Zavirováno - prosím o kontrolu Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Knaak
Level 1
Level 1
Příspěvky: 86
Registrován: leden 07
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Zavirováno - prosím o kontrolu

Příspěvekod Knaak » 20 kvě 2017 08:35

RogueKiller V12.10.9.0 (x64) [May 15 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 10 (10.0.15063) 64 bits version
Spuštěno : Normální režim
Uživatel : Luká? [Práva správce]
Started from : C:\Users\Luká?\Desktop\RogueKiller_portable64.exe
Mód : Smazat -- Datum : 05/20/2017 07:15:18 (Duration : 00:12:56)

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 9 ¤¤¤
[PUP.Ghokswa] (X86) HKEY_LOCAL_MACHINE\Software\Firefox -> Smazáno
[PUP.Conduit|PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-93891766-2264748017-560823220-1001\Software\Conduit -> Smazáno
[PUP.Ghokswa] (X64) HKEY_USERS\S-1-5-21-93891766-2264748017-560823220-1001\Software\Firefox -> Smazáno
[PUP.Conduit|PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-93891766-2264748017-560823220-1001\Software\Conduit -> Smazáno
[PUP.Ghokswa] (X86) HKEY_USERS\S-1-5-21-93891766-2264748017-560823220-1001\Software\Firefox -> Smazáno
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : -> Smazáno
[PUP.Ghokswa] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {16792935-7843-41F3-8EBB-B6092739973C} : v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Firefox\Firefox.exe|Name=Firefox browser| [x] -> Smazáno
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nahrazeno (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nahrazeno (2)

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][Firefox:Config] 49erkp7l.default-1494695525974 : user_pref("browser.startup.homepage", "http://www.seznam.cz"); -> Nahrazeno (about:home)

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Crucial_CT525MX300SSD1 +++++
--- User ---
[MBR] 685937b262ac47a4726f790143104eb2
[BSP] 73cf0b2577321db2e09bd2a7cdd571e9 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500784 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Crucial_CT256MX100SSD1 +++++
--- User ---
[MBR] b5c303fe88b6750282d44e0ea625bc1f
[BSP] 5d91ad7913d9aa9262b7b0e565107506 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 243643 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 499189760 | Size: 451 MB
User = LL1 ... OK
User = LL2 ... OK

Reklama
Knaak
Level 1
Level 1
Příspěvky: 86
Registrován: leden 07
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Zavirováno - prosím o kontrolu

Příspěvekod Knaak » 20 kvě 2017 08:36

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Luk ç on 20.05.2017 at 8:04:16,35.
Microsoft Windows 10 Pro 10.0.15063 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\LUK~1\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

20.05.2017 8:04:55 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\Users\LUK~1\AppData\Local\ConnectedDevicesPlatform deleted successfully
C:\Users\LUK~1\AppData\Local\DBG deleted successfully
C:\Users\LUK~1\AppData\Local\PeerDistRepub deleted successfully
C:\Users\LUK~1\AppData\Local\VirtualStore deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-93891766-2264748017-560823220-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{8E8F97CD-60B5-456F-A201-73065652D099} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\LUK~1\AppData\Roaming\Profiles\Chepershchivosp.default\prefs.js:
user_pref("browser.startup.homepage", "www.seznam.cz");

Added to C:\Users\LUK~1\AppData\Roaming\Profiles\Chepershchivosp.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\LUK~1\AppData\Roaming\Mozilla\Firefox\Profiles\49erkp7l.default-1494695525974\prefs.js:

Added to C:\Users\LUK~1\AppData\Roaming\Mozilla\Firefox\Profiles\49erkp7l.default-1494695525974\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\LUK~1\AppData\Roaming\Thunderbird\Profiles\c0xz4dii.default\prefs.js:

Added to C:\Users\LUK~1\AppData\Roaming\Thunderbird\Profiles\c0xz4dii.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\SafeZoneStable\shell\open\command]
@="C:\\Program Files\\AVAST Software\\SZBrowser\\Launcher.exe"

==== Deleting Files \ Folders ======================

C:\PROGRA~3\Package Cache deleted
C:\Users\LUK~1\AppData\Local\Wondershare deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted
C:\Users\LUK~1\AppData\Roaming\Mozilla\Firefox\Profiles\49erkp7l.default-1494695525974\Invalidprefs.js deleted
C:\Users\LUK~1\Desktop\FSDownloader.exe deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\DAQExp.dll" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\WSHelper.exe" deleted
"C:\PROGRA~2\COMMON~1\Wondershare" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\LUK~1\AppData\Roaming\Profiles\Chepershchivosp.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\LUK~1\AppData\Roaming\Mozilla\Firefox\Profiles\49erkp7l.default-1494695525974
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\LUK~1\AppData\Roaming\Thunderbird\Profiles\c0xz4dii.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\LUK~1\AppData\Roaming\Profiles\Chepershchivosp.default
- Seznam litika - %ProfilePath%\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
- Undetermined - %ProfilePath%\extensions\622464@extcorp.com.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

ProfilePath: C:\Users\LUK~1\AppData\Roaming\Mozilla\Firefox\Profiles\49erkp7l.default-1494695525974
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

ProfilePath: C:\Users\LUK~1\AppData\Roaming\Thunderbird\Profiles\c0xz4dii.default
- Undetermined - C:\Users\Lukáš\AppData\Roaming\Thunderbird\Profiles\c0xz4dii.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}
- Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}

AppDir: C:\Program Files\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdaterService.exe deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\LUK~1\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\LUK~1\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\LUK~1\AppData\Local\Mozilla\Firefox\Profiles\49erkp7l.default-1494695525974\cache2 emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=92 folders=61 55749543 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\LUK~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 20.05.2017 at 8:26:11,23 ======================

Knaak
Level 1
Level 1
Příspěvky: 86
Registrován: leden 07
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Zavirováno - prosím o kontrolu

Příspěvekod Knaak » 20 kvě 2017 08:36

Zemana AntiMalware 2.72.2.388 (instalační verze)

-------------------------------------------------------
Scan Result : Dokončeno
Scan Date : 2017.5.20
Operating System : Windows 10 64-bit
Processor : 4X Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
BIOS Mode : Legacy
CUID : 127AB8E7BC22DD54BCF8D6
Scan Type : Skenování systému
Duration : 1m 2s
Scanned Objects : 66116
Detected Objects : 5
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Zapnuto
Detect All Extensions : Vypnuto
Scan Documents : Vypnuto
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Edge Homepage
Status : Skenováno
Object : http://www.ourluckysites.com/?type=hp&t ... C913BA7FC9
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podezřelé nastavení prohlížeče
Cleaning Action : Opravit
Related Objects :
Nastavení prohlížeče - Edge Homepage

Firefox Search
Status : Skenováno
Object : ourluckysites - http://ourluckysites.com
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podezřelé nastavení prohlížeče
Cleaning Action : Opravit
Related Objects :
Nastavení prohlížeče - Firefox Search

mio
Status : Skenováno
Object : NE->c:\program files (x86)\mio
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/ELEX.O!Neng
Cleaning Action : Karanténa
Related Objects :
(null) - (null)

installationconfiguration.xml
Status : Skenováno
Object : NE->c:\users\lukáš\appdata\local\installationconfiguration.xml
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/Linkury.AB!Neng
Cleaning Action : Karanténa
Related Objects :
(null) - (null)

chepershchivosp.default
Status : Skenováno
Object : NE->c:\users\lukáš\appdata\roaming\profiles\chepershchivosp.default
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/Trotux.FakeProfile!Neng
Cleaning Action : Karanténa
Related Objects :
(null) - (null)


Cleaning Result
-------------------------------------------------------
Cleaned : 5
Reported as safe : 0
Failed : 0

Knaak
Level 1
Level 1
Příspěvky: 86
Registrován: leden 07
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Zavirováno - prosím o kontrolu

Příspěvekod Knaak » 20 kvě 2017 08:37

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:33:32, on 20.05.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.15063.0000)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe
C:\Windows\SysWoW64\muachost.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
C:\Users\Lukáš\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [GammingApp] C:\Program Files (x86)\MSI\Gaming APP\SGamingApp.exe --min
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Lukáš\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [OscarEditor] "C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe" Minimum
O4 - HKCU\..\Run: [Steam] "D:\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Global Startup: Killer Network Manager.lnk = C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: GamingApp_Service - Micro-Star Int'l Co., Ltd. - C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe
O23 - Service: GamingHotkey_Service - Micro-Star INT'L CO., LTD. - C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Killer Service V2 - Rivet Networks - C:\Program Files\Killer Networking\Network Manager\KillerService.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: MSI_ActiveX_Service - Micro-Star INT'L CO., LTD. - C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: Origin Client Service - Electronic Arts - D:\Origin\OriginClientService.exe
O23 - Service: Origin Web Helper Service - Electronic Arts - D:\Origin\OriginWebHelperService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAM Controller Service (ZAMSvc) - Copyright 2017. - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe

--
End of file - 10596 bytes

Knaak
Level 1
Level 1
Příspěvky: 86
Registrován: leden 07
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Zavirováno - prosím o kontrolu

Příspěvekod Knaak » 20 kvě 2017 08:43

Malwarebytes mi hlásí každou chvíli že zablokoval doménu ourluckysites.com , o dalších problémech zatím nevím. Kvůli pracovnímu vytížení nejsem skoro vůbec na PC.

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Zavirováno - prosím o kontrolu

Příspěvekod jaro3 » 20 kvě 2017 09:27

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =


Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Knaak
Level 1
Level 1
Příspěvky: 86
Registrován: leden 07
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Zavirováno - prosím o kontrolu

Příspěvekod Knaak » 21 kvě 2017 12:06

Během skenování se aswMBR zastaví a naskočí modrá obrazovka s chybovou zprávou. Nějaký driver, nestíhám si to zapamatovat a dole je je napsáno že příčina pádu je aswMBR. Program jsem zkoušel spustit několikrát i v nouzovém režimu. Vždy se objevý modrá smrt.

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Zavirováno - prosím o kontrolu

Příspěvekod jaro3 » 22 kvě 2017 15:09

Tak to nech ,
Udělej FRST.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Knaak
Level 1
Level 1
Příspěvky: 86
Registrován: leden 07
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Zavirováno - prosím o kontrolu

Příspěvekod Knaak » 22 kvě 2017 20:26

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2017
Ran by Lukáš (administrator) on DESKTOP-NS1OFLJ (22-05-2017 20:23:34)
Running from C:\Users\Lukáš\Desktop
Loaded Profiles: Lukáš (Available Profiles: defaultuser0 & Lukáš)
Platform: Windows 10 Pro Version 1703 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe
(MSI) C:\Windows\SysWOW64\muachost.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe
(Microsoft Corporation) C:\Windows\System32\LicensingUI.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16407296 2015-10-30] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-03] (AVAST Software)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14522512 2017-04-03] (Copyright 2017.)
HKLM-x32\...\Run: [GammingApp] => C:\Program Files (x86)\MSI\Gaming APP\SGamingApp.exe [1149904 2016-09-20] (Micro-Star Int'l Co., Ltd.)
HKU\S-1-5-21-93891766-2264748017-560823220-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4958912 2016-11-17] (Disc Soft Ltd)
HKU\S-1-5-21-93891766-2264748017-560823220-1001\...\Run: [OscarEditor] => C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe [2625536 2010-06-24] ()
HKU\S-1-5-21-93891766-2264748017-560823220-1001\...\Run: [Steam] => D:\Steam\steam.exe [3019552 2017-04-26] (Valve Corporation)
HKU\S-1-5-21-93891766-2264748017-560823220-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-03] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-03] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.20
Tcpip\..\Interfaces\{d448447b-76e2-48f6-852d-0c3351cc231f}: [DhcpNameServer] 192.168.1.20

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\S-1-5-21-93891766-2264748017-560823220-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-93891766-2264748017-560823220-1001 -> hxxp://www.google.com

FireFox:
========
FF DefaultProfile: 49erkp7l.default-1494695525974
FF ProfilePath: C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\49erkp7l.default-1494695525974 [2017-05-22]
FF NewTab: Mozilla\Firefox\Profiles\49erkp7l.default-1494695525974 -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\49erkp7l.default-1494695525974 -> www.seznam.cz
FF Extension: (Adblock Plus) - C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\49erkp7l.default-1494695525974\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-05-16]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-09] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-03] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-03] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1445384 2016-10-22] ()
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1473216 2016-11-17] (Disc Soft Ltd)
R2 GamingApp_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe [45008 2016-09-29] (Micro-Star Int'l Co., Ltd.)
R2 GamingHotkey_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe [2019792 2016-05-16] (Micro-Star INT'L CO., LTD.)
R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [451072 2015-11-24] (Rivet Networks) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe [78776 2016-11-09] (Micro-Star INT'L CO., LTD.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [492480 2017-04-26] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [492480 2017-04-26] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-04-26] (NVIDIA Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2147216 2017-05-02] (Electronic Arts)
S2 Origin Web Helper Service; D:\Origin\OriginWebHelperService.exe [3116440 2017-05-02] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2016-12-16] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2016-12-16] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14522512 2017-04-03] (Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2016-11-19] (ASRock Incorporation)
S3 AsrKbMsHk; C:\Windows\SysWOW64\Drivers\AsrKbMsHk.sys [38664 2017-02-11] (ASRock Inc.)
S3 AsrSetupDrv; C:\Windows\SysWOW64\Drivers\AsrSetupDrv.sys [22352 2016-11-19] (RW-Everything)
R3 AsrVDrive; C:\WINDOWS\System32\drivers\AsrVDrive.sys [24400 2015-02-03] (ASRock Inc.)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [311808 2017-05-03] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [190256 2017-05-03] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334576 2017-05-03] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [49016 2017-05-03] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-05-03] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-05-03] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [128648 2017-05-03] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-05-03] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-05-03] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1007160 2017-05-03] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [569192 2017-05-03] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [158880 2017-05-15] (AVAST Software)
R1 BfLwf; C:\WINDOWS\system32\DRIVERS\bwcW10x64.sys [146504 2015-11-20] (Rivet Networks, LLC.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-11-19] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-11-19] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-05-09] ()
R1 HWiNFO32; C:\Windows\SysWoW64\drivers\HWiNFO64A.SYS [27552 2016-12-06] (REALiX(tm))
R3 I2cHkBurn; C:\WINDOWS\system32\drivers\I2cHkBurn.sys [41760 2015-07-27] (FINTEK Corp.)
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2017-03-18] (Qualcomm Atheros, Inc.)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [187320 2017-05-16] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [113592 2017-05-21] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-05-21] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251832 2017-05-21] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93624 2017-05-22] (Malwarebytes)
R3 NTIOLib_ACTIVE_X; C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\NTIOLib_X64.sys [13776 2016-04-12] (MSI)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a2b0acab06663645\nvlddmkm.sys [14456944 2017-05-02] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-04-26] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47552 2017-04-26] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [59448 2017-05-02] (NVIDIA Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2016-10-24] ()
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-05-20] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-05-20] (Zemana Ltd.)
S3 aswVmm; \??\C:\Users\LUK~1\AppData\Local\Temp\aswVmm.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-22 20:23 - 2017-05-22 20:23 - 00016167 _____ C:\Users\Lukáš\Desktop\FRST.txt
2017-05-22 20:23 - 2017-05-22 20:23 - 00000000 ____D C:\Users\Lukáš\Desktop\FRST-OlderVersion
2017-05-22 20:23 - 2017-05-22 20:23 - 00000000 ____D C:\FRST
2017-05-21 11:59 - 2017-05-21 11:59 - 00153152 _____ C:\WINDOWS\ntbtlog.txt
2017-05-21 11:59 - 2017-05-21 11:59 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-05-21 11:43 - 2017-05-21 11:43 - 00000000 ____D C:\Users\Lukáš\Desktop\backups
2017-05-21 11:41 - 2017-05-21 11:41 - 00000000 _____ C:\Users\Lukáš\Desktop\fixni.txt
2017-05-21 08:24 - 2017-05-21 08:24 - 00000000 ____D C:\Users\Lukáš\AppData\Local\CEF
2017-05-21 08:13 - 2017-05-21 08:13 - 00000000 ____D C:\Users\Lukáš\AppData\Local\ConnectedDevicesPlatform
2017-05-21 05:43 - 2017-05-21 05:43 - 00000000 ____D C:\Users\Lukáš\AppData\Local\DBG
2017-05-21 05:43 - 2017-05-21 05:43 - 00000000 ____D C:\Users\Lukáš\AppData\Local\CrashDumps
2017-05-21 05:21 - 2017-05-22 20:23 - 02429952 _____ (Farbar) C:\Users\Lukáš\Desktop\FRST64.exe
2017-05-21 05:20 - 2017-05-21 05:20 - 05200384 _____ (AVAST Software) C:\Users\Lukáš\Desktop\aswmbr.exe
2017-05-21 04:53 - 2017-05-21 12:00 - 00000000 ____D C:\WINDOWS\Minidump
2017-05-20 09:02 - 2017-05-20 09:02 - 00000000 ____D C:\Users\Lukáš\AppData\Local\PeerDistRepub
2017-05-20 08:28 - 2017-05-22 20:23 - 00116745 _____ C:\WINDOWS\ZAM.krnl.trace
2017-05-20 08:28 - 2017-05-22 20:23 - 00087874 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-05-20 08:28 - 2017-05-20 08:28 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-05-20 08:28 - 2017-05-20 08:28 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-05-20 08:28 - 2017-05-20 08:28 - 00001219 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-05-20 08:28 - 2017-05-20 08:28 - 00000000 ____D C:\Users\Lukáš\AppData\Local\Zemana
2017-05-20 08:28 - 2017-05-20 08:28 - 00000000 ____D C:\Users\Lukáš\AppData\Local\VirtualStore
2017-05-20 08:28 - 2017-05-20 08:28 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-05-20 08:24 - 2017-05-20 08:04 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2017-05-20 08:04 - 2017-05-20 08:19 - 00000000 ____D C:\zoek_backup
2017-05-20 07:13 - 2017-05-20 07:13 - 00000092 _____ C:\Users\Lukáš\Desktop\skript.txt
2017-05-20 07:11 - 2017-05-20 07:11 - 05774688 _____ (Zemana Ltd. ) C:\Users\Lukáš\Desktop\Zemana.AntiMalware.Setup.exe
2017-05-20 07:11 - 2017-05-20 07:11 - 01309184 _____ C:\Users\Lukáš\Desktop\zoek.exe
2017-05-18 12:03 - 2017-05-18 12:03 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-05-18 12:03 - 2017-05-18 12:03 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-05-18 11:57 - 2017-05-18 11:57 - 26320968 _____ C:\Users\Lukáš\Desktop\RogueKiller_portable64.exe
2017-05-18 11:54 - 2017-05-18 11:55 - 167670992 _____ (Sophos Limited) C:\Users\Lukáš\Desktop\Sophos Virus Removal Tool.exe
2017-05-17 14:18 - 2017-05-17 14:18 - 00000000 ____D C:\Users\Lukáš\AppData\Local\Publishers
2017-05-16 22:55 - 2017-05-16 22:55 - 01663672 _____ (Malwarebytes) C:\Users\Lukáš\Desktop\JRT.exe
2017-05-16 11:02 - 2017-05-22 20:17 - 00093624 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-05-16 11:02 - 2017-05-21 12:00 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-05-16 11:02 - 2017-05-21 12:00 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-05-16 11:02 - 2017-05-21 12:00 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-05-16 11:02 - 2017-05-16 11:02 - 00187320 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-05-16 11:02 - 2017-05-16 11:02 - 00001918 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-05-16 11:02 - 2017-05-16 11:02 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-16 11:02 - 2017-05-09 16:37 - 00077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-05-16 11:00 - 2017-05-17 10:15 - 00000000 ____D C:\AdwCleaner
2017-05-16 10:58 - 2017-05-16 10:58 - 00050688 _____ (Atribune.org) C:\Users\Lukáš\Downloads\ATF-Cleaner.exe
2017-05-16 10:56 - 2017-05-22 20:23 - 00000000 ____D C:\Users\Lukáš\AppData\LocalLow\Mozilla
2017-05-16 10:55 - 2017-05-22 20:19 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-16 10:54 - 2017-05-16 10:54 - 63035592 _____ (Malwarebytes ) C:\Users\Lukáš\Downloads\mb3-setup-consumer-3.1.2.1733.exe
2017-05-16 10:53 - 2017-05-16 10:53 - 04102600 _____ C:\Users\Lukáš\Desktop\AdwCleaner.exe
2017-05-16 10:52 - 2017-05-16 10:52 - 00448512 _____ (OldTimer Tools) C:\Users\Lukáš\Downloads\TFC.exe
2017-05-16 09:54 - 2017-05-21 04:57 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-05-16 09:54 - 2017-05-18 12:02 - 00001921 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-05-16 09:45 - 2017-05-16 09:45 - 00388608 _____ (Trend Micro Inc.) C:\Users\Lukáš\Desktop\HijackThis.exe
2017-05-13 19:09 - 2017-05-13 19:09 - 00081229 _____ C:\Users\Lukáš\Desktop\bookmarks-2017-05-13.json
2017-05-12 22:58 - 2017-05-12 22:58 - 00000000 ____D C:\Users\Public\Documents\Google
2017-05-11 17:43 - 2017-05-11 17:43 - 00000000 _____ C:\WINDOWS\SysWOW64\last.dump
2017-05-11 10:38 - 2017-05-12 22:57 - 00000000 _____ C:\WINDOWS\SysWOW64\1111
2017-05-11 10:38 - 2017-05-11 10:38 - 00000000 _____ C:\WINDOWS\SysWOW64\11
2017-05-11 10:38 - 2017-05-11 10:38 - 00000000 _____ C:\WINDOWS\SysWOW64\00
2017-05-11 07:19 - 2017-04-28 03:38 - 01411128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-05-11 07:19 - 2017-04-28 03:12 - 01604312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-05-11 07:19 - 2017-04-28 03:12 - 00543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-05-11 07:19 - 2017-04-28 03:08 - 08320920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-05-11 07:19 - 2017-04-28 03:07 - 06759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-05-11 07:19 - 2017-04-28 03:00 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-05-11 07:19 - 2017-04-28 02:59 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-05-11 07:19 - 2017-04-28 02:56 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-05-11 07:19 - 2017-04-28 02:52 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-05-11 07:19 - 2017-04-28 02:51 - 20505600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-05-11 07:19 - 2017-04-28 02:46 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-05-11 07:19 - 2017-04-28 02:40 - 11870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-05-11 07:19 - 2017-04-28 02:40 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-05-11 07:19 - 2017-04-28 02:26 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-05-11 07:19 - 2017-04-28 02:15 - 03672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-05-11 07:19 - 2017-04-28 02:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-05-11 07:19 - 2017-04-28 02:04 - 23681024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-05-11 07:19 - 2017-04-28 02:00 - 08244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-05-11 07:19 - 2017-04-28 01:58 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-05-11 07:19 - 2017-04-19 08:12 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-05-11 07:19 - 2017-04-19 08:04 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-05-11 07:19 - 2017-04-19 08:04 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-05-11 07:19 - 2017-04-19 07:34 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-05-11 07:19 - 2017-04-14 02:33 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-05-11 07:19 - 2017-04-14 01:39 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-05-11 07:18 - 2017-04-28 03:19 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-05-11 07:18 - 2017-04-28 03:19 - 00605936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-05-11 07:18 - 2017-04-28 03:18 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-05-11 07:18 - 2017-04-28 03:16 - 00599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-05-11 07:18 - 2017-04-28 03:11 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-05-11 07:18 - 2017-04-28 03:09 - 01557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-05-11 07:18 - 2017-04-28 03:08 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-05-11 07:18 - 2017-04-28 03:08 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-05-11 07:18 - 2017-04-28 03:08 - 00775824 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-05-11 07:18 - 2017-04-28 03:07 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-05-11 07:18 - 2017-04-28 03:06 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-05-11 07:18 - 2017-04-28 03:06 - 00708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-05-11 07:18 - 2017-04-28 03:05 - 00923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-05-11 07:18 - 2017-04-28 03:04 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-05-11 07:18 - 2017-04-28 03:03 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-05-11 07:18 - 2017-04-28 02:59 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-05-11 07:18 - 2017-04-28 02:59 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-05-11 07:18 - 2017-04-28 02:59 - 00207264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-05-11 07:18 - 2017-04-28 02:59 - 00027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-05-11 07:18 - 2017-04-28 02:58 - 01852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-05-11 07:18 - 2017-04-28 02:58 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-05-11 07:18 - 2017-04-28 02:57 - 03116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-05-11 07:18 - 2017-04-28 02:55 - 21353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-05-11 07:18 - 2017-04-28 02:55 - 01325456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-05-11 07:18 - 2017-04-28 02:53 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-05-11 07:18 - 2017-04-28 02:52 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-05-11 07:18 - 2017-04-28 02:52 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-05-11 07:18 - 2017-04-28 02:49 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-05-11 07:18 - 2017-04-28 02:49 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-05-11 07:18 - 2017-04-28 02:46 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-05-11 07:18 - 2017-04-28 02:46 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-05-11 07:18 - 2017-04-28 02:45 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-05-11 07:18 - 2017-04-28 02:44 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-05-11 07:18 - 2017-04-28 02:44 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-05-11 07:18 - 2017-04-28 02:42 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-05-11 07:18 - 2017-04-28 02:42 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-05-11 07:18 - 2017-04-28 02:42 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-05-11 07:18 - 2017-04-28 02:42 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-05-11 07:18 - 2017-04-28 02:41 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-05-11 07:18 - 2017-04-28 02:40 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-05-11 07:18 - 2017-04-28 02:40 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-05-11 07:18 - 2017-04-28 02:40 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-05-11 07:18 - 2017-04-28 02:40 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-05-11 07:18 - 2017-04-28 02:39 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-05-11 07:18 - 2017-04-28 02:39 - 03655680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-05-11 07:18 - 2017-04-28 02:39 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-05-11 07:18 - 2017-04-28 02:38 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-05-11 07:18 - 2017-04-28 02:38 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-05-11 07:18 - 2017-04-28 02:37 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-05-11 07:18 - 2017-04-28 02:37 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-05-11 07:18 - 2017-04-28 02:34 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-05-11 07:18 - 2017-04-28 02:33 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-05-11 07:18 - 2017-04-28 02:15 - 01051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-05-11 07:18 - 2017-04-28 02:14 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-05-11 07:18 - 2017-04-28 02:11 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-05-11 07:18 - 2017-04-28 02:11 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-05-11 07:18 - 2017-04-28 02:09 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-05-11 07:18 - 2017-04-28 02:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-05-11 07:18 - 2017-04-28 02:08 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-05-11 07:18 - 2017-04-28 02:08 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-05-11 07:18 - 2017-04-28 02:08 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-05-11 07:18 - 2017-04-28 02:07 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-05-11 07:18 - 2017-04-28 02:06 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-05-11 07:18 - 2017-04-28 02:06 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-05-11 07:18 - 2017-04-28 02:06 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-05-11 07:18 - 2017-04-28 02:06 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-05-11 07:18 - 2017-04-28 02:05 - 01075712 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-05-11 07:18 - 2017-04-28 02:05 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-05-11 07:18 - 2017-04-28 02:04 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-05-11 07:18 - 2017-04-28 02:04 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-05-11 07:18 - 2017-04-28 02:04 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-05-11 07:18 - 2017-04-28 02:03 - 01085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-05-11 07:18 - 2017-04-28 02:03 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-05-11 07:18 - 2017-04-28 02:03 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-05-11 07:18 - 2017-04-28 02:03 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-05-11 07:18 - 2017-04-28 02:03 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-05-11 07:18 - 2017-04-28 02:02 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-05-11 07:18 - 2017-04-28 02:01 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-05-11 07:18 - 2017-04-28 02:01 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-05-11 07:18 - 2017-04-28 01:59 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-05-11 07:18 - 2017-04-28 01:59 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-05-11 07:18 - 2017-04-28 01:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-05-11 07:18 - 2017-04-28 01:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-05-11 07:18 - 2017-04-28 01:59 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-05-11 07:18 - 2017-04-28 01:58 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-05-11 07:18 - 2017-04-28 01:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-05-11 07:18 - 2017-04-28 01:57 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-05-11 07:18 - 2017-04-28 01:57 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-05-11 07:18 - 2017-04-28 01:57 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-05-11 07:18 - 2017-04-28 01:54 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-05-11 07:18 - 2017-04-28 01:54 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-05-11 07:18 - 2017-04-28 01:54 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-05-11 07:18 - 2017-04-28 01:54 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-05-11 07:18 - 2017-04-28 01:52 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-05-11 07:18 - 2017-04-19 09:07 - 00712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-05-11 07:18 - 2017-04-19 09:06 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-05-11 07:18 - 2017-04-19 09:04 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-05-11 07:18 - 2017-04-19 09:02 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-05-11 07:18 - 2017-04-19 08:19 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-05-11 07:18 - 2017-04-19 08:18 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-05-11 07:18 - 2017-04-19 08:16 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-05-11 07:18 - 2017-04-19 08:15 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-05-11 07:18 - 2017-04-19 08:14 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-05-11 07:18 - 2017-04-19 08:13 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-05-11 07:18 - 2017-04-19 08:13 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-05-11 07:18 - 2017-04-19 08:12 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-05-11 07:18 - 2017-04-19 08:12 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-05-11 07:18 - 2017-04-19 08:11 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-05-11 07:18 - 2017-04-19 08:11 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-05-11 07:18 - 2017-04-19 08:10 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-05-11 07:18 - 2017-04-19 08:10 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-05-11 07:18 - 2017-04-19 08:10 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-05-11 07:18 - 2017-04-19 08:08 - 01103872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-05-11 07:18 - 2017-04-19 08:08 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-05-11 07:18 - 2017-04-19 08:07 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-05-11 07:18 - 2017-04-19 08:07 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-05-11 07:18 - 2017-04-19 08:06 - 02651648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-05-11 07:18 - 2017-04-19 08:02 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-05-11 07:18 - 2017-04-19 08:01 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-05-11 07:18 - 2017-04-19 07:59 - 02435584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-05-11 07:18 - 2017-04-19 07:59 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-05-11 07:18 - 2017-04-19 07:58 - 20374424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-05-11 07:18 - 2017-04-19 07:37 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-05-11 07:18 - 2017-04-19 07:36 - 01291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-05-11 07:18 - 2017-04-19 07:35 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-05-11 07:18 - 2017-04-19 07:34 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-05-11 07:18 - 2017-04-19 07:34 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-05-11 07:18 - 2017-04-19 07:32 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-05-11 07:18 - 2017-04-19 07:30 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-05-11 07:18 - 2017-04-19 07:29 - 02298880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-05-11 07:18 - 2017-04-14 02:35 - 04848440 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-05-11 07:18 - 2017-04-14 02:35 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-05-11 07:18 - 2017-04-14 02:35 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-05-11 07:18 - 2017-04-14 02:32 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-05-11 07:18 - 2017-04-14 02:30 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-05-11 07:18 - 2017-04-14 02:25 - 01854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-05-11 07:18 - 2017-04-14 02:25 - 01452960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-05-11 07:18 - 2017-04-14 01:43 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-05-11 07:18 - 2017-04-14 01:43 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-05-11 07:18 - 2017-04-14 01:41 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-05-11 07:18 - 2017-04-14 01:41 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-05-11 07:18 - 2017-04-14 01:40 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-05-11 07:18 - 2017-04-14 01:39 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-05-11 07:18 - 2017-04-14 01:39 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-05-11 07:18 - 2017-04-14 01:39 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-05-11 07:18 - 2017-04-14 01:39 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-05-11 07:18 - 2017-04-14 01:38 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-05-11 07:18 - 2017-04-14 01:38 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-05-11 07:18 - 2017-04-14 01:37 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-05-11 07:18 - 2017-04-14 01:37 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-05-11 07:18 - 2017-04-14 01:37 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-05-11 07:18 - 2017-04-14 01:37 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-05-11 07:18 - 2017-04-14 01:36 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-05-11 07:18 - 2017-04-14 01:36 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-05-11 07:18 - 2017-04-14 01:35 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-05-11 07:18 - 2017-04-14 01:35 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-05-11 07:18 - 2017-04-14 01:35 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-05-11 07:18 - 2017-04-14 01:34 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-05-11 07:18 - 2017-04-14 01:34 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-05-11 07:18 - 2017-04-14 01:33 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-05-11 07:18 - 2017-04-14 01:33 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-05-11 07:18 - 2017-04-14 01:31 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-05-11 07:18 - 2017-04-14 01:31 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-05-11 07:18 - 2017-04-14 01:29 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-05-11 07:18 - 2017-04-14 01:29 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-05-11 07:18 - 2017-04-14 01:29 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-05-11 07:18 - 2017-04-14 01:29 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-05-11 07:18 - 2017-04-14 01:29 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-05-11 07:18 - 2017-04-14 01:28 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-05-11 07:18 - 2017-04-14 01:26 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-05-11 07:18 - 2017-04-14 01:25 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-05-11 07:18 - 2017-04-14 01:24 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll

Knaak
Level 1
Level 1
Příspěvky: 86
Registrován: leden 07
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Zavirováno - prosím o kontrolu

Příspěvekod Knaak » 22 kvě 2017 20:27

2017-05-11 07:18 - 2017-04-14 01:21 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-05-11 07:18 - 2017-04-14 01:21 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-05-11 07:18 - 2017-04-14 01:18 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-05-11 07:18 - 2017-04-14 01:18 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-05-11 07:18 - 2017-04-14 01:15 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-05-11 07:18 - 2017-04-14 01:15 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-05-11 07:18 - 2017-04-14 01:13 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-05-11 07:18 - 2017-04-14 01:13 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-05-11 07:18 - 2017-04-14 01:08 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-05-11 07:18 - 2017-04-14 01:06 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-05-11 07:18 - 2017-04-14 01:04 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-05-11 07:18 - 2017-04-14 01:01 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-05-07 22:15 - 2017-05-07 23:17 - 3524261184 _____ C:\Users\Lukáš\Downloads\Dragon-Blade_2015-1080p-BluRay_Subt.CZ.mkv
2017-05-05 07:07 - 2017-05-05 07:08 - 233001514 _____ C:\Users\Lukáš\Downloads\Arrow.S05E20.HDTV.x264-SVA.mkv
2017-05-05 07:02 - 2017-05-05 07:02 - 00122468 _____ C:\Users\Lukáš\Downloads\Arrow.S05E20.HDTV.x264-SVA.srt
2017-05-05 06:42 - 2017-05-05 06:42 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-05-05 06:42 - 2017-05-02 00:38 - 00513144 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-05-05 06:42 - 2017-05-01 22:14 - 00134592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-05-05 06:42 - 2017-03-10 23:17 - 00536864 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-05-05 06:42 - 2017-03-10 23:17 - 00525600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-05-05 06:42 - 2017-03-10 23:17 - 00254240 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-05-05 06:42 - 2017-03-10 23:17 - 00233760 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-05-05 06:40 - 2017-05-02 00:38 - 40201848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-05-05 06:40 - 2017-05-02 00:38 - 35388864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-05-05 06:40 - 2017-05-02 00:38 - 35281528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-05-05 06:40 - 2017-05-02 00:38 - 28623480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-05-05 06:40 - 2017-05-02 00:38 - 11056456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-05-05 06:40 - 2017-05-02 00:38 - 11024384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-05-05 06:40 - 2017-05-02 00:38 - 10547440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-05-05 06:40 - 2017-05-02 00:38 - 09245744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-05-05 06:40 - 2017-05-02 00:38 - 09014792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-05-05 06:40 - 2017-05-02 00:38 - 08805232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-05-05 06:40 - 2017-05-02 00:38 - 03792320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-05-05 06:40 - 2017-05-02 00:38 - 03247736 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-05-05 06:40 - 2017-05-02 00:38 - 01988032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438205.dll
2017-05-05 06:40 - 2017-05-02 00:38 - 01589696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438205.dll
2017-05-05 06:40 - 2017-05-02 00:38 - 01278528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-05-05 06:40 - 2017-05-02 00:38 - 01276128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2017-05-05 06:40 - 2017-05-02 00:38 - 01054144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-05-05 06:40 - 2017-05-02 00:38 - 00995736 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-05-05 06:40 - 2017-05-02 00:38 - 00993872 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2017-05-05 06:40 - 2017-05-02 00:38 - 00991168 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-05-05 06:40 - 2017-05-02 00:38 - 00960960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-05-05 06:40 - 2017-05-02 00:38 - 00911992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-05-05 06:40 - 2017-05-02 00:38 - 00821184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-05-05 06:40 - 2017-05-02 00:38 - 00776048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-05-05 06:40 - 2017-05-02 00:38 - 00688968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-05-05 06:40 - 2017-05-02 00:38 - 00651200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-05-05 06:40 - 2017-05-02 00:38 - 00618744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2017-05-05 06:40 - 2017-05-02 00:38 - 00612088 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-05-05 06:40 - 2017-05-02 00:38 - 00609912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-05-05 06:40 - 2017-05-02 00:38 - 00577728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-05-05 06:40 - 2017-05-02 00:38 - 00499320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-05-03 22:43 - 2017-05-03 22:42 - 00400456 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-05-03 19:37 - 2017-05-03 19:37 - 00246168 _____ (Mozilla) C:\Users\Lukáš\Downloads\Firefox Setup Stub 53.0.exe
2017-05-03 19:28 - 2017-05-03 19:28 - 00000000 ____D C:\Program Files (x86)\IIS
2017-05-03 19:27 - 2017-05-11 10:38 - 00000000 _____ C:\WINDOWS\SysWOW64\1111111
2017-05-03 19:26 - 2017-05-16 09:44 - 00000000 ____D C:\Program Files (x86)\Ckernerghtconogh
2017-05-03 19:26 - 2017-05-05 14:38 - 00000000 ____D C:\Insist
2017-05-03 19:26 - 2017-05-03 19:26 - 00000000 ____D C:\WINDOWS\psgo
2017-05-02 18:16 - 2017-05-02 18:19 - 283627178 _____ C:\Users\Lukáš\Downloads\Arrow.S05E07.HDTV.x264-LOL[ettv].mkv
2017-05-02 12:56 - 2017-05-03 21:14 - 00000000 ____D C:\Program Files\Z3PEORCXNX
2017-05-02 12:56 - 2017-05-03 21:13 - 00000000 ____D C:\Program Files\EJR6DTYSMT
2017-05-02 12:56 - 2017-05-03 21:12 - 00000000 ____D C:\Program Files\7L09Z802ED
2017-05-02 06:44 - 2017-05-02 06:44 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2017-05-02 06:43 - 2017-05-02 06:43 - 00000000 ___HD C:\$AV_ASW
2017-05-02 06:41 - 2017-05-02 13:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-05-02 06:38 - 2017-05-18 12:02 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\Coijosghodusy
2017-05-02 06:38 - 2017-05-02 13:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-05-02 06:37 - 2017-05-03 21:16 - 00000000 ____D C:\Program Files\VNO4GJ6EAX
2017-05-02 06:37 - 2017-05-03 21:16 - 00000000 ____D C:\Program Files\TUH04HSRQT
2017-05-02 06:37 - 2017-05-03 21:13 - 00000000 ____D C:\Program Files\ICFQ8EJIQP
2017-05-02 06:37 - 2017-05-03 21:13 - 00000000 ____D C:\Program Files\EAMF23B5H9
2017-05-02 06:37 - 2017-05-03 21:12 - 00000000 ____D C:\Program Files\9Y105WR5UM
2017-05-02 06:36 - 2017-05-02 13:45 - 00000000 ____D C:\Program Files (x86)\KMSPico 10.2.1 Final
2017-04-29 14:55 - 2017-05-02 06:42 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\NVIDIA
2017-04-29 14:54 - 2017-04-26 07:40 - 00153536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-04-29 14:54 - 2017-04-26 07:40 - 00127424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-22 20:16 - 2017-04-16 08:17 - 00003100 _____ C:\WINDOWS\System32\Tasks\AsrKM
2017-05-21 23:50 - 2017-04-16 08:14 - 00000000 ____D C:\Users\Lukáš
2017-05-21 23:50 - 2017-04-16 08:13 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-05-21 12:07 - 2017-04-16 08:23 - 02373470 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-21 12:07 - 2017-03-20 06:39 - 01054292 _____ C:\WINDOWS\system32\perfh005.dat
2017-05-21 12:07 - 2017-03-20 06:39 - 00243624 _____ C:\WINDOWS\system32\perfc005.dat
2017-05-21 12:00 - 2017-04-16 08:17 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-21 12:00 - 2016-11-19 18:06 - 00181712 ____N C:\WINDOWS\Minidump\052117-3703-01.dmp
2017-05-21 11:58 - 2017-03-18 13:40 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-05-21 11:53 - 2016-11-19 18:06 - 00315628 ____N C:\WINDOWS\Minidump\052117-3578-01.dmp
2017-05-21 11:50 - 2016-11-19 18:06 - 00315628 ____N C:\WINDOWS\Minidump\052117-3781-01.dmp
2017-05-21 11:49 - 2016-11-19 18:06 - 00315564 ____N C:\WINDOWS\Minidump\052117-4000-01.dmp
2017-05-21 05:18 - 2017-03-18 23:01 - 00000000 ____D C:\WINDOWS\INF
2017-05-21 04:56 - 2017-03-18 23:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-20 08:19 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-05-20 08:19 - 2016-07-16 13:47 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-05-20 07:15 - 2016-12-09 12:55 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-05-19 21:34 - 2016-11-19 18:05 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\BSplayer PRO
2017-05-17 06:39 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\appcompat
2017-05-16 21:49 - 2016-11-19 19:51 - 00000000 ____D C:\Users\Lukáš\AppData\Local\Mozilla
2017-05-16 10:57 - 2016-11-19 18:10 - 00000000 ____D C:\Users\Lukáš\AppData\Local\Packages
2017-05-16 10:56 - 2016-11-19 19:51 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\Mozilla
2017-05-16 10:55 - 2017-03-18 23:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-05-16 10:55 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2017-05-16 10:55 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\registration
2017-05-15 10:43 - 2016-11-19 19:55 - 00158880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2017-05-13 19:05 - 2017-04-15 14:01 - 00000000 ___DC C:\WINDOWS\Panther
2017-05-13 19:05 - 2016-11-22 14:34 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\uTorrent
2017-05-12 19:14 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\rescache
2017-05-11 17:43 - 2017-04-16 08:13 - 00391632 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-05-11 17:43 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-05-11 17:43 - 2016-11-19 18:10 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-05-11 17:42 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-05-11 17:42 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-05-11 17:42 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-05-11 17:42 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-05-11 17:42 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-05-11 17:42 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-05-11 17:42 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Provisioning
2017-05-11 17:42 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-05-11 17:42 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-05-11 17:42 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-05-11 17:42 - 2017-03-18 13:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-05-11 16:36 - 2016-11-19 21:43 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-05-11 16:35 - 2016-11-19 21:43 - 156335152 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-05-11 00:08 - 2016-11-19 22:48 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-05-09 13:16 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-05-08 07:17 - 2017-04-16 08:14 - 00000000 ____D C:\Users\defaultuser0
2017-05-08 07:17 - 2017-04-16 08:13 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-05-08 07:17 - 2017-03-18 23:06 - 00000000 ____D C:\WINDOWS\Setup
2017-05-08 07:17 - 2017-03-18 23:03 - 00000000 __RSD C:\WINDOWS\Media
2017-05-08 07:17 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-05-08 07:17 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2017-05-08 07:17 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2017-05-08 07:17 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-05-08 07:17 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-05-08 07:17 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\security
2017-05-08 07:17 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\InputMethod
2017-05-08 07:17 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\IME
2017-05-08 07:17 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Help
2017-05-08 07:17 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Common Files\System
2017-05-08 07:17 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-05-08 07:17 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-05-08 07:17 - 2016-12-07 23:26 - 00000000 ____D C:\Users\Lukáš\Documents\Battlefield 1
2017-05-08 07:17 - 2016-12-07 21:54 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\Origin
2017-05-08 07:17 - 2016-12-07 17:07 - 00000000 ____D C:\Users\Lukáš\AppData\Local\Steam
2017-05-08 07:17 - 2016-11-19 21:35 - 00000000 ____D C:\Program Files (x86)\OSCAR Editor X7
2017-05-08 07:17 - 2016-11-19 20:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2017-05-08 07:17 - 2016-11-19 20:09 - 00000000 ____D C:\Users\Lukáš\AppData\Local\NVIDIA Corporation
2017-05-08 07:17 - 2016-11-19 19:57 - 00000000 ____D C:\Users\Lukáš\AppData\LocalLow\Adobe
2017-05-08 07:17 - 2016-11-19 19:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-08 07:17 - 2016-11-19 19:50 - 00000000 ____D C:\Users\Lukáš\AppData\Local\MicrosoftEdge
2017-05-08 07:17 - 2016-11-19 19:35 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\Skype
2017-05-08 07:17 - 2016-11-19 18:10 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\Adobe
2017-05-08 07:17 - 2016-11-19 18:10 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\Packages
2017-05-05 10:35 - 2017-04-16 08:17 - 00004470 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-05-04 18:37 - 2017-04-16 08:17 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-05-03 22:58 - 2017-04-15 10:02 - 00001254 _____ C:\Users\Lukáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aktualizace a nastavení ochrany osobních údajů.lnk
2017-05-03 22:58 - 2016-11-22 15:13 - 00000279 _____ C:\Users\Lukáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Koš.lnk
2017-05-03 22:58 - 2016-11-19 18:11 - 00002389 _____ C:\Users\Lukáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-05-03 22:57 - 2017-03-24 11:21 - 00001025 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2017-05-03 22:57 - 2017-01-28 21:10 - 00001124 _____ C:\Users\Public\Desktop\Ulož.to FileManager.lnk
2017-05-03 22:57 - 2016-11-19 22:48 - 00002658 _____ C:\Users\Public\Desktop\Skype.lnk
2017-05-03 22:57 - 2016-11-19 20:18 - 00001262 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2017-05-03 22:57 - 2016-11-19 19:55 - 00002017 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-05-03 22:57 - 2016-11-19 19:28 - 00000537 _____ C:\Users\Lukáš\Desktop\System(C).lnk
2017-05-03 22:57 - 2016-11-19 19:28 - 00000446 _____ C:\Users\Lukáš\Desktop\DVD-ROCK.lnk
2017-05-03 22:43 - 2017-04-16 08:17 - 00004022 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1479578257
2017-05-03 22:43 - 2017-04-16 08:17 - 00003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-05-03 22:42 - 2017-03-06 11:28 - 00334576 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-05-03 22:42 - 2017-03-06 11:28 - 00311808 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-05-03 22:42 - 2017-03-06 11:28 - 00190256 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-05-03 22:42 - 2017-03-06 11:28 - 00049016 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-05-03 22:42 - 2016-11-19 19:57 - 00032600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-05-03 22:42 - 2016-11-19 19:55 - 01007160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-05-03 22:42 - 2016-11-19 19:55 - 00569192 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-05-03 22:42 - 2016-11-19 19:55 - 00339696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-05-03 22:42 - 2016-11-19 19:55 - 00128648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-05-03 22:42 - 2016-11-19 19:55 - 00101152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-05-03 22:42 - 2016-11-19 19:55 - 00075704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-05-03 22:42 - 2016-11-19 19:55 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-05-03 22:31 - 2016-11-19 20:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-05-02 13:55 - 2017-04-16 08:17 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-05-02 13:55 - 2017-03-18 23:03 - 00000000 ___RD C:\Program Files\Windows Defender
2017-05-02 13:55 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Windows Security
2017-05-02 13:55 - 2016-12-09 12:46 - 00000000 ____D C:\WINDOWS\ERUNT
2017-05-02 13:55 - 2016-12-07 18:41 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-05-02 13:55 - 2016-11-20 22:43 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2017-05-02 13:55 - 2016-11-19 20:53 - 00000000 ___RD C:\Users\Lukáš\Desktop\Hry
2017-05-02 13:55 - 2016-11-19 19:58 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-05-02 13:54 - 2017-04-16 08:17 - 00003656 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-05-02 13:45 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Cursors
2017-05-02 13:10 - 2016-11-22 14:35 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent
2017-05-02 06:37 - 2017-03-18 13:40 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-05-02 00:38 - 2017-04-09 19:16 - 04092088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-05-02 00:38 - 2017-04-09 19:16 - 03607464 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-05-02 00:38 - 2017-04-09 19:16 - 00059448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-05-02 00:38 - 2017-04-09 19:16 - 00045061 _____ C:\WINDOWS\system32\nvinfo.pb
2017-05-02 00:38 - 2017-03-20 06:41 - 00418936 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2017-05-01 22:52 - 2017-04-16 08:13 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-05-01 22:51 - 2017-04-16 08:13 - 06437312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-05-01 22:51 - 2017-04-16 08:13 - 02479552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-05-01 22:51 - 2017-04-16 08:13 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-05-01 22:51 - 2017-04-16 08:13 - 00548800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-05-01 22:51 - 2017-04-16 08:13 - 00392312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-05-01 22:51 - 2017-04-16 08:13 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-05-01 22:51 - 2017-04-16 08:13 - 00069752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-04-29 14:55 - 2017-04-16 08:17 - 00003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-04-29 14:54 - 2017-04-16 08:17 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-04-29 14:54 - 2017-04-16 08:17 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-04-29 14:54 - 2017-04-16 08:17 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-04-29 14:54 - 2017-04-16 08:17 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-04-29 14:54 - 2017-04-16 08:17 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-04-29 14:54 - 2017-04-16 08:17 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-04-29 14:54 - 2017-04-16 08:13 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-04-29 03:05 - 2017-03-18 23:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-29 03:05 - 2017-03-18 23:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-28 17:12 - 2016-11-19 17:44 - 00000000 ____D C:\Staženo
2017-04-26 07:40 - 2017-01-20 14:53 - 00047552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-04-26 07:40 - 2016-11-19 20:09 - 01882048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-04-26 07:40 - 2016-11-19 20:09 - 01755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-04-26 07:40 - 2016-11-19 20:09 - 01472960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-04-26 07:40 - 2016-11-19 20:09 - 01317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-04-26 07:40 - 2016-11-19 20:09 - 00121280 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-04-26 07:03 - 2017-04-09 19:20 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-04-25 23:11 - 2017-04-16 08:13 - 07944687 _____ C:\WINDOWS\system32\nvcoproc.bin

==================== Files in the root of some directories =======

2016-11-19 19:34 - 2017-01-22 10:49 - 0000000 _____ () C:\Users\Lukáš\AppData\Local\Driver_LOM_8171Present.flag
2016-11-19 17:29 - 2017-01-15 11:05 - 0001904 _____ () C:\Users\Lukáš\AppData\Local\FSDownloader.err
2016-11-19 17:36 - 2017-04-13 13:04 - 0001104 _____ () C:\Users\Lukáš\AppData\Local\FSDownloader.nast
2016-11-22 13:33 - 2016-11-22 14:21 - 0002340 _____ () C:\Users\Lukáš\AppData\Local\sharerapid-download-manager.err
2016-11-22 13:35 - 2016-11-22 14:30 - 0001312 _____ () C:\Users\Lukáš\AppData\Local\sharerapid-download-manager.nast
2017-04-16 08:14 - 2017-04-16 08:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-12-15 20:35 - 2017-01-20 14:53 - 0005943 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-15 20:35 - 2017-01-19 20:00 - 0013440 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-16 11:23

==================== End of FRST.txt ============================

Knaak
Level 1
Level 1
Příspěvky: 86
Registrován: leden 07
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Zavirováno - prosím o kontrolu

Příspěvekod Knaak » 22 kvě 2017 20:27

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-05-2017
Ran by Lukáš (22-05-2017 20:24:01)
Running from C:\Users\Lukáš\Desktop
Windows 10 Pro Version 1703 (X64) (2017-04-16 06:20:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-93891766-2264748017-560823220-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-93891766-2264748017-560823220-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-93891766-2264748017-560823220-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-93891766-2264748017-560823220-501 - Limited - Disabled)
Lukáš (S-1-5-21-93891766-2264748017-560823220-1001 - Administrator - Enabled) => C:\Users\Lukáš

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (HKLM-x32\...\{23170F69-40C1-2701-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
7-Zip 9.21beta (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.20) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.20 - Adobe Systems Incorporated)
Aktualizace NVIDIA 24.0.0.0 (Version: 24.0.0.0 - NVIDIA Corporation) Hidden
AlphaGo (HKLM-x32\...\{118B6258-BF13-47C9-8D46-B2A349196B5D}) (Version: 1.0.0 - Default Company Name) <==== ATTENTION
Ansel (Version: 382.05 - NVIDIA Corporation) Hidden
APP Shop v1.0.28 (HKLM-x32\...\{90242E9B-BC60-46E3-8EE7-8E953F702280}_is1) (Version: 1.0.28 - ASRock Inc.)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
ASRock 3TB+ Unlocker v1.1.1 (HKLM\...\ASRock 3TB+ Unlocker_is1) (Version: 1.1.1 - ASRock Inc.)
ASRock Key Master v3.0.2 (HKLM-x32\...\ASRock Key Master_is1) (Version: 3.0.2 - ASRock Inc.)
ASRock Restart to UEFI v1.0.5 (HKLM-x32\...\ASRock Restart to UEFI_is1) (Version: 1.0.5 - )
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.49.52296 - Electronic Arts)
BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.67.1076 - AB Team, d.o.o.)
Call of Duty: Black Ops III (HKLM\...\Steam App 311210) (Version: - Treyarch)
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM\...\Steam App 10190) (Version: - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM\...\Steam App 10180) (Version: - Infinity Ward)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
CPUID HWMonitor 1.31 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.0.0220 - Disc Soft Ltd)
DOOM (HKLM\...\Steam App 379720) (Version: - id Software)
Fatal1ty Mouse Port v3.0.10 (HKLM-x32\...\Fatal1ty Mouse Port_is1) (Version: 3.0.10 - ASRock Inc.)
FIFA 16 (HKLM-x32\...\{28FA2805-7992-4A28-844B-040C57204718}) (Version: 1.44.20513.9 - Electronic Arts)
HD Tune Pro 5.60 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1173 - Intel Corporation)
Intel® Chipset Device Software (x32 Version: 10.1.1.12 - Intel(R) Corporation) Hidden
Killer Bandwidth Control Filter Driver (Version: 1.1.56.1651 - Rivet Networks) Hidden
Killer E240x Drivers (Version: 1.1.56.1651 - Rivet Networks) Hidden
Killer Network Manager (Version: 1.1.56.1651 - Rivet Networks) Hidden
Killer Performance Suite (HKLM-x32\...\{DB8A465E-67BE-4450-9C9A-FECEA6222B95}) (Version: 1.1.56.1651 - Rivet Networks)
LEGO MARVEL Super Heroes (HKLM-x32\...\LEGO MARVEL Super Heroes_is1) (Version: - Warner Bros. Games)
Malwarebytes verze 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft DirectX SDK (August 2006) (HKLM-x32\...\{41EBA469-1E70-4ACE-AD30-1186F06D8BC5}) (Version: 9.14.701 - Microsoft® Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-93891766-2264748017-560823220-1001\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30411 (HKLM\...\{D93AC9C8-B6CF-391E-BD2F-48AF4727476C}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MKVToolNix 7.3.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 7.3.0 - Moritz Bunkus)
Mortal Kombat X (HKLM-x32\...\Mortal Kombat X_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
Mozilla Firefox 53.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 53.0.2 (x64 cs)) (Version: 53.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.2.6333 - Mozilla)
Mozilla Thunderbird 52.1.0 (x86 cs) (HKLM-x32\...\Mozilla Thunderbird 52.1.0 (x86 cs)) (Version: 52.1.0 - Mozilla)
MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD)
MSI DragonEye (HKLM\...\{7116875E-F251-4C33-AB3F-37DE05B15595}_is1) (Version: 0.0.2.4 - MSI)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 6.0.0.30 - MSI)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
NVIDIA GeForce Experience 3.5.0.76 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.5.0.76 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.05 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NvNodejs (Version: 3.5.0.76 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.4.5.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.4.9.38188 - Electronic Arts, Inc.)
OSCAR Editor (x32 Version: 10.06.0004 - A4TECH) Hidden
Ovládací panel NVIDIA 382.05 (Version: 382.05 - NVIDIA Corporation) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.989 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7647 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.5 - VS Revo Group, Ltd.)
Rise of the Tomb Raider (HKLM-x32\...\Rise of the Tomb Raider_is1) (Version: 1.0.668.1 - Square-Enix)
SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
SHIELD Streaming (Version: 7.1.0360 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.5.0.76 - NVIDIA Corporation) Hidden
Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Street Fighter X Tekken (HKLM-x32\...\{43430FA5-AF68-4A2D-A7D4-891000008200}) (Version: 1.0.0.0 - CAPCOM U.S.A., INC)
Tom Clancy's The Division (HKLM-x32\...\Uplay Install 568) (Version: - Ubisoft)
Ulož.to FileManager verze 2.02 (HKLM-x32\...\{7DE5EA5D-C933-4549-9A44-5BC671F23BBF}_is1) (Version: 2.02 - Uloz.to cloud a.s.)
Uplay (HKLM-x32\...\Uplay) (Version: 27.0 - Ubisoft)
Viking: Battle for Asgard (HKLM-x32\...\Viking: Battle for Asgard_is1) (Version: - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Warhammer 40,000 Space Marine (HKLM\...\Steam App 55150) (Version: - Relic)
Warhammer® 40,000™: Dawn of War® II - Chaos Rising™ (HKLM\...\Steam App 20570) (Version: - Relic Entertainment)
Warhammer® 40,000™: Dawn of War® II (HKLM\...\Steam App 15620) (Version: - Relic Entertainment)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
X7 Oscar Editor (HKLM-x32\...\InstallShield_{37D0D63F-8F2B-4BA6-A4B6-126AE36B8E59}) (Version: 10.06.0004 - A4TECH)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.0.388 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04D583C0-4B74-4307-8766-754F363C11F4} - System32\Tasks\MSIOSDx86_Host => C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe [2016-07-28] (Micro-Star INT'L CO., LTD.)
Task: {44123C26-6767-4917-A4E2-3B6C33E7BC50} - System32\Tasks\AsrKM => C:\Program Files (x86)\ASRock Utility\Key Master\AsrKM.exe [2016-04-13] ()
Task: {4776D5BD-7262-4C84-991C-A071172F31CE} - System32\Tasks\MSISW_Host => C:\Windows\SysWoW64\muachost.exe [2015-08-18] (MSI)
Task: {4D6440BA-B5C8-411A-90B0-68B08244C8E8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {534863F3-68DF-4E75-9B84-D3248ED2F3F4} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-05-02] (AVAST Software)
Task: {6342B1A3-AC4F-4285-8950-AF2DF04961FA} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-04-26] (NVIDIA Corporation)
Task: {6716EA93-6B23-4860-84D9-35E5E398D773} - \Jnchreodugh -> No File <==== ATTENTION
Task: {7EB25340-282E-452B-B01B-1D20C078775F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {943B2EAE-48B1-4D9E-9D88-EAECBE4E99C5} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-04-26] (NVIDIA Corporation)
Task: {A0B3C336-E794-4BFA-85FD-EF2F7142508B} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-04-26] (NVIDIA Corporation)
Task: {A3CA3B5A-FE5E-441B-8F5A-4C554C11CA7E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-04-26] (NVIDIA Corporation)
Task: {A5FB23F1-F0BE-46F6-A1DF-89D52AFF56C1} - System32\Tasks\MSIOSDx64_Host => C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe [2016-07-28] (Micro-Star INT'L CO., LTD.)
Task: {B077C87A-87FB-4968-9953-BE3F17E9E23A} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-04-26] (NVIDIA Corporation)
Task: {B1B56477-10A2-4BC9-A91A-39106301D452} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-03] (AVAST Software)
Task: {B5D4C5DC-56B0-4EAB-B7C3-D8BC3BE4B533} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {BAE2A75B-1679-4846-B21D-5374613C3361} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-09] (Adobe Systems Incorporated)
Task: {D9D225DD-7A62-440F-8224-E48667D32D3B} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-04-26] (NVIDIA Corporation)
Task: {E17D300A-2DC6-4580-96E0-F35B5BFEDCD2} - System32\Tasks\SafeZone scheduled Autoupdate 1479578257 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
Task: {F6BF326F-D267-437A-A154-06C1BDD966BD} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-04-26] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\MSISW_Host.job => C:\WINDOWS\SysWOW64\muachost.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-05-16 11:02 - 2017-05-09 16:38 - 02270672 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-11-19 20:09 - 2017-04-26 07:40 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-12-16 17:58 - 2016-12-16 17:58 - 00075064 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2016-12-16 17:58 - 2016-12-16 17:58 - 00189248 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe
2016-11-29 10:48 - 2016-06-14 17:35 - 00187392 _____ () C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\D3D11FontDraw.dll
2017-03-18 22:58 - 2017-03-18 22:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2017-05-20 08:28 - 2017-05-20 08:28 - 00154480 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2017-03-18 22:59 - 2017-03-20 06:41 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-05-09 14:36 - 2017-05-09 14:36 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-05-09 14:36 - 2017-05-09 14:36 - 00201728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-05-09 14:36 - 2017-05-09 14:36 - 43195904 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-05-09 14:36 - 2017-05-09 14:36 - 02457088 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\skypert.dll
2016-12-06 16:09 - 2016-12-06 16:09 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2016-11-29 10:48 - 2016-06-14 17:35 - 00163328 _____ () C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\D3D11FontDraw.dll
2017-05-03 22:42 - 2017-05-03 22:42 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-03 22:42 - 2017-05-03 22:42 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-03 22:42 - 2017-05-03 22:42 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-05-03 22:42 - 2017-05-03 22:42 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-03 22:42 - 2017-05-03 22:42 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-05-03 22:42 - 2017-05-03 22:42 - 00291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-05-03 22:42 - 2017-05-03 22:42 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 13:47 - 2017-05-20 08:05 - 00000753 _____ C:\WINDOWS\system32\Drivers\etc\hosts


127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-93891766-2264748017-560823220-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Pozadí plochy.bmp
DNS Servers: 192.168.1.20
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run32: => "GammingApp"
HKU\S-1-5-21-93891766-2264748017-560823220-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-93891766-2264748017-560823220-1001\...\StartupApproved\Run: => "OscarEditor"
HKU\S-1-5-21-93891766-2264748017-560823220-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-93891766-2264748017-560823220-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-93891766-2264748017-560823220-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{EF7BBD2A-1F9F-4070-9491-DC70202D1D53}] => (Allow) LPort=26789
FirewallRules: [{8B42D3C2-85CD-4AB5-A7C1-B66082706ADA}] => (Allow) D:\Steam\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe
FirewallRules: [{B6642F11-6D88-4B0D-A9C2-0C546F53BC1A}] => (Allow) D:\Steam\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe
FirewallRules: [{D37DDD1A-AC1E-41F0-B1F7-EE904118044A}] => (Allow) D:\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's The Division\TheDivision.exe
FirewallRules: [{3425A1F8-E14B-495E-87E3-D8490830C856}] => (Allow) D:\Steam\steamapps\common\Call of Duty Modern Warfare 2\iw4sp.exe
FirewallRules: [{2CB25E37-C98C-4EF2-AA66-33299C3D9F4D}] => (Allow) D:\Steam\steamapps\common\Call of Duty Modern Warfare 2\iw4sp.exe
FirewallRules: [{E4D35956-A975-442A-934D-39C892BFE291}] => (Allow) D:\Steam\steamapps\common\Call of Duty Modern Warfare 2\iw4mp.exe
FirewallRules: [{65394C7E-4452-46FA-A4A0-1B2B1E706805}] => (Allow) D:\Steam\steamapps\common\Call of Duty Modern Warfare 2\iw4mp.exe
FirewallRules: [UDP Query User{5FB01EAD-90B2-4AB2-8263-E46BA21FAFEA}D:\program files (x86)\origin games\fifa 16\fifa16.exe] => (Allow) D:\program files (x86)\origin games\fifa 16\fifa16.exe
FirewallRules: [TCP Query User{3AD4EF43-31FE-4E32-A608-9467F3A165FF}D:\program files (x86)\origin games\fifa 16\fifa16.exe] => (Allow) D:\program files (x86)\origin games\fifa 16\fifa16.exe
FirewallRules: [{ECDF15F2-D0C3-417F-BB97-6F8761030923}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 16\fifasetup\fifaconfig.exe
FirewallRules: [{7ED9FD51-9F45-48BC-9136-19CE6636B556}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 16\fifasetup\fifaconfig.exe
FirewallRules: [{C0B22D1B-23F6-40E6-9908-B7A49222B8FF}] => (Allow) D:\Steam\steamapps\common\Dawn of War 2\DOW2.exe
FirewallRules: [{F02D3F77-E76A-4D88-8812-B149C72F1EB9}] => (Allow) D:\Steam\steamapps\common\Dawn of War 2\DOW2.exe
FirewallRules: [{878BAB50-72B4-43A4-B212-40E5F291543B}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{97B86536-1E22-43EF-9985-7B3AE249339D}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{61E3D9FB-F461-43E6-A868-B286833135C2}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D8551A7E-3E46-4189-BE58-FE3CE909B515}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{793FAED3-93D3-45F7-8477-46FE25AD641A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{45B134DF-5452-4B6C-A697-E8E4BFBDB5DB}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{13806641-9807-4086-99AB-EA25D4E8A85B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BEAF2047-40B2-4DEC-AB15-7DD48C2A8187}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A771B94A-FED4-4866-B788-B8026D016549}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{C15C43A3-6E4F-44F2-BC10-CBBD495E5F3A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{D70FD38F-583A-4221-BB59-BBAB3DD6ABDA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{0EB5E299-8264-4420-B648-4E85AC211E6B}] => (Allow) D:\Steam\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [{5D837946-003C-4471-804A-D2A03FA56322}] => (Allow) D:\Steam\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [{A8C88A4E-B482-40CC-9E76-FE6EEF0995FC}] => (Allow) D:\Street Fighter X Tekken\SFTK.exe
FirewallRules: [{E90AEB01-E830-465C-8A85-B076E4F34CA8}] => (Allow) D:\Street Fighter X Tekken\SFTK.exe
FirewallRules: [{6B474EE2-9F77-4C1E-9054-1CA854AB69FB}] => (Allow) D:\Steam\steamapps\common\Warhammer 40,000 Space Marine\SpaceMarine.exe
FirewallRules: [{38730F69-E5ED-4EF5-A0AA-D98CE553BD8F}] => (Allow) D:\Steam\steamapps\common\Warhammer 40,000 Space Marine\SpaceMarine.exe
FirewallRules: [{D739AE0D-167A-4C7F-B7AA-630F265EB8BF}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{A4E10C14-AEDC-46EC-98E5-2D1D49FBB2D0}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{4C0099BC-2D49-4842-B3B2-DEF859F043C2}] => (Allow) LPort=1688
FirewallRules: [UDP Query User{F1A7F472-173F-4AA4-B6A9-A3CA51D381C4}C:\users\lukáš\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\lukáš\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{292BEE03-63BA-47BF-8226-31DFDE4AC6DC}C:\users\lukáš\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\lukáš\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{3CEBA1C5-62B9-4445-8682-C1448EA1EE55}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D0DE7161-1108-4E7C-86C7-028C999442A1}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{5938E432-3945-4353-82D0-3BA1E1E4004B}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{19B846F9-7492-469D-86F8-E5FDB25EE6FB}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{4F38F3CB-C1C5-4E26-BC2C-45565B526CC4}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{40C94F6C-B4EE-4720-A414-C70303B092E2}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596_0\SZBrowser.exe
FirewallRules: [{E7EAFF05-1BA8-4536-9188-76FCC66F343C}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596_1\SZBrowser.exe
FirewallRules: [{E13AC3DB-AF4F-46A8-A2B7-C29046CEB362}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{1DD8F61B-ACD0-4850-9589-3FD2E64034D4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

11-05-2017 08:30:40 Naplánovaný kontrolní bod
13-05-2017 19:09:28 Revo Uninstaller Pro's restore point - Mozilla Firefox 53.0.2 (x64 cs)
16-05-2017 09:53:10 Revo Uninstaller Pro's restore point - Mozilla Firefox 53.0.2 (x64 cs)
17-05-2017 10:17:59 JRT Pre-Junkware Removal
18-05-2017 11:58:28 Revo Uninstaller Pro's restore point - RogueKiller verze 12.8.4.0
20-05-2017 08:04:48 zoek.exe restore point

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/22/2017 08:16:29 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/22/2017 08:16:20 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

Error: (05/21/2017 12:00:42 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/21/2017 12:00:34 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (05/21/2017 11:56:05 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/21/2017 11:55:57 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (05/21/2017 11:54:05 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/21/2017 11:53:57 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (05/21/2017 11:51:27 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/21/2017 11:51:18 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1


System errors:
=============
Error: (05/22/2017 08:16:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Uživatelská služba platformy připojených zařízení_223178a byla ukončena s následující chybou:
Nespecifikovaná chyba

Error: (05/21/2017 12:00:08 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-NS1OFLJ)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
a APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
uživateli DESKTOP-NS1OFLJ\Lukáš (SID: S-1-5-21-93891766-2264748017-560823220-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/21/2017 12:00:07 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-NS1OFLJ)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
a APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
uživateli DESKTOP-NS1OFLJ\Lukáš (SID: S-1-5-21-93891766-2264748017-560823220-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/21/2017 12:00:07 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-NS1OFLJ)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
a APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
uživateli DESKTOP-NS1OFLJ\Lukáš (SID: S-1-5-21-93891766-2264748017-560823220-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/21/2017 12:00:07 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-NS1OFLJ)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
a APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
uživateli DESKTOP-NS1OFLJ\Lukáš (SID: S-1-5-21-93891766-2264748017-560823220-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/21/2017 12:00:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba CDPUserSvc_24281 byla ukončena s následující chybou:
Nespecifikovaná chyba

Error: (05/21/2017 12:00:06 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: Počítač byl restartován z procesu kontroly chyb. Kontrola chyb: 0x000000d1 (0xffffdc005f30e010, 0x00000000000000ff, 0x0000000000000000, 0xfffff80c2d9a95ae). Výpis byl uložen do: C:\WINDOWS\Minidump\052117-3703-01.dmp. ID hlášení: 3d54b0bc-8538-4e85-abc9-bfee0f8f61cf

Error: (05/21/2017 12:00:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba CldFlt neuspěla při spuštění v důsledku následující chyby:
Požadavek není podporován.

Error: (05/21/2017 12:00:05 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (11:59:10, ‎21.‎05.‎2017) bylo neočekávané.

Error: (05/21/2017 11:59:13 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-NS1OFLJ)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby WSearch s argumenty Není k dispozici za účelem spuštění serveru:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}


CodeIntegrity:
===================================
Date: 2017-05-02 10:37:24.716
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-04-26 15:26:18.233
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
Percentage of memory in use: 15%
Total physical RAM: 16317.66 MB
Available physical RAM: 13799.78 MB
Total Virtual: 17341.66 MB
Available Virtual: 14653.46 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:237.93 GB) (Free:140.28 GB) NTFS
Drive d: (Hry) (Fixed) (Total:489.05 GB) (Free:127.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 489 GB) (Disk ID: 4B949A04)
Partition 1: (Not Active) - (Size=489 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: B67FC75E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=237.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 MB) - (Type=27)

==================== End of Addition.txt ============================

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Zavirováno - prosím o kontrolu

Příspěvekod jaro3 » 22 kvě 2017 21:39

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
trvale vypni u něj rez. ochranu.


Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
SearchScopes: HKU\S-1-5-21-93891766-2264748017-560823220-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
S3 aswVmm; \??\C:\Users\LUK~1\AppData\Local\Temp\aswVmm.sys [X] <==== ATTENTION
C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
C:\Users\Lukáš\AppData\Local\DBG
C:\ProgramData\DP45977C.lfl
Task: {6716EA93-6B23-4860-84D9-35E5E398D773} - \Jnchreodugh -> No File <==== ATTENTION

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.


C:\Program Files (x86)\IIS
C:\WINDOWS\SysWOW64\1111111
C:\Program Files (x86)\Ckernerghtconogh
C:\Insist
C:\WINDOWS\psgo
C:\Program Files\Z3PEORCXNX
C:\Program Files\EJR6DTYSMT
C:\Program Files\7L09Z802ED
C:\Program Files\VNO4GJ6EAX
C:\Program Files\TUH04HSRQT
C:\Program Files\ICFQ8EJIQP
C:\Program Files\EAMF23B5H9
C:\Program Files\9Y105WR5UM
znáš ty programy/složky??


C:\Program Files (x86)\KMSPico 10.2.1 Final --- měl by sis zlegalizovat systém/office a tohle odinstalovat!

Stáhni si a nainstaluj WhoCrashed
otevři ho a klikni na Analyze.
Program vytvoří zprávu , zkopíruj celou a vlož prosím sem.

Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Seznam[Bot] a 12 hostů