VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Poprpsím o preventívku

https://forum.viry.cz:443/viewtopic.php?t=153921

Stránka 1 z 4

Poprpsím o preventívku

Napsal: 11 bře 2018 10:32
od PureHate44
Logfile of random's system information tool 1.10 (written by random/random)
Run by Peter at 2018-03-11 10:31:04
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 38 GB (19%) free of 200 GB
Total RAM: 4095 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:31:13, on 11. 3. 2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18921)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Peter\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe
C:\Users\Peter\AppData\Local\Facebook\Games\FacebookGameroom.exe
C:\Program Files (x86)\OkayFreedom\Notifier.exe
C:\Users\Peter\AppData\Local\Facebook\Games\Facebook Gameroom Browser.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Program Files\trend micro\Peter.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8888;https=127.0.0.1:8888
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [OKAYFREEDOM Notifier] "C:\Program Files (x86)\OkayFreedom\Notifier.exe"
O4 - HKLM\..\Run: [ACSW21EN] "C:\Program Files (x86)\ACD Systems\ACDSee\21.0\acdIDInTouch2.exe"
O4 - HKCU\..\Run: [Spotify Web Helper] C:\Users\Peter\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
O4 - HKCU\..\Run: [OKAYFREEDOM_Agent] "C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe" -agent
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Facebook Gameroom.lnk = Peter\AppData\Local\Facebook\Games\FacebookGameroom.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.webcompanion.com
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - (no file)
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - (no file)
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - (no file)
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - (no file)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CPUMonitor - Unknown owner - C:\Windows\nssm.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Disc Soft Ultra Bus Service - Disc Soft Ltd - C:\Users\Peter\DAEMON Tools Ultra\DiscSoftBusServiceUltra.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: OkayFreedom VPN Starter Service - Steganos Software GmbH - C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015.SP1a\RpcAgentSrv.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WC Assistant (WCAssistantService) - Unknown owner - C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
O23 - Service: WinZip Compression Smart Monitor Service - Unknown owner - C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9015 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe"
C:\Windows\system32\svchost.exe -k GPSvcGroup
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
"C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files\WinZip\WzPreloader.exe"
"C:\Program Files\WinZip\FAHWindow64.exe" register
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Users\Peter\AppData\Roaming\Spotify\SpotifyWebHelper.exe" --autostart
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1"
"C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe" -agent
"C:\Users\Peter\AppData\Local\Facebook\Games\FacebookGameroom.exe" fbgames://windows_startup/
"C:\Program Files (x86)\OkayFreedom\Notifier.exe"
"Facebook Gameroom Browser.exe" --type=gpu-process --no-sandbox --lang=en-US --log-file="C:\Users\Peter\AppData\Local\Facebook\Games\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 CanvasFrame/1.20.6618.42311 Safari/537.36 FacebookCanvasDesktop FBAN/GamesWindowsDesktopApp FBAV/1.20.6618.42311" --gpu-vendor-id=0x10de --gpu-device-id=0x0a65 --gpu-driver-vendor=NVIDIA --gpu-driver-version=21.21.13.4201 --gpu-driver-date=11-14-2016 --lang=en-US --log-file="C:\Users\Peter\AppData\Local\Facebook\Games\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 CanvasFrame/1.20.6618.42311 Safari/537.36 FacebookCanvasDesktop FBAN/GamesWindowsDesktopApp FBAV/1.20.6618.42311" --service-request-channel-token=3B09A3B7D9A5577EF1994EE5DC0DD874 --mojo-platform-channel-handle=1820 /prefetch:2
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Peter\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Peter\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=63.0.3239.132 --initial-client-data=0x80,0x84,0x88,0x7c,0x8c,0x7fedd035720,0x7fedd035760,0x7fedd035738
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2664 --on-initialized-event-handle=312 --parent-handle=316 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1164,893496836539755308,18209467157421414604,131072 --gpu-vendor-id=0x10de --gpu-device-id=0x0a65 --gpu-driver-vendor=NVIDIA --gpu-driver-version=21.21.13.4201 --gpu-driver-date=11-14-2016 --service-request-channel-token=3DC9B336F5C08C66B77E015577DADC5A --mojo-platform-channel-handle=1168 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1164,893496836539755308,18209467157421414604,131072 --service-pipe-token=E864969C14304A5DD4740F42CC841ABF --lang=sk --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --service-request-channel-token=E864969C14304A5DD4740F42CC841ABF --renderer-client-id=4 --mojo-platform-channel-handle=2544 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1164,893496836539755308,18209467157421414604,131072 --service-pipe-token=4CE18063849BE446626645E4588B05C7 --lang=sk --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --service-request-channel-token=4CE18063849BE446626645E4588B05C7 --renderer-client-id=5 --mojo-platform-channel-handle=2660 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1164,893496836539755308,18209467157421414604,131072 --service-pipe-token=1335B89175A1F8618F7CB6FB9AF398C4 --lang=sk --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --service-request-channel-token=1335B89175A1F8618F7CB6FB9AF398C4 --renderer-client-id=6 --mojo-platform-channel-handle=2752 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1164,893496836539755308,18209467157421414604,131072 --service-pipe-token=0F3BAAFBFC679C187A7E9E071771AE0E --lang=sk --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --service-request-channel-token=0F3BAAFBFC679C187A7E9E071771AE0E --renderer-client-id=7 --mojo-platform-channel-handle=2808 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1164,893496836539755308,18209467157421414604,131072 --service-pipe-token=9B472B8142CCFC028F62C81EA3E0056A --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --service-request-channel-token=9B472B8142CCFC028F62C81EA3E0056A --renderer-client-id=10 --mojo-platform-channel-handle=5004 /prefetch:1
"C:\Program Files (x86)\Total Commander\TOTALCMD64.EXE"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Windows\system32\prevhost.exe {914FEED8-267A-4BAA-B8AA-21E233792679} -Embedding
"C:\Program Files\WinZip\WzPreviewer64.exe" -Embedding
"C:\Users\Peter\Downloads\IRC\xchat.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1164,893496836539755308,18209467157421414604,131072 --service-pipe-token=D89E718C20545AC38D3AAF7656D21D01 --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --service-request-channel-token=D89E718C20545AC38D3AAF7656D21D01 --renderer-client-id=101 --mojo-platform-channel-handle=6452 /prefetch:1

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1164,893496836539755308,18209467157421414604,131072 --service-pipe-token=71DF7A344F8A768C4BE0D899EF32CB0F --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --service-request-channel-token=71DF7A344F8A768C4BE0D899EF32CB0F --renderer-client-id=168 --mojo-platform-channel-handle=2296 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1164,893496836539755308,18209467157421414604,131072 --service-pipe-token=F9B0718BCF5615F98ABF54DFE3EDCA30 --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --service-request-channel-token=F9B0718BCF5615F98ABF54DFE3EDCA30 --renderer-client-id=169 --mojo-platform-channel-handle=7012 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1164,893496836539755308,18209467157421414604,131072 --service-pipe-token=747172439448C9A655BC6C174D571217 --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --service-request-channel-token=747172439448C9A655BC6C174D571217 --renderer-client-id=197 --mojo-platform-channel-handle=4340 /prefetch:1
"C:\Program Files (x86)\Winamp\winamp.exe" -Embedding
C:\Windows\System32\svchost.exe -k swprv
taskeng.exe {D7680BFD-A1AD-431E-AD9C-C4E5B0054687}
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1164,893496836539755308,18209467157421414604,131072 --service-pipe-token=BE46AA1A7924688D0CE5731EF80293BA --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --service-request-channel-token=BE46AA1A7924688D0CE5731EF80293BA --renderer-client-id=210 --mojo-platform-channel-handle=7772 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1164,893496836539755308,18209467157421414604,131072 --service-pipe-token=B8C1C8F5E9A31BFBE20087CD3E03082F --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --service-request-channel-token=B8C1C8F5E9A31BFBE20087CD3E03082F --renderer-client-id=213 --mojo-platform-channel-handle=7784 /prefetch:1
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe18_ Global\UsGthrCtrlFltPipeMssGthrPipe18 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 524 528 536 65536 532
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1164,893496836539755308,18209467157421414604,131072 --service-pipe-token=A27DDFF3211FB4DC9EE9C89F7249E390 --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --service-request-channel-token=A27DDFF3211FB4DC9EE9C89F7249E390 --renderer-client-id=215 --mojo-platform-channel-handle=8056 /prefetch:1
"C:\Users\Peter\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Neptune.job - C:\Program Files (x86)\Neptune SystemCare 2017\NeptuneTray.exe -StartTray

=========Mozilla firefox=========

ProfilePath - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\o6yasy6y.default-1506712320144

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 28.0.0.137 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.6]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 28.0.0.137 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2015-02-20 1793736]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\ecmds.exe [2017-12-18 324352]
"WinZip UN"=C:\Program Files\WinZip\WZUpdateNotifier.exe [2017-12-11 2047744]
"WinZip PreLoader"=C:\Program Files\WinZip\WzPreloader.exe [2017-12-11 123848]
"WinZip FAH"=C:\Program Files\WinZip\FAHConsole.exe [2017-12-11 436416]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"=C:\Users\Peter\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2017-12-02 777840]
"OKAYFREEDOM_Agent"=C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe [2018-01-29 6267384]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2018-02-07 10290608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
C:\Program Files\CCleaner\CCleaner64.exe [2018-02-07 10290608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Ultra Agent]
C:\Users\Peter\DAEMON Tools Ultra\DTAgent.exe [2016-12-12 5021888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OKAYFREEDOM Notifier]
C:\Program Files (x86)\OkayFreedom\Notifier.exe [2018-01-29 4201464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OKAYFREEDOM_Agent]
C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe [2018-01-29 6267384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
C:\Users\Peter\AppData\Roaming\Spotify\Spotify.exe [2017-12-02 21093488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
C:\Users\Peter\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2017-12-02 777840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Users\Peter\AppData\Roaming\uTorrent\uTorrent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Gameroom.lnk]
C:\Users\Peter\AppData\Local\Facebook\Games\FACEBO~2.EXE []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"OKAYFREEDOM Notifier"=C:\Program Files (x86)\OkayFreedom\Notifier.exe [2018-01-29 4201464]
"ACSW21EN"=C:\Program Files (x86)\ACD Systems\ACDSee\21.0\acdIDInTouch2.exe []

C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Facebook Gameroom.lnk - C:\Users\Peter\AppData\Local\Facebook\Games\FacebookGameroom.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221
"NoSimpleNetIDList"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\xchat\xchat.exe"="C:\Program Files (x86)\xchat\xchat.exe:*:Enabled:XChat IRC Client"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2018-03-11 10:31:04 ----D---- C:\rsit
2018-03-11 10:19:49 ----D---- C:\ProgramData\Lavasoft
2018-03-11 10:19:21 ----D---- C:\Program Files (x86)\Lavasoft
2018-03-11 10:19:08 ----D---- C:\Lavasoft
2018-03-10 10:14:57 ----D---- C:\ProgramData\ACD Systems
2018-03-10 10:07:07 ----D---- C:\Program Files (x86)\ACD Systems
2018-03-10 10:03:01 ----D---- C:\ProgramData\Apple
2018-03-10 10:03:01 ----D---- C:\Program Files\Bonjour
2018-03-10 10:03:01 ----D---- C:\Program Files (x86)\Bonjour
2018-03-03 08:24:57 ----D---- C:\Program Files\CCleaner
2018-02-24 16:43:49 ----D---- C:\ProgramData\ESET
2018-02-24 16:43:49 ----D---- C:\Program Files\ESET
2018-02-18 13:46:18 ----D---- C:\Windows\OpenOffice
2018-02-18 13:43:03 ----D---- C:\Program Files (x86)\OpenOffice 4
2018-02-18 12:10:13 ----D---- C:\Program Files\Microsoft Office
2018-02-18 11:34:04 ----D---- C:\Program Files\Microsoft Office 15
2018-02-18 11:13:15 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2018-02-18 09:51:05 ----D---- C:\SCANOVANIE
2018-02-17 19:42:57 ----HD---- C:\ProgramData\CanonIJScan
2018-02-17 19:10:17 ----HD---- C:\ProgramData\CanonBJ
2018-02-17 19:09:57 ----A---- C:\Windows\system32\CNMLMCT.DLL
2018-02-17 19:07:30 ----A---- C:\Windows\system32\CNHMCA6.dll
2018-02-17 19:07:30 ----A---- C:\Windows\system32\CNC_CTL.dll
2018-02-17 19:07:30 ----A---- C:\Windows\system32\CNC_CTI.dll
2018-02-17 19:07:30 ----A---- C:\Windows\system32\CNC_CTC.dll
2018-02-15 17:34:50 ----D---- C:\vlc
2018-02-14 20:18:14 ----A---- C:\Windows\system32\mshtml.dll
2018-02-14 20:18:12 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2018-02-14 20:18:10 ----A---- C:\Windows\system32\ieframe.dll
2018-02-14 20:18:09 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2018-02-14 20:18:08 ----A---- C:\Windows\system32\ntoskrnl.exe
2018-02-14 20:18:08 ----A---- C:\Windows\system32\jscript9.dll
2018-02-14 20:18:07 ----A---- C:\Windows\SYSWOW64\wininet.dll
2018-02-14 20:18:07 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2018-02-14 20:18:07 ----A---- C:\Windows\system32\wininet.dll
2018-02-14 20:18:07 ----A---- C:\Windows\system32\win32k.sys
2018-02-14 20:18:06 ----A---- C:\Windows\system32\xpsrchvw.exe
2018-02-14 20:18:06 ----A---- C:\Windows\system32\ntdll.dll
2018-02-14 20:18:06 ----A---- C:\Windows\system32\drivers\tcpip.sys
2018-02-14 20:18:05 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2018-02-14 20:18:05 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2018-02-14 20:18:05 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2018-02-14 20:18:05 ----A---- C:\Windows\system32\urlmon.dll
2018-02-14 20:18:05 ----A---- C:\Windows\system32\lsasrv.dll
2018-02-14 20:18:05 ----A---- C:\Windows\system32\iertutil.dll
2018-02-14 20:18:04 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2018-02-14 20:18:04 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2018-02-14 20:18:04 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2018-02-14 20:18:04 ----A---- C:\Windows\SYSWOW64\jscript.dll
2018-02-14 20:18:04 ----A---- C:\Windows\system32\vbscript.dll
2018-02-14 20:18:04 ----A---- C:\Windows\system32\schannel.dll
2018-02-14 20:18:04 ----A---- C:\Windows\system32\rpcrt4.dll
2018-02-14 20:18:04 ----A---- C:\Windows\system32\kerberos.dll
2018-02-14 20:18:04 ----A---- C:\Windows\system32\jscript.dll
2018-02-14 20:18:04 ----A---- C:\Windows\system32\crypt32.dll
2018-02-14 20:18:03 ----A---- C:\Windows\SYSWOW64\xpsrchvw.exe
2018-02-14 20:18:03 ----A---- C:\Windows\SYSWOW64\schannel.dll
2018-02-14 20:18:03 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2018-02-14 20:18:03 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2018-02-14 20:18:03 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2018-02-14 20:18:03 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2018-02-14 20:18:03 ----A---- C:\Windows\system32\msv1_0.dll
2018-02-14 20:18:03 ----A---- C:\Windows\system32\KernelBase.dll
2018-02-14 20:18:03 ----A---- C:\Windows\system32\kernel32.dll
2018-02-14 20:18:03 ----A---- C:\Windows\system32\advapi32.dll
2018-02-14 20:18:02 ----A---- C:\Windows\SYSWOW64\WinSCard.dll
2018-02-14 20:18:02 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2018-02-14 20:18:02 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2018-02-14 20:18:02 ----A---- C:\Windows\system32\wisptis.exe
2018-02-14 20:18:02 ----A---- C:\Windows\system32\WinSCard.dll
2018-02-14 20:18:02 ----A---- C:\Windows\system32\rpchttp.dll
2018-02-14 20:18:02 ----A---- C:\Windows\system32\ncrypt.dll
2018-02-14 20:18:02 ----A---- C:\Windows\system32\msfeeds.dll
2018-02-14 20:18:02 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2018-02-14 20:18:02 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2018-02-14 20:18:02 ----A---- C:\Windows\system32\clfs.sys
2018-02-14 20:18:02 ----A---- C:\Windows\system32\cdosys.dll
2018-02-14 20:18:01 ----A---- C:\Windows\SYSWOW64\t2embed.dll
2018-02-14 20:18:01 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2018-02-14 20:18:01 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2018-02-14 20:18:01 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2018-02-14 20:18:01 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2018-02-14 20:18:01 ----A---- C:\Windows\SYSWOW64\cdosys.dll
2018-02-14 20:18:01 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2018-02-14 20:18:01 ----A---- C:\Windows\system32\wow64win.dll
2018-02-14 20:18:01 ----A---- C:\Windows\system32\wow64.dll
2018-02-14 20:18:01 ----A---- C:\Windows\system32\winsrv.dll
2018-02-14 20:18:01 ----A---- C:\Windows\system32\wdigest.dll
2018-02-14 20:18:01 ----A---- C:\Windows\system32\TSpkg.dll
2018-02-14 20:18:01 ----A---- C:\Windows\system32\t2embed.dll
2018-02-14 20:18:01 ----A---- C:\Windows\system32\srcore.dll
2018-02-14 20:18:01 ----A---- C:\Windows\system32\hal.dll
2018-02-14 20:18:01 ----A---- C:\Windows\system32\drivers\netio.sys
2018-02-14 20:18:01 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2018-02-14 20:18:01 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2018-02-14 20:18:01 ----A---- C:\Windows\system32\certcli.dll
2018-02-14 20:18:01 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2018-02-14 20:18:01 ----A---- C:\Windows\system32\adtschema.dll
2018-02-14 20:18:00 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2018-02-14 20:18:00 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2018-02-14 20:18:00 ----A---- C:\Windows\SYSWOW64\certcli.dll
2018-02-14 20:18:00 ----A---- C:\Windows\system32\StructuredQuery.dll
2018-02-14 20:18:00 ----A---- C:\Windows\system32\iedkcs32.dll
2018-02-14 20:18:00 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2018-02-14 20:18:00 ----A---- C:\Windows\system32\conhost.exe
2018-02-14 20:18:00 ----A---- C:\Windows\system32\bcrypt.dll
2018-02-14 20:18:00 ----A---- C:\Windows\system32\appidsvc.dll
2018-02-14 20:17:59 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2018-02-14 20:17:59 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2018-02-14 20:17:59 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2018-02-14 20:17:59 ----A---- C:\Windows\system32\TabSvc.dll
2018-02-14 20:17:59 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2018-02-14 20:17:59 ----A---- C:\Windows\system32\drivers\appid.sys
2018-02-14 20:17:58 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2018-02-14 20:17:58 ----A---- C:\Windows\SYSWOW64\StructuredQuery.dll
2018-02-14 20:17:58 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2018-02-14 20:17:58 ----A---- C:\Windows\SYSWOW64\setup16.exe
2018-02-14 20:17:58 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2018-02-14 20:17:58 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2018-02-14 20:17:58 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2018-02-14 20:17:58 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2018-02-14 20:17:58 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2018-02-14 20:17:58 ----A---- C:\Windows\system32\webcheck.dll
2018-02-14 20:17:58 ----A---- C:\Windows\system32\smss.exe
2018-02-14 20:17:58 ----A---- C:\Windows\system32\rstrui.exe
2018-02-14 20:17:58 ----A---- C:\Windows\system32\MshtmlDac.dll
2018-02-14 20:17:58 ----A---- C:\Windows\system32\lsass.exe
2018-02-14 20:17:58 ----A---- C:\Windows\system32\fontsub.dll
2018-02-14 20:17:58 ----A---- C:\Windows\system32\drivers\hidparse.sys
2018-02-14 20:17:58 ----A---- C:\Windows\system32\drivers\hidclass.sys
2018-02-14 20:17:58 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2018-02-14 20:17:58 ----A---- C:\Windows\system32\csrsrv.dll
2018-02-14 20:17:58 ----A---- C:\Windows\system32\cryptbase.dll
2018-02-14 20:17:58 ----A---- C:\Windows\system32\atmfd.dll
2018-02-14 20:17:58 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2018-02-14 20:17:58 ----A---- C:\Windows\system32\appidapi.dll
2018-02-14 20:17:57 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2018-02-14 20:17:57 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2018-02-14 20:17:57 ----A---- C:\Windows\system32\sspicli.dll
2018-02-14 20:17:57 ----A---- C:\Windows\system32\secur32.dll
2018-02-14 20:17:57 ----A---- C:\Windows\system32\ntvdm64.dll
2018-02-14 20:17:57 ----A---- C:\Windows\system32\msaudite.dll
2018-02-14 20:17:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-02-14 20:17:56 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-02-14 20:17:56 ----A---- C:\Windows\SYSWOW64\srclient.dll
2018-02-14 20:17:56 ----A---- C:\Windows\SYSWOW64\secur32.dll
2018-02-14 20:17:56 ----A---- C:\Windows\SYSWOW64\msrating.dll
2018-02-14 20:17:56 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2018-02-14 20:17:56 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2018-02-14 20:17:56 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2018-02-14 20:17:56 ----A---- C:\Windows\SYSWOW64\credssp.dll
2018-02-14 20:17:56 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2018-02-14 20:17:56 ----A---- C:\Windows\system32\srclient.dll
2018-02-14 20:17:56 ----A---- C:\Windows\system32\setbcdlocale.dll
2018-02-14 20:17:56 ----A---- C:\Windows\system32\msrating.dll
2018-02-14 20:17:56 ----A---- C:\Windows\system32\mshtmlmedia.dll
2018-02-14 20:17:56 ----A---- C:\Windows\system32\mshtmled.dll
2018-02-14 20:17:56 ----A---- C:\Windows\system32\dxtrans.dll
2018-02-14 20:17:56 ----A---- C:\Windows\system32\dxtmsft.dll
2018-02-14 20:17:56 ----A---- C:\Windows\system32\drivers\hidusb.sys
2018-02-14 20:17:56 ----A---- C:\Windows\system32\credssp.dll
2018-02-14 20:17:56 ----A---- C:\Windows\system32\auditpol.exe
2018-02-14 20:17:55 ----A---- C:\Windows\SYSWOW64\ieui.dll
2018-02-14 20:17:55 ----A---- C:\Windows\system32\sspisrv.dll
2018-02-14 20:17:55 ----A---- C:\Windows\system32\ieui.dll
2018-02-14 20:17:55 ----A---- C:\Windows\system32\iesetup.dll
2018-02-14 20:17:55 ----A---- C:\Windows\system32\ie4uinit.exe
2018-02-14 20:17:54 ----A---- C:\Windows\SYSWOW64\occache.dll
2018-02-14 20:17:54 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2018-02-14 20:17:54 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2018-02-14 20:17:54 ----A---- C:\Windows\SYSWOW64\inseng.dll
2018-02-14 20:17:54 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2018-02-14 20:17:54 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2018-02-14 20:17:54 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2018-02-14 20:17:54 ----A---- C:\Windows\system32\occache.dll
2018-02-14 20:17:54 ----A---- C:\Windows\system32\jscript9diag.dll
2018-02-14 20:17:54 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-02-14 20:17:54 ----A---- C:\Windows\system32\inseng.dll
2018-02-14 20:17:54 ----A---- C:\Windows\system32\ieUnatt.exe
2018-02-14 20:17:54 ----A---- C:\Windows\system32\iernonce.dll
2018-02-14 20:17:53 ----A---- C:\Windows\SYSWOW64\wow32.dll
2018-02-14 20:17:53 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2018-02-14 20:17:53 ----A---- C:\Windows\SYSWOW64\instnm.exe
2018-02-14 20:17:53 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2018-02-14 20:17:53 ----A---- C:\Windows\system32\wow64cpu.dll
2018-02-14 20:17:53 ----A---- C:\Windows\system32\jsproxy.dll
2018-02-14 20:17:53 ----A---- C:\Windows\system32\ieetwproxystub.dll
2018-02-14 20:17:53 ----A---- C:\Windows\system32\ieetwcollector.exe
2018-02-14 20:17:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-02-14 20:17:52 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-02-14 20:17:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2018-02-14 20:17:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-02-14 20:17:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2018-02-14 20:17:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-02-14 20:17:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-02-14 20:17:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-02-14 20:17:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-02-14 20:17:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-02-14 20:17:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-02-14 20:17:51 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2018-02-14 20:17:51 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-02-14 20:17:51 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-02-14 20:17:51 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-02-14 20:17:51 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-02-14 20:17:51 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-02-14 20:17:51 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-02-14 20:17:51 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-02-14 20:17:51 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-02-14 20:17:51 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-02-14 20:17:51 ----A---- C:\Windows\SYSWOW64\user.exe
2018-02-14 20:17:51 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2018-02-14 20:17:51 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2018-02-14 20:17:51 ----A---- C:\Windows\system32\wintrust.dll
2018-02-14 20:17:51 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2018-02-14 20:17:51 ----A---- C:\Windows\system32\ieapfltr.dll
2018-02-14 20:17:51 ----A---- C:\Windows\system32\cryptsvc.dll
2018-02-14 20:17:51 ----A---- C:\Windows\system32\apisetschema.dll
2018-02-14 20:17:50 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2018-02-14 20:17:50 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2018-02-14 20:17:50 ----A---- C:\Windows\SYSWOW64\lpk.dll
2018-02-14 20:17:50 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2018-02-14 20:17:50 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2018-02-14 20:17:50 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2018-02-14 20:17:50 ----A---- C:\Windows\system32\msobjs.dll
2018-02-14 20:17:50 ----A---- C:\Windows\system32\lpk.dll
2018-02-14 20:17:50 ----A---- C:\Windows\system32\dciman32.dll
2018-02-14 20:17:50 ----A---- C:\Windows\system32\cryptnet.dll
2018-02-14 20:17:49 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2018-02-14 20:17:49 ----A---- C:\Windows\system32\atmlib.dll
2018-02-14 20:17:02 ----A---- C:\Windows\system32\appraiser.dll
2018-02-14 20:17:02 ----A---- C:\Windows\system32\aeinv.dll
2018-02-14 20:17:01 ----A---- C:\Windows\system32\invagent.dll
2018-02-14 20:17:01 ----A---- C:\Windows\system32\generaltel.dll
2018-02-14 20:17:01 ----A---- C:\Windows\system32\devinv.dll
2018-02-14 20:17:01 ----A---- C:\Windows\system32\CompatTelRunner.exe
2018-02-14 20:17:01 ----A---- C:\Windows\system32\centel.dll
2018-02-14 20:17:01 ----A---- C:\Windows\system32\aitstatic.exe
2018-02-14 20:17:01 ----A---- C:\Windows\system32\aepic.dll
2018-02-14 20:17:01 ----A---- C:\Windows\system32\acmigration.dll

======List of files/folders modified in the last 1 month======

2018-03-11 10:31:09 ----D---- C:\Program Files\trend micro
2018-03-11 10:31:08 ----D---- C:\Windows\TEMP
2018-03-11 10:25:09 ----D---- C:\Windows\system32\catroot2
2018-03-11 10:25:01 ----SHD---- C:\System Volume Information
2018-03-11 10:23:33 ----D---- C:\Program Files\Total Uninstall 6
2018-03-11 10:19:49 ----HD---- C:\ProgramData
2018-03-11 10:19:21 ----RD---- C:\Program Files (x86)
2018-03-11 01:40:00 ----D---- C:\Windows\SYSWOW64\Macromed
2018-03-10 21:16:13 ----D---- C:\Windows\inf
2018-03-10 14:24:41 ----D---- C:\Windows\system32\config
2018-03-10 10:33:47 ----SHD---- C:\Windows\Installer
2018-03-10 10:32:41 ----RD---- C:\Program Files
2018-03-10 10:32:40 ----D---- C:\Program Files\Common Files
2018-03-10 10:32:36 ----D---- C:\Windows\System32
2018-03-10 10:32:14 ----D---- C:\Windows
2018-03-10 10:07:07 ----D---- C:\Windows\SysWOW64
2018-03-10 10:07:07 ----D---- C:\Program Files (x86)\Common Files
2018-03-04 16:22:40 ----D---- C:\Program Files (x86)\TeamViewer
2018-03-04 11:41:11 ----D---- C:\Program Files (x86)\Microsoft Office
2018-03-03 19:09:06 ----D---- C:\ProgramData\WinZip
2018-03-03 19:07:11 ----D---- C:\Program Files\WinZip
2018-03-03 19:07:05 ----D---- C:\Windows\system32\Tasks
2018-03-03 19:06:45 ----A---- C:\Windows\win.ini
2018-02-25 15:47:59 ----AD---- C:\ADCDA2
2018-02-24 16:45:18 ----D---- C:\Windows\system32\drivers
2018-02-24 16:45:13 ----D---- C:\Windows\system32\DriverStore
2018-02-18 17:23:01 ----RSD---- C:\Windows\Fonts
2018-02-18 16:59:34 ----D---- C:\Windows\rescache
2018-02-18 14:18:40 ----D---- C:\Windows\system32\FxsTmp
2018-02-18 13:52:31 ----D---- C:\Windows\winsxs
2018-02-18 13:45:20 ----RSD---- C:\Windows\assembly
2018-02-18 13:36:45 ----D---- C:\Program Files\Common Files\Microsoft Shared
2018-02-18 13:36:36 ----SD---- C:\ProgramData\Microsoft
2018-02-18 13:36:36 ----D---- C:\Program Files (x86)\Microsoft.NET
2018-02-18 13:36:28 ----D---- C:\Program Files (x86)\MSBuild
2018-02-18 12:19:01 ----D---- C:\Program Files (x86)\Mozilla Firefox
2018-02-18 11:27:06 ----D---- C:\Windows\system32\catroot
2018-02-18 11:22:11 ----D---- C:\Windows\debug
2018-02-18 10:54:53 ----D---- C:\Nox
2018-02-15 03:38:42 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-02-15 03:31:30 ----D---- C:\Windows\SYSWOW64\sk-SK
2018-02-15 03:31:30 ----D---- C:\Program Files\Internet Explorer
2018-02-15 03:31:29 ----D---- C:\Windows\SYSWOW64\en-US
2018-02-15 03:31:29 ----D---- C:\Windows\system32\sk-SK
2018-02-15 03:31:29 ----D---- C:\Windows\system32\en-US
2018-02-15 03:31:27 ----D---- C:\Windows\system32\Boot
2018-02-15 03:31:27 ----D---- C:\Windows\system32\appraiser
2018-02-15 03:31:27 ----D---- C:\Windows\AppPatch
2018-02-15 03:31:27 ----D---- C:\Program Files (x86)\Internet Explorer
2018-02-15 03:15:50 ----D---- C:\Windows\system32\MRT
2018-02-15 03:15:03 ----D---- C:\Windows\Microsoft.NET
2018-02-15 03:11:29 ----AC---- C:\Windows\system32\MRT-KB890830.exe
2018-02-15 03:11:15 ----AC---- C:\Windows\system32\MRT.exe
2018-02-15 03:05:11 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2018-01-01 213736]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 adgnetworkwfpdrv;adgnetworkwfpdrv; C:\Windows\system32\drivers\adgnetworkwfpdrv.sys [2017-03-27 70384]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 dsnpfd;DeskSoft LightWeight Filter; C:\Windows\system32\DRIVERS\dsnpfd.sys [2017-02-22 37576]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2018-01-19 134368]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2018-01-19 180088]
R1 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2018-01-19 106304]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2016-11-26 27552]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2017-10-05 144656]
R1 YSDrv;VBox Support Driver; \??\C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [2017-10-05 270608]
R3 dtultrascsibus;DAEMON Tools Ultra Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtultrascsibus.sys [2017-01-25 30264]
R3 dtultrausbbus;DAEMON Tools Ultra Virtual USB Bus; C:\Windows\system32\DRIVERS\dtultrausbbus.sys [2017-01-25 47672]
R3 ETDSMBus;ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [2017-08-08 32840]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2016-11-26 15416]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2015-02-20 197408]
R3 P17;SB 5.1 VX; C:\Windows\system32\drivers\P17.sys [2016-11-26 1309696]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2016-12-03 129152]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtlitescsibus.sys [2016-12-22 30264]
S3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus; C:\Windows\system32\DRIVERS\dtliteusbbus.sys [2016-12-22 47672]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2017-11-18 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015.SP1a\WNt600x64\Sandra.sys [2009-08-07 23112]
S3 SmbDrvI;SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [2016-11-26 33960]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2016-12-14 221824]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 tap0901;TAP-Windows Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2016-04-21 27136]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2017-11-18 57856]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 VBoxUSB;VirtualBox USB; C:\Windows\System32\Drivers\VBoxUSB.sys [2017-10-05 131856]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 wdm_usb;wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [2017-06-10 151184]
S3 WinUsb;SAMSUNG Android USB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-04-21 52856]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 ClickToRunSvc;‪Služba Microsoft Office Klikni a spusti‬; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2018-02-22 7962800]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 CTAudSvcService;Creative Audio Service; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [2008-11-18 307200]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2017-12-18 1940584]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2016-11-14 932728]
R2 OkayFreedom VPN Starter Service;OkayFreedom VPN Starter Service; C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe [2018-01-29 358408]
R2 TeamViewer;TeamViewer 12; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2016-11-28 10216688]
R2 WinZip Compression Smart Monitor Service;WinZip Compression Smart Monitor Service; C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe [2017-09-01 495872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-04-21 107656]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-04-21 128648]
S2 CPUMonitor;CPUMonitor; C:\Windows\nssm.exe [2014-08-31 331264]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-04 153168]
S2 WCAssistantService;WC Assistant; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [2018-03-11 25704]
S3 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2017-09-27 83984]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-10 272384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2016-11-26 79360]
S3 Disc Soft Ultra Bus Service;Disc Soft Ultra Bus Service; C:\Users\Peter\DAEMON Tools Ultra\DiscSoftBusServiceUltra.exe [2016-12-12 4854464]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-04 153168]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2018-02-10 116224]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2018-01-24 194512]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015.SP1a\RpcAgentSrv.exe [2015-03-17 73200]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2017-06-10 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------

Re: Poprpsím o preventívku

Napsal: 11 bře 2018 10:33
od PureHate44
info.txt logfile of random's system information tool 1.10 2018-03-11 10:31:21

======MBR======

0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F850E0183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731CFE4E11750C807E00800F848A00B280EB845532E48A5600CD135DEB9E813EFE7D55AA756EFF7600E88D007517FAB0D1E664E88300B0DFE660E87C00B0FFE664E87500FBB800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C007409BB0700B40ECD10EBF2F4EBFD2BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000637B9ACB08CB0800008001010007FEFFFF3F00000059E5691800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000055AA

======Uninstall list======

-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{CC3D3A93-C433-4329-AC3A-7EFC52A332C2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{CC3D3A93-C433-4329-AC3A-7EFC52A332C2}\setup.exe" -l0x9 /remove
Adobe Acrobat Reader DC - Slovak-->MsiExec.exe /I{AC76BA86-7AD7-1051-7B44-AC0F074E4100}
Adobe Flash Player 28 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_137_ActiveX.exe -maintain activex
Adobe Flash Player 28 NPAPI-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_137_Plugin.exe -maintain plugin
Adobe Flash Player 28 PPAPI-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_137_pepper.exe -maintain pepperplugin
Adobe Refresh Manager-->MsiExec.exe /I{AC76BA86-0804-1033-1959-001824245926}
Aktualizácie NVIDIA 10.4.0-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.Update
Bonjour-->MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}
BS.Player PRO-->"C:\Program Files (x86)\Webteh\BSplayerPro\uninstall.exe"
bwin Poker-->"C:\Programs\bwincom\bwincomPoker\Uninstall\Setup.exe" App_Type=U
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CountDown ShutDown PC-->"C:\Program Files (x86)\CountDown ShutDown PC\unins000.exe"
Creative Audio Control Panel-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove
Creative Software AutoUpdate-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\setup.exe" -l0x9 /remove
Creative Sound Blaster Properties x64 Edition-->"C:\Program Files (x86)\Creative Installation Information\SBCONTROL64\Setup.exe" /remove /l0x0009
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
DAEMON Tools Ultra-->C:\Users\Peter\DAEMON Tools Ultra\uninst.exe
EAX Unified-->C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\Creative\EAX Unified\Uninst.isu"
ESET Security-->MsiExec.exe /I{B489BC2D-0079-4631-97BF-CA2378299D43}
EZ CD Audio Converter-->C:\Program Files\EZ CD Audio Converter\uninstall.exe
Facebook Gameroom 1.20.6618.42311-->MsiExec.exe /X{CF2C7CB9-1009-4EAA-9033-317F4C4C9DA2}
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\Installer\setup.exe" --uninstall --system-level --verbose-logging
Google Update Helper-->MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
Charles 4.1.3-->MsiExec.exe /X{81045AC5-B1C4-4B5D-8719-9BEB41167F17}
Cheat Engine 6.6-->"C:\Program Files (x86)\Cheat Engine 6.6\unins000.exe"
Cheat Engine 6.7-->"C:\Program Files (x86)\Cheat Engine 6.7\unins000.exe"
InstaTrader-->C:\Program Files (x86)\InstaTrader\uninstall.exe
Microsoft .NET Framework 4.7-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.02053\\Setup.exe /repair /x86 /x64
Microsoft .NET Framework 4.7-->MsiExec.exe /X{BCF0C1F7-671C-3922-A7EA-8AC11F4FC0EB}
Microsoft Office 2016 Professional Plus - sk-sk-->"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" scenario=install scenariosubtype=ARP sourcetype=None productstoremove=ProplusRetail.16_sk-sk_x-none culture=sk-sk version.16=16.0
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{9085041B-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030-->MsiExec.exe /X{37B8F9C7-03FB-3253-8781-2517C99D7C00}
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030-->MsiExec.exe /X{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030-->MsiExec.exe /X{B175520C-86A2-35A7-8619-86DC379688B9}
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030-->MsiExec.exe /X{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005-->MsiExec.exe /X{929FBD26-9020-399B-9A7A-751D61F0B942}
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005-->MsiExec.exe /X{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005-->MsiExec.exe /X{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005-->MsiExec.exe /X{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}
Microsoft XNA Framework Redistributable 3.0-->MsiExec.exe /I{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}
Microsoft XNA Framework Redistributable 3.1-->MsiExec.exe /I{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}
Movie Maker-->MsiExec.exe /X{38F03569-A636-4CF3-BDDE-032C8C251304}
Movie Maker-->MsiExec.exe /X{DD67BE4B-7E62-4215-AFA3-F123A800A389}
Mozilla Firefox 58.0 (x64 sk)-->"C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
MSVCRT110-->MsiExec.exe /I{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}
NVIDIA Softvér systému s podporou technológie PhysX 9.17.0524-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.PhysX
Office 16 Click-to-Run Licensing Component-->MsiExec.exe /I{90160000-008F-0000-1000-0000000FF1CE}
OkayFreedom-->C:\Program Files (x86)\OkayFreedom\uninstall.exe
OpenOffice 4.1.5-->MsiExec.exe /I{E177AC33-EC9C-4537-8996-37ED331D9227}
Photo Gallery-->MsiExec.exe /X{07AAB66E-4718-422D-9218-4AFB3C922A71}
Scorpions WinCheater-->"C:\Program Files (x86)\Scorpions WinCheater\unins000.exe"
SiSoftware Sandra Lite 2015.SP1a-->"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015.SP1a\unins000.exe"
TeamViewer 12-->"C:\Program Files (x86)\TeamViewer\uninstall.exe"
Total Commander 64-bit (Remove or Repair)-->c:\totalcmd\tcunin64.exe
Total Commander verze 9.12-->"C:\Program Files (x86)\Total Commander\unins000.exe"
Total Uninstall 6.21.1-->"C:\Program Files\Total Uninstall 6\unins000.exe"
Update for Microsoft .NET Framework 4.7 (KB4040973)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.02053\setup.exe /uninstallpatch {801C6191-4F3A-3022-A6A7-D38E232F6B2D}
Update for Microsoft .NET Framework 4.7 (KB4041778)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.02053\setup.exe /uninstallpatch {EBC83DB1-5975-37D2-A829-889EE07FA0BB}
Update for Microsoft .NET Framework 4.7 (KB4043764)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.02053\setup.exe /uninstallpatch {1C26814D-CC59-36CD-B920-481F9AC80275}
Update for Microsoft .NET Framework 4.7 (KB4054981)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.02053\setup.exe /uninstallpatch {A26555D3-DE84-3EB1-9B87-CA8241845A68}
Update for Microsoft .NET Framework 4.7 (KB4055002)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.02053\setup.exe /uninstallpatch {C68951E2-20EC-3D45-BEB3-519551729641}
Update for Microsoft .NET Framework 4.7 (KB4074880)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.02053\setup.exe /uninstallpatch {868975F6-B682-3803-BE5D-F2EB03871E2D}
VLC media player-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Web Companion-->C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe --uninstall
Winamp-->"C:\Program Files (x86)\Winamp\UninstWA.exe"
Windows Driver Package - BigNox Corporation (VBoxUSB) USB (01/20/2017 4.3.12)-->C:\PROGRA~1\DIFX\E3D65C983ED574BF\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\vboxusb.inf_amd64_neutral_8f0a8d22e0ce9684\vboxusb.inf
Windows Driver Package - BigNox Corporation VBoxUSBMon System (01/20/2017 4.3.12)-->C:\PROGRA~1\DIFX\E3D65C983ED574BF\DPInst.exe /u C:\Windows\system32\DRVSTORE\vboxusbmon_915377DDCEBE585EADC13CDA6AF90F7C43DEDE93\vboxusbmon.inf
Windows Live Installer-->MsiExec.exe /I{659CB81C-B54E-4DF1-B618-F35777393A54}
Windows Live Photo Common-->MsiExec.exe /X{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}
Windows Live SOXE-->MsiExec.exe /I{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}
Windows Live UX Platform-->MsiExec.exe /I{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}
Windows Movie Maker 2016-->"C:\Program Files (x86)\Windows Movie Maker\unins000.exe"
WinZip 22.0-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C24119}
XChat 2 (remove only)-->"C:\Program Files (x86)\xchat\uninstall.exe"

======Hosts File======


127.0.0.1 localhost
::1 localhost
127.0.0.1 acdid.acdsystems.com

======System event log======

Computer Name: Peter-PC
Event Code: 12
Message: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
Record Number: 58696
Source Name: Microsoft-Windows-HAL
Time Written: 20170729085257.810093-000
Event Type: Error
User:

Computer Name: Peter-PC
Event Code: 12
Message: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
Record Number: 58404
Source Name: Microsoft-Windows-HAL
Time Written: 20170728065028.969885-000
Event Type: Error
User:

Computer Name: Peter-PC
Event Code: 1014
Message: Name resolution for the name www.nabytek-detsky.com timed out after none of the configured DNS servers responded.
Record Number: 58196
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20170727123052.961735-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: Peter-PC
Event Code: 12
Message: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
Record Number: 58095
Source Name: Microsoft-Windows-HAL
Time Written: 20170726171846.692740-000
Event Type: Error
User:

Computer Name: Peter-PC
Event Code: 1014
Message: Name resolution for the name pcbuh.scnet.cz timed out after none of the configured DNS servers responded.
Record Number: 58090
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20170726170100.666597-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

=====Application event log=====

Computer Name: Peter-PC
Event Code: 3006
Message: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Record Number: 232
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20161126151305.017391-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Peter-PC
Event Code: 3006
Message: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Record Number: 230
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20161126151304.954990-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Peter-PC
Event Code: 1008
Message: Služba Windows Search sa spúšťa a pokúša sa odstrániť starý index hľadania. {Dôvod: Full Index Reset}.

Record Number: 207
Source Name: Microsoft-Windows-Search
Time Written: 20161126150944.000000-000
Event Type: Warning
User:

Computer Name: 37L4247E29-32
Event Code: 8193
Message: Vytvorenie bodu obnovenia zlyhalo. (Proces = C:\Windows\system32\svchost.exe -k netsvcs; Popis = Windows Update; Chyba = 0x80042318).
Record Number: 199
Source Name: System Restore
Time Written: 20161126150436.000000-000
Event Type: Error
User:

Computer Name: 37L4247E29-32
Event Code: 12347
Message: Volume Shadow Copy Service error: An internal inconsistency was detected in trying to contact shadow copy service writers. The Registry Writer failed to respond to a query from VSS. Check to see that the Event Service and Volume Shadow Copy Service are operating properly, and please check the Application event log for any other events.

Operation:
Gathering Writer Data
Executing Asynchronous Operation

Context:
Execution Context: Requestor
Current State: GatherWriterMetadata
Record Number: 198
Source Name: VSS
Time Written: 20161126150436.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Peter-PC
Event Code: 4907
Message: Auditing settings on object were changed.

Subject:
Security ID: S-1-5-18
Account Name: PETER-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Object:
Object Server: Security
Object Type: File
Object Name: C:\Windows\System32\apisetschema.dll
Handle ID: 0x18

Process Information:
Process ID: 0xfe4
Process Name: C:\Windows\System32\poqexec.exe

Auditing Settings:
Original Security Descriptor:
New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 600885
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20180215023127.042645-000
Event Type: Audit Success
User:

Computer Name: Peter-PC
Event Code: 4907
Message: Auditing settings on object were changed.

Subject:
Security ID: S-1-5-18
Account Name: PETER-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Object:
Object Server: Security
Object Type: File
Object Name: C:\Windows\System32\winload.efi
Handle ID: 0x18

Process Information:
Process ID: 0xfe4
Process Name: C:\Windows\System32\poqexec.exe

Auditing Settings:
Original Security Descriptor:
New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 600884
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20180215023127.042645-000
Event Type: Audit Success
User:

Computer Name: Peter-PC
Event Code: 4907
Message: Auditing settings on object were changed.

Subject:
Security ID: S-1-5-18
Account Name: PETER-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Object:
Object Server: Security
Object Type: File
Object Name: C:\Windows\System32\appraiser\Appraiser_TelemetryRunList.xml
Handle ID: 0x18

Process Information:
Process ID: 0xfe4
Process Name: C:\Windows\System32\poqexec.exe

Auditing Settings:
Original Security Descriptor:
New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 600883
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20180215023127.011445-000
Event Type: Audit Success
User:

Computer Name: Peter-PC
Event Code: 4907
Message: Auditing settings on object were changed.

Subject:
Security ID: S-1-5-18
Account Name: PETER-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Object:
Object Server: Security
Object Type: File
Object Name: C:\Windows\System32\appraiser\Appraiser_Data.ini
Handle ID: 0x18

Process Information:
Process ID: 0xfe4
Process Name: C:\Windows\System32\poqexec.exe

Auditing Settings:
Original Security Descriptor:
New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 600882
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20180215023126.995845-000
Event Type: Audit Success
User:

Computer Name: Peter-PC
Event Code: 4907
Message: Auditing settings on object were changed.

Subject:
Security ID: S-1-5-18
Account Name: PETER-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Object:
Object Server: Security
Object Type: File
Object Name: C:\Windows\System32\appraiser\appraiser.sdb
Handle ID: 0x18

Process Information:
Process ID: 0xfe4
Process Name: C:\Windows\System32\poqexec.exe

Auditing Settings:
Original Security Descriptor:
New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 600881
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20180215023126.995845-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"SAN_DIR"=C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015.SP1a
"GPU_MAX_ALLOC_PERCENT"=100
"ProgramData"=C:\ProgramData

-----------------EOF-----------------

Re: Poprpsím o preventívku

Napsal: 11 bře 2018 16:46
od Conder
Ahoj :)

:arrow: Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
  • Uloz na plochu a ukonci vsetky programy
  • Spusti AdwCleaner ako spravca
  • Odsuhlas licencne podmienky
  • Klikni na Scan (Skenovanie) a pockaj na dokoncenie
  • Klikni na Clean (Cistenie) a potvrd kliknutim na OK
  • AdwCleaner si vyziada restart PC, potvrd kliknutim na Restart Now (Restartovat teraz)
  • Po dokonceni a restartovani PC vyskoci log, jeho obsah sem skopiruj

Re: Poprpsím o preventívku

Napsal: 16 bře 2018 20:37
od PureHate44
Takže po scane my vyhodilo tento log
# AdwCleaner 7.0.8.0 - Logfile created on Fri Mar 16 19:31:54 2018
# Updated on 2018/08/02 by Malwarebytes
# Database: 2018-03-14.3
# Running on Windows 7 Professional (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy, C:\ProgramData\lavasoft\web companion
PUP.Optional.Legacy, C:\ProgramData\Application Data\lavasoft\web companion
PUP.Optional.Legacy, C:\Program Files (x86)\lavasoft\web companion
PUP.Optional.Legacy, C:\Users\All Users\lavasoft\web companion
PUP.Optional.Legacy, C:\Program Files\WinZip\WinZip Smart Monitor


***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Optional.Legacy, Driver Booster Scheduler


***** [ Registry ] *****

PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Lavasoft\Web Companion
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.InstallCore, [Key] - HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\Software\csastats
PUP.Optional.InstallCore, [Key] - HKCU\Software\csastats


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C1].txt - [2700 B] - [2016/4/30 12:6:27]
C:/AdwCleaner/AdwCleaner[C2].txt - [2283 B] - [2016/9/10 18:20:6]
C:/AdwCleaner/AdwCleaner[C3].txt - [5437 B] - [2016/11/18 20:8:58]
C:/AdwCleaner/AdwCleaner[C4].txt - [10900 B] - [2016/11/22 18:30:52]
C:/AdwCleaner/AdwCleaner[C5].txt - [2009 B] - [2016/12/29 18:54:56]
C:/AdwCleaner/AdwCleaner[C6].txt - [2436 B] - [2017/6/11 19:43:2]
C:/AdwCleaner/AdwCleaner[S10].txt - [2959 B] - [2017/1/20 13:27:12]
C:/AdwCleaner/AdwCleaner[S11].txt - [2458 B] - [2017/6/11 19:42:51]
C:/AdwCleaner/AdwCleaner[S1].txt - [2775 B] - [2016/4/30 12:3:52]
C:/AdwCleaner/AdwCleaner[S3].txt - [2338 B] - [2016/9/10 18:19:39]
C:/AdwCleaner/AdwCleaner[S4].txt - [5264 B] - [2016/11/18 20:6:1]
C:/AdwCleaner/AdwCleaner[S5].txt - [13560 B] - [2016/11/22 18:25:30]
C:/AdwCleaner/AdwCleaner[S6].txt - [13582 B] - [2016/11/22 18:29:2]
C:/AdwCleaner/AdwCleaner[S7].txt - [1398 B] - [2015/3/25 20:32:4]
C:/AdwCleaner/AdwCleaner[S8].txt - [2363 B] - [2015/4/18 11:58:43]
C:/AdwCleaner/AdwCleaner[S9].txt - [2144 B] - [2016/12/29 18:54:39]


########## EOF - C:\AdwCleaner\AdwCleaner[S10].txt ##########
Dal som clean a vyskočila na mňa táto chyba: ,,Caught unhadled unknowexeption terminating,, a zamrzlo.
Samozrejme som to skúšal v núdzovom režime a bez zmeny :(

Re: Poprpsím o preventívku

Napsal: 16 bře 2018 21:33
od Conder
:arrow: Poprosim o obidva logy z FRST podla tohto navodu (FRST.txt a Addition.txt): https://forum.viry.cz/viewtopic.php?f=13&t=152707

:arrow: V pripade, ze sa FRSTLauncher nebude dat stiahnut alebo spustit, pouzi iba samotny FRST.

:arrow: Ak sa logy nezmestia do jedneho prispevku, zabal ich do archivu RAR alebo ZIP a posli ako prilohu.

Re: Poprpsím o preventívku

Napsal: 17 bře 2018 08:37
od PureHate44
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Peter (administrator) on PETER-PC (17-03-2018 08:31:55)
Running from C:\Users\Peter\Desktop
Loaded Profiles: Peter (Available Profiles: Peter)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow64.exe
(Spotify Ltd) C:\Users\Peter\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Steganos Software GmbH) C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 19\Program32\ZPSTray.exe
(Steganos Software GmbH) C:\Program Files (x86)\OkayFreedom\Notifier.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Steganos Software GmbH) C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe
(IObit) C:\Users\Peter\AppData\Local\Temp\is-5G3OS.tmp-dbinst\IObit\Driver Booster\5.2.0\Scheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Peter\Desktop\FRST-OlderVersion\FRSTLauncher.exe
(IObit) C:\Users\Peter\AppData\Local\Temp\is-5G3OS.tmp-dbinst\IObit\Driver Booster\5.2.0\Pub\PubMonitor.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1793736 2015-02-20] (NVIDIA Corporation)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2047744 2017-12-11] (WinZip)
HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [123848 2017-12-11] (WinZip Computing, S.L.)
HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [436416 2017-12-11] (WinZip Computing, S.L.)
HKLM-x32\...\Run: [OKAYFREEDOM Notifier] => C:\Program Files (x86)\OkayFreedom\Notifier.exe [4201464 2018-01-29] (Steganos Software GmbH)
HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\Run: [Spotify Web Helper] => C:\Users\Peter\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-12-02] (Spotify Ltd)
HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\Run: [OKAYFREEDOM_Agent] => C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe [6267384 2018-01-29] (Steganos Software GmbH)
HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10290608 2018-02-07] (Piriform Ltd)
HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\Run: [SharewareOnSale Notifier] => \SharewareOnSale Notifier\SharewareOnSale Notifier.exe
HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 19\Program32\ZPSTRAY.EXE [575952 2018-02-02] (ZONER software)
HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\Policies\system: [EnableLUA] 1
HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1762337417-2231521048-3039012980-1000] => http=127.0.0.1:8888;https=127.0.0.1:8888
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{198A64C8-8290-44FF-AFFC-CC0451C43693}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-1762337417-2231521048-3039012980-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - No File
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - No File
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - No File
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - No File

FireFox:
========
FF DefaultProfile: o6yasy6y.default-1506712320144
FF ProfilePath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\o6yasy6y.default-1506712320144 [2018-03-17]
FF user.js: detected! => C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\o6yasy6y.default-1506712320144\user.js [2017-11-18]
FF Extension: (OkayFreedom) - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\o6yasy6y.default-1506712320144\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi [2017-04-11]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-16] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-16] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-04] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://search.searchytdvta.com/s?remove=remove&query={searchTerms}
CHR Profile: C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default [2018-03-17]
CHR Extension: (Prezentácie) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Dokumenty) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Disk Google) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-20]
CHR Extension: (YouTube) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-20]
CHR Extension: (Adblock Plus) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-01-27]
CHR Extension: (Adobe Acrobat) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-30]
CHR Extension: (Who Deleted Me - Unfriend Finder) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiepnnbjenknnjgabbodaihlnkkpkgll [2017-08-04]
CHR Extension: (Tabuľky) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-20]
CHR Extension: (Save to Facebook) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2017-09-26]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Midnight Lizard) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbnndmlekkboofhnbonilimejonapojg [2018-01-11]
CHR Extension: (Gmail) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-20]
CHR Extension: (Chrome Media Router) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-10]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - <no Path/update_url>
CHR HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlhpijolpcimadhjingadnbcjncmjdce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iinglghmhcgdgjjlafobajghjamdchik] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7962288 2018-03-12] (Microsoft Corporation)
S2 CPUMonitor; C:\Windows\nssm.exe [331264 2014-08-31] () [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2016-11-26] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
S3 Disc Soft Ultra Bus Service; C:\Users\Peter\DAEMON Tools Ultra\DiscSoftBusServiceUltra.exe [4854464 2016-12-12] (Disc Soft Ltd)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-08-02] (McAfee, Inc.)
S3 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-04-26] (McAfee, Inc.)
R2 OkayFreedom VPN Starter Service; C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe [358408 2018-01-29] (Steganos Software GmbH)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015.SP1a\RpcAgentSrv.exe [73200 2015-03-17] (SiSoftware) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10216688 2016-11-28] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WinZip Compression Smart Monitor Service; C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe [495872 2017-09-01] ()

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 adgnetworkwfpdrv; C:\Windows\System32\drivers\adgnetworkwfpdrv.sys [70384 2017-03-27] ()
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [129152 2016-12-03] (Samsung Electronics Co., Ltd.)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-12-22] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-12-22] (Disc Soft Ltd)
R3 dtultrascsibus; C:\Windows\System32\DRIVERS\dtultrascsibus.sys [30264 2017-01-25] (Disc Soft Ltd)
R3 dtultrausbbus; C:\Windows\System32\DRIVERS\dtultrausbbus.sys [47672 2017-01-25] (Disc Soft Ltd)
S3 ETDSMBus; C:\Windows\System32\DRIVERS\ETDSMBus.sys [32840 2017-08-08] (ELAN Microelectronic Corp.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-11-26] (REALiX(tm))
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2016-08-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-08-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [843048 2016-08-02] (McAfee, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2016-11-26] ()
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015.SP1a\WNt600x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [51808 2018-03-16] (Synaptics Incorporated)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [221824 2016-12-14] (Samsung Electronics Co., Ltd.)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [131856 2017-10-05] (BigNox Corporation)
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [144656 2017-10-05] (BigNox Corporation)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [151184 2017-06-10] (MBB)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [270608 2017-10-05] (BigNox Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-17 08:31 - 2018-03-17 08:32 - 000015434 _____ C:\Users\Peter\Desktop\FRST.txt
2018-03-17 08:31 - 2018-03-17 08:31 - 000000000 ____D C:\Users\Peter\Desktop\FRST-OlderVersion
2018-03-17 08:30 - 2018-03-17 08:30 - 000112640 _____ (forum.viry.cz) C:\Users\Peter\Downloads\FRSTLauncher.exe
2018-03-17 08:29 - 2018-03-17 08:29 - 002403328 _____ (Farbar) C:\Users\Peter\Downloads\FRST64 (1).exe
2018-03-17 08:27 - 2018-03-17 08:27 - 000000000 ____D C:\Windows\SysWOW64\矏㔼矒➒瘛
2018-03-16 20:44 - 2018-03-16 20:44 - 000000000 ____D C:\Windows\SysWOW64\瞞㔼瞡➒県
2018-03-16 20:28 - 2018-03-16 20:28 - 000057230 _____ C:\Windows\ntbtlog.txt
2018-03-16 20:25 - 2018-03-16 20:25 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-03-16 20:18 - 2018-03-16 20:18 - 002364880 _____ C:\Users\Peter\Downloads\SharewareOnSale_Giveaway_Driver_Booster_5_PRO_hub (3).exe
2018-03-16 20:18 - 2018-03-16 20:18 - 002364880 _____ C:\Users\Peter\Downloads\SharewareOnSale_Giveaway_Driver_Booster_5_PRO_hub (2).exe
2018-03-16 20:12 - 2018-03-16 20:12 - 002364880 _____ C:\Users\Peter\Downloads\SharewareOnSale_Giveaway_Driver_Booster_5_PRO_hub (1).exe
2018-03-16 20:08 - 2018-03-16 20:08 - 001804688 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2018-03-16 20:08 - 2018-03-16 20:08 - 000051808 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2018-03-16 20:05 - 2018-03-17 08:27 - 000003316 _____ C:\Windows\System32\Tasks\Driver Booster Scheduler
2018-03-16 20:05 - 2018-03-16 20:25 - 000002744 _____ C:\Users\Peter\Desktop\Driver Booster 5.lnk
2018-03-16 20:05 - 2018-03-16 20:06 - 000000000 ____D C:\IObit
2018-03-16 20:05 - 2018-03-16 20:05 - 000000000 ____D C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Booster 5
2018-03-16 20:05 - 2018-03-16 20:05 - 000000000 ____D C:\ProductData
2018-03-16 20:03 - 2018-03-16 20:04 - 019824372 _____ C:\Users\Peter\Downloads\SharewareOnSale_Giveaway_Driver_Booster_5_PRO.zip
2018-03-16 20:03 - 2018-03-16 20:03 - 002364880 _____ C:\Users\Peter\Downloads\SharewareOnSale_Giveaway_Driver_Booster_5_PRO_hub.exe
2018-03-16 20:01 - 2018-03-16 20:02 - 008222496 _____ (Malwarebytes) C:\Users\Peter\Downloads\adwcleaner_7.0.8.0.exe
2018-03-14 19:36 - 2018-02-13 19:17 - 000136384 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-03-14 19:36 - 2018-02-13 19:10 - 000655872 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-03-14 19:36 - 2018-02-13 15:05 - 001994752 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-03-14 19:36 - 2018-02-13 15:05 - 001560064 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-03-14 19:36 - 2018-02-13 15:05 - 000740864 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-03-14 19:36 - 2018-02-13 15:05 - 000600576 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-03-14 19:36 - 2018-02-13 15:05 - 000451072 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-03-14 19:36 - 2018-02-13 15:05 - 000380928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-03-14 19:36 - 2018-02-13 15:05 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-03-14 19:36 - 2018-02-13 15:05 - 000237568 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-03-11 20:20 - 2018-03-11 20:26 - 1290103944 _____ C:\Users\Peter\Downloads\DCs.Legends.of.Tomorrow.S03E12.720p.HDTV.x264-AVS.mkv
2018-03-11 20:09 - 2018-03-11 20:09 - 001026464 _____ C:\Users\Peter\Downloads\IST_2000R_ukázka (1).pdf
2018-03-11 19:51 - 2018-03-11 19:51 - 001026464 _____ C:\Users\Peter\Downloads\IST_2000R_ukázka.pdf
2018-03-11 13:04 - 2018-03-11 13:18 - 000000000 ____D C:\Users\Peter\Downloads\Odpovede
2018-03-11 12:59 - 2018-03-11 12:59 - 000000000 ____D C:\Users\Peter\AppData\Roaming\Zoner
2018-03-11 12:59 - 2018-03-11 12:59 - 000000000 ____D C:\Users\Peter\AppData\Local\Zoner
2018-03-11 12:58 - 2018-03-11 13:01 - 000002139 _____ C:\Users\Peter\Desktop\Zoner Photo Studio X.lnk
2018-03-11 12:58 - 2018-03-11 12:58 - 000002006 _____ C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Zoner Photo Studio X.lnk
2018-03-11 12:58 - 2018-03-11 12:58 - 000000000 ____D C:\Program Files\Zoner
2018-03-11 12:57 - 2018-02-28 14:55 - 000000000 ____D C:\Users\Peter\Downloads\Zoner Photo Studio X v19.1802.2.51 SK
2018-03-11 12:56 - 2018-03-11 12:57 - 087449662 _____ C:\Users\Peter\Downloads\kapitola236.rar
2018-03-11 12:18 - 2018-03-11 12:19 - 003114288 _____ (BitTorrent Inc.) C:\Users\Peter\Downloads\uTorrent.exe
2018-03-11 11:28 - 2018-03-11 11:28 - 008379024 _____ (McAfee, Inc.) C:\Users\Peter\Downloads\SharewareOnSale_Giveaway_McAfee_Internet_Security_2017.exe
2018-03-11 11:28 - 2018-03-11 11:28 - 000000000 ____D C:\Program Files\Common Files\McAfee
2018-03-11 11:28 - 2016-04-26 17:56 - 000277744 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2018-03-11 11:27 - 2018-03-11 11:27 - 002384424 _____ C:\Users\Peter\Downloads\SharewareOnSale_Giveaway_McAfee_Internet_Security_2017_hub.exe
2018-03-11 11:27 - 2018-03-11 11:27 - 000000000 ____D C:\SharewareOnSale Notifier
2018-03-11 10:31 - 2018-03-11 10:31 - 000000000 ____D C:\rsit
2018-03-11 10:30 - 2018-03-11 10:30 - 001222144 _____ C:\Users\Peter\Downloads\RSITx64.exe
2018-03-11 10:29 - 2018-03-11 10:29 - 000016743 _____ C:\Users\Peter\Downloads\[CzT]Spotify_Music_v_5_9_0_732_2016_EN_Android_.torrent
2018-03-11 10:26 - 2018-03-11 10:26 - 003062024 _____ (BitTorrent Inc.) C:\Users\Peter\Downloads\BitTorrent.exe
2018-03-11 10:19 - 2018-03-16 20:32 - 000000000 ____D C:\ProgramData\Lavasoft
2018-03-11 10:19 - 2018-03-16 20:32 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2018-03-11 10:19 - 2018-03-16 20:13 - 000000000 ____D C:\Lavasoft
2018-03-11 10:19 - 2018-03-11 10:19 - 000000000 ____D C:\Users\Peter\AppData\Local\Lavasoft
2018-03-10 13:25 - 2018-03-10 13:25 - 000000000 ____D C:\Users\Peter\Downloads\Psychotesty - k prijatiu do polície
2018-03-10 11:49 - 2018-03-10 12:03 - 1579989426 _____ C:\Users\Peter\Downloads\01x01.rar
2018-03-10 11:48 - 2018-03-10 12:01 - 1567360233 _____ C:\Users\Peter\Downloads\02 - Super (4.3. 2018).mp4
2018-03-10 10:32 - 2018-03-10 10:34 - 173457082 _____ C:\Users\Peter\Downloads\ACD.Systems.ACDSee.Photo.Studio.Ultimate.2018.v11.1.1272.x64.Incl.Keymaker-CORE.rar
2018-03-10 10:14 - 2018-03-10 10:14 - 000000000 ____D C:\ProgramData\ACD Systems
2018-03-10 10:07 - 2018-03-10 10:07 - 000000000 ____D C:\Program Files (x86)\ACD Systems
2018-03-10 10:03 - 2018-03-10 10:03 - 000000000 ____D C:\ProgramData\Apple
2018-03-10 10:03 - 2018-03-10 10:03 - 000000000 ____D C:\Program Files\Bonjour
2018-03-10 10:03 - 2018-03-10 10:03 - 000000000 ____D C:\Program Files (x86)\Bonjour
2018-03-10 09:59 - 2018-03-10 09:59 - 000966928 _____ C:\Users\Peter\Downloads\acdsee.exe
2018-03-10 09:17 - 2018-03-10 09:17 - 000000000 ____D C:\Users\Peter\AppData\LocalLow\WINZIP_W3d70
2018-03-10 08:57 - 2018-03-10 08:57 - 000000000 ____D C:\Users\Peter\Downloads\updates
2018-03-10 08:57 - 2018-03-10 08:57 - 000000000 ____D C:\Users\Peter\Downloads\share
2018-03-04 14:51 - 2018-03-04 14:51 - 000306786 _____ C:\Users\Peter\Downloads\DPFOB-17-print-edit-save STANKA (1).pdf
2018-03-04 12:18 - 2018-03-04 12:19 - 000306786 _____ C:\Users\Peter\Downloads\DPFOB-17-print-edit-save STANKA.pdf
2018-03-03 19:09 - 2018-03-10 09:28 - 000000000 ____D C:\Users\Peter\AppData\Local\WinZip
2018-03-03 19:07 - 2018-03-03 19:07 - 000003404 _____ C:\Windows\System32\Tasks\WinZip Update Notifier
2018-03-03 19:06 - 2018-03-03 19:06 - 000001921 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip.lnk
2018-03-03 19:06 - 2018-03-03 19:06 - 000001821 _____ C:\Users\Public\Desktop\WinZip.lnk
2018-03-03 19:06 - 2018-03-03 19:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 22.0
2018-03-03 08:25 - 2018-03-03 08:25 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-03-03 08:25 - 2018-03-03 08:25 - 000002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-03-03 08:25 - 2018-03-03 08:25 - 000000824 _____ C:\Users\Peter\Desktop\CCleaner.lnk
2018-03-03 08:25 - 2018-03-03 08:25 - 000000000 ____D C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-03-03 08:24 - 2018-03-03 08:25 - 000000000 ____D C:\Program Files\CCleaner
2018-02-25 15:47 - 2018-02-25 15:47 - 045283912 _____ C:\Users\Peter\Downloads\Psychotesty - k prijatiu do polície.rar
2018-02-24 13:02 - 2018-02-24 13:02 - 000020914 _____ C:\Users\Peter\Downloads\Životopis-Peter-Preták.odt
2018-02-18 17:45 - 2018-02-18 17:45 - 000002486 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2018-02-18 17:45 - 2018-02-18 17:45 - 000002408 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-02-18 17:45 - 2018-02-18 17:45 - 000002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2018-02-18 17:45 - 2018-02-18 17:45 - 000002403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2018-02-18 17:45 - 2018-02-18 17:45 - 000002398 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2018-02-18 17:45 - 2018-02-18 17:45 - 000002372 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2018-02-18 17:45 - 2018-02-18 17:45 - 000002364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2018-02-18 17:45 - 2018-02-18 17:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje balíka Microsoft Office 2016
2018-02-18 16:20 - 2018-02-18 16:20 - 000002511 _____ C:\Users\Peter\Desktop\JDownloader 2.lnk
2018-02-18 16:20 - 2018-02-18 16:20 - 000000000 ____D C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2018-02-18 13:46 - 2018-02-18 13:46 - 000000000 ____D C:\Windows\OpenOffice
2018-02-18 13:44 - 2018-02-18 13:45 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.5
2018-02-18 13:44 - 2018-02-18 13:44 - 000001100 _____ C:\Users\Public\Desktop\OpenOffice 4.1.5.lnk
2018-02-18 13:43 - 2018-02-18 13:44 - 000000000 ____D C:\Program Files (x86)\OpenOffice 4
2018-02-18 13:39 - 2018-02-18 13:39 - 000000000 ____D C:\Users\Peter\Desktop\OpenOffice 4.1.5 (sk) Installation Files
2018-02-18 12:36 - 2018-02-18 12:36 - 000000000 ____D C:\Users\Peter\Downloads\Office 2007 + SP3
2018-02-18 12:19 - 2018-02-18 12:19 - 000011573 _____ C:\Users\Peter\Downloads\docx (2)
2018-02-18 12:10 - 2018-02-18 13:37 - 000000000 ____D C:\Program Files\Microsoft Office
2018-02-18 11:34 - 2018-02-18 11:34 - 000000000 ____D C:\Program Files\Microsoft Office 15
2018-02-18 11:13 - 2018-02-18 12:18 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-02-18 10:59 - 2018-02-18 10:59 - 000000000 ____D C:\Users\Peter\Downloads\MicoOffi20132016Insv53
2018-02-18 09:51 - 2018-02-25 15:49 - 000000000 ____D C:\SCANOVANIE
2018-02-17 19:42 - 2018-02-24 14:54 - 000000000 ___RD C:\Users\Peter\Documents\Scanned Documents
2018-02-17 19:42 - 2018-02-17 19:42 - 000000000 ___HD C:\ProgramData\CanonIJScan
2018-02-17 19:42 - 2018-02-17 19:42 - 000000000 ____D C:\Users\Peter\Documents\Fax
2018-02-17 19:10 - 2018-02-17 19:10 - 000000000 ___HD C:\ProgramData\CanonBJ
2018-02-17 19:09 - 2015-03-12 05:00 - 000406528 _____ (CANON INC.) C:\Windows\system32\CNMLMCT.DLL
2018-02-17 19:07 - 2015-01-29 15:35 - 000312320 _____ (CANON INC.) C:\Windows\system32\CNC_CTC.dll
2018-02-17 19:07 - 2015-01-29 15:35 - 000123392 _____ (CANON INC.) C:\Windows\system32\CNC_CTI.dll
2018-02-17 19:07 - 2015-01-29 11:23 - 000387584 _____ (CANON INC.) C:\Windows\system32\CNC_CTL.dll
2018-02-17 19:07 - 2014-12-02 16:01 - 000089088 _____ C:\Windows\system32\CNC178AD.TBL
2018-02-17 19:07 - 2008-08-25 18:02 - 000017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll
2018-02-15 17:39 - 2018-02-15 17:39 - 000004185 _____ C:\Users\Peter\Downloads\IPTV.CZ.SK.Playlist.M3U
2018-02-15 17:34 - 2018-03-10 15:04 - 000000000 ____D C:\vlc
2018-02-15 17:33 - 2018-02-17 19:42 - 000000957 _____ C:\Users\Peter\Desktop\VLC media player.lnk
2018-02-15 17:33 - 2018-02-15 17:33 - 000000000 ____D C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-02-15 17:31 - 2018-02-15 17:32 - 038911168 _____ C:\Users\Peter\Downloads\vlc-3.0.0-win32.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-17 08:31 - 2017-11-05 08:03 - 002403328 _____ (Farbar) C:\Users\Peter\Desktop\FRST64.exe
2018-03-17 08:31 - 2017-11-05 08:00 - 000000000 ____D C:\FRST
2018-03-17 08:27 - 2017-10-01 08:50 - 000002948 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Peter)
2018-03-17 08:22 - 2017-11-30 11:06 - 000000452 _____ C:\Windows\Tasks\Neptune.job
2018-03-17 08:22 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-16 21:01 - 2017-10-22 12:32 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-03-16 21:00 - 2009-07-14 05:45 - 000025760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-16 21:00 - 2009-07-14 05:45 - 000025760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-16 20:49 - 2016-11-26 17:00 - 000000000 ____D C:\Users\Peter\AppData\Roaming\IObit
2018-03-16 20:29 - 2015-03-25 21:30 - 000000000 ____D C:\AdwCleaner
2018-03-16 20:25 - 2016-11-27 21:03 - 000804352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-03-16 20:25 - 2016-11-27 21:03 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-16 20:25 - 2016-11-27 21:03 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-03-16 20:25 - 2016-11-27 21:03 - 000000000 ____D C:\Windows\system32\Macromed
2018-03-16 20:24 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-03-16 20:06 - 2016-11-26 17:00 - 000000000 ____D C:\ProgramData\IObit
2018-03-16 17:20 - 2017-08-23 15:06 - 000000000 ____D C:\Users\Peter\Downloads\d160
2018-03-16 17:19 - 2016-11-30 17:20 - 000000333 _____ C:\Users\Peter\Desktop\mail.txt
2018-03-16 16:35 - 2017-12-12 13:33 - 000000000 ____D C:\Users\Peter\AppData\Local\CrashDumps
2018-03-16 03:22 - 2017-06-11 02:20 - 000000000 ____D C:\Windows\system32\appraiser
2018-03-16 03:07 - 2016-11-26 16:30 - 000000000 ____D C:\Windows\system32\MRT
2018-03-16 03:02 - 2017-10-12 02:09 - 130364688 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-03-16 03:01 - 2016-11-26 16:30 - 130364688 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-03-13 03:05 - 2016-11-26 19:21 - 000765656 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-03-13 03:05 - 2009-07-14 06:13 - 000765656 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-11 10:36 - 2016-11-26 19:51 - 000000000 ____D C:\Users\Peter\AppData\Local\Facebook
2018-03-11 10:31 - 2016-12-27 14:19 - 000000000 ____D C:\Program Files\trend micro
2018-03-11 10:23 - 2018-01-15 08:25 - 000000000 ____D C:\Program Files\Total Uninstall 6
2018-03-10 10:13 - 2017-08-23 14:44 - 000000000 ____D C:\Users\Peter\AppData\Local\Downloaded Installations
2018-03-04 16:22 - 2016-12-13 16:01 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-03-04 16:15 - 2016-11-26 16:20 - 000000000 ____D C:\Users\Peter\AppData\Local\ElevatedDiagnostics
2018-03-03 19:09 - 2017-12-09 09:26 - 000000000 ____D C:\ProgramData\WinZip
2018-03-03 19:07 - 2017-12-09 09:26 - 000000000 ____D C:\Program Files\WinZip
2018-03-03 19:06 - 2009-07-14 03:34 - 000000467 _____ C:\Windows\win.ini
2018-02-25 15:47 - 2016-11-19 11:05 - 000000000 ____D C:\ADCDA2
2018-02-18 17:23 - 2017-12-20 08:27 - 000463384 _____ C:\Windows\system32\FNTCACHE.DAT
2018-02-18 16:59 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\rescache
2018-02-18 15:35 - 2017-12-20 08:30 - 000120704 _____ C:\Users\Peter\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-18 14:18 - 2009-07-14 06:32 - 000000000 ____D C:\Windows\system32\FxsTmp
2018-02-18 13:36 - 2009-07-14 06:32 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-02-18 13:36 - 2009-07-14 04:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-02-18 12:35 - 2016-11-26 16:09 - 000000000 ____D C:\Users\Peter
2018-02-18 12:19 - 2016-11-26 19:49 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-02-18 10:54 - 2018-01-22 13:56 - 000000000 ____D C:\Nox

==================== Files in the root of some directories =======

2002-08-29 18:33 - 2002-08-29 18:33 - 000319488 ____R () C:\Users\Peter\AppData\Roaming\MafiaSetup.exe
2016-11-26 16:41 - 2017-02-21 17:38 - 014438400 _____ () C:\Users\Peter\AppData\Roaming\Sandra.mdb
2017-01-14 17:58 - 2017-01-20 16:37 - 000007597 _____ () C:\Users\Peter\AppData\Local\Resmon.ResmonCfg
2017-01-19 16:47 - 2017-01-19 16:47 - 000000424 _____ () C:\Users\Peter\AppData\Local\UserProducts.xml

Some files in TEMP:
====================
2018-03-10 09:59 - 2018-03-10 10:02 - 204793368 _____ (ACD Systems International Inc.) C:\Users\Peter\AppData\Local\Temp\ACDSee Photo Studio Standard 2018.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Neptune.job => C:\Program Files (x86)\Neptune SystemCare 2017\NeptuneTray.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Peter\Desktop" je 1573 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring
"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Ultra Agent
"C:\Users\Peter\DAEMON Tools Ultra\DTAgent.exe" -autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OKAYFREEDOM Notifier
"C:\Program Files (x86)\OkayFreedom\Notifier.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OKAYFREEDOM_Agent
"C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe" -agent [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify
"C:\Users\Peter\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper
"C:\Users\Peter\AppData\Roaming\Spotify\SpotifyWebHelper.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent
"C:\Users\Peter\AppData\Roaming\uTorrent\uTorrent.exe" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Gameroom.lnk
C:\Users\Peter\AppData\Local\Facebook\Games\FACEBO~2.EXE [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files (x86)\\xchat\\xchat.exe"="C:\\Program Files (x86)\\xchat\\xchat.exe:*:Enabled:XChat IRC Client"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: Poprpsím o preventívku

Napsal: 17 bře 2018 16:05
od Conder
:arrow: Odporucam odinstalovat vsetky programy od IObit (Driver Booster, Advanced SystemCare, atd.) - su to smejdy, ktore mozu poskodit system. Postupuj nasledovne:
  • Otvor start, napis "rstrui.exe" a otvor program "rstrui.exe" (Obnova systemu)
  • Vyber moznost "Vybrat iny bod obnovenia" a klikni na Dalej
  • V zozname vyber tento bod obnovenia: Driver Booster : SAMSUNG Android ADB Interface
  • Klikni na Dalej, potom na Dokoncit a potvrd kliknutim na Ano
  • Pockaj na dokoncenie obnovy
  • Nasledne cez Ovladaci panel -> Odinstalovat program odinstaluj vsetky programy od IObit
:arrow: Co sa tyka ovladacov, tak tie sa maju stahovat zo stranky vyrobcu zakladnej dosky alebo zo stranky vyrobcu daneho HW (napr. ovladac grafickej karty - nvidia.com alebo amd.com, atd).

:arrow: Nasledne skus opat precistit PC cez AdwCleaner a posli logy.

Re: Poprpsím o preventívku

Napsal: 18 bře 2018 08:32
od PureHate44
- Obnovené, odinštalované, a zas tá istá chyba u Cleaneru (caught unhadled....)

Re: Poprpsím o preventívku

Napsal: 18 bře 2018 14:46
od Conder
:arrow: OK, v AdwCleaneri sprav iba Scan a posli log.

:arrow: Vytvor a posli nove logy z FRST.

Re: Poprpsím o preventívku

Napsal: 23 bře 2018 17:44
od PureHate44
# AdwCleaner 7.0.8.0 - Logfile created on Fri Mar 23 16:44:07 2018
# Updated on 2018/08/02 by Malwarebytes
# Database: 2018-03-22.1
# Running on Windows 7 Professional (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy, C:\Program Files\WinZip\WinZip Smart Monitor


***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Lavasoft\Web Companion
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.InstallCore, [Key] - HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\Software\csastats
PUP.Optional.InstallCore, [Key] - HKCU\Software\csastats


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C1].txt - [2700 B] - [2016/4/30 12:6:27]
C:/AdwCleaner/AdwCleaner[C2].txt - [2283 B] - [2016/9/10 18:20:6]
C:/AdwCleaner/AdwCleaner[C3].txt - [5437 B] - [2016/11/18 20:8:58]
C:/AdwCleaner/AdwCleaner[C4].txt - [10900 B] - [2016/11/22 18:30:52]
C:/AdwCleaner/AdwCleaner[C5].txt - [2009 B] - [2016/12/29 18:54:56]
C:/AdwCleaner/AdwCleaner[C6].txt - [2436 B] - [2017/6/11 19:43:2]
C:/AdwCleaner/AdwCleaner[S10].txt - [2911 B] - [2017/1/20 13:27:12]
C:/AdwCleaner/AdwCleaner[S11].txt - [2458 B] - [2017/6/11 19:42:51]
C:/AdwCleaner/AdwCleaner[S1].txt - [2775 B] - [2016/4/30 12:3:52]
C:/AdwCleaner/AdwCleaner[S3].txt - [2338 B] - [2016/9/10 18:19:39]
C:/AdwCleaner/AdwCleaner[S4].txt - [5264 B] - [2016/11/18 20:6:1]
C:/AdwCleaner/AdwCleaner[S5].txt - [13560 B] - [2016/11/22 18:25:30]
C:/AdwCleaner/AdwCleaner[S6].txt - [13582 B] - [2016/11/22 18:29:2]
C:/AdwCleaner/AdwCleaner[S7].txt - [1398 B] - [2015/3/25 20:32:4]
C:/AdwCleaner/AdwCleaner[S8].txt - [2363 B] - [2015/4/18 11:58:43]
C:/AdwCleaner/AdwCleaner[S9].txt - [2144 B] - [2016/12/29 18:54:39]


########## EOF - C:\AdwCleaner\AdwCleaner[S10].txt ##########

Re: Poprpsím o preventívku

Napsal: 23 bře 2018 17:47
od PureHate44
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Peter (administrator) on PETER-PC (23-03-2018 17:45:15)
Running from C:\Users\Peter\Desktop
Loaded Profiles: Peter (Available Profiles: Peter)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow64.exe
(Spotify Ltd) C:\Users\Peter\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Steganos Software GmbH) C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 19\Program32\ZPSTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Steganos Software GmbH) C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe
(Steganos Software GmbH) C:\Program Files (x86)\OkayFreedom\Notifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1793736 2015-02-20] (NVIDIA Corporation)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2047744 2017-12-11] (WinZip)
HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [123848 2017-12-11] (WinZip Computing, S.L.)
HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [436416 2017-12-11] (WinZip Computing, S.L.)
HKLM-x32\...\Run: [OKAYFREEDOM Notifier] => C:\Program Files (x86)\OkayFreedom\Notifier.exe [4201464 2018-01-29] (Steganos Software GmbH)
HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\Run: [Spotify Web Helper] => C:\Users\Peter\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-12-02] (Spotify Ltd)
HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\Run: [OKAYFREEDOM_Agent] => C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe [6267384 2018-01-29] (Steganos Software GmbH)
HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10290608 2018-02-07] (Piriform Ltd)
HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\Run: [SharewareOnSale Notifier] => \SharewareOnSale Notifier\SharewareOnSale Notifier.exe
HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 19\Program32\ZPSTRAY.EXE [575952 2018-02-02] (ZONER software)
HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\Policies\system: [EnableLUA] 1
HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1762337417-2231521048-3039012980-1000] => http=127.0.0.1:8888;https=127.0.0.1:8888
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{198A64C8-8290-44FF-AFFC-CC0451C43693}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-1762337417-2231521048-3039012980-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - No File
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - No File
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - No File
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - No File

FireFox:
========
FF DefaultProfile: o6yasy6y.default-1506712320144
FF ProfilePath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\o6yasy6y.default-1506712320144 [2018-03-23]
FF user.js: detected! => C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\o6yasy6y.default-1506712320144\user.js [2017-11-18]
FF Extension: (OkayFreedom) - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\o6yasy6y.default-1506712320144\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi [2017-04-11]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-10] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-10] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-04] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://search.searchytdvta.com/s?remove=remove&query={searchTerms}
CHR Profile: C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default [2018-03-23]
CHR Extension: (Prezentácie) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Dokumenty) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Disk Google) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-20]
CHR Extension: (YouTube) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-20]
CHR Extension: (Adblock Plus) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-01-27]
CHR Extension: (Adobe Acrobat) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-30]
CHR Extension: (Who Deleted Me - Unfriend Finder) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiepnnbjenknnjgabbodaihlnkkpkgll [2017-08-04]
CHR Extension: (Tabuľky) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-20]
CHR Extension: (Save to Facebook) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2017-09-26]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Midnight Lizard) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbnndmlekkboofhnbonilimejonapojg [2018-01-11]
CHR Extension: (Gmail) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-20]
CHR Extension: (Chrome Media Router) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-10]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - <no Path/update_url>
CHR HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlhpijolpcimadhjingadnbcjncmjdce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iinglghmhcgdgjjlafobajghjamdchik] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7962800 2018-02-22] (Microsoft Corporation)
S2 CPUMonitor; C:\Windows\nssm.exe [331264 2014-08-31] () [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2016-11-26] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
S3 Disc Soft Ultra Bus Service; C:\Users\Peter\DAEMON Tools Ultra\DiscSoftBusServiceUltra.exe [4854464 2016-12-12] (Disc Soft Ltd)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-08-02] (McAfee, Inc.)
S3 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-04-26] (McAfee, Inc.)
R2 OkayFreedom VPN Starter Service; C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe [358408 2018-01-29] (Steganos Software GmbH)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015.SP1a\RpcAgentSrv.exe [73200 2015-03-17] (SiSoftware) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10216688 2016-11-28] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WinZip Compression Smart Monitor Service; C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe [495872 2017-09-01] ()

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 adgnetworkwfpdrv; C:\Windows\System32\drivers\adgnetworkwfpdrv.sys [70384 2017-03-27] ()
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [129152 2016-12-03] (Samsung Electronics Co., Ltd.)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-12-22] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-12-22] (Disc Soft Ltd)
R3 dtultrascsibus; C:\Windows\System32\DRIVERS\dtultrascsibus.sys [30264 2017-01-25] (Disc Soft Ltd)
R3 dtultrausbbus; C:\Windows\System32\DRIVERS\dtultrausbbus.sys [47672 2017-01-25] (Disc Soft Ltd)
R3 ETDSMBus; C:\Windows\System32\DRIVERS\ETDSMBus.sys [32840 2017-08-08] (ELAN Microelectronic Corp.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-11-26] (REALiX(tm))
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2016-08-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-08-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [843048 2016-08-02] (McAfee, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2016-11-26] ()
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015.SP1a\WNt600x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33960 2016-11-26] (Synaptics Incorporated)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [221824 2016-12-14] (Samsung Electronics Co., Ltd.)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [131856 2017-10-05] (BigNox Corporation)
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [144656 2017-10-05] (BigNox Corporation)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [151184 2017-06-10] (MBB)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [270608 2017-10-05] (BigNox Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-23 17:45 - 2018-03-23 17:45 - 000000000 ____D C:\Users\Peter\Desktop\FRST-OlderVersion
2018-03-23 17:41 - 2018-03-23 17:41 - 008222496 _____ (Malwarebytes) C:\Users\Peter\Downloads\adwcleaner_7.0.8.0 (1).exe
2018-03-23 17:41 - 2018-03-23 17:41 - 008222496 _____ (Malwarebytes) C:\Users\Peter\Desktop\adwcleaner_7.0.8.0 (1).exe
2018-03-23 13:25 - 2018-03-23 13:25 - 000003488 ____N C:\bootsqm.dat
2018-03-23 13:23 - 2018-03-23 13:23 - 000000000 __SHD C:\found.000
2018-03-18 13:45 - 2018-03-18 13:45 - 000383395 _____ C:\Users\Peter\Downloads\TY_KURVA_TY_KURVA_VYJEBANÁ.mp4
2018-03-18 13:16 - 2018-03-18 13:23 - 1587711659 _____ C:\Users\Peter\Downloads\03---Super-11.3.-2018.mp4
2018-03-18 12:42 - 2018-03-18 12:46 - 000009392 _____ C:\Users\Peter\Downloads\Fullwolf6unsensoredHQ.7z.004
2018-03-18 08:19 - 2018-03-18 08:19 - 000000000 ____D C:\Windows\SysWOW64\矜㔼矟➒痑
2018-03-17 09:35 - 2017-06-21 10:18 - 000000000 ____D C:\Users\Peter\Downloads\Ibude Gold Love Lyon
2018-03-17 09:34 - 2018-03-17 09:35 - 117470601 _____ C:\Users\Peter\Downloads\zaloha_28.1_reall.rar
2018-03-17 09:26 - 2018-03-17 09:26 - 000004528 _____ C:\Users\Peter\Downloads\[CzT]RarmaRadio_Pro_v_2_71_9_CZ_SK_.torrent
2018-03-17 08:36 - 2018-03-17 08:36 - 000007270 _____ C:\Users\Peter\Desktop\Addition.zip
2018-03-17 08:32 - 2018-03-17 08:33 - 000024776 _____ C:\Users\Peter\Desktop\Addition.txt
2018-03-17 08:31 - 2018-03-23 17:45 - 000015618 _____ C:\Users\Peter\Desktop\FRST.txt
2018-03-16 20:05 - 2018-03-18 08:24 - 000000000 ____D C:\IObit
2018-03-16 20:05 - 2018-03-16 20:05 - 000000000 ____D C:\ProductData
2018-03-16 20:03 - 2018-03-16 20:03 - 002364880 _____ C:\Users\Peter\Downloads\SharewareOnSale_Giveaway_Driver_Booster_5_PRO_hub.exe
2018-03-16 20:01 - 2018-03-16 20:02 - 008222496 _____ (Malwarebytes) C:\Users\Peter\Downloads\adwcleaner_7.0.8.0.exe
2018-03-14 19:36 - 2018-02-13 19:17 - 000136384 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-03-14 19:36 - 2018-02-13 19:10 - 000655872 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-03-14 19:36 - 2018-02-13 15:05 - 001994752 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-03-14 19:36 - 2018-02-13 15:05 - 001560064 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-03-14 19:36 - 2018-02-13 15:05 - 000740864 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-03-14 19:36 - 2018-02-13 15:05 - 000600576 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-03-14 19:36 - 2018-02-13 15:05 - 000451072 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-03-14 19:36 - 2018-02-13 15:05 - 000380928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-03-14 19:36 - 2018-02-13 15:05 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-03-14 19:36 - 2018-02-13 15:05 - 000237568 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-03-11 20:20 - 2018-03-11 20:26 - 1290103944 _____ C:\Users\Peter\Downloads\DCs.Legends.of.Tomorrow.S03E12.720p.HDTV.x264-AVS.mkv
2018-03-11 20:09 - 2018-03-11 20:09 - 001026464 _____ C:\Users\Peter\Downloads\IST_2000R_ukázka (1).pdf
2018-03-11 19:51 - 2018-03-11 19:51 - 001026464 _____ C:\Users\Peter\Downloads\IST_2000R_ukázka.pdf
2018-03-11 13:04 - 2018-03-11 13:18 - 000000000 ____D C:\Users\Peter\Downloads\Odpovede
2018-03-11 12:59 - 2018-03-11 12:59 - 000000000 ____D C:\Users\Peter\AppData\Roaming\Zoner
2018-03-11 12:59 - 2018-03-11 12:59 - 000000000 ____D C:\Users\Peter\AppData\Local\Zoner
2018-03-11 12:58 - 2018-03-11 13:01 - 000002139 _____ C:\Users\Peter\Desktop\Zoner Photo Studio X.lnk
2018-03-11 12:58 - 2018-03-11 12:58 - 000002006 _____ C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Zoner Photo Studio X.lnk
2018-03-11 12:58 - 2018-03-11 12:58 - 000000000 ____D C:\Program Files\Zoner
2018-03-11 12:57 - 2018-02-28 14:55 - 000000000 ____D C:\Users\Peter\Downloads\Zoner Photo Studio X v19.1802.2.51 SK
2018-03-11 12:56 - 2018-03-11 12:57 - 087449662 _____ C:\Users\Peter\Downloads\kapitola236.rar
2018-03-11 12:18 - 2018-03-11 12:19 - 003114288 _____ (BitTorrent Inc.) C:\Users\Peter\Downloads\uTorrent.exe
2018-03-11 11:28 - 2018-03-11 11:28 - 008379024 _____ (McAfee, Inc.) C:\Users\Peter\Downloads\SharewareOnSale_Giveaway_McAfee_Internet_Security_2017.exe
2018-03-11 11:28 - 2018-03-11 11:28 - 000000000 ____D C:\Program Files\Common Files\McAfee
2018-03-11 11:28 - 2016-04-26 17:56 - 000277744 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2018-03-11 11:27 - 2018-03-11 11:27 - 002384424 _____ C:\Users\Peter\Downloads\SharewareOnSale_Giveaway_McAfee_Internet_Security_2017_hub.exe
2018-03-11 11:27 - 2018-03-11 11:27 - 000000000 ____D C:\SharewareOnSale Notifier
2018-03-11 10:31 - 2018-03-11 10:31 - 000000000 ____D C:\rsit
2018-03-11 10:30 - 2018-03-11 10:30 - 001222144 _____ C:\Users\Peter\Downloads\RSITx64.exe
2018-03-11 10:29 - 2018-03-11 10:29 - 000016743 _____ C:\Users\Peter\Downloads\[CzT]Spotify_Music_v_5_9_0_732_2016_EN_Android_.torrent
2018-03-11 10:26 - 2018-03-11 10:26 - 003062024 _____ (BitTorrent Inc.) C:\Users\Peter\Downloads\BitTorrent.exe
2018-03-11 10:19 - 2018-03-18 08:30 - 000000000 ____D C:\ProgramData\Lavasoft
2018-03-11 10:19 - 2018-03-18 08:30 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2018-03-11 10:19 - 2018-03-16 20:13 - 000000000 ____D C:\Lavasoft
2018-03-11 10:19 - 2018-03-11 10:19 - 000000000 ____D C:\Users\Peter\AppData\Local\Lavasoft
2018-03-10 13:25 - 2018-03-10 13:25 - 000000000 ____D C:\Users\Peter\Downloads\Psychotesty - k prijatiu do polície
2018-03-10 11:49 - 2018-03-10 12:03 - 1579989426 _____ C:\Users\Peter\Downloads\01x01.rar
2018-03-10 11:48 - 2018-03-10 12:01 - 1567360233 _____ C:\Users\Peter\Downloads\02 - Super (4.3. 2018).mp4
2018-03-10 10:32 - 2018-03-10 10:34 - 173457082 _____ C:\Users\Peter\Downloads\ACD.Systems.ACDSee.Photo.Studio.Ultimate.2018.v11.1.1272.x64.Incl.Keymaker-CORE.rar
2018-03-10 10:14 - 2018-03-10 10:14 - 000000000 ____D C:\ProgramData\ACD Systems
2018-03-10 10:07 - 2018-03-10 10:07 - 000000000 ____D C:\Program Files (x86)\ACD Systems
2018-03-10 10:03 - 2018-03-10 10:03 - 000000000 ____D C:\ProgramData\Apple
2018-03-10 10:03 - 2018-03-10 10:03 - 000000000 ____D C:\Program Files\Bonjour
2018-03-10 10:03 - 2018-03-10 10:03 - 000000000 ____D C:\Program Files (x86)\Bonjour
2018-03-10 09:59 - 2018-03-10 09:59 - 000966928 _____ C:\Users\Peter\Downloads\acdsee.exe
2018-03-10 09:17 - 2018-03-10 09:17 - 000000000 ____D C:\Users\Peter\AppData\LocalLow\WINZIP_W3d70
2018-03-10 08:57 - 2018-03-10 08:57 - 000000000 ____D C:\Users\Peter\Downloads\updates
2018-03-10 08:57 - 2018-03-10 08:57 - 000000000 ____D C:\Users\Peter\Downloads\share
2018-03-04 14:51 - 2018-03-04 14:51 - 000306786 _____ C:\Users\Peter\Downloads\DPFOB-17-print-edit-save STANKA (1).pdf
2018-03-04 12:18 - 2018-03-04 12:19 - 000306786 _____ C:\Users\Peter\Downloads\DPFOB-17-print-edit-save STANKA.pdf
2018-03-03 19:09 - 2018-03-10 09:28 - 000000000 ____D C:\Users\Peter\AppData\Local\WinZip
2018-03-03 19:07 - 2018-03-03 19:07 - 000003404 _____ C:\Windows\System32\Tasks\WinZip Update Notifier
2018-03-03 19:06 - 2018-03-03 19:06 - 000001921 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip.lnk
2018-03-03 19:06 - 2018-03-03 19:06 - 000001821 _____ C:\Users\Public\Desktop\WinZip.lnk
2018-03-03 19:06 - 2018-03-03 19:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 22.0
2018-03-03 08:25 - 2018-03-03 08:25 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-03-03 08:25 - 2018-03-03 08:25 - 000002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-03-03 08:25 - 2018-03-03 08:25 - 000000824 _____ C:\Users\Peter\Desktop\CCleaner.lnk
2018-03-03 08:25 - 2018-03-03 08:25 - 000000000 ____D C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-03-03 08:24 - 2018-03-03 08:25 - 000000000 ____D C:\Program Files\CCleaner
2018-02-25 15:47 - 2018-02-25 15:47 - 045283912 _____ C:\Users\Peter\Downloads\Psychotesty - k prijatiu do polície.rar
2018-02-24 13:02 - 2018-02-24 13:02 - 000020914 _____ C:\Users\Peter\Downloads\Životopis-Peter-Preták.odt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-23 17:45 - 2017-11-05 08:03 - 002403328 _____ (Farbar) C:\Users\Peter\Desktop\FRST64.exe
2018-03-23 17:45 - 2017-11-05 08:00 - 000000000 ____D C:\FRST
2018-03-23 17:41 - 2015-03-25 21:30 - 000000000 ____D C:\AdwCleaner
2018-03-23 17:17 - 2009-07-14 05:45 - 000025760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-23 17:17 - 2009-07-14 05:45 - 000025760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-23 16:53 - 2018-02-15 17:34 - 000000000 ____D C:\vlc
2018-03-23 16:12 - 2017-12-12 13:33 - 000000000 ____D C:\Users\Peter\AppData\Local\CrashDumps
2018-03-23 13:26 - 2017-11-30 11:06 - 000000452 _____ C:\Windows\Tasks\Neptune.job
2018-03-23 13:26 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-18 12:34 - 2017-08-23 15:06 - 000000000 ____D C:\Users\Peter\Downloads\d160
2018-03-18 08:28 - 2016-11-27 21:03 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-03-18 08:26 - 2016-11-26 17:00 - 000000000 ____D C:\Users\Peter\AppData\Roaming\IObit
2018-03-18 08:25 - 2016-11-26 17:00 - 000000000 ____D C:\ProgramData\IObit
2018-03-18 08:25 - 2016-11-26 17:00 - 000000000 ____D C:\Program Files (x86)\IObit
2018-03-18 08:19 - 2017-10-01 08:50 - 000002948 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Peter)
2018-03-18 08:13 - 2016-11-26 16:09 - 000000000 ____D C:\Users\Peter
2018-03-18 08:12 - 2016-11-26 19:31 - 000000000 ____D C:\Users\Peter\AppData\Roaming\GHISLER
2018-03-18 08:12 - 2016-11-26 17:00 - 000000000 ____D C:\Users\Peter\AppData\LocalLow\IObit
2018-03-18 08:12 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-03-18 08:11 - 2016-11-27 21:03 - 000000000 ____D C:\Windows\system32\Macromed
2018-03-18 08:11 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\registration
2018-03-18 08:10 - 2017-10-22 12:32 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-03-16 17:19 - 2016-11-30 17:20 - 000000333 _____ C:\Users\Peter\Desktop\mail.txt
2018-03-16 03:22 - 2017-06-11 02:20 - 000000000 ____D C:\Windows\system32\appraiser
2018-03-16 03:07 - 2016-11-26 16:30 - 000000000 ____D C:\Windows\system32\MRT
2018-03-16 03:02 - 2017-10-12 02:09 - 130364688 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-03-16 03:01 - 2016-11-26 16:30 - 130364688 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-03-13 03:05 - 2016-11-26 19:21 - 000765656 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-03-13 03:05 - 2009-07-14 06:13 - 000765656 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-11 10:36 - 2016-11-26 19:51 - 000000000 ____D C:\Users\Peter\AppData\Local\Facebook
2018-03-11 10:31 - 2016-12-27 14:19 - 000000000 ____D C:\Program Files\trend micro
2018-03-11 10:23 - 2018-01-15 08:25 - 000000000 ____D C:\Program Files\Total Uninstall 6
2018-03-10 10:13 - 2017-08-23 14:44 - 000000000 ____D C:\Users\Peter\AppData\Local\Downloaded Installations
2018-03-04 16:22 - 2016-12-13 16:01 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-03-04 16:15 - 2016-11-26 16:20 - 000000000 ____D C:\Users\Peter\AppData\Local\ElevatedDiagnostics
2018-03-03 19:09 - 2017-12-09 09:26 - 000000000 ____D C:\ProgramData\WinZip
2018-03-03 19:07 - 2017-12-09 09:26 - 000000000 ____D C:\Program Files\WinZip
2018-03-03 19:06 - 2009-07-14 03:34 - 000000467 _____ C:\Windows\win.ini
2018-02-25 15:49 - 2018-02-18 09:51 - 000000000 ____D C:\SCANOVANIE
2018-02-25 15:47 - 2016-11-19 11:05 - 000000000 ____D C:\ADCDA2
2018-02-24 14:54 - 2018-02-17 19:42 - 000000000 ___RD C:\Users\Peter\Documents\Scanned Documents

==================== Files in the root of some directories =======

2002-08-29 18:33 - 2002-08-29 18:33 - 000319488 ____R () C:\Users\Peter\AppData\Roaming\MafiaSetup.exe
2016-11-26 16:41 - 2017-02-21 17:38 - 014438400 _____ () C:\Users\Peter\AppData\Roaming\Sandra.mdb
2017-01-14 17:58 - 2017-01-20 16:37 - 000007597 _____ () C:\Users\Peter\AppData\Local\Resmon.ResmonCfg
2017-01-19 16:47 - 2017-01-19 16:47 - 000000424 _____ () C:\Users\Peter\AppData\Local\UserProducts.xml

Some files in TEMP:
====================
2018-03-10 09:59 - 2018-03-10 10:02 - 204793368 _____ (ACD Systems International Inc.) C:\Users\Peter\AppData\Local\Temp\ACDSee Photo Studio Standard 2018.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-10 12:15

==================== End of FRST.txt ============================

Re: Poprpsím o preventívku

Napsal: 23 bře 2018 17:48
od PureHate44
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Peter (23-03-2018 17:46:13)
Running from C:\Users\Peter\Desktop
Windows 7 Professional Service Pack 1 (X64) (2016-11-26 15:09:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1762337417-2231521048-3039012980-500 - Administrator - Disabled)
Guest (S-1-5-21-1762337417-2231521048-3039012980-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1762337417-2231521048-3039012980-1002 - Limited - Enabled)
Peter (S-1-5-21-1762337417-2231521048-3039012980-1000 - Administrator - Enabled) => C:\Users\Peter

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Slovak (HKLM-x32\...\{AC76BA86-7AD7-1051-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Aktualizácie NVIDIA 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.71.1081 - AB Team, d.o.o.)
bwin Poker (HKLM-x32\...\bwincomPoker) (Version: - bwincom)
CCleaner (HKLM\...\CCleaner) (Version: 5.40 - Piriform)
CountDown ShutDown PC (HKLM-x32\...\CountDown ShutDown PC_is1) (Version: - Velkej Chytrák)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 2.56 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Ultra (HKLM\...\DAEMON Tools Ultra) (Version: 5.0.0.0540 - Disc Soft Ltd)
EAX Unified (HKLM-x32\...\EAX Unified) (Version: - )
EZ CD Audio Converter (HKLM-x32\...\EZ CD Audio Converter) (Version: 7.0 - Poikosoft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Spoločnosť Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Charles 4.1.3 (HKLM\...\{81045AC5-B1C4-4B5D-8719-9BEB41167F17}) (Version: 4.1.3.5 - XK72 Ltd)
Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version: - Cheat Engine)
Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version: - Cheat Engine)
InstaTrader (HKLM-x32\...\InstaTrader) (Version: 6.00 - MetaQuotes Software Corp.)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Office 2016 Professional Plus - sk-sk (HKLM\...\ProplusRetail - sk-sk) (Version: 16.0.9029.2167 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{9085041B-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 58.0 (x64 sk) (HKLM\...\Mozilla Firefox 58.0 (x64 sk)) (Version: 58.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 58.0.0.6592 - Mozilla)
NVIDIA Softvér systému s podporou technológie PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9001.2171 - Microsoft Corporation) Hidden
OkayFreedom (HKLM-x32\...\{3F3FB10C-7175-4D38-9335-3488B89C12AF}) (Version: 1.8.3 - Steganos Software GmbH)
OpenOffice 4.1.5 (HKLM-x32\...\{E177AC33-EC9C-4537-8996-37ED331D9227}) (Version: 4.15.9789 - Apache Software Foundation)
Ovládací panel NVIDIA 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 342.01 - NVIDIA Corporation) Hidden
Scorpions WinCheater (HKLM-x32\...\Scorpions WinCheater 2.07 (s finální databází 178)_is1) (Version: - )
SDÍLEJ.CZ Manager (HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\69f070f18ade444c) (Version: 0.0.1.42 - SDÍLEJ.CZ)
SharewareOnSale Notifier (HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\SharewareOnSale Notifier) (Version: 20 - SharewareOnSale)
SiSoftware Sandra Lite 2015.SP1a (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2496}_is1) (Version: 21.32.2015.3 - SiSoftware)
Spotify (HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\Spotify) (Version: 1.0.66.478.g1296534d - Spotify AB)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.71503 - TeamViewer)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.0 - Ghisler Software GmbH)
Total Commander verze 9.12 (HKLM-x32\...\{B12BC641-C553-4138-A829-31B1A642333B}_is1) (Version: 9.12 - ©Ghisler Software GmbH)
Total Uninstall 6.21.1 (HKLM\...\Total Uninstall 6_is1) (Version: 6.21.1 - Gavrila Martau)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.0 - VideoLAN)
Web Companion (HKLM-x32\...\{ec80fed1-5939-421b-87ec-3985ac6e76b4}) (Version: 4.1.1813.3374 - Lavasoft)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Driver Package - BigNox Corporation (VBoxUSB) USB (01/20/2017 4.3.12) (HKLM\...\5704FF66AFA4D394842933DCC54279C2E177D380) (Version: 01/20/2017 4.3.12 - BigNox Corporation)
Windows Driver Package - BigNox Corporation VBoxUSBMon System (01/20/2017 4.3.12) (HKLM\...\35C6212A24F5D9B7942ECD18B0255759779999C2) (Version: 01/20/2017 4.3.12 - BigNox Corporation)
Windows Movie Maker 2016 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2videowin}}_is1) (Version: - videowinsoft.com)
WinZip 22.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24119}) (Version: 22.0.12706 - Corel Corporation)
XChat 2 (remove only) (HKLM-x32\...\xchat) (Version: - )
Zoner Photo Studio X (HKLM\...\ZonerPhotoStudioX_SK_is1) (Version: 19.1802.2.51 - ZONER software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1762337417-2231521048-3039012980-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1762337417-2231521048-3039012980-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1762337417-2231521048-3039012980-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1762337417-2231521048-3039012980-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1762337417-2231521048-3039012980-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1762337417-2231521048-3039012980-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1762337417-2231521048-3039012980-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.WinZipExpressForOffice.dll ()
ContextMenuHandlers1: [EzCd] -> {E46D6DC6-9707-43a9-BDBB-0BDBDD096F90} => C:\Program Files\EZ CD Audio Converter\ezcd64.dll [2016-01-01] (Poikosoft)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-12-11] (WinZip Computing, S.L.)
ContextMenuHandlers4: [EzCd] -> {E46D6DC6-9707-43a9-BDBB-0BDBDD096F90} => C:\Program Files\EZ CD Audio Converter\ezcd64.dll [2016-01-01] (Poikosoft)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-12-11] (WinZip Computing, S.L.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-12-11] (WinZip Computing, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D9BB623-888A-4301-BE89-F64F4D2EF447} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2016-12-13] ()
Task: {0FE79079-7120-4F05-AEB7-F1453464D482} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-02-22] (Microsoft Corporation)
Task: {13BD8189-A171-49FE-9027-8C33F59C029F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {2526F98E-7DEA-4119-8FC1-7E8272BC7DA1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-10] (Adobe Systems Incorporated)
Task: {2E2E26A6-15AC-4B60-ABC5-E955FAEA00BD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-04] (Google Inc.)
Task: {51866950-7186-4069-BA8F-A63C3279F21D} - System32\Tasks\{E30CA91D-AAF5-480F-A381-9FC5B3911889} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Nox\bin\Nox_unload.exe" -d "C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Nox"
Task: {95DB87D3-3FAD-45B7-B2F3-002C8DE0E96C} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [2017-12-11] (WinZip)
Task: {9D1ED043-594B-4966-9B5F-C5CCD3E6EB8C} - System32\Tasks\Neptune => C:\Program Files (x86)\Neptune SystemCare 2017\NeptuneTray.exe
Task: {B9EFBD61-0C95-4A01-8A7F-200A476BC774} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-02-22] (Microsoft Corporation)
Task: {D6CBF758-74A5-42D1-A4A0-C3527B17AAF6} - System32\Tasks\Driver Booster SkipUAC (Peter) => C:\Users\Peter\AppData\Local\Temp\is-5G3OS.tmp-dbinst\IObit\Driver Booster\5.2.0\DriverBooster.exe <==== ATTENTION
Task: {DEC619F7-E42E-44CF-B75A-E48E9890A24D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-04] (Google Inc.)
Task: {E0F94AAF-0B95-444C-A0BC-54A6A4F0404B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-02-07] (Piriform Ltd)
Task: {E182B577-489C-40B4-8627-246BAD945241} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_137_pepper.exe [2018-01-10] (Adobe Systems Incorporated)
Task: {F5C6E9EE-90CE-48E2-A0DE-099EB67E52CF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-02-07] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Neptune.job => C:\Program Files (x86)\Neptune SystemCare 2017\NeptuneTray.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-11-26 16:36 - 2016-11-14 12:15 - 000135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2018-01-22 10:03 - 2018-01-22 10:03 - 000061920 _____ () C:\Program Files\CCleaner\branding.dll
2017-09-01 12:15 - 2017-09-01 12:15 - 000495872 ____N () C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe
2018-01-06 09:16 - 2018-01-03 10:20 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
2018-01-06 09:16 - 2018-01-03 10:20 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libegl.dll
2018-01-25 14:28 - 2018-01-25 14:28 - 001160704 _____ () C:\Program Files (x86)\OkayFreedom\vpn.dll
2017-07-17 18:30 - 2017-07-17 18:30 - 000863744 _____ () C:\Windows\mod_frst.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2018-03-10 10:18 - 000000873 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 acdid.acdsystems.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Gameroom.lnk => C:\Windows\pss\Facebook Gameroom.lnk.Startup
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Ultra Agent => "C:\Users\Peter\DAEMON Tools Ultra\DTAgent.exe" -autorun
MSCONFIG\startupreg: OKAYFREEDOM Notifier => "C:\Program Files (x86)\OkayFreedom\Notifier.exe"
MSCONFIG\startupreg: OKAYFREEDOM_Agent => "C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe" -agent
MSCONFIG\startupreg: Spotify => "C:\Users\Peter\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Peter\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\Peter\AppData\Roaming\uTorrent\uTorrent.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{21AF00BC-69E4-46D0-9E2C-7BDCA808AB87}] => (Allow) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015.SP1a\RpcAgentSrv.exe
FirewallRules: [{49A999C8-E8ED-493A-8569-474C1C02AA67}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5F3E2D9C-ADDF-4688-BA9C-7498CB62CE88}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BF242538-1915-4CB0-9CCA-0BE42684B226}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C2B13292-FE11-4D92-8BE6-FC58126E6FE3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{91562D1F-4BB8-4DE3-9061-83293C19044B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{65A90583-4A75-4A42-B53E-574948CA365F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{C9F0D391-BBD5-4832-819B-8FED00D6A67B}C:\users\peter\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\peter\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{62EF1DAB-D355-4394-8692-6C9DE01C8F57}C:\users\peter\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\peter\appdata\roaming\spotify\spotify.exe
FirewallRules: [{C536916A-B3E5-478E-9A3B-99FBC19BE9BF}] => (Allow) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015.SP1a\WNt600x64\RpcSandraSrv.exe
FirewallRules: [TCP Query User{E99ACC46-EB4B-4690-AF11-A6D761CE11CB}C:\program files\charles\charles.exe] => (Allow) C:\program files\charles\charles.exe
FirewallRules: [UDP Query User{5F003441-B584-43ED-9AC2-F4CFC62463F4}C:\program files\charles\charles.exe] => (Allow) C:\program files\charles\charles.exe
FirewallRules: [{7C805329-BE04-4FE2-ADBA-FE123F381327}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{FD895352-A201-4520-99D3-041E934E9621}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{22D57A7F-28F1-433B-B1B8-20C30E90BED8}] => (Block) LPort=445
FirewallRules: [{287B29C8-F3BB-40DB-A7F1-CE083767A946}] => (Block) LPort=445
FirewallRules: [TCP Query User{9E74E1B7-D2A6-485D-939B-C6BDF5A46CAF}C:\program files\charles\charles.exe] => (Allow) C:\program files\charles\charles.exe
FirewallRules: [UDP Query User{8C4309E6-FF2E-47F3-BF23-EB0C4B101B69}C:\program files\charles\charles.exe] => (Allow) C:\program files\charles\charles.exe
FirewallRules: [TCP Query User{A283D731-EAFB-411F-BEFC-AD2A2B510395}C:\users\peter\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\peter\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{A48889D6-B34D-4693-B1B3-3CCC50F648E5}C:\users\peter\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\peter\appdata\roaming\spotify\spotify.exe
FirewallRules: [{256598AE-79AF-48E7-A2B6-99F2250E81A8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{7DD46EE1-1C8B-47F6-A07B-605F35064D62}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{334F2B70-9981-4709-A053-2CBE9A891BED}] => (Allow) \Nox\bin\Nox.exe
FirewallRules: [{C8EFF610-85D7-48FF-9174-DEF031BEE7EB}] => (Allow) \Bignox\BigNoxVM\RT\NoxVMHandle.exe
FirewallRules: [{BFF57A19-B280-410D-B975-C97037BCA189}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B21132F8-8F3E-4BC4-ADEC-9A7249804BA8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BC3F5B27-B14C-4FF5-8AC0-C7D159430180}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BC7FAFBE-7EB6-4B94-8D7B-3BFB5255A88E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\xchat\xchat.exe] => Enabled:XChat IRC Client

==================== Restore Points =========================

18-03-2018 08:04:00 Operácia obnovovania
18-03-2018 08:18:13 Odinštalované pomocou Total Uninstall "SharewareOnSale Notifier"
18-03-2018 08:23:17 Odinštalované pomocou Total Uninstall "Driver Booster 5"
20-03-2018 18:51:38 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/23/2018 04:12:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybovej aplikácie: OneDriveSetup.exe, verzia: 18.25.204.9, časová značka: 0x5a9798dc
Názov chybového modulu: OneDriveSetup.exe, verzia: 18.25.204.9, časová značka: 0x5a9798dc
Kód výnimky: 0x40000015
Odstup chyby: 0x00086722
Identifikácia chybného procesu: 0xaec
Čas spustenia chybnej aplikácie: 0x01d3c2b961e9874f
Cesta chybnej aplikácie: C:\Users\Peter\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe
Cesta chybného modulu: C:\Users\Peter\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe
Identifikácia hlásenia: a1c33b3f-2eac-11e8-8031-001e8c60ef64

Error: (03/23/2018 04:12:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybovej aplikácie: OneDriveSetup.exe, verzia: 18.25.204.9, časová značka: 0x5a9798dc
Názov chybového modulu: OneDriveSetup.exe, verzia: 18.25.204.9, časová značka: 0x5a9798dc
Kód výnimky: 0x40000015
Odstup chyby: 0x00086722
Identifikácia chybného procesu: 0x1004
Čas spustenia chybnej aplikácie: 0x01d3c2b963ab6b63
Cesta chybnej aplikácie: C:\Users\Peter\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe
Cesta chybného modulu: C:\Users\Peter\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe
Identifikácia hlásenia: a1c3142f-2eac-11e8-8031-001e8c60ef64

Error: (03/23/2018 01:26:30 PM) (Source: nssm) (EventID: 1010) (User: )
Description: Failed to start service CPUMonitor. Program C:\Windows\cpumonitor.exe couldn't be launched.
CreateProcess() failed:
Systém nemôže nájsť zadaný súbor.

Error: (03/20/2018 06:50:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybovej aplikácie: OneDriveSetup.exe, verzia: 18.25.204.9, časová značka: 0x5a9798dc
Názov chybového modulu: OneDriveSetup.exe, verzia: 18.25.204.9, časová značka: 0x5a9798dc
Kód výnimky: 0x40000015
Odstup chyby: 0x00086722
Identifikácia chybného procesu: 0x1818
Čas spustenia chybnej aplikácie: 0x01d3c073ddbe4130
Cesta chybnej aplikácie: C:\Users\Peter\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe
Cesta chybného modulu: C:\Users\Peter\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe
Identifikácia hlásenia: 1cdc84ae-2c67-11e8-96d0-001e8c60ef64

Error: (03/20/2018 06:50:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybovej aplikácie: OneDriveSetup.exe, verzia: 18.25.204.9, časová značka: 0x5a9798dc
Názov chybového modulu: OneDriveSetup.exe, verzia: 18.25.204.9, časová značka: 0x5a9798dc
Kód výnimky: 0x40000015
Odstup chyby: 0x00086722
Identifikácia chybného procesu: 0x9c8
Čas spustenia chybnej aplikácie: 0x01d3c073dae6d5d2
Cesta chybnej aplikácie: C:\Users\Peter\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe
Cesta chybného modulu: C:\Users\Peter\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe
Identifikácia hlásenia: 1cdcabbe-2c67-11e8-96d0-001e8c60ef64

Error: (03/19/2018 01:23:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6021

Error: (03/19/2018 01:23:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6021

Error: (03/19/2018 01:23:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (03/23/2018 05:44:06 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (03/23/2018 05:44:06 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (03/23/2018 01:33:10 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

Error: (03/23/2018 01:28:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby Služba Google Update (gupdate) zlyhalo kvôli nasledujúcej chybe:
Služba neodpovedala na riadiaci alebo spúšťací pokyn načas.

Error: (03/23/2018 01:28:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Počas čakania na pripojenie služby Služba Google Update (gupdate) bol dosiahnutý časový limit (120000 ms).

Error: (03/23/2018 01:26:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba CPUMonitor sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (03/23/2018 01:26:30 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba CPUMonitor bola ukončená s chybou služby Systém nemôže nájsť zadanú cestu.
.

Error: (03/23/2018 01:26:00 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.


CodeIntegrity:
===================================

Date: 2017-06-02 05:57:47.906
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-06-02 05:57:47.906
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-06-02 05:57:47.906
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-05-27 14:23:26.429
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-05-27 14:23:26.427
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-05-27 14:23:26.415
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-05-20 08:33:09.048
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-05-20 08:33:09.031
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 62%
Total physical RAM: 4095.12 MB
Available physical RAM: 1552.72 MB
Total Virtual: 8188.4 MB
Available Virtual: 4893.19 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.31 GB) (Free:33.54 GB) NTFS ==>[drive with boot components (obtained from BCD)]


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 08CB08CB)
Partition 1: (Active) - (Size=195.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Re: Poprpsím o preventívku

Napsal: 23 bře 2018 20:56
od Conder
:arrow: Pouzivas nejaky program/antivirus od McAfee?

:arrow: Zresetuj Chrome na predvolene nastavenia: Nastavenia -> Rozsirene - Obnovit -> potvrd kliknutim na Obnovit.

:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
CloseProcesses:
CreateRestorePoint:

Folder: C:\Windows\SysWOW64\矜㔼矟➒痑
CMD: type "C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\o6yasy6y.default-1506712320144\user.js"

HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} -  No File
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} -  No File
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} -  No File
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} -  No File
FF user.js: detected! => C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\o6yasy6y.default-1506712320144\user.js [2017-11-18]
CHR DefaultSearchURL: Default -> hxxp://search.searchytdvta.com/s?remove=remove&query={searchTerms}
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - <no Path/update_url>
CHR HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlhpijolpcimadhjingadnbcjncmjdce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iinglghmhcgdgjjlafobajghjamdchik] - hxxps://clients2.google.com/service/update2/crx
2018-03-18 08:19 - 2018-03-18 08:19 - 000000000 ____D C:\Windows\SysWOW64\矜㔼矟➒痑
2018-03-16 20:05 - 2018-03-18 08:24 - 000000000 ____D C:\IObit
2018-03-16 20:05 - 2018-03-16 20:05 - 000000000 ____D C:\ProductData
2018-03-18 08:26 - 2016-11-26 17:00 - 000000000 ____D C:\Users\Peter\AppData\Roaming\IObit
2018-03-18 08:25 - 2016-11-26 17:00 - 000000000 ____D C:\ProgramData\IObit
2018-03-18 08:25 - 2016-11-26 17:00 - 000000000 ____D C:\Program Files (x86)\IObit
2018-03-18 08:19 - 2017-10-01 08:50 - 000002948 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Peter)
2018-03-18 08:12 - 2016-11-26 17:00 - 000000000 ____D C:\Users\Peter\AppData\LocalLow\IObit

Task: {0D9BB623-888A-4301-BE89-F64F4D2EF447} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2016-12-13] ()
Task: {D6CBF758-74A5-42D1-A4A0-C3527B17AAF6} - System32\Tasks\Driver Booster SkipUAC (Peter) => C:\Users\Peter\AppData\Local\Temp\is-5G3OS.tmp-dbinst\IObit\Driver Booster\5.2.0\DriverBooster.exe <==== ATTENTION
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\webcompanion.com -> hxxp://webcompanion.com
C:\Windows\AutoKMS

DeleteKey: HKLM\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
DeleteKey: HKLM\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
DeleteKey: HKLM\SOFTWARE\Lavasoft\Web Companion
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
DeleteKey: HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\Software\csastats
DeleteKey: HKCU\Software\csastats

Hosts:
EmptyTemp:
End
  • Klikni na Subor a potom na Ulozit
  • Vpravo dole vyber kodovanie Unicode
  • Subor uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

Re: Poprpsím o preventívku

Napsal: 24 bře 2018 06:22
od PureHate44
Nepoužívam žiadny produkt od mcafee..... Prečo ? :)

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Peter (24-03-2018 06:14:12) Run:2
Running from C:\Users\Peter\Desktop
Loaded Profiles: Peter (Available Profiles: Peter)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

Folder: C:\Windows\SysWOW64\矜㔼矟➒痑
CMD: type "C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\o6yasy6y.default-1506712320144\user.js"

HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - No File
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - No File
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - No File
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - No File
FF user.js: detected! => C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\o6yasy6y.default-1506712320144\user.js [2017-11-18]
CHR DefaultSearchURL: Default -> hxxp://search.searchytdvta.com/s?remove=remove&query={searchTerms}
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - <no Path/update_url>
CHR HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlhpijolpcimadhjingadnbcjncmjdce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iinglghmhcgdgjjlafobajghjamdchik] - hxxps://clients2.google.com/service/update2/crx
2018-03-18 08:19 - 2018-03-18 08:19 - 000000000 ____D C:\Windows\SysWOW64\矜㔼矟➒痑
2018-03-16 20:05 - 2018-03-18 08:24 - 000000000 ____D C:\IObit
2018-03-16 20:05 - 2018-03-16 20:05 - 000000000 ____D C:\ProductData
2018-03-18 08:26 - 2016-11-26 17:00 - 000000000 ____D C:\Users\Peter\AppData\Roaming\IObit
2018-03-18 08:25 - 2016-11-26 17:00 - 000000000 ____D C:\ProgramData\IObit
2018-03-18 08:25 - 2016-11-26 17:00 - 000000000 ____D C:\Program Files (x86)\IObit
2018-03-18 08:19 - 2017-10-01 08:50 - 000002948 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Peter)
2018-03-18 08:12 - 2016-11-26 17:00 - 000000000 ____D C:\Users\Peter\AppData\LocalLow\IObit

Task: {0D9BB623-888A-4301-BE89-F64F4D2EF447} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2016-12-13] ()
Task: {D6CBF758-74A5-42D1-A4A0-C3527B17AAF6} - System32\Tasks\Driver Booster SkipUAC (Peter) => C:\Users\Peter\AppData\Local\Temp\is-5G3OS.tmp-dbinst\IObit\Driver Booster\5.2.0\DriverBooster.exe <==== ATTENTION
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\...\webcompanion.com -> hxxp://webcompanion.com
C:\Windows\AutoKMS

DeleteKey: HKLM\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
DeleteKey: HKLM\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
DeleteKey: HKLM\SOFTWARE\Lavasoft\Web Companion
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
DeleteKey: HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\Software\csastats
DeleteKey: HKCU\Software\csastats

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========================= Folder: C:\Windows\SysWOW64\矜㔼矟➒痑 ========================

2018-03-18 08:19 - 2018-03-18 08:19 - 000000000 ____D [00000000000000000000000000000000] () C:\Windows\SysWOW64\矜㔼矟➒痑\ProductData
2018-03-18 08:19 - 2018-03-18 08:19 - 000000032 ____A [74F979057CC2E5CB1D02908401FBD5B0] () C:\Windows\SysWOW64\矜㔼矟➒痑\ProductData\db5Stat.ini
2018-03-18 08:19 - 2018-03-18 08:19 - 000000226 ____A [9AB12656CD9C8BF7E177BA1990E0970E] () C:\Windows\SysWOW64\矜㔼矟➒痑\ProductData\StatCache.db

====== End of Folder: ======


========= type "C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\o6yasy6y.default-1506712320144\user.js" =========

user_pref("network.http.pipelining.maxrequests", 8);
user_pref("network.http.request.max-start-delay", 0);
user_pref("network.http.max-connections", 48);
user_pref("network.http.max-connections-per-server", 16);
user_pref("network.http.max-persistent-connections-per-proxy", 16);
user_pref("network.http.max-persistent-connections-per-server", 8);
user_pref("browser.turbo.enabled", true);
user_pref("browser.display.show_image_placeholders", true);
user_pref("browser.chrome.favicons", false);
user_pref("browser.urlbar.autocomplete.enabled", true);
user_pref("browser.cache.memory.capacity", 65536);
user_pref("content.notify.ontimer", true);
user_pref("content.interrupt.parsing", true);
user_pref("content.max.tokenizing.time", 2250000);
user_pref("content.switch.threshold", 750000);
user_pref("plugin.expose_full_path", true);
user_pref("ui.submenuDelay", 0);

========= End of CMD: =========

"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SPReview" => removed successfully
"HKLM\Software\Classes\PROTOCOLS\Handler\mso-minsb-roaming.16" => removed successfully
HKLM\Software\Classes\CLSID\{83C25742-A9F7-49FB-9138-434302C88D07} => not found
"HKLM\Software\Classes\PROTOCOLS\Handler\mso-minsb.16" => removed successfully
HKLM\Software\Classes\CLSID\{42089D2D-912D-4018-9087-2B87803E93FB} => not found
"HKLM\Software\Classes\PROTOCOLS\Handler\osf-roaming.16" => removed successfully
HKLM\Software\Classes\CLSID\{42089D2D-912D-4018-9087-2B87803E93FB} => not found
"HKLM\Software\Classes\PROTOCOLS\Handler\osf.16" => removed successfully
HKLM\Software\Classes\CLSID\{5504BE45-A83B-4808-900A-3A5C36E7F77A} => not found
C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\o6yasy6y.default-1506712320144\user.js => moved successfully
"Chrome DefaultSearchURL" => removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek" => removed successfully
"HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\SOFTWARE\Google\Chrome\Extensions\jlhpijolpcimadhjingadnbcjncmjdce" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iinglghmhcgdgjjlafobajghjamdchik" => removed successfully
C:\Windows\SysWOW64\矜㔼矟➒痑 => moved successfully
C:\IObit => moved successfully
C:\ProductData => moved successfully
C:\Users\Peter\AppData\Roaming\IObit => moved successfully
C:\ProgramData\IObit => moved successfully
C:\Program Files (x86)\IObit => moved successfully
C:\Windows\System32\Tasks\Driver Booster SkipUAC (Peter) => moved successfully
C:\Users\Peter\AppData\LocalLow\IObit => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D9BB623-888A-4301-BE89-F64F4D2EF447}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D9BB623-888A-4301-BE89-F64F4D2EF447}" => removed successfully
C:\Windows\System32\Tasks\AutoKMS => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D6CBF758-74A5-42D1-A4A0-C3527B17AAF6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6CBF758-74A5-42D1-A4A0-C3527B17AAF6}" => removed successfully
"C:\Windows\System32\Tasks\Driver Booster SkipUAC (Peter)" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Peter)" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com" => removed successfully
"HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost" => removed successfully
"HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com" => removed successfully
C:\Windows\AutoKMS => moved successfully
HKLM\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99} => not found
"HKLM\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}" => removed successfully
"HKLM\SOFTWARE\Lavasoft\Web Companion" => not found
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => not found
"HKU\S-1-5-21-1762337417-2231521048-3039012980-1000\Software\csastats" => removed successfully
HKCU\Software\csastats => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7293705 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 28060332 B
Edge => 0 B
Chrome => 117095399 B
Firefox => 12762515 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 21100 B
Peter => 2209203835 B

RecycleBin => 1577203595 B
EmptyTemp: => 3.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 06:16:32 ====

Re: Poprpsím o preventívku

Napsal: 24 bře 2018 14:54
od Conder
:arrow: Bezia tam totiz nejake zbytky po McAfee, docistime teda.

:arrow: Tento proxy server mas nastaveny umyselne?
ProxyServer: [S-1-5-21-1762337417-2231521048-3039012980-1000] => http=127.0.0.1:8888;https=127.0.0.1:8888
:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
CloseProcesses:
CreateRestorePoint:

R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-08-02] (McAfee, Inc.)
S3 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-04-26] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2016-08-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-08-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [843048 2016-08-02] (McAfee, Inc.)
2018-03-11 11:28 - 2018-03-11 11:28 - 000000000 ____D C:\Program Files\Common Files\McAfee
2018-03-11 11:28 - 2016-04-26 17:56 - 000277744 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

C:\Program Files (x86)\McAfee
C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware
C:\Program Files\Common Files\McAfee
C:\Program Files\McAfee
C:\Program Files\McAfee.com
C:\ProgramData\McAfee
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
C:\Users\Public\Desktop\McAfee*
C:\Windows\System32\Tasks\*McAfee*
C:\Windows\System32\Tasks\McAfee

C:\Windows\System32\drivers\cfwids.sys
C:\Windows\System32\drivers\HipShieldK.sys
C:\Windows\system32\drivers\McPvDrv.sys
C:\Windows\System32\drivers\mfeaack.sys
C:\Windows\System32\drivers\mfeavfk.sys
C:\Windows\System32\drivers\mfefirek.sys
C:\Windows\System32\drivers\mfehidk.sys
C:\Windows\System32\DRIVERS\mfencbdc.sys
C:\Windows\System32\DRIVERS\mfencrk.sys
C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys
C:\Windows\System32\drivers\mfewfpk.sys

Hosts:
EmptyTemp:
End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj
Všechny časy jsou v UTC+01:00
Stránka 1 z 4

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz