tempappsql.chm
File not signed
MD5: 4B739448910ACB2B173FF4C118EC0A03
Creation and modification date: 2018-03-05 14:04 - 2017-12-05 13:58
Size: 004404624
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======

"HKU\S-1-5-21-1090461368-3718612229-1242190663-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd82208f-72c6-11e7-8aab-001bfc2113bd}" => removed successfully.
HKLM\Software\Classes\CLSID\{dd82208f-72c6-11e7-8aab-001bfc2113bd} => not found
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => removed successfully.
HKLM\Software\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => not found
"HKU\S-1-5-21-1090461368-3718612229-1242190663-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\\HomeButtonPage" => removed successfully.
"HKLM\System\CurrentControlSet\Services\LiveUpdateSvc" => removed successfully.
LiveUpdateSvc => service removed successfully.
C:\ProgramData\IObit => moved successfully
C:\Users\Default\AppData\Roaming\IObit => moved successfully
C:\Users\Default\AppData\LocalLow\IObit => moved successfully
"C:\Users\Default User\AppData\Roaming\IObit" => not found
"C:\Users\Default User\AppData\LocalLow\IObit" => not found
C:\Users\Marek\AppData\LocalLow\IObit => moved successfully
C:\Program Files\Common Files\IObit => moved successfully
C:\Users\Marek\AppData\Roaming\IObit => moved successfully
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip" => removed successfully.
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64" => removed successfully.
HKLM\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\iSkysoftVideoConverterFileOpreation" => removed successfully.
HKLM\Software\Classes\CLSID\{B5FA2AE6-7A94-4382-8EA9-58C725AAB854} => not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Print602" => removed successfully.
HKLM\Software\Classes\CLSID\{D5F8CFC7-1A45-4517-A565-E42CDE7880CF} => not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\SmartDefragExtension" => removed successfully.
"HKLM\Software\Classes\CLSID\{189F1E63-33A7-404B-B2F6-8C76A452CC54}" => removed successfully.
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\SmartDefragExtension" => removed successfully.
HKLM\Software\Classes\CLSID\{189F1E63-33A7-404B-B2F6-8C76A452CC54} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{092F0DF8-955B-4221-8DDD-79B569429F7A}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{092F0DF8-955B-4221-8DDD-79B569429F7A}" => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1DCCE241-C6BF-4FE3-92DD-A123D5DBECCA}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DCCE241-C6BF-4FE3-92DD-A123D5DBECCA}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3AE9EC60-0615-4A2C-A6F9-EC72C4528694}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3AE9EC60-0615-4A2C-A6F9-EC72C4528694}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{49A8D7E5-0B81-41EC-9B47-F0EF105E0E54}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49A8D7E5-0B81-41EC-9B47-F0EF105E0E54}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4CA4E52B-3734-4921-A82E-74213958DC45}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CA4E52B-3734-4921-A82E-74213958DC45}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{638F5574-9603-49B3-8A66-7746A94C9DA7}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{638F5574-9603-49B3-8A66-7746A94C9DA7}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{65867F58-8ED2-441B-B665-B0CDCB7FB738}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65867F58-8ED2-441B-B665-B0CDCB7FB738}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7D05CDA9-641F-4C4C-B8D8-8D75F4262EE8}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D05CDA9-641F-4C4C-B8D8-8D75F4262EE8}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A79BA0F-6DB4-43A3-8BD1-5AD55678430A}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A79BA0F-6DB4-43A3-8BD1-5AD55678430A}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A243422F-0D00-4996-844A-87CD819AC26A}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A243422F-0D00-4996-844A-87CD819AC26A}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B11E981C-5E51-43C7-9145-3EFF0155E177}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B11E981C-5E51-43C7-9145-3EFF0155E177}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-1090461368-3718612229-1242190663-1001" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D556EEB1-863B-47FA-8DBD-32B5820923C7}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D556EEB1-863B-47FA-8DBD-32B5820923C7}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F235E0E3-B8DC-4DDC-AE07-9FD995B367D1}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F235E0E3-B8DC-4DDC-AE07-9FD995B367D1}" => removed successfully.
C:\Windows\System32\Tasks\Driver Booster SkipUAC (Marek) => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Marek)" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F308DCA4-05C8-48B0-A056-DDD2C3057BAB}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F308DCA4-05C8-48B0-A056-DDD2C3057BAB}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully.
C:\Users\Marek\OneDrive => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity" ADS could not remove.
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LiveUpdateSvc" => removed successfully.
HKLM\System\CurrentControlSet\Services\LiveUpdateSvc => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\IObit Malware Fighter" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\IObit Malware Fighter" => not found
"HKU\S-1-5-21-1090461368-3718612229-1242190663-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Advanced SystemCare Ultimate" => removed successfully.
"HKU\S-1-5-21-1090461368-3718612229-1242190663-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare Ultimate" => not found
"C:\Program Files\IObit" => not found
"C:\Program Files\Common Files\IObit" => not found
"C:\ProgramData\IObit" => not found
"C:\ProgramData\Application Data\IObit" => not found
"C:\Users\All Users\IObit" => not found
C:\Windows\IObit => moved successfully
C:\ProgramData\ProductData => moved successfully
"HKU\S-1-5-21-1090461368-3718612229-1242190663-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains" => removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21292555 B
Java, Flash, Steam htmlcache => 1139 B
Windows/system/drivers => 5183275 B
Edge => 25600 B
Chrome => 494734792 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 7680 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
LocalService => 7346 B
NetworkService => 0 B
Marek => 28093445 B

RecycleBin => 67284677 B
EmptyTemp: => 595.6 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 07-03-2018 07:34:14)


Result of scheduled keys to remove after reboot:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.

==== End of Fixlog 07:34:14 ====

Re: preventivka

Napsal: 07 bře 2018 16:37
od Conder
:arrow: Vyzera to uz OK. Su este s PC nejake problemy?

:arrow: Ak nie, tak este upraceme po pouzitych nastrojoch: :arrow: Skontroluj velkost plochy (C:\Users\Marek\Desktop). Ak je vacsia ako 300 MB, presun vsetky subory a zlozky z plochy do dokumentov a na ploche nechaj iba odkazy/zastupcov. Prilis velka velkost plochy moze sposobit spomalenie systemu.

Re: preventivka

Napsal: 09 bře 2018 08:20
od butthead2507
dakujem velmi pekne .... plocha je vyriesena, po aplikaciach upratane ... no PC sa stale javi spomalene a zasekava sa ... nemas nahodou este nejaky napad? co preverit? dakujem

Re: preventivka

Napsal: 09 bře 2018 16:26
od Conder
:arrow: Stiahni a uloz na plochu ESET Online Scanner
  • Odsuhlas licencne podmienky
  • Vyber moznost Zapnut detekciu potencialne nechcenych aplikacii
  • Otvor rozsirene nastavenia
  • Zaskrtni prvu moznost Zapnut detekciu potenciale zneuzitelnych aplikacii
  • Klikni na Spustit
  • Pockaj na dokoncenie - tento sken moze trvat aj niekolko hodin
  • V pripade nalezov:
    • Klikni na Ulozit do textoveho suboru, napis nazov napr. "eset" a uloz log na plochu
    • Obsah tohto logu sem skopiruj
    • Dopredu nic neodstranuj

Re: preventivka

Napsal: 13 bře 2018 12:28
od butthead2507
... prebehlo to .... nic sa nenaslo ....

Re: preventivka

Napsal: 13 bře 2018 16:10
od Conder
:arrow: Problemy teda nebudu sposobene malwarom. Skusime este otestovat disky:

:arrow: Stiahni CrystalDiskInfo: https://crystalmark.info/redirect.php?p ... alDiskInfo
  • Rozbal cely archiv na plochu a spusti cez DiskInfo64.exe
  • Hore klikni na Upravy (Edit) -> Kopirovat (Copy)
  • Skopiruje sa log, jeho obsah vloz (Ctrl+V) do dalsej odpovedi
:arrow: Spusti kontrolu integrity systemovych suborov:
  • Otvor Start, napis "cmd" (bez uvodzoviek), klikni pravym tlacitkom mysi na Prikazovy riadok a klikni na Spustit ako spravca
  • Postupne skopiruj a spusti tieto 2 prikazy a stlac enter (pockaj na dokoncenie pred druhym prikazom):

    Kód: Vybrat vše

    DISM.exe /Online /Cleanup-image /Restorehealth
sfc /scannow
  • Po dokonceni obidvoch prikazov skopiruj a spusti tento prikaz:

    Kód: Vybrat vše

    findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >> "%userprofile%\desktop\sfcdetails.txt" && copy %windir%\logs\dism\dism.log %userprofile%\desktop\dism.txt
  • Na ploche sa vytvori subory sfcdetails.txt a dism.txt, tieto subory posli ako prilohu k dalsiemu prispevku

Re: preventivka

Napsal: 15 bře 2018 07:50
od butthead2507
Ahoj

----------------------------------------------------------------------------
CrystalDiskInfo 7.5.2 (C) 2008-2018 hiyohiyo
Crystal Dew World : https://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 10 Professional [10.0 Build 16299] (x86)
Date : 2018/03/15 7:11:35

-- Controller Map ----------------------------------------------------------
- ATA Channel 0 (0) [ATA]
- ATA Channel 1 (1) [ATA]
+ ATA Channel 0 (0) [ATA]
- WDC WD10EZEX-00BN5A0 ATA Device
- ATA Channel 1 (1) [ATA]
+ Intel(R) 82801G (ICH7 Family) Ultra ATA Storage Controllers - 27DF [ATA]
- ATA Channel 0 (0)
- ATA Channel 1 (1)
+ Intel(R) 82801GB/GR/GH (ICH7 Family) Serial ATA Storage Controller - 27C0 [ATA]
- ATA Channel 0 (0)
- ATA Channel 1 (1)
- Microsoft Storage Spaces Controller [SCSI]
- DAEMON Tools Lite Virtual SCSI Bus [SCSI]

-- Disk List ---------------------------------------------------------------
(1) WDC WD10EZEX-00BN5A0 : 1000,2 GB [0/2/0, pd1] - wd

----------------------------------------------------------------------------
(1) WDC WD10EZEX-00BN5A0
----------------------------------------------------------------------------
Model : WDC WD10EZEX-00BN5A0
Firmware : 01.01A01
Serial Number : WD-WCC3F2LR27TL
Disk Size : 1000,2 GB (8,4/137,4/1000,2/1000,2)
Buffer Size : Unknown
Queue Depth : 32
# of Sectors : 1953525168
Rotation Rate : 7200 RPM
Interface : Serial ATA
Major Version : ACS-2
Minor Version : ACS-3 Revision 3b
Transfer Mode : SATA/300 | SATA/600
Power On Hours : 6580 hours
Power On Count : 795 count
Temperature : 35 C (95 F)
Health Status : Good
Features : S.M.A.R.T., 48bit LBA, NCQ
APM Level : ----
AAM Level : ----
Drive Letter : C: D:

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 200 200 _51 000000000000 Read Error Rate
03 172 169 _21 000000000947 Spin-Up Time
04 100 100 __0 000000000320 Start/Stop Count
05 200 200 140 000000000000 Reallocated Sectors Count
07 200 200 __0 000000000000 Seek Error Rate
09 _91 _91 __0 0000000019B4 Power-On Hours
0A 100 100 __0 000000000000 Spin Retry Count
0B 100 100 __0 000000000000 Recalibration Retries
0C 100 100 __0 00000000031B Power Cycle Count
C0 200 200 __0 000000000030 Power-off Retract Count
C1 200 200 __0 0000000002EF Load/Unload Cycle Count
C2 108 103 __0 000000000023 Temperature
C4 200 200 __0 000000000000 Reallocation Event Count
C5 200 200 __0 000000000000 Current Pending Sector Count
C6 200 200 __0 000000000000 Uncorrectable Sector Count
C7 200 200 __0 000000000005 UltraDMA CRC Error Count
C8 200 200 __0 000000000000 Write Error Rate

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 427A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2057 442D 5743 4333 4632 4C52 3237 544C
020: 0000 0000 0000 3031 2E30 3141 3031 5744 4320 5744
030: 3130 455A 4558 2D30 3042 4E35 4130 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4001 0000 0000 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 970E 0004 0044 0000
080: 03FE 001F 746B 7D61 4123 7469 BC41 4123 207F 003D
090: 003D 0000 FFFE 0000 0000 0000 0000 0000 0000 0000
100: 6DB0 7470 0000 0000 0000 0000 6003 0000 5001 4EE2
110: 0B75 7570 0000 0000 0000 0000 0000 0000 0000 4018
120: 4018 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0004 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 3035 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 1C20 0000 0000
220: 0000 0000 107E 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 1000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 87A5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 2F 00 C8 C8 00 00 00 00 00 00 00 03 27
010: 00 AC A9 47 09 00 00 00 00 00 04 32 00 64 64 20
020: 03 00 00 00 00 00 05 33 00 C8 C8 00 00 00 00 00
030: 00 00 07 2E 00 C8 C8 00 00 00 00 00 00 00 09 32
040: 00 5B 5B B4 19 00 00 00 00 00 0A 32 00 64 64 00
050: 00 00 00 00 00 00 0B 32 00 64 64 00 00 00 00 00
060: 00 00 0C 32 00 64 64 1B 03 00 00 00 00 00 C0 32
070: 00 C8 C8 30 00 00 00 00 00 00 C1 32 00 C8 C8 EF
080: 02 00 00 00 00 00 C2 22 00 6C 67 23 00 00 00 00
090: 00 00 C4 32 00 C8 C8 00 00 00 00 00 00 00 C5 32
0A0: 00 C8 C8 00 00 00 00 00 00 00 C6 30 00 C8 C8 00
0B0: 00 00 00 00 00 00 C7 32 00 C8 C8 05 00 00 00 00
0C0: 00 00 C8 08 00 C8 C8 00 00 00 00 00 00 00 00 00
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 82 00 00 2D 01 7B
170: 03 00 01 00 02 77 05 00 00 00 00 00 00 00 00 00
180: 00 00 01 02 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 97

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 33 C8 C8 00 00 00 00 00 00 00 00 03 15
010: 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00
020: 00 00 00 00 00 00 05 8C 00 00 00 00 00 00 00 00
030: 00 00 07 00 C8 C8 00 00 00 00 00 00 00 00 09 00
040: 00 00 00 00 00 00 00 00 00 00 0A 00 00 00 00 00
050: 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 00 00
060: 00 00 0C 00 00 00 00 00 00 00 00 00 00 00 C0 00
070: 00 00 00 00 00 00 00 00 00 00 C1 00 00 00 00 00
080: 00 00 00 00 00 00 C2 00 00 00 00 00 00 00 00 00
090: 00 00 C4 00 00 00 00 00 00 00 00 00 00 00 C5 00
0A0: 00 00 00 00 00 00 00 00 00 00 C6 00 00 00 00 00
0B0: 00 00 00 00 00 00 C7 00 00 00 00 00 00 00 00 00
0C0: 00 00 C8 00 C8 C8 00 00 00 00 00 00 00 00 00 00
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0D

Re: preventivka

Napsal: 15 bře 2018 16:55
od Conder
:arrow: Skontroluj velkost plochy (C:\Users\Marek\Desktop). Ak je vacsia ako 300 MB, presun vsetky subory a zlozky z plochy do dokumentov a na ploche nechaj iba odkazy/zastupcov. Prilis velka velkost plochy moze sposobit spomalenie systemu.

:arrow: Posli nove logy z FRST (obidva)

:arrow: Urob v MBAM uplny sken
  • Stiahni a nainstaluj Malwarebytes (MBAM): https://www.malwarebytes.com/mwb-download/thankyou/
  • Ignoruj skusobnu trial verziu
  • Otvor MBAM a vlavo klikni na "Skenovat"
  • Klikni na "Vlastne skenovanie" a potom na "Nakonfigurovat skenovanie" (Nastavit sken)
  • Vpravo oznac vsetky disky v PC a vlavo oznac moznost "Vyhladavat rootkity"
  • Klikni na Skenovat teraz a pockaj na dokoncenie
  • Po dokonceni klikni na Exportovat zhrnutie -> Textovy subor, zadaj nejaky nazov suboru a uloz na plochu
  • Obsah tohto suboru sem skopiruj
  • Obrazkovy navod (bohuzial pre starsiu verziu): https://forum.viry.cz/viewtopic.php?f=29&t=144868
:arrow: Stlac klavesy Win+R, napis "eventvwr" (bez uvodzoviek) a stlac enter
  • Vlavo klikni na Protokoly systemu Windows (Windows Logs) a potom na System
  • Vpravo klikni na Ulozit vsechny udalosti jako (Save All Events As)
  • Napis nejaky nazov suboru, typ suboru nechaj ako .evtx a uloz na plochu
  • Tento subor nahraj napriklad na leteckaposta.cz a do dalsej odpovede vloz odkaz na stiahnutie

Re: preventivka

Napsal: 20 bře 2018 07:20
od butthead2507
1: ok
2: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14.03.2018
Ran by Marek (administrator) on PC-MAREL (19-03-2018 09:00:05)
Running from C:\Users\Marek\Desktop
Loaded Profiles: Marek (Available Profiles: Marek)
Platform: Microsoft Windows 10 Pro Version 1709 16299.309 (X86) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(fischerwerke Gmbh & Co. KG) C:\Program Files\fischer\FIXPERIENCE\Update\fischer.Update.Service.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\ekrn.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
() \\MIRADSERVER\mksqlbin\exe\appsql.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() \\MIRADSERVER\mksqlbin\exe\appsql.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(forum.viry.cz) C:\Users\Marek\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [488344 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [14696704 2016-05-31] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-06-29] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe [3159744 2013-10-07] (ESET)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKU\S-1-5-21-1090461368-3718612229-1242190663-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [3576664 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-1090461368-3718612229-1242190663-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [8003664 2018-02-07] (Piriform Ltd)
HKU\S-1-5-21-1090461368-3718612229-1242190663-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
Startup: C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\appsql.exe - odkaz.lnk [2017-01-17]
ShortcutTarget: appsql.exe - odkaz.lnk -> \\MIRADSERVER\mksqlbin\exe\appsql.exe (No File)
Startup: C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Chrome.lnk [2017-01-11]
ShortcutTarget: Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
Startup: C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk [2017-01-11]
ShortcutTarget: Mozilla Thunderbird.lnk -> C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{ac49ff1d-f373-4efb-93a2-e0532eb61734}: [NameServer] 195.146.128.60,195.146.132.58,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

Internet Explorer:
==================
HKU\S-1-5-21-1090461368-3718612229-1242190663-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.sk/
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-03-07] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-07] (Oracle Corporation)

FireFox:
========
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird
FF Extension: (ESET Endpoint Security Extension) - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird [2016-12-16] [Legacy] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-07] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: ditec.sk/DitecZepDViewerFb -> C:\ProgramData\Ditec\DViewer\npDitec.Zep.DViewerFb.dll [2015-03-20] (Ditec, a.s.)
FF Plugin HKU\S-1-5-21-1090461368-3718612229-1242190663-1001: ditec.sk/DitecZepDViewerFb -> C:\ProgramData\Ditec\DViewer\npDitec.Zep.DViewerFb.dll [2015-03-20] (Ditec, a.s.)
FF Plugin ProgramFiles/Appdata: C:\Users\Marek\AppData\Roaming\mozilla\plugins\npatgpc.dll [2018-02-14] (Cisco WebEx LLC)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.sk/
CHR StartupUrls: Default -> "hxxp://www.radia.sk/radia/fun.html","hxxp://mi ... google.sk/"
CHR Profile: C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default [2018-03-19]
CHR Extension: (Dokumenty) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Disk Google) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-11]
CHR Extension: (YouTube) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-11]
CHR Extension: (Google Search) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-11]
CHR Extension: (Adobe Acrobat) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-07]
CHR Extension: (Tabuľky) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Tlačidlo Uložiť na Pintereste) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-11-16]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2018-02-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-11]
CHR Extension: (Chrome Media Router) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-14]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1034584 2015-06-18] (Disc Soft Ltd)
S3 EhttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe [34296 2013-10-07] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\ekrn.exe [1025584 2013-10-07] (ESET)
S3 ESHASRV; C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe [185104 2013-10-07] (ESET)
R2 fixperienceUpdateSvc; C:\Program Files\fischer\FIXPERIENCE\Update\fischer.Update.Service.exe [5255680 2017-02-13] (fischerwerke Gmbh & Co. KG) [File not signed]
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915600 2015-06-29] (NVIDIA Corporation)
S4 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-06-29] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19775632 2015-06-29] (NVIDIA Corporation)
R2 PSI_SVC_2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [277360 2013-09-13] (arvato digital services llc)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2891976 2018-01-26] (Microsoft Corporation)
S4 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [279408 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [86696 2017-09-29] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 DLPortIO; C:\WINDOWS\system32\Drivers\DLPortIO.sys [3584 1996-09-27] () [File not signed]
R2 DriverX; C:\WINDOWS\System32\Drivers\driverx.sys [52512 2001-06-11] (Microsoft Corporation) [File not signed]
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [25016 2015-10-27] (Disc Soft Ltd)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [177472 2013-10-25] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [173864 2013-09-09] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [128056 2013-09-09] (ESET)
R2 epfwwfpr; C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys [113088 2013-09-09] (ESET)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2015-11-23] (REALiX(tm))
R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [36600 2016-08-17] (Riverbed Technology, Inc.)
S3 USBAAPL; C:\WINDOWS\System32\Drivers\usbaapl.sys [45056 2015-06-17] (Apple, Inc.) [File not signed]
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37440 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [253848 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [98200 2017-09-29] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [186880 2017-09-29] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-19 09:00 - 2018-03-19 09:00 - 000015526 _____ C:\Users\Marek\Desktop\FRST.txt
2018-03-19 08:54 - 2018-03-19 08:53 - 000112640 _____ (forum.viry.cz) C:\Users\Marek\Desktop\FRSTLauncher.exe
2018-03-19 08:43 - 2018-03-19 09:00 - 000000000 ____D C:\FRST
2018-03-19 08:36 - 2018-03-19 08:36 - 001764352 _____ (Farbar) C:\Users\Marek\Desktop\FRST.exe
2018-03-16 14:32 - 2018-03-16 14:32 - 000052224 _____ C:\Users\Marek\Desktop\cennik_uponor.xls
2018-03-16 12:41 - 2018-03-16 14:17 - 000154624 _____ C:\Users\Marek\Desktop\skupina12.xls
2018-03-16 08:37 - 2018-03-16 08:37 - 000000000 ____D C:\WINDOWS\PCHEALTH
2018-03-15 12:55 - 2018-03-16 15:18 - 000078380 _____ C:\Users\Marek\Desktop\Kópia - Mirad uhlík KOMPLET.xlsx
2018-03-15 09:05 - 2018-03-15 09:05 - 010380755 _____ C:\Users\Marek\Downloads\6in1-product-list-kan-therm-sk.pdf
2018-03-14 17:47 - 2018-03-02 22:09 - 000834552 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2018-03-14 17:47 - 2018-03-02 22:09 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2018-03-14 17:42 - 2018-03-01 07:53 - 000398082 __RSH C:\bootmgr
2018-03-14 17:42 - 2017-09-29 12:49 - 000000001 ___SH C:\BOOTNXT
2018-03-14 07:19 - 2018-03-14 07:19 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-03-14 07:18 - 2018-03-14 07:18 - 000075296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys
2018-03-14 07:18 - 2018-03-14 07:18 - 000048536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vdrvroot.sys
2018-03-14 07:18 - 2018-03-14 07:18 - 000022400 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbuspipe.dll
2018-03-14 07:18 - 2018-03-14 07:18 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\HyperVideo.sys
2018-03-14 07:18 - 2018-03-14 07:18 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpbus.sys
2018-03-14 07:18 - 2018-03-14 07:18 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\VMBusHID.sys
2018-03-14 07:18 - 2018-03-14 07:18 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hyperkbd.sys
2018-03-14 07:18 - 2018-03-14 07:18 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmgencounter.sys
2018-03-14 07:18 - 2018-03-14 07:18 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmgid.sys
2018-03-14 07:18 - 2018-03-14 07:18 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vms3cap.sys
2018-03-14 07:17 - 2018-03-14 07:17 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Synth3dVsc.sys
2018-03-14 07:17 - 2018-03-14 07:17 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dmvsc.sys
2018-03-14 07:17 - 2018-03-14 07:17 - 000038944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmstorfl.sys
2018-03-14 07:17 - 2018-03-14 07:17 - 000028056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storvsc.sys
2018-03-14 07:17 - 2018-03-01 07:51 - 000062360 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-03-14 07:17 - 2018-03-01 07:43 - 006412192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-03-14 07:17 - 2018-03-01 07:37 - 000508312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-03-14 07:17 - 2018-03-01 07:35 - 000607640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-03-14 07:17 - 2018-03-01 07:35 - 000142744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-03-14 07:17 - 2018-03-01 07:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-03-14 07:17 - 2018-03-01 07:30 - 000339360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-03-14 07:17 - 2018-03-01 07:28 - 006480616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-03-14 07:17 - 2018-03-01 07:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-03-14 07:17 - 2018-03-01 07:27 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-03-14 07:17 - 2018-03-01 07:26 - 000040856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-03-14 07:17 - 2018-03-01 07:03 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-03-14 07:17 - 2018-03-01 07:03 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-03-14 07:17 - 2018-03-01 07:03 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-03-14 07:17 - 2018-03-01 07:02 - 000027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-03-14 07:17 - 2018-03-01 07:01 - 006575616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-03-14 07:17 - 2018-03-01 07:01 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-03-14 07:17 - 2018-03-01 06:56 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-03-14 07:17 - 2018-03-01 06:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-03-14 07:17 - 2018-03-01 06:54 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-03-14 07:17 - 2018-03-01 06:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-03-14 07:17 - 2018-03-01 06:52 - 006030336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-03-14 07:17 - 2018-03-01 06:50 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-03-14 07:17 - 2018-03-01 06:50 - 001622528 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-03-14 07:17 - 2018-03-01 06:49 - 001762304 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-03-14 07:17 - 2018-03-01 06:48 - 000676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-03-14 07:17 - 2018-03-01 06:48 - 000650240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-03-14 07:17 - 2018-02-22 01:48 - 000065432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-03-14 07:17 - 2018-02-22 01:43 - 000336800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-03-14 07:17 - 2018-02-22 01:43 - 000128408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-03-14 07:17 - 2018-02-22 01:43 - 000080800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-03-14 07:17 - 2018-02-22 01:42 - 000433568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-03-14 07:17 - 2018-02-22 01:42 - 000279448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-03-14 07:17 - 2018-02-22 01:42 - 000038304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-03-14 07:17 - 2018-02-22 01:19 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-03-14 07:17 - 2018-02-22 01:18 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-03-14 07:17 - 2018-02-22 01:17 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-03-14 07:16 - 2018-03-01 21:28 - 000661504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-03-14 07:16 - 2018-03-01 07:56 - 000603544 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-03-14 07:16 - 2018-03-01 07:52 - 001328024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-03-14 07:16 - 2018-03-01 07:52 - 000517024 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-03-14 07:16 - 2018-03-01 07:52 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-03-14 07:16 - 2018-03-01 07:52 - 000119192 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-03-14 07:16 - 2018-03-01 07:51 - 001902488 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-03-14 07:16 - 2018-03-01 07:51 - 000542624 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-03-14 07:16 - 2018-03-01 07:51 - 000322464 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-03-14 07:16 - 2018-03-01 07:45 - 001933840 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-03-14 07:16 - 2018-03-01 07:44 - 000253144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-03-14 07:16 - 2018-03-01 07:41 - 000816632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-03-14 07:16 - 2018-03-01 07:40 - 000030616 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-03-14 07:16 - 2018-03-01 07:39 - 000350616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-03-14 07:16 - 2018-03-01 07:39 - 000213400 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-03-14 07:16 - 2018-03-01 07:35 - 000451480 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-03-14 07:16 - 2018-03-01 07:35 - 000195488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-03-14 07:16 - 2018-03-01 07:32 - 000414824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-03-14 07:16 - 2018-03-01 07:30 - 002117536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-03-14 07:16 - 2018-03-01 07:28 - 000115096 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-03-14 07:16 - 2018-03-01 07:27 - 000538760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-03-14 07:16 - 2018-03-01 07:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2018-03-14 07:16 - 2018-03-01 07:27 - 000170904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-03-14 07:16 - 2018-03-01 07:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-03-14 07:16 - 2018-03-01 07:25 - 000116120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-03-14 07:16 - 2018-03-01 07:25 - 000048024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2018-03-14 07:16 - 2018-03-01 07:24 - 000078232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-03-14 07:16 - 2018-03-01 07:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll
2018-03-14 07:16 - 2018-03-01 07:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-03-14 07:16 - 2018-03-01 07:04 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-03-14 07:16 - 2018-03-01 07:03 - 000666112 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-03-14 07:16 - 2018-03-01 07:03 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-03-14 07:16 - 2018-03-01 07:03 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-03-14 07:16 - 2018-03-01 07:03 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-03-14 07:16 - 2018-03-01 07:03 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-03-14 07:16 - 2018-03-01 07:03 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-03-14 07:16 - 2018-03-01 07:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-03-14 07:16 - 2018-03-01 07:01 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-03-14 07:16 - 2018-03-01 07:01 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-03-14 07:16 - 2018-03-01 07:01 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-03-14 07:16 - 2018-03-01 07:00 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-03-14 07:16 - 2018-03-01 06:59 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-03-14 07:16 - 2018-03-01 06:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-03-14 07:16 - 2018-03-01 06:58 - 000539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-03-14 07:16 - 2018-03-01 06:58 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-03-14 07:16 - 2018-03-01 06:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-03-14 07:16 - 2018-03-01 06:58 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-03-14 07:16 - 2018-03-01 06:58 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-03-14 07:16 - 2018-03-01 06:57 - 000435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-03-14 07:16 - 2018-03-01 06:57 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-03-14 07:16 - 2018-03-01 06:56 - 018922496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-03-14 07:16 - 2018-03-01 06:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-03-14 07:16 - 2018-03-01 06:54 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-03-14 07:16 - 2018-03-01 06:52 - 001132544 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-03-14 07:16 - 2018-03-01 06:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2018-03-14 07:16 - 2018-03-01 06:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-03-14 07:16 - 2018-03-01 06:49 - 000748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-03-14 07:16 - 2018-03-01 06:48 - 001652224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-03-14 07:16 - 2018-03-01 06:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-03-14 07:16 - 2018-03-01 06:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-03-14 07:16 - 2018-03-01 06:45 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-03-14 07:16 - 2018-02-22 02:23 - 000239000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-03-14 07:16 - 2018-02-22 01:54 - 000233376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-03-14 07:16 - 2018-02-22 01:50 - 000156056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2018-03-14 07:16 - 2018-02-22 01:48 - 000081824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-03-14 07:16 - 2018-02-22 01:46 - 000155552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-03-14 07:16 - 2018-02-22 01:45 - 000454048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-03-14 07:16 - 2018-02-22 01:43 - 000534944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-03-14 07:16 - 2018-02-22 01:42 - 000186784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-03-14 07:16 - 2018-02-22 01:42 - 000076192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-03-14 07:16 - 2018-02-22 01:18 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-03-14 07:16 - 2018-02-22 01:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-03-14 07:16 - 2018-02-22 01:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-03-12 19:43 - 2018-03-12 19:43 - 000000000 ____D C:\Users\Marek\AppData\Local\TeamViewer
2018-03-09 07:59 - 2018-03-09 07:59 - 000000541 _____ C:\DelFix.txt
2018-03-09 07:15 - 2018-03-09 07:15 - 000001002 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-03-07 14:20 - 2018-03-07 14:20 - 000500218 _____ C:\Users\Marek\Desktop\nadoby_bez_vaku.pdf
2018-03-07 08:34 - 2018-03-07 08:34 - 000028311 _____ C:\Users\Marek\AppData\Roaming\Hodnoty oddelené čiarkou (systém Windows).ADR
2018-03-07 08:28 - 2018-03-07 08:28 - 000188768 _____ C:\Users\Marek\Documents\Zozbierané adresy.csv
2018-03-07 08:28 - 2018-03-07 08:28 - 000003333 _____ C:\Users\Marek\Documents\Osobný adresár.csv
2018-03-07 07:50 - 2018-03-07 08:53 - 000000000 ____D C:\Users\Marek\AppData\Local\Adobe
2018-03-07 07:38 - 2018-03-07 07:38 - 000000708 _____ C:\Users\Marek\Desktop\plocha – odkaz.lnk
2018-03-07 07:18 - 2018-03-07 07:18 - 000095808 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2018-03-07 07:18 - 2018-03-07 07:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-03-07 07:18 - 2018-03-07 07:18 - 000000000 ____D C:\Program Files\Common Files\Java
2018-03-07 07:17 - 2018-03-07 07:17 - 000000000 ____D C:\Program Files\Java
2018-03-07 07:11 - 2018-03-07 07:11 - 000000834 _____ C:\Users\Marek\Desktop\Cenniky – odkaz.lnk
2018-03-05 14:04 - 2017-12-05 13:58 - 004404624 _____ C:\Users\Marek\AppData\Local\Tempappsql.chm
2018-03-05 10:49 - 2018-03-05 10:49 - 000001038 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-03-05 10:49 - 2018-03-05 10:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-03-05 10:49 - 2018-03-05 10:49 - 000000000 ____D C:\Program Files\CCleaner
2018-03-01 07:43 - 2018-03-01 07:44 - 000000000 ____D C:\Program Files\trend micro
2018-02-26 06:37 - 2018-02-26 06:37 - 000002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-19 09:00 - 2018-01-09 11:30 - 000000000 ____D C:\Users\Marek\Documents\Súbory programu Outlook
2018-03-19 08:44 - 2017-09-29 06:31 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-03-19 08:18 - 2017-09-29 12:55 - 000000000 ____D C:\WINDOWS\rescache
2018-03-19 06:59 - 2017-05-25 05:43 - 000000000 ____D C:\Users\Marek\AppData\LocalLow\Mozilla
2018-03-16 12:28 - 2017-09-07 06:31 - 000010859 _____ C:\Users\Marek\Desktop\grundfos.xlsx
2018-03-16 09:05 - 2015-04-21 21:52 - 000000000 ____D C:\Users\Marek\Downloads\stiah
2018-03-15 08:29 - 2015-05-05 05:39 - 000002286 ____H C:\Users\Marek\Documents\Default.rdp
2018-03-15 07:01 - 2017-09-29 12:45 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-15 04:56 - 2017-09-29 12:52 - 000000000 ____D C:\WINDOWS\INF
2018-03-14 17:54 - 2018-01-29 08:15 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-14 17:48 - 2018-01-29 08:41 - 001960396 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-14 17:48 - 2017-09-29 12:55 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-03-14 17:48 - 2015-10-22 14:20 - 000769776 _____ C:\WINDOWS\system32\perfh01B.dat
2018-03-14 17:48 - 2015-10-22 14:20 - 000234526 _____ C:\WINDOWS\system32\perfc01B.dat
2018-03-14 17:44 - 2017-09-29 12:55 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-14 17:42 - 2018-01-29 08:15 - 004342616 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-14 17:41 - 2018-01-29 08:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-14 17:41 - 2017-07-20 06:09 - 000000000 ____D C:\ProgramData\NVIDIA
2018-03-14 17:41 - 2015-04-21 20:11 - 000000000 ____D C:\Users\Marek\AppData\Local\ESET
2018-03-14 17:40 - 2017-09-29 12:55 - 000000000 ____D C:\WINDOWS\TextInput
2018-03-14 17:40 - 2017-09-29 12:55 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-03-14 17:40 - 2017-09-29 12:55 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-03-14 17:40 - 2017-09-29 12:55 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-03-14 17:40 - 2017-09-29 06:31 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2018-03-14 07:36 - 2015-04-21 20:09 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-03-14 07:28 - 2017-10-11 07:21 - 127391104 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-14 07:28 - 2015-04-21 20:09 - 127391104 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-03-13 21:51 - 2015-04-21 20:07 - 000002259 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-13 19:33 - 2016-08-17 05:59 - 000002362 _____ C:\Users\Marek\Desktop\SKLAD.lnk
2018-03-13 06:42 - 2017-09-29 12:55 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-09 07:16 - 2015-04-22 10:21 - 000000000 ____D C:\Program Files\TeamViewer
2018-03-08 12:18 - 2017-09-29 12:55 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-03-07 07:27 - 2015-11-11 07:43 - 000000000 ____D C:\Users\Marek\AppData\LocalLow\Temp
2018-03-07 07:18 - 2015-04-22 10:26 - 000000000 ____D C:\ProgramData\Oracle
2018-03-05 09:08 - 2017-12-14 11:40 - 000000000 ____D C:\inst
2018-03-01 15:29 - 2018-01-29 08:22 - 000000000 ____D C:\Users\Marek
2018-02-27 14:51 - 2016-05-05 11:05 - 000000000 ____D C:\Users\Marek\Desktop\osmapoprad

==================== Files in the root of some directories =======

2016-08-12 13:12 - 2017-11-27 09:42 - 000000132 _____ () C:\Users\Marek\AppData\Roaming\Adobe BMP Format CS6 Prefs
2017-03-10 12:50 - 2017-08-15 07:15 - 000000132 _____ () C:\Users\Marek\AppData\Roaming\Adobe PNG Format CS6 Prefs
2018-03-07 08:34 - 2018-03-07 08:34 - 000028311 _____ () C:\Users\Marek\AppData\Roaming\Hodnoty oddelené čiarkou (systém Windows).ADR
2015-11-16 11:57 - 2015-11-16 11:57 - 029361616 _____ (Sony Mobile Communications ) C:\Users\Marek\AppData\Local\pcc.exe
2018-03-05 14:04 - 2017-12-05 13:58 - 004404624 _____ () C:\Users\Marek\AppData\Local\Tempappsql.chm

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0921c6995940a.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Users\Marek\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [106]

==================== Security Center ==================

AV: ESET Endpoint Antivirus 5.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Endpoint Antivirus 5.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Marek\Desktop" je 2 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]


==================== End Of Log ==============================

3: Malwarebytes
www.malwarebytes.com

-Podrobnosti denníka-
Dátum skenovania: 20.03.18
Čas skenovania: 2:31
Súbor denníka: 67e8aed0-2bde-11e8-9506-001bfc2113bd.json
Správca: Áno

-Údaje o softvéri-
Verzia: 3.4.4.2398
Verzia súčastí: 1.0.322
Aktualizovať verziu balíka: 1.0.4414
Licencia: Skúšobná verzia

-Systémové informácie-
OS: Windows 10 (Build 16299.309)
Procesor: x86
Systém súborov: NTFS
Používateľ: System

-Zhrnutie skenovania-
Typ skenovania: Vyhľadávanie hrozieb
Výsledok: Dokončené
Preskenované objekty: 221318
Zistené hrozby: 2
Hrozby umiestnené do karantény: 0
(Nezistili sa nijaké škodlivé položky)
Uplynulý čas: 12 min, 35 s

-Možnosti skenovania-
Pamäť: Povolené
Spúšťanie: Povolené
Systém súborov: Povolené
Archívy: Povolené
Rootkity: Zakázané
Heuristika: Povolené
PUP: Zistiť
PUM: Zistiť

-Podrobnosti skenovania-
Proces: 0
(Nezistili sa nijaké škodlivé položky)

Modul: 0
(Nezistili sa nijaké škodlivé položky)

Kľúč databázy Registry: 1
PUP.Optional.InstallCore, HKU\S-1-5-18\SOFTWARE\ICSW1.14, Bez zásahu používateľa, [2], [239562],1.0.4414

Hodnota databázy Registry: 0
(Nezistili sa nijaké škodlivé položky)

Údaje databázy Registry: 0
(Nezistili sa nijaké škodlivé položky)

Prúd údajov: 0
(Nezistili sa nijaké škodlivé položky)

Priečinok: 0
(Nezistili sa nijaké škodlivé položky)

Súbor: 1
Adware.Elex.ShrtCln, C:\USERS\MAREK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Bez zásahu používateľa, [2199], [454718],1.0.4414

Fyzický sektor: 0
(Nezistili sa nijaké škodlivé položky)


(end)
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz