Preventivní kontrola PC a čištění před tvorbou zálohy. Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

neca
Level 2
Level 2
Příspěvky: 164
Registrován: leden 12
Pohlaví: Muž
Stav:
Offline

Re: Preventivní kontrola PC a čištění před tvorbou zálohy.

Příspěvekod neca » 11 úno 2019 22:07

jaro3 píše:Není skrytá?

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému


Ashampoo_Snap_pondělí 11. února 2019_22h06m13s_003_.jpg
Není viz foto


Tak jsem ho zkusil spustit přes kompatibilitu s jiným systémem. Světe div se při nastavení na win7 se Zoek spouští, tak co s ním teď? Aby nesmazal např hesla stránek uložena ve Chromu nebo záložky chromu.

Reklama
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Preventivní kontrola PC a čištění před tvorbou zálohy.

Příspěvekod jaro3 » 11 úno 2019 23:08

Ty nemáš zazálohované , napsané hesla?

Následující by mělo vše vrátit zpět , ale nevím jestli nebudou problémy..
Tak si to zazálohuj.

Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
-pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:

Kód: Vybrat vše

 
zoekbackups;
C:\zoek_backup:v

 

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log Zkopíruj sem celý obsah toho logu.
Pokud budou problémy , spusť zoek v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

neca
Level 2
Level 2
Příspěvky: 164
Registrován: leden 12
Pohlaví: Muž
Stav:
Offline

Re: Preventivní kontrola PC a čištění před tvorbou zálohy.

Příspěvekod neca » 12 úno 2019 06:42

To víš, že hesla a všechno mám papírově zazálohované. To už jsem ti ale psal.


Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version)
Tool run by Roman on 12.02.2019 at 6:37:18,33.
Microsoft Windows 10 Pro 10.0.17134 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Roman\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2019-02-07-210107.log 8856 bytes

==== C:\zoek_backup content ======================

Folders:

C_PROGRA~2_COMMON~1_Wondershare (F=38 D=14 6927577 bytes)
C_PROGRA~3_Package Cache (F=42 D=47 151778987 bytes)
C_PROGRA~3_{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3} (F=1 D=1 3704 bytes)
C_Users_Roman_.android (F=2 D=0 2448 bytes)
C_Users_Roman_AppData_Local_CrashRpt (F=0 D=7 0 bytes)
C_Users_Roman_AppData_Local_Wondershare (F=2 D=1 82 bytes)
C_Users_Roman_AppData_Roaming_Temp (F=0 D=0 0 bytes)

Files:

C_WINDOWS_Installer_1e755d.msi.vir (02.08.2018 03:49 6451200 bytes)

C:\zoek_backup (files=87 folders=77 165164636 bytes)

==== EOF on 12.02.2019 at 6:39:47,86 ======================

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Preventivní kontrola PC a čištění před tvorbou zálohy.

Příspěvekod jaro3 » 12 úno 2019 18:18

Tam toho moc není , ještě něco zkusím najít.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

neca
Level 2
Level 2
Příspěvky: 164
Registrován: leden 12
Pohlaví: Muž
Stav:
Offline

Re: Preventivní kontrola PC a čištění před tvorbou zálohy.

Příspěvekod neca » 13 úno 2019 07:32

jaro3 píše:Tam toho moc není , ještě něco zkusím najít.


Tak Authy už mám obnovený a MyEtherWallet taky zaplať panbůh zato. Pak budem pokračovat. Authy jsem udělal formou nové instalace ale ne jako aplikace učtu ale jako samotný program v PC.
Tak MyEtherwallet jsem obnovil též. Super.

Tak teď co budeme dělat? Jak jsem psal na začátku jde mi o vyčištění PC z důvodu zazálohování. Jak jsme vraceli nějaké procesy zpět, nemám v kompu zase vir, nebo nějakou havěť?

A radu od tebe zda koupit noyý SSD + HDD. U toho SSD jsem ve Crystal disku neviděl žluté upozornění pouze u toho HDD.

SSD mám v záruce je třeba ho měnit?

Doporuč mi dobrý Antivir free Avast nebo AVG, Kaspersky, Bitdefender nevim?

Jak znovu aktivovat všechny firewolly, které jsem nějak povypínal v kompu? Už ani nevím co jsem všechno odklikal abych mohl spustit ten ZOEK, který se stejně spustil jen se synchronizací s win 7. Pobíráš to ještě? :)

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Preventivní kontrola PC a čištění před tvorbou zálohy.

Příspěvekod jaro3 » 13 úno 2019 18:28

Tak to je fajn , že se to podařilo vrátit , já jsem to konzultoval a pomocí zoek to nejde , jen použít obnovu systému , vrátit pomocí bodu obnovy před dobu než se použil zoek.

Ohledně antiviru bych vynechal AVG , bere víc prostřeků a zanáší dost systém , je zkrátka dost rozlezlej.
Tak Avira , Avat anebo se dost používá Comodo , je free i s firewalem,

A radu od tebe zda koupit noyý SSD + HDD. U toho SSD jsem ve Crystal disku neviděl žluté upozornění pouze u toho HDD.
SSD mám v záruce je třeba ho měnit?

SSD má jiné parametry , takže žlutý nebude

(1) KINGSTON SHSS37A240G
000000000001 Počet přemapovaných sektorů
000000000001 Počet udalostí s číslem realokování sektorů
pokud je v záruce , tak bych ho reklamoval. Klidně přidej info z CDI.

ten druhý disk zazálohovat a vyměnit

ještě jednou dej logy z FRST.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

neca
Level 2
Level 2
Příspěvky: 164
Registrován: leden 12
Pohlaví: Muž
Stav:
Offline

Re: Preventivní kontrola PC a čištění před tvorbou zálohy.

Příspěvekod neca » 13 úno 2019 18:38

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12.02.2019 01
Ran by Roman (administrator) on DESKTOP-O6D3TT1 (13-02-2019 18:32:12)
Running from C:\Users\Roman\Desktop
Loaded Profiles: Roman (Available Profiles: Roman)
Platform: Windows 10 Pro Version 1803 17134.590 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
() C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.31\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
() C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
() D:\Programy\Everythink\Everything\Everything.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Valve Corporation) D:\Programy\Steam\Steam.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIRPE.EXE
(Wargaming.net) C:\Games\World_of_Tanks\WargamingGameUpdater.exe
(Valve Corporation) D:\Programy\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) D:\Programy\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
() C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Valve Corporation) D:\Programy\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) D:\Programy\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) D:\Programy\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
() C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1811.3241.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [585296 2017-12-22] (Acronis International GmbH -> )
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1092304 2016-03-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [425864 2017-12-22] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4620736 2017-12-22] (Acronis International GmbH -> )
HKLM-x32\...\Winlogon: [Userinit] C:\WINDOWS\system32\userinit.exe, [27136 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\Run: [Steam] => D:\Programy\Steam\steam.exe [3141920 2019-02-02] (Valve -> Valve Corporation)
HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\Run: [Gaijin.Net Agent] => C:\Users\Roman\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2125384 2018-09-25] (Gaijin Network LTD -> Gaijin Entertainment)
HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\Run: [AshSnap] => C:\Program Files (x86)\Ashampoo\Ashampoo Snap 10\ashsnap.exe [6223760 2018-05-31] (Ashampoo GmbH & Co. KG -> Ashampoo GmbH & Co. KG)
HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30796352 2018-10-24] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIRPE.EXE [417776 2014-11-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\Run: [World of Tanks (1)] => C:\Games\World_of_Tanks\WargamingGameUpdater.exe [3139936 2018-06-25] (Wargaming.net Limited -> Wargaming.net)
HKU\S-1-5-18\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30796352 2018-10-24] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech Inc.)
HKLM\...\Drivers32: [MSVideo] => C:\WINDOWS\system32\vfwwdm32.dll [67072 2018-04-12] (Microsoft Corporation)
HKLM\...\Drivers32-x32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.96\Installer\chrmstp.exe [2019-02-12] (Google LLC -> Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acuity Update Tool.lnk [2017-11-25]
ShortcutTarget: Acuity Update Tool.lnk -> C:\Users\Roman\AppData\Roaming\MetaQuotes\Terminal\76AE827A66F7801B9D79B1FD1D2103FD\MQL4\Experts\AcuityUpdateTool\AcuityUpdateTool.exe ()
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6fbb34ec-5959-43f9-8070-f89720ac0664}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2017-11-26] [Legacy] [not signed]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2019-01-30] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2019-01-30] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.centrum.cz/
CHR Profile: C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default [2019-02-13]
CHR Extension: (Prezentace) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-07]
CHR Extension: (Dokumenty) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-07]
CHR Extension: (Disk Google) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-02-07]
CHR Extension: (IBM Security Rapport) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2019-02-10]
CHR Extension: (YouTube) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-07]
CHR Extension: (Tabulky) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-07]
CHR Extension: (Authy) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaedmjdfmmahhbjefcbgaolhhanlaolb [2019-02-12]
CHR Extension: (Dokumenty Google offline) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-02-07]
CHR Extension: (MyEtherWallet) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbmnnijcnlegkjjpcfjclmcfggfefdm [2019-02-13]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-02-07]
CHR Extension: (Gmail) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-02-07]
CHR Extension: (Chrome Media Router) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-12]
CHR Profile: C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-02-11]
CHR Profile: C:\Users\Roman\AppData\Local\Google\Chrome\User Data\System Profile [2019-02-11]
CHR HKU\S-1-5-21-917377831-1171802105-78364817-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcronisActiveProtectionService; C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [2723872 2017-12-22] (Acronis International GmbH -> Acronis International GmbH)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-03] (ASUSTeK Computer Inc. -> )
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.31\aaHMSvc.exe [975832 2017-01-25] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [779392 2019-01-24] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [145224 2017-02-27] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 Everything; D:\Programy\Everythink\Everything\Everything.exe [2199656 2018-02-09] (David Carpenter -> )
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes Corporation -> Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes Corporation -> Malwarebytes)
R2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4808088 2017-12-22] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [3004128 2017-12-22] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_status_server; C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [1742464 2017-12-22] (Acronis International GmbH -> )
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [787440 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [787440 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [5264888 2018-12-26] (IBM -> IBM Corp.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2018-12-19] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2018-12-19] (Microsoft Corporation -> Microsoft Corporation)
S3 ekrnEpfw; "C:\Program Files\ESET\ESET Security\ekrn.exe" [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AnviFPFltd; C:\WINDOWS\System32\DRIVERS\AnviFPFltd.sys [28568 2015-01-29] (Anvei Technology Co., LTD -> AnviSoft.com)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-03] (ASUSTeK Computer Inc. -> )
R2 file_protector; C:\WINDOWS\System32\DRIVERS\file_protector.sys [569392 2017-12-25] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [379664 2017-12-25] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 GenericMount; C:\WINDOWS\System32\drivers\GenericMount.sys [54320 2009-09-21] (Symantec Corporation -> Symantec Corporation)
S3 GPUIO; C:\Program Files (x86)\Common Files\InstallShield\Driver\9\Intel 32\690b33e1-0462-4e84-9bea-c7552b45432a.sys [27120 2017-11-24] (ASUSTeK Computer Inc. -> )
S3 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [34064 2017-05-08] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation -> Malwarebytes Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_4aa19ae78d94d8a3\nvlddmkm.sys [20706184 2019-02-01] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2018-10-25] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [70024 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [74576 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [501256 2018-12-26] (IBM -> IBM Corp.)
R1 RapportCerberus_1930247; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1930247.sys [1657968 2019-02-05] (IBM -> IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [725192 2018-12-26] (IBM -> IBM Corp.)
R0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [461768 2018-12-26] (IBM -> IBM Corp.)
R0 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [608840 2018-12-26] (IBM -> IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [758168 2018-12-26] (IBM -> IBM Corp.)
S3 RtlWlanu_OldIC; C:\WINDOWS\System32\drivers\rtwlanu_oldIC.sys [3814400 2018-04-12] (Microsoft Windows -> Realtek Semiconductor Corporation )
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1310552 2017-12-25] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [213336 2017-12-25] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 tnd; C:\WINDOWS\system32\DRIVERS\tnd.sys [690520 2017-12-25] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [331976 2017-12-25] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R0 volume_tracker; C:\WINDOWS\System32\DRIVERS\volume_tracker.sys [243472 2017-12-25] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46680 2018-12-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [330936 2018-12-19] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-19] (Microsoft Windows -> Microsoft Corporation)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [270608 2017-11-26] (Beijing Duodian Online Science and Technology Co.,Ltd -> BigNox Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-02-11] (Zemana Ltd. -> Zemana Ltd.)
S0 edevmon; system32\DRIVERS\edevmon.sys [X]
S3 RtlWlanu; \SystemRoot\System32\drivers\rtwlanu.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\Roman\Documents\BitcoinZ\BitcoinZ.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

neca
Level 2
Level 2
Příspěvky: 164
Registrován: leden 12
Pohlaví: Muž
Stav:
Offline

Re: Preventivní kontrola PC a čištění před tvorbou zálohy.

Příspěvekod neca » 13 úno 2019 18:41

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-13 07:41 - 2019-02-06 08:54 - 004527584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-02-13 07:41 - 2019-02-06 08:53 - 001634704 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-02-13 07:41 - 2019-02-06 08:35 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-02-13 07:41 - 2019-02-06 08:32 - 003648512 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-02-13 07:41 - 2019-02-06 08:30 - 004052992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-02-13 07:41 - 2019-02-06 08:30 - 001662464 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-02-13 07:41 - 2019-02-06 08:30 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-02-13 07:41 - 2019-02-06 08:11 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-02-13 07:41 - 2019-02-06 07:57 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-02-13 07:41 - 2019-02-06 07:52 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-02-13 07:41 - 2019-02-06 07:52 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-02-13 07:41 - 2019-02-06 07:52 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-02-13 07:41 - 2019-02-06 04:01 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-02-13 07:41 - 2019-02-06 04:01 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-02-13 07:41 - 2019-02-06 04:01 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-02-13 07:41 - 2019-02-06 04:01 - 000720480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-02-13 07:41 - 2019-02-06 04:01 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-02-13 07:41 - 2019-02-06 04:01 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-02-13 07:41 - 2019-02-06 04:01 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-02-13 07:41 - 2019-02-06 04:01 - 000033576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
2019-02-13 07:41 - 2019-02-06 04:00 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-02-13 07:41 - 2019-02-06 04:00 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-02-13 07:41 - 2019-02-06 04:00 - 006572416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-02-13 07:41 - 2019-02-06 04:00 - 002719760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-02-13 07:41 - 2019-02-06 04:00 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-02-13 07:41 - 2019-02-06 04:00 - 002421264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-02-13 07:41 - 2019-02-06 04:00 - 001257904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-02-13 07:41 - 2019-02-06 04:00 - 001140680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-02-13 07:41 - 2019-02-06 04:00 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-02-13 07:41 - 2019-02-06 04:00 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-02-13 07:41 - 2019-02-06 04:00 - 000945680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-02-13 07:41 - 2019-02-06 04:00 - 000899728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-02-13 07:41 - 2019-02-06 04:00 - 000466960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-02-13 07:41 - 2019-02-06 04:00 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-02-13 07:41 - 2019-02-06 04:00 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-02-13 07:41 - 2019-02-06 04:00 - 000038792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
2019-02-13 07:41 - 2019-02-06 03:59 - 001922064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-02-13 07:41 - 2019-02-06 03:59 - 001457248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-02-13 07:41 - 2019-02-06 03:59 - 000983128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-02-13 07:41 - 2019-02-06 03:59 - 000144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2019-02-13 07:41 - 2019-02-06 03:52 - 022014464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-02-13 07:41 - 2019-02-06 03:45 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-02-13 07:41 - 2019-02-06 03:42 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-02-13 07:41 - 2019-02-06 03:41 - 025853952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-02-13 07:41 - 2019-02-06 03:41 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-02-13 07:41 - 2019-02-06 03:40 - 005792256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-02-13 07:41 - 2019-02-06 03:40 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2019-02-13 07:41 - 2019-02-06 03:38 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-02-13 07:41 - 2019-02-06 03:38 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-02-13 07:41 - 2019-02-06 03:37 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-02-13 07:41 - 2019-02-06 03:37 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-02-13 07:41 - 2019-02-06 03:33 - 022714880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-02-13 07:41 - 2019-02-06 03:29 - 004865536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-02-13 07:41 - 2019-02-06 03:28 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-02-13 07:41 - 2019-02-06 03:28 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2019-02-13 07:41 - 2019-02-06 03:27 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-02-13 07:41 - 2019-02-06 03:27 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-02-13 07:41 - 2019-02-06 03:27 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-02-13 07:41 - 2019-02-06 03:27 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-02-13 07:41 - 2019-02-06 03:26 - 007599616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-02-13 07:41 - 2019-02-06 03:26 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-02-13 07:41 - 2019-02-06 03:26 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-02-13 07:41 - 2019-02-06 03:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-02-13 07:41 - 2019-02-06 03:26 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-02-13 07:41 - 2019-02-06 03:25 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-02-13 07:41 - 2019-02-06 03:25 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-02-13 07:41 - 2019-02-06 03:24 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-02-13 07:41 - 2019-02-06 03:24 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-02-13 07:41 - 2019-02-06 03:23 - 000393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2019-02-13 07:41 - 2019-02-06 03:22 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-02-13 07:41 - 2019-02-06 03:22 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-02-13 07:41 - 2019-02-06 03:21 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-02-13 07:41 - 2019-02-06 02:04 - 000001314 _____ C:\WINDOWS\system32\tcbres.wim
2019-02-13 07:41 - 2019-01-12 09:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-02-13 07:41 - 2019-01-12 03:28 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-02-13 07:41 - 2019-01-09 19:08 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-02-13 07:41 - 2019-01-09 18:57 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-02-13 07:41 - 2019-01-09 18:42 - 004716032 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-02-13 07:41 - 2019-01-09 18:41 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-02-13 07:41 - 2019-01-09 18:41 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-02-13 07:41 - 2019-01-09 18:40 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2019-02-13 07:41 - 2019-01-09 18:36 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2019-02-13 07:41 - 2019-01-09 18:35 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-02-13 07:41 - 2019-01-09 11:14 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-02-13 07:41 - 2019-01-09 10:55 - 011919872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-02-13 07:41 - 2019-01-09 10:55 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2019-02-13 07:41 - 2019-01-09 09:55 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-02-13 07:41 - 2019-01-09 09:48 - 000527368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-02-13 07:41 - 2019-01-09 06:59 - 000611848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-02-13 07:41 - 2019-01-09 06:44 - 000078688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-02-13 07:41 - 2019-01-09 06:43 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-02-13 07:41 - 2019-01-09 06:43 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-02-13 07:41 - 2019-01-09 06:43 - 002253480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-02-13 07:41 - 2019-01-09 06:43 - 001981280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-02-13 07:41 - 2019-01-09 06:43 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-02-13 07:41 - 2019-01-09 06:43 - 000607376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-02-13 07:41 - 2019-01-09 06:43 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-02-13 07:41 - 2019-01-09 06:43 - 000287640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2019-02-13 07:41 - 2019-01-09 06:43 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-02-13 07:41 - 2019-01-09 06:43 - 000127744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-02-13 07:41 - 2019-01-09 06:43 - 000071456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
2019-02-13 07:41 - 2019-01-09 06:42 - 001035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-02-13 07:41 - 2019-01-09 06:42 - 000092704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-02-13 07:41 - 2019-01-09 06:40 - 002765336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-02-13 07:41 - 2019-01-09 06:40 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-02-13 07:41 - 2019-01-09 06:40 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-02-13 07:41 - 2019-01-09 06:40 - 000226104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-02-13 07:41 - 2019-01-09 06:40 - 000090872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-02-13 07:41 - 2019-01-09 06:39 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-02-13 07:41 - 2019-01-09 06:39 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-02-13 07:41 - 2019-01-09 06:39 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-02-13 07:41 - 2019-01-09 06:39 - 001943128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-02-13 07:41 - 2019-01-09 06:39 - 000789696 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-02-13 07:41 - 2019-01-09 06:39 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-02-13 07:41 - 2019-01-09 06:39 - 000349656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2019-02-13 07:41 - 2019-01-09 06:39 - 000269624 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-02-13 07:41 - 2019-01-09 06:39 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-02-13 07:41 - 2019-01-09 06:39 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-02-13 07:41 - 2019-01-09 06:39 - 000164192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-02-13 07:41 - 2019-01-09 06:39 - 000085472 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
2019-02-13 07:41 - 2019-01-09 06:33 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-02-13 07:41 - 2019-01-09 06:32 - 013878272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-02-13 07:41 - 2019-01-09 06:29 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-02-13 07:41 - 2019-01-09 06:29 - 002500096 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-02-13 07:41 - 2019-01-09 06:27 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-02-13 07:41 - 2019-01-09 06:27 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-02-13 07:41 - 2019-01-09 06:27 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2019-02-13 07:41 - 2019-01-09 06:26 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-02-13 07:41 - 2019-01-09 06:26 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-02-13 07:41 - 2019-01-09 06:26 - 002966016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-02-13 07:41 - 2019-01-09 06:25 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-02-13 07:41 - 2019-01-09 06:24 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-02-13 07:41 - 2019-01-09 06:24 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-02-13 07:41 - 2019-01-09 06:24 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-02-13 07:41 - 2019-01-09 06:23 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-02-13 07:41 - 2019-01-09 06:23 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-02-13 07:41 - 2019-01-09 06:23 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-02-13 07:41 - 2019-01-09 06:23 - 001189888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2019-02-13 07:41 - 2019-01-09 06:23 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-02-13 07:41 - 2019-01-09 06:23 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-02-13 07:41 - 2019-01-09 06:23 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2019-02-13 07:41 - 2019-01-09 06:23 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2019-02-13 07:41 - 2019-01-09 06:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-02-13 07:41 - 2019-01-09 06:22 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-02-13 07:41 - 2019-01-09 06:22 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-02-13 07:41 - 2019-01-09 06:22 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2019-02-13 07:41 - 2019-01-09 06:22 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-02-13 07:41 - 2019-01-09 06:22 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-02-13 07:41 - 2019-01-09 06:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-13 07:41 - 2019-01-09 06:22 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-02-13 07:41 - 2019-01-09 06:21 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-02-13 07:41 - 2019-01-09 06:21 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-02-13 07:41 - 2019-01-09 06:21 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-13 07:41 - 2019-01-09 06:20 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-02-13 07:41 - 2019-01-09 06:20 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-02-13 07:41 - 2019-01-09 06:20 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-02-13 07:41 - 2019-01-09 06:20 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-02-13 07:41 - 2019-01-09 06:19 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-02-13 07:41 - 2019-01-09 06:19 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-02-13 07:41 - 2019-01-09 06:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2019-02-13 07:41 - 2019-01-09 06:19 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-02-13 07:41 - 2019-01-09 06:18 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2019-02-13 07:41 - 2019-01-09 05:34 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-02-13 07:41 - 2019-01-09 05:34 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2019-02-13 07:41 - 2019-01-08 10:08 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-02-13 07:41 - 2019-01-08 04:06 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-02-13 07:41 - 2019-01-08 04:06 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-02-13 07:41 - 2019-01-08 04:06 - 000000072 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2019-02-12 22:34 - 2019-02-12 22:34 - 000002446 _____ C:\Users\Roman\Desktop\Authy Desktop.lnk
2019-02-12 22:34 - 2019-02-12 22:34 - 000000000 ____D C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twilio Inc
2019-02-12 22:34 - 2019-02-12 22:34 - 000000000 ____D C:\Users\Roman\AppData\Roaming\Authy Desktop
2019-02-12 22:33 - 2019-02-12 22:34 - 000000000 ____D C:\Users\Roman\AppData\Local\SquirrelTemp
2019-02-12 22:33 - 2019-02-12 22:34 - 000000000 ____D C:\Users\Roman\AppData\Local\authy-electron
2019-02-12 22:32 - 2019-02-12 22:33 - 060539880 _____ (Twilio Inc.) C:\Users\Roman\Downloads\Authy Desktop Setup 1.7.0.exe
2019-02-12 19:47 - 2019-02-12 19:47 - 000000000 ____D C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome
2019-02-12 19:41 - 2018-09-20 05:12 - 001483576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2019-02-12 14:46 - 2019-02-12 14:46 - 000740139 _____ C:\Users\Roman\Downloads\2190911383.pdf
2019-02-12 12:27 - 2019-02-12 12:27 - 000049309 _____ C:\Users\Roman\Downloads\Potvrzeni_78-8138720277_12022019.pdf
2019-02-11 19:26 - 2019-02-11 19:26 - 002038755 _____ C:\Users\Roman\Desktop\zoek.exe
2019-02-11 19:24 - 2019-02-11 19:24 - 000000422 __RSH C:\ProgramData\ntuser.pol
2019-02-11 12:38 - 2019-02-11 12:38 - 000169974 _____ C:\WINDOWS\ntbtlog.txt
2019-02-11 12:38 - 2019-02-11 12:38 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-02-11 09:17 - 2019-02-13 18:30 - 000000000 ____D C:\Users\Roman\Desktop\FRST-OlderVersion
2019-02-10 07:51 - 2019-02-11 09:18 - 000001403 _____ C:\Users\Roman\Desktop\Fixlog.txt
2019-02-09 08:08 - 2019-02-09 08:08 - 000058840 _____ C:\Users\Roman\Desktop\Addition.txt
2019-02-09 08:07 - 2019-02-13 18:33 - 000022596 _____ C:\Users\Roman\Desktop\FRST.txt
2019-02-09 08:06 - 2019-02-13 18:32 - 000000000 ____D C:\FRST
2019-02-09 08:02 - 2019-02-13 18:30 - 002433536 _____ (Farbar) C:\Users\Roman\Desktop\FRST64.exe
2019-02-08 20:37 - 2019-02-08 20:37 - 000000000 ____D C:\Users\Roman\AppData\Local\PeerDistRepub
2019-02-08 20:31 - 2019-02-08 20:31 - 000000000 ____D C:\Users\Roman\AppData\Roaming\Google
2019-02-07 22:05 - 2019-02-07 22:05 - 006624296 _____ (Zemana Ltd. ) C:\Users\Roman\Desktop\Zemana.AntiMalware.Setup.exe
2019-02-07 22:05 - 2019-02-07 22:05 - 000008859 _____ C:\Users\Roman\Desktop\zoek-results.txt
2019-02-07 22:01 - 2019-02-07 22:01 - 000000000 ____D C:\Users\Roman\AppData\Local\VirtualStore
2019-02-07 22:01 - 2019-02-07 22:01 - 000000000 ____D C:\Users\Roman\AppData\Local\CrashRpt
2019-02-07 21:26 - 2019-02-07 21:51 - 000000000 ____D C:\zoek_backup
2019-02-07 21:23 - 2019-02-07 21:23 - 000001722 _____ C:\Users\Roman\Desktop\scan.txt
2019-02-06 22:46 - 2019-02-06 22:46 - 000002786 _____ C:\Users\Roman\Desktop\RogueKiller..txt
2019-02-06 21:20 - 2019-02-06 21:20 - 000000000 ____D C:\ProgramData\RogueKiller
2019-02-06 19:59 - 2019-02-06 19:59 - 000002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2019-02-06 19:59 - 2019-02-06 19:59 - 000000000 ____D C:\ProgramData\Sophos
2019-02-06 19:59 - 2019-02-06 19:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2019-02-06 19:59 - 2019-02-06 19:59 - 000000000 ____D C:\Program Files (x86)\Sophos
2019-02-06 19:56 - 2019-02-06 19:56 - 033492536 _____ C:\Users\Roman\Desktop\RogueKiller_portable64.exe
2019-02-06 19:53 - 2019-02-06 19:58 - 206758184 _____ (Sophos Limited) C:\Users\Roman\Desktop\Sophos Virus Removal Tool.exe
2019-02-06 19:52 - 2019-02-06 19:52 - 000000553 _____ C:\Users\Roman\Desktop\JRT.txt
2019-02-06 19:48 - 2019-02-06 19:48 - 001790024 _____ (Malwarebytes) C:\Users\Roman\Desktop\JRT.exe
2019-02-06 19:04 - 2019-02-06 19:04 - 000000000 ____D C:\Users\Roman\AppData\Roaming\EasyAntiCheat
2019-02-06 18:06 - 2019-02-06 18:06 - 000001729 _____ C:\Users\Roman\Desktop\AdwCleaner[S02].txt
2019-02-06 18:03 - 2019-02-06 18:03 - 007316688 _____ (Malwarebytes) C:\Users\Roman\Desktop\AdwCleaner.exe
2019-02-06 18:00 - 2019-02-06 18:00 - 000448512 _____ (OldTimer Tools) C:\Users\Roman\Desktop\TFC.exe
2019-02-06 16:23 - 2019-02-06 16:23 - 000388608 _____ (Trend Micro Inc.) C:\Users\Roman\Desktop\HijackThis.exe
2019-02-06 13:20 - 2019-02-06 13:20 - 000000000 ____D C:\Users\Roman\AppData\LocalLow\rondomedia GmbH
2019-02-06 12:52 - 2019-02-06 12:52 - 000000803 _____ C:\Users\Roman\Desktop\RESCUE 2013.lnk
2019-02-06 12:52 - 2019-02-06 12:52 - 000000000 ____D C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RESCUE 2013 – MESTO V OHROŽENÍ
2019-02-06 11:44 - 2019-02-06 11:48 - 1153706619 _____ C:\Users\Roman\Desktop\Dok.rar
2019-02-06 11:40 - 2019-02-06 11:40 - 941644390 _____ C:\Users\Roman\Desktop\registry po opravě CCcleanerem.rar
2019-02-06 11:34 - 2019-02-06 11:35 - 000000000 ____D C:\Program Files\WinRAR
2019-02-06 11:34 - 2019-02-06 11:34 - 000000000 ____D C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-02-06 11:34 - 2019-02-06 11:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-02-06 09:49 - 2019-02-06 09:49 - 000000955 _____ C:\Users\Public\Desktop\Anvi Folder Locker.lnk
2019-02-06 09:49 - 2019-02-06 09:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2019-02-06 09:49 - 2019-02-06 09:49 - 000000000 ____D C:\ProgramData\Anvisoft
2019-02-06 09:47 - 2019-02-06 09:47 - 014558584 _____ (Anvisoft) C:\Users\Roman\Downloads\aflsetup.exe
2019-02-06 09:08 - 2019-02-13 17:32 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2019-02-06 09:07 - 2019-02-06 09:13 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2019-02-06 09:07 - 2019-02-06 09:07 - 000001167 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2019-02-06 09:07 - 2019-02-06 09:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2019-02-06 09:07 - 2019-02-06 09:07 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-02-06 09:07 - 2015-10-05 09:50 - 000109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2019-02-06 09:07 - 2015-10-05 09:50 - 000064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2019-02-06 09:07 - 2015-10-05 09:50 - 000025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-02-06 07:45 - 2019-01-30 21:07 - 000133512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2019-02-06 07:42 - 2019-02-01 22:36 - 000047592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2019-02-06 07:42 - 2019-02-01 02:40 - 001005984 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2019-02-06 07:42 - 2019-02-01 02:40 - 001005984 _____ C:\WINDOWS\system32\vulkan-1.dll
2019-02-06 07:42 - 2019-02-01 02:40 - 000869792 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2019-02-06 07:42 - 2019-02-01 02:40 - 000869792 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2019-02-06 07:42 - 2019-02-01 02:40 - 000551680 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2019-02-06 07:42 - 2019-02-01 02:40 - 000456640 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2019-02-06 07:42 - 2019-02-01 02:40 - 000269752 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2019-02-06 07:42 - 2019-02-01 02:40 - 000269752 _____ C:\WINDOWS\system32\vulkaninfo.exe
2019-02-06 07:42 - 2019-02-01 02:40 - 000244128 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-02-06 07:42 - 2019-02-01 02:40 - 000244128 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2019-02-06 07:42 - 2019-02-01 02:38 - 010894304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 009254696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 005273048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 004624184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 002031896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 001734560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6441881.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 001534912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 001467864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6441881.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 001464008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 001129352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 000752440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 000668640 _____ C:\WINDOWS\system32\nvofapi64.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 000631688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 000611744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 000534544 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 000522120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 040235120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 035140696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 020101600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 017428328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 001471816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 001462232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 001169152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 001152200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 001145720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 000915120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 000822784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 000794656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 000638200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2019-02-06 07:42 - 2019-02-01 02:36 - 004296808 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2019-02-06 07:30 - 2019-02-06 07:30 - 019341880 _____ (Piriform Software Ltd) C:\Users\Roman\Downloads\ccsetup552.exe
2019-02-06 07:26 - 2019-02-06 07:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Securely File Shredder
2019-02-06 07:26 - 2019-02-06 07:26 - 000000000 ____D C:\Program Files\Securely File Shredder
2019-02-06 07:24 - 2019-02-06 07:24 - 000472936 _____ (Reason Company Software Inc.) C:\Users\Roman\Downloads\SecurelyFileShredder_Setup.exe
2019-02-05 22:04 - 2019-02-05 22:04 - 000000000 ____D C:\Users\Roman\AppData\Local\Eraser 6
2019-02-05 21:01 - 2019-02-05 21:01 - 000000000 ____D C:\Users\Roman\AppData\Roaming\BitcoinZ
2019-02-05 21:01 - 2019-02-05 21:01 - 000000000 ____D C:\Users\Roman\AppData\Local\BitcoinZWallet
2019-02-05 20:43 - 2019-02-05 20:43 - 000000000 ____D C:\Users\Roman\AppData\Roaming\Mozilla
2019-02-05 20:43 - 2019-02-05 20:43 - 000000000 ____D C:\Users\Roman\AppData\Local\Trusteer
2019-02-05 20:43 - 2019-02-05 20:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ochrana koncového bodu Trusteer
2019-02-05 20:43 - 2019-02-05 20:43 - 000000000 ____D C:\Program Files (x86)\Trusteer
2019-02-05 20:43 - 2018-12-26 21:05 - 000608840 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKE64.sys
2019-02-05 20:43 - 2018-12-26 21:05 - 000461768 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys
2019-02-05 20:42 - 2019-02-05 20:42 - 000488952 _____ (IBM Corp.) C:\Users\Roman\Downloads\RapportSetup.exe
2019-02-05 20:42 - 2019-02-05 20:42 - 000000000 ____D C:\ProgramData\Trusteer
2019-02-05 20:32 - 2019-01-01 14:47 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
2019-02-05 20:32 - 2019-01-01 14:45 - 000714752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2019-02-05 20:32 - 2019-01-01 14:45 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2019-02-05 20:32 - 2019-01-01 14:20 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowslivelogin.dll
2019-02-05 20:32 - 2019-01-01 14:18 - 000500736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2019-02-05 20:32 - 2019-01-01 14:17 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2019-02-05 20:32 - 2019-01-01 08:13 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-02-05 20:32 - 2019-01-01 08:13 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2019-02-05 20:32 - 2019-01-01 08:13 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-02-05 20:32 - 2019-01-01 08:13 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-02-05 20:32 - 2019-01-01 08:13 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-02-05 20:32 - 2019-01-01 08:12 - 000128824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2019-02-05 20:32 - 2019-01-01 07:48 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-02-05 20:32 - 2019-01-01 07:48 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2019-02-05 20:32 - 2019-01-01 07:48 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Print.Workflow.Source.dll
2019-02-05 20:32 - 2019-01-01 07:47 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-02-05 20:32 - 2019-01-01 07:46 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-02-05 20:32 - 2019-01-01 07:46 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-02-05 20:32 - 2019-01-01 07:45 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-02-05 20:32 - 2019-01-01 07:44 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-02-05 20:32 - 2019-01-01 07:44 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2019-02-05 20:32 - 2019-01-01 07:44 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-02-05 20:32 - 2019-01-01 07:43 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-02-05 20:32 - 2019-01-01 07:42 - 002247680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2019-02-05 20:32 - 2019-01-01 07:42 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-02-05 20:32 - 2019-01-01 07:42 - 000717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2019-02-05 20:32 - 2019-01-01 07:41 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-02-05 20:32 - 2019-01-01 07:41 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-02-05 20:32 - 2019-01-01 07:41 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2019-02-05 20:32 - 2019-01-01 07:37 - 002478664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-02-05 20:32 - 2019-01-01 07:37 - 000880048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2019-02-05 20:32 - 2019-01-01 07:37 - 000381240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-02-05 20:32 - 2019-01-01 07:17 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-02-05 20:32 - 2019-01-01 07:16 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2019-02-05 20:32 - 2019-01-01 07:15 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-02-05 20:32 - 2019-01-01 07:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-02-05 20:32 - 2019-01-01 07:13 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-02-05 20:32 - 2019-01-01 07:13 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2019-02-05 20:32 - 2019-01-01 07:12 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-02-05 20:32 - 2019-01-01 07:12 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2019-02-05 20:32 - 2019-01-01 07:12 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-02-05 20:32 - 2019-01-01 07:12 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2019-02-05 20:21 - 2019-02-05 20:21 - 000000000 ____D C:\WINDOWS\CSC

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-13 18:32 - 2018-02-11 14:39 - 000104643 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2019-02-13 18:29 - 2018-05-22 10:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-02-13 18:29 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-13 18:08 - 2017-11-29 10:15 - 000000000 ___HD C:\Users\Roman\Desktop\_SNAPDOC
2019-02-13 17:47 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2019-02-13 17:38 - 2018-05-22 10:46 - 001689050 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-02-13 17:38 - 2018-04-12 16:51 - 000715034 _____ C:\WINDOWS\system32\perfh005.dat
2019-02-13 17:38 - 2018-04-12 16:51 - 000144328 _____ C:\WINDOWS\system32\perfc005.dat
2019-02-13 17:34 - 2017-11-24 20:21 - 000000000 ____D C:\ProgramData\NVIDIA
2019-02-13 17:33 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-02-13 17:32 - 2018-05-22 10:42 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-02-13 17:32 - 2018-05-22 10:36 - 000411760 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-02-13 17:32 - 2018-04-11 22:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-02-13 17:31 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2019-02-13 17:31 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2019-02-13 17:31 - 2018-04-12 00:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-02-13 17:31 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-02-13 17:31 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-02-13 17:31 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-02-13 08:05 - 2017-11-26 11:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2019-02-13 07:45 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-02-13 07:41 - 2017-11-24 19:40 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-02-13 07:39 - 2017-11-24 19:40 - 129330784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-02-12 19:49 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-12 19:34 - 2018-05-23 08:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossout
2019-02-12 06:36 - 2017-11-24 20:41 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-12 06:36 - 2017-11-24 20:41 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-02-11 19:24 - 2016-07-16 12:47 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2019-02-11 16:00 - 2017-11-28 08:28 - 000000000 ____D C:\Users\Roman\AppData\Local\JForex
2019-02-10 18:55 - 2018-12-30 05:49 - 000003376 _____ C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onLogOn
2019-02-10 18:55 - 2018-12-30 05:49 - 000003370 _____ C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onTime
2019-02-10 11:46 - 2017-11-26 15:29 - 000000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2019-02-10 11:45 - 2017-11-26 15:28 - 000000000 ____D C:\Program Files\Common Files\logishrd
2019-02-10 08:01 - 2017-12-30 10:57 - 000001098 _____ C:\Users\Roman\Desktop\CrystalDiskInfo.lnk
2019-02-10 07:58 - 2018-05-22 10:42 - 000003372 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-917377831-1171802105-78364817-1001
2019-02-10 07:58 - 2018-05-22 10:38 - 000002383 _____ C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-10 07:58 - 2017-11-24 17:00 - 000000000 ___RD C:\Users\Roman\OneDrive
2019-02-10 07:46 - 2018-04-12 00:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-02-09 08:03 - 2018-02-14 19:31 - 000000000 ____D C:\Users\Roman\AppData\Local\Everything
2019-02-09 08:03 - 2018-02-14 17:02 - 000000000 ____D C:\Users\Roman\AppData\Roaming\Everything
2019-02-07 22:16 - 2018-07-11 12:12 - 000000000 ____D C:\ProgramData\Packages
2019-02-07 21:51 - 2018-05-22 10:38 - 000000000 ____D C:\Users\Roman
2019-02-07 21:28 - 2017-11-29 10:29 - 000000000 ____D C:\Users\Roman\AppData\Local\CrashDumps
2019-02-06 15:32 - 2017-11-28 15:38 - 000000000 ____D C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2019-02-06 09:21 - 2018-07-20 20:06 - 000000000 ____D C:\Users\Roman\AppData\Roaming\system32
2019-02-06 07:52 - 2018-12-30 21:33 - 000000000 ____D C:\Users\Roman\Doctor Web
2019-02-06 07:46 - 2017-11-24 20:21 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-02-06 07:46 - 2017-11-24 17:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2019-02-06 07:45 - 2017-11-24 20:21 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-02-06 07:31 - 2018-05-22 10:42 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-02-06 07:31 - 2017-11-28 15:28 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-02-06 07:16 - 2017-11-28 15:28 - 000000000 ____D C:\Program Files\CCleaner
2019-02-05 20:26 - 2017-11-24 19:43 - 000000000 ____D C:\Program Files\rempl
2019-02-05 20:25 - 2017-11-25 20:07 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-02-02 23:53 - 2018-04-12 00:41 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-02-02 23:53 - 2018-04-12 00:41 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-02-01 22:36 - 2017-11-09 04:38 - 001682392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2019-02-01 22:36 - 2017-11-09 04:38 - 000228768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2019-02-01 02:37 - 2017-11-25 22:34 - 005036824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2019-01-31 07:09 - 2017-11-25 22:34 - 000049634 _____ C:\WINDOWS\system32\nvinfo.pb
2019-01-31 07:09 - 2017-11-25 22:10 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2019-01-30 21:09 - 2017-11-24 20:21 - 005364776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2019-01-30 21:09 - 2017-11-24 20:21 - 002624824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2019-01-30 21:09 - 2017-11-24 20:21 - 001767920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2019-01-30 21:09 - 2017-11-24 20:21 - 000651248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2019-01-30 21:09 - 2017-11-24 20:21 - 000450600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2019-01-30 21:09 - 2017-11-24 20:21 - 000124968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2019-01-30 21:09 - 2017-11-24 20:21 - 000082800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2019-01-30 14:15 - 2017-11-24 20:21 - 008488852 _____ C:\WINDOWS\system32\nvcoproc.bin
2019-01-26 15:03 - 2017-11-24 20:21 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat

==================== Files in the root of some directories =======

2018-03-19 08:45 - 2005-09-09 19:55 - 037766164 _____ () C:\Program Files (x86)\Data1.cab
2018-03-19 08:45 - 2005-09-09 19:55 - 007155864 _____ () C:\Program Files (x86)\NGhost10.msi
2018-03-19 08:45 - 2005-09-09 19:55 - 000000035 _____ () C:\Program Files (x86)\SCSSDist.ini
2018-02-01 13:03 - 2018-02-01 13:03 - 000000615 _____ () C:\Users\Roman\AppData\Roaming\jd-gui.cfg
2018-03-18 22:47 - 2018-03-18 22:47 - 000000001 _____ () C:\Users\Roman\AppData\Local\RawCopy.1.01.agreement
2018-03-18 22:48 - 2018-03-18 22:48 - 000000001 _____ () C:\Users\Roman\AppData\Local\RawCopy.sourcedisk.index

Some files in TEMP:
====================
2019-02-11 22:18 - 2009-11-10 20:09 - 000157184 _____ () C:\Users\Roman\AppData\Local\Temp\virustotal.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-22 10:36

==================== End of FRST.txt ============================

neca
Level 2
Level 2
Příspěvky: 164
Registrován: leden 12
Pohlaví: Muž
Stav:
Offline

Re: Preventivní kontrola PC a čištění před tvorbou zálohy.

Příspěvekod neca » 13 úno 2019 18:42

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12.02.2019 01
Ran by Roman (13-02-2019 18:33:34)
Running from C:\Users\Roman\Desktop
Windows 10 Pro Version 1803 17134.590 (X64) (2018-05-22 09:42:38)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-917377831-1171802105-78364817-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-917377831-1171802105-78364817-503 - Limited - Disabled)
Guest (S-1-5-21-917377831-1171802105-78364817-501 - Limited - Disabled)
Roman (S-1-5-21-917377831-1171802105-78364817-1001 - Administrator - Enabled) => C:\Users\Roman
WDAGUtilityAccount (S-1-5-21-917377831-1171802105-78364817-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acronis True Image (HKLM-x32\...\{027399E9-B197-43FF-BE79-490D9F106DDF}) (Version: 22.5.10640 - Acronis) Hidden
Acronis True Image (HKLM-x32\...\{027399E9-B197-43FF-BE79-490D9F106DDF}Visible) (Version: 22.5.10640 - Acronis)
Active@ UNDELETE Ultimate 10 (HKLM\...\{9F0B916A-F7DD-4335-923E-397979C6AE1B}_is1) (Version: 10 - LSoft Technologies Inc)
Acuity Expert Advisor (HKLM-x32\...\{8D7F1211-6E40-43E5-97B2-FAE136D2BBC1}) (Version: 1.00.0000 - Acuity Trading Ltd)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated)
Aktualizace NVIDIA 34.0.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 34.0.0.0 - NVIDIA Corporation) Hidden
ANT Drivers Installer x64 (HKLM\...\{D559687A-60C5-4786-9429-C21EC195789D}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Anvi Folder Locker 1.0.1225.0 (HKLM-x32\...\Anvi Folder Locker) (Version: 1.0.1225.0 - Anvisoft)
Ardor 2.0.11 (HKLM\...\Ardor 2.0.11) (Version: 2.0.11 - jelurida.com)
Ardor 2.0.12 (HKLM\...\Ardor 2.0.12) (Version: 2.0.12 - jelurida.com)
Ardor 2.0.13 (HKLM\...\Ardor 2.0.13) (Version: 2.0.13 - jelurida.com)
Ardor 2.0.14 (HKLM\...\Ardor 2.0.14) (Version: 2.0.14 - jelurida.com)
Ardor 2.0.14(1) (HKLM\...\Ardor 2.0.14(1)) (Version: 2.0.14 - jelurida.com)
Ardor 2.1.1e (HKLM\...\Ardor 2.1.1e) (Version: 2.1.1e - jelurida.com)
Ardor 2.1.2 (HKLM\...\Ardor 2.1.2) (Version: 2.1.2 - jelurida.com)
Ardor 2.1.2(1) (HKLM\...\Ardor 2.1.2(1)) (Version: 2.1.2 - jelurida.com)
Ashampoo Snap 10 (HKLM-x32\...\{0A11EA01-7909-E272-BFA6-BC39E55F240A}_is1) (Version: 10.0.7 - Ashampoo GmbH & Co. KG)
ASUS GPU TweakII (HKLM-x32\...\{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.5.6.1 - ASUSTek COMPUTER INC.) Hidden
ASUS GPU TweakII (HKLM-x32\...\InstallShield_{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.5.6.1 - ASUSTek COMPUTER INC.)
Authy Desktop (HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\authy-electron) (Version: 1.7.0 - Twilio Inc.)
Balíček ovladače systému Windows - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Balíček ovladače systému Windows - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.52 - Piriform)
Crossout Launcher 1.0.3.73 (HKLM-x32\...\CrossOutLauncher_is1) (Version: - )
CrystalDiskInfo 7.5.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.5.0 - Crystal Dew World)
Data Lifeguard Diagnostic for Windows 1.31 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
DataNumen Word Repair v2.5 (HKLM-x32\...\DataNumen Word Repair v2.5) (Version: - )
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 418.81 - NVIDIA Corporation) Hidden
DocRepair (HKLM-x32\...\DocRepair) (Version: - )
Elevated Installer (HKLM-x32\...\{0BF90608-2F95-4C7C-9A85-E90E0CAF4FE9}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
Epson Easy Photo Print 2 (HKLM-x32\...\{F05A434E-D3CF-4B44-9D3E-779D42090781}) (Version: 2.8.0.0 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{E244A764-EDD0-46B0-8689-661F6B28D9E5}) (Version: 3.10.0069 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
EPSON L386 Series Printer Uninstall (HKLM\...\EPSON L386 Series) (Version: - Seiko Epson Corporation)
Epson Printer Connection Checker (HKLM-x32\...\{9ABD2971-9B8B-4958-9100-4EAFCC32A86D}) (Version: 3.0.0.0 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{4830989D-5FA5-41DF-A02F-5D1B4D5C73B8}) (Version: 4.4.10 - Seiko Epson Corporation)
Everything 1.4.1.895 (x64) (HKLM\...\Everything) (Version: 1.4.1.895 - David Carpenter)
Garmin Express (HKLM-x32\...\{95D0EADA-5123-41C0-931A-F37946BC0E8E}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{eab4691c-4022-41cd-8d39-c3097ba62d4b}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries)
GetDataBack Simple (HKLM-x32\...\{D06B8000-52B4-4D0B-A003-DA83ED982B51}) (Version: 1.02.000 - Runtime Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.96 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
HD Tune Pro 5.70 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
Java(TM) SE Development Kit 10.0.2 (64-bit) (HKLM\...\{71307D56-8005-5F5E-9227-BFA2754D6E54}) (Version: 10.0.2.0 - Oracle Corporation)
JForex Platform (HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\0122-2184-6270-6926) (Version: 2.12 - Dukascopy Europe)
Malwarebytes Anti-Malware verze 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MetaTrader 4 Admiral Markets (HKLM-x32\...\MetaTrader 4 Admiral Markets) (Version: 4.00 - MetaQuotes Software Corp.)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Nox APP Player (HKLM-x32\...\Nox) (Version: 5.2.1.0 - Duodian Technology Co. Ltd.)
NQuotes (HKLM-x32\...\NQuotes) (Version: 1.13 - Brainroom Ltd.)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.12 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.16.0.140 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.16.0.140 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 418.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 418.81 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.38.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.13 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 418.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 418.81 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation)
NXT 1.11.10 (HKLM\...\NXT 1.11.10) (Version: 1.11.10 - jelurida.com)
NXT 1.11.11 (HKLM\...\NXT 1.11.11) (Version: 1.11.11 - jelurida.com)
NXT 1.11.12 (HKLM\...\NXT 1.11.12) (Version: 1.11.12 - jelurida.com)
NXT 1.11.13 (HKLM\...\NXT 1.11.13) (Version: 1.11.13 - jelurida.com)
NXT 1.11.14 (HKLM\...\NXT 1.11.14) (Version: 1.11.14 - jelurida.com)
NXT 1.11.15 (HKLM\...\NXT 1.11.15) (Version: 1.11.15 - jelurida.com)
Ochrana koncového bodu Trusteer (HKLM-x32\...\Rapport_msi) (Version: 3.5.1930.243 - Trusteer)
Ovládací panel NVIDIA 418.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 418.81 - NVIDIA Corporation) Hidden
ProRealTime (HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\ProRealTime_is1) (Version: 1.13 - IT-Finance)
Příručky společnosti EPSON (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.54.0.0 - Seiko Epson Corporation)
Rapport (HKLM-x32\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1930.243 - Trusteer) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
RESCUE 2013 (HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\RESCUE 2013) (Version: 1.32.00.00 - rondomedia GmbH)
SD Card Recovery (HKLM-x32\...\{09907A60-5843-4E83-A471-3102A42231B8}_is1) (Version: - LC Technology International, Inc.)
Securely File Shredder (HKLM-x32\...\Securely File Shredder) (Version: 1.0 - Reason Company Software Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.7.0 - Sophos Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Telegram Desktop version 1.5.2 (HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.5.2 - Telegram Messenger LLP)
UE4 Prerequisites (x64) (HKLM\...\{488048BA-66A9-462E-9C36-00B3F364FAF2}) (Version: 1.0.8.0 - Epic Games, Inc.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
USB Disk Storage Format Tool 5.3 (HKLM\...\USB Disk Storage Format Tool_is1) (Version: - Authorsoft Corporation)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
World of Tanks (HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version: - Wargaming.net)
Zoner Photo Studio 17 (HKLM\...\ZonerPhotoStudio17_CZ_is1) (Version: 17.0.1.1 - ZONER software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-917377831-1171802105-78364817-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-917377831-1171802105-78364817-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-917377831-1171802105-78364817-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-917377831-1171802105-78364817-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-917377831-1171802105-78364817-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-917377831-1171802105-78364817-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AcronisDrive] -> {5D74FD4B-4EFB-4586-8022-8637BBE40970} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-12-22] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-12-22] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-12-22] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-12-22] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [..AFPOverlay] -> {DE0FD55D-8EDC-4F4B-A396-97D9A0117276} => D:\Programy\Anvi FolderLocker\Anvi Folder Locker\x64\PwdHelper64.dll [2015-02-02] (Anvei Technology Co., LTD -> AnviSoft.com)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [AFPMenu] -> {A99A80A9-C66D-4848-AC5D-4804323868A8} => D:\Programy\Anvi FolderLocker\Anvi Folder Locker\x64\PwdHelper64.dll [2015-02-02] (Anvei Technology Co., LTD -> AnviSoft.com)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [AFPMenu] -> {A99A80A9-C66D-4848-AC5D-4804323868A8} => D:\Programy\Anvi FolderLocker\Anvi Folder Locker\x64\PwdHelper64.dll [2015-02-02] (Anvei Technology Co., LTD -> AnviSoft.com)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AFPMenu] -> {A99A80A9-C66D-4848-AC5D-4804323868A8} => D:\Programy\Anvi FolderLocker\Anvi Folder Locker\x64\PwdHelper64.dll [2015-02-02] (Anvei Technology Co., LTD -> AnviSoft.com)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11ED233C-92A4-4540-A076-9B9ECF6A0ABC} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3DB4CC2C-E5E8-44A4-A878-A1E9FE694CB5} - System32\Tasks\EPSON L386 Series Update {14275174-FCFF-4428-8639-17C9D2F4FF7B} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSRPE.EXE (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {3FA458E0-2E68-45E8-B4D4-D759406E753C} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {471BF423-C3BD-44D4-81A8-877328F55870} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe (Garmin International, Inc. -> )
Task: {4947C734-450E-403E-8B59-ECC35666DAA4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {58372006-C3DC-4258-BF11-2D906EB453BA} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6C696AE0-2FF4-4817-9E8C-DF3F674EB92F} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7F5DD47E-ECC6-45BF-885B-37B6697B6BF9} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Roman\Downloads\esetonlinescanner_csy.exe (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {89772F79-7BAF-47DF-844D-0461553D97C2} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {98F35EF5-93FC-46E9-86FC-FC9A7AB886AE} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B1DA89CE-865C-48C3-8268-26D22F30966D} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Ltd)
Task: {B2D269E4-3C68-437D-B3D0-21C44291EEB7} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BE8DB59A-7081-4DD2-BE36-E3FC55A093F4} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C3372962-7A58-4476-9052-CB8ACDD1E5AD} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C4027F2D-16EB-42E3-ABE4-28EBAC2C1EAC} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C56920A7-54C8-48B3-9302-ADAACBAD5387} - System32\Tasks\CrystalDiskInfo => D:\Programy\Crystal info\CrystalDiskInfo\DiskInfo32.exe
Task: {C902E3A6-A44E-4192-B74F-6EF1BA9391DA} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Roman\Downloads\esetonlinescanner_csy.exe (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {CBBFA0AC-7747-4A5B-8CC8-FF9654E8D900} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {CF0B854B-20C1-4919-B5F2-92E8EAC50908} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\EPSON L386 Series Update {14275174-FCFF-4428-8639-17C9D2F4FF7B}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSRPE.EXE:/EXE:{14275174-FCFF-4428-8639-17C9D2F4FF7B} /F:UpdateWORKGROUP\DESKTOP-O6D3TT1$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Authy.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gaedmjdfmmahhbjefcbgaolhhanlaolb

==================== Loaded Modules (Whitelisted) ==============

2017-12-22 01:00 - 2017-12-22 01:00 - 001216760 _____ () C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
2017-11-24 20:20 - 2013-07-03 20:32 - 000936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2017-12-25 12:42 - 2017-12-25 12:42 - 006096688 _____ () C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
2018-02-14 17:02 - 2018-02-09 05:11 - 002199656 _____ () D:\Programy\Everythink\Everything\Everything.exe
2018-09-11 06:38 - 2018-12-06 11:14 - 001315312 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-12-22 00:45 - 2017-12-22 00:45 - 005825576 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2018-11-20 04:46 - 2018-11-20 04:46 - 004310296 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-12 09:23 - 2018-11-09 03:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2019-02-13 07:41 - 2019-02-06 03:25 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-10-04 07:22 - 2018-10-04 07:22 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2019-02-05 20:24 - 2019-02-05 20:25 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2019-02-05 20:24 - 2019-02-05 20:25 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2019-02-05 20:24 - 2019-02-05 20:25 - 011029504 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\LibWrapper.dll
2019-02-05 20:24 - 2019-02-05 20:25 - 002923520 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\skypert.dll
2019-02-05 20:24 - 2019-02-05 20:25 - 000688128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-12-15 14:58 - 2018-12-15 14:59 - 002384384 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\Processing.NDI.Lib.UWP.x64.dll
2019-02-05 20:24 - 2019-02-05 20:25 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-09-11 06:38 - 2018-12-06 11:14 - 101252592 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2018-09-11 06:38 - 2018-12-06 11:14 - 004620272 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libglesv2.dll
2018-09-11 06:38 - 2018-12-06 11:14 - 000109040 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libegl.dll
2017-12-22 00:46 - 2017-12-22 00:46 - 000585296 _____ () C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
2019-02-05 20:21 - 2018-12-06 00:47 - 001066784 _____ () D:\Programy\Steam\bin\cef\cef.win7x64\SDL2.dll
2019-02-05 20:21 - 2018-11-20 01:56 - 102804768 _____ () D:\Programy\Steam\bin\cef\cef.win7x64\libcef.dll
2017-12-22 01:45 - 2017-12-22 01:45 - 004620736 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
2019-02-05 20:21 - 2018-11-20 01:56 - 004866336 _____ () D:\Programy\Steam\bin\cef\cef.win7x64\libglesv2.dll
2019-02-05 20:21 - 2018-11-20 01:56 - 000116000 _____ () D:\Programy\Steam\bin\cef\cef.win7x64\libegl.dll
2017-12-22 00:45 - 2017-12-22 00:45 - 007003048 _____ () C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
2019-02-05 20:24 - 2019-02-05 20:25 - 000481280 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2019-02-05 20:24 - 2019-02-05 20:25 - 080636416 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-11-24 20:54 - 2017-11-24 20:57 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2019-02-05 20:24 - 2019-02-05 20:25 - 003824640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2019-02-05 20:24 - 2019-02-05 20:25 - 000012288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2019-02-05 20:24 - 2019-02-05 20:25 - 014225408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2019-02-05 20:24 - 2019-02-05 20:25 - 002871296 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-08-31 19:08 - 2018-08-31 19:08 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-07-26 20:16 - 2018-07-26 20:17 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-02-05 20:24 - 2019-02-05 20:25 - 000146432 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\SKU.dll
2019-02-05 20:24 - 2019-02-05 20:24 - 000282624 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-11-06 11:10 - 2018-11-06 11:10 - 002538056 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-02-05 20:24 - 2019-02-05 20:24 - 001757696 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.dll
2018-12-08 13:23 - 2018-12-08 13:23 - 004220928 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1811.3241.0_x64__8wekyb3d8bbwe\Calculator.exe
2018-12-08 13:22 - 2018-12-08 13:22 - 004380232 _____ () C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.0_2.1810.18003.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-11-24 20:20 - 2019-02-13 17:32 - 000043152 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2017-11-24 20:20 - 2013-07-03 20:32 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2017-12-22 01:44 - 2017-12-22 01:44 - 003485808 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\atih_mms_addon.dll
2017-12-22 01:43 - 2017-12-22 01:43 - 001331696 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\services_mms_addon.dll
2017-12-22 00:45 - 2017-12-22 00:45 - 000685488 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\sqlite3.dll
2017-12-22 01:43 - 2017-12-25 13:50 - 022715144 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
2017-12-22 00:48 - 2017-12-22 00:48 - 000412704 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\resource.dll
2017-12-22 00:34 - 2017-12-22 00:34 - 000136736 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\afcdpapi.dll
2017-12-22 00:45 - 2017-12-22 00:45 - 000255008 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\sync_agent_api.dll
2017-12-22 00:45 - 2017-12-22 00:45 - 000160168 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\libevent.dll
2017-12-22 00:45 - 2017-12-22 00:45 - 000277538 _____ () C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\LIBMAGIC.dll
2017-12-22 00:45 - 2017-12-22 00:45 - 002386352 _____ () C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\xerces_c.dll
2017-11-25 22:10 - 2018-12-06 11:14 - 001033200 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2019-02-05 20:21 - 2018-12-06 00:47 - 000885536 _____ () D:\Programy\Steam\SDL2.dll
2018-07-25 06:34 - 2016-09-01 02:02 - 004969248 _____ () D:\Programy\Steam\v8.dll
2019-02-05 20:21 - 2019-02-02 18:33 - 002667296 _____ () D:\Programy\Steam\video.dll
2018-07-25 06:34 - 2016-09-01 02:02 - 001563936 _____ () D:\Programy\Steam\icui18n.dll
2018-07-25 06:34 - 2016-09-01 02:02 - 001195296 _____ () D:\Programy\Steam\icuuc.dll
2019-02-05 20:21 - 2018-11-05 19:53 - 000810784 _____ () D:\Programy\Steam\libavformat-57.dll
2019-02-05 20:21 - 2018-11-05 19:53 - 005137696 _____ () D:\Programy\Steam\libavcodec-57.dll
2019-02-05 20:21 - 2018-11-05 19:53 - 000351520 _____ () D:\Programy\Steam\libavresample-3.dll
2019-02-05 20:21 - 2018-11-05 19:53 - 000847136 _____ () D:\Programy\Steam\libavutil-55.dll
2019-02-05 20:21 - 2018-11-05 19:53 - 000783648 _____ () D:\Programy\Steam\libswscale-4.dll
2019-02-05 20:21 - 2019-02-02 18:33 - 001031456 _____ () D:\Programy\Steam\bin\chromehtml.DLL
2018-07-25 06:34 - 2016-07-04 23:17 - 000266560 _____ () D:\Programy\Steam\openvr_api.dll
2017-12-22 00:45 - 2017-12-22 00:45 - 008986144 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_resources.dll
2017-12-22 00:45 - 2017-12-22 00:45 - 000796192 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_supp.dll
2017-12-22 00:46 - 2017-12-22 00:46 - 000054816 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\rpc_client.dll
2017-12-22 00:45 - 2017-12-22 00:45 - 000444336 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2017-12-22 00:34 - 2017-12-22 00:34 - 000115632 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\expat.dll

neca
Level 2
Level 2
Příspěvky: 164
Registrován: leden 12
Pohlaví: Muž
Stav:
Offline

Re: Preventivní kontrola PC a čištění před tvorbou zálohy.

Příspěvekod neca » 13 úno 2019 18:43

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 12:47 - 2019-02-07 21:29 - 000000841 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-917377831-1171802105-78364817-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\StartupFolder: => "Acuity Update Tool.lnk"
HKLM\...\StartupApproved\Run: => "MouseDriver"
HKLM\...\StartupApproved\Run: => "TNOD UP"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\StartupApproved\Run: => "World of Tanks"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F433FCF7-86A4-436A-9F38-B64661BF6C0F}] => (Allow) E:\Car Mechanic Simulator 2018\steamapps\common\Car Mechanic Simulator 2018\cms2018.exe ()
FirewallRules: [{7D97AB8E-3E6A-45D8-AA63-5CA3283B2163}] => (Allow) E:\Car Mechanic Simulator 2018\steamapps\common\Car Mechanic Simulator 2018\cms2018.exe ()
FirewallRules: [{0EB1C376-EAF0-437D-B4CE-9DF62FC4CB4B}] => (Allow) LPort=8125
FirewallRules: [{BA7F3BE0-6D50-4442-B04B-249159F34548}] => (Allow) LPort=8123
FirewallRules: [{3DA501E3-CC53-49EE-B3EE-609E849DC6D8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B39BAA5C-F32B-4888-B74B-DFFB7FDFD9EC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0123B9E1-6C73-45D1-BDA5-EE93263329F7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0175C699-D1A5-451A-815A-4D434BFD412C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{186CB6C8-DDF3-42EA-9EAC-AA4496EB3C88}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{35375BDE-5A57-4225-8281-5588C64B7AFB}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\ga_service.exe (Acronis International GmbH -> )
FirewallRules: [{1626B614-4E71-4DA6-AEB4-B85A8EB43F7F}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe (Acronis International GmbH -> )
FirewallRules: [{4BD9739A-C15F-4B13-AAFB-BF97A3301809}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{554B8429-2E75-4217-BBCE-172B0E805B50}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\acronis_drive.exe (Acronis International GmbH -> )
FirewallRules: [{D19F2803-3CE6-4479-8572-52F8609830DD}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\SystemReport.exe (Acronis International GmbH -> )
FirewallRules: [{7AF439CC-7BD2-42F9-9CC0-8BDEF0B1CBED}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\MediaBuilder.exe (Acronis International GmbH -> )
FirewallRules: [{7ADE461B-135D-414E-B057-AA3B6AA10B7A}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe (Acronis International GmbH -> )
FirewallRules: [{4E137290-8D9C-44BF-BEA6-65528674E773}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe (Acronis International GmbH -> )
FirewallRules: [{E4F46B72-2487-4842-A3ED-37E0CAC0708D}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis International GmbH -> )
FirewallRules: [{1914E070-A12E-4926-87C4-F3EF78FE47CB}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe (Acronis International GmbH -> )
FirewallRules: [{76521A65-A80F-437E-8D25-F9F7CCF20A41}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{BE260B7D-DF01-480B-9C54-3FEBBA435A53}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> )
FirewallRules: [{E0D98A43-AA7F-44F1-B66A-48C6620EDD7B}] => (Allow) C:\Program Files\Zoner\Photo Studio 17\Program32\MediaServer.exe (ZONER software, a.s. -> ZONER software)
FirewallRules: [{C2EE37FD-06AF-4DC4-B6B6-2EE38F2DA13E}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{D0F4386F-C2DE-469A-89EB-077A5F73EFF1}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{C3B360BC-EA4A-497E-BA8B-44EC3D931BD8}] => (Allow) C:\Program Files (x86)\Nox\bin\Nox.exe (Beijing Duodian Online Science and Technology Co.,Ltd -> Duodian Technology Co. Ltd.)
FirewallRules: [{AD83030C-A651-4139-89DB-61A12E9FE47E}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe (Beijing Duodian Online Science and Technology Co.,Ltd -> )
FirewallRules: [TCP Query User{E24BB9DC-681B-4990-BB07-82A176373E1B}C:\program files\nxt\nxt.exe] => (Allow) C:\program files\nxt\nxt.exe ()
FirewallRules: [UDP Query User{82200298-4A89-48EA-9137-DAC80D892A33}C:\program files\nxt\nxt.exe] => (Allow) C:\program files\nxt\nxt.exe ()
FirewallRules: [{2CC1A70F-14A2-4560-AF6B-8603F43C072D}] => (Allow) D:\Programy\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{F50C8D93-85A3-4C13-AAC6-6762A81867E2}] => (Allow) D:\Programy\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{1DA7C3FD-E96B-4899-8357-20FEA3A296DB}] => (Allow) D:\Programy\Steam\steamapps\common\Crossout\launcher.exe (Gaijin Network LTD -> Gaijin Entertainment Corp.)
FirewallRules: [{01D5351C-6382-4F22-BE65-B2BDC86BDA02}] => (Allow) D:\Programy\Steam\steamapps\common\Crossout\launcher.exe (Gaijin Network LTD -> Gaijin Entertainment Corp.)
FirewallRules: [{988113B2-6236-40D9-B32A-3F4967ADCD0C}] => (Allow) D:\Programy\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{936B3F7B-2912-47D3-B25A-89EF773905F9}] => (Allow) D:\Programy\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{316F1C9E-4877-42F6-966E-30599C887CFD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5C0DA9F6-AB80-44FE-889D-7315E95D53D7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{9FC74FF4-90B0-442A-8A48-181B3A34C7E4}C:\program files\ardor\ardor.exe] => (Allow) C:\program files\ardor\ardor.exe ()
FirewallRules: [UDP Query User{F8F0A7D9-873F-4729-A253-99C4A3BF0130}C:\program files\ardor\ardor.exe] => (Allow) C:\program files\ardor\ardor.exe ()
FirewallRules: [{AD47C878-D236-4408-840C-F9A76F8664F5}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Ltd)
FirewallRules: [{11F7FC11-198E-4886-ACFC-B894544BABB8}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Ltd)
FirewallRules: [{C112217C-FAF5-44D4-8049-04C04EB78AC6}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{17D4EC0F-214D-49DA-B04D-C92C19A54CE6}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{0677CC7C-9006-4E56-88B5-B9B9B6F2F203}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{8A970E0C-DCC0-42CD-A10B-1DA930BBFD8C}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{BC317072-43BC-45DC-B1B4-E946DC610A9D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{8DDFAFC4-7102-41D7-9959-3DDA580E1A78}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{CBB440C4-A7F1-423A-8098-E8590D6C0758}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E2C1557A-A91A-4F73-AF00-F4DC49552D21}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{52E97030-BF80-4092-AC51-E124622F27FF}C:\program files\nxt\nxt.exe] => (Allow) C:\program files\nxt\nxt.exe ()
FirewallRules: [UDP Query User{3CAEA1AA-7A65-43DD-9AC4-11E2A0334C7C}C:\program files\nxt\nxt.exe] => (Allow) C:\program files\nxt\nxt.exe ()
FirewallRules: [TCP Query User{A3F3CF40-D7BD-4FFC-BCD8-747B281A3292}C:\program files\ardor\ardor.exe] => (Allow) C:\program files\ardor\ardor.exe ()
FirewallRules: [UDP Query User{4DE31957-91C1-4719-A423-0BD06AC5CBAA}C:\program files\ardor\ardor.exe] => (Allow) C:\program files\ardor\ardor.exe ()
FirewallRules: [{F4A6C2C8-F84B-4A42-A7EE-931C29DEBC6F}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Ltd)
FirewallRules: [{D49B20A6-922B-4B18-A615-B36305E7CA14}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Ltd)
FirewallRules: [{BC602F58-D20F-44DD-B94D-555FEB9FBEF4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

10-02-2019 08:12:22 Naplánovaný kontrolní bod
13-02-2019 08:05:24 Installed Epson Software Updater

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/11/2019 09:18:34 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x8007001f, Zařízení připojené k systému nefunguje.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (02/11/2019 09:18:06 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {74a0464f-317d-449b-84d2-26acd0dfdaad}

Error: (02/11/2019 08:58:08 AM) (Source: Acronis Scheduler) (EventID: 1) (User: NT AUTHORITY)
Description: Plánovač nemohl spustit úlohu >> "" s GUID '88E136F3-E71B-47BD-98D0-1A20E70D076F' kvůli chybě 87> (Plánovač obdržel požadavek s neplatným parametrem.).

Error: (02/11/2019 08:37:07 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Zálohování se nedokončilo z důvodu chyby zápisu do umístění zálohy G:\. Chyba: Umístění zálohy se nepovedlo najít nebo není platné. Zkontrolujte nastavení zálohování a umístění zálohy. (0x81000006).

Error: (02/10/2019 07:52:16 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x8007001f, Zařízení připojené k systému nefunguje.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (02/10/2019 07:51:47 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {fb9aa36f-ecbc-4e74-9567-5e15ced47324}

Error: (02/07/2019 09:28:41 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (02/07/2019 09:28:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: DaS_21.exe, verze: 2.1.0.4, časové razítko: 0x540c90b2
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.17134.441, časové razítko: 0x428de48c
Kód výjimky: 0xe0434352
Posun chyby: 0x000000000003a388
ID chybujícího procesu: 0x2f3c
Čas spuštění chybující aplikace: 0x01d4bf23b536fbba
Cesta k chybující aplikaci: C:\Users\Roman\AppData\Local\Temp\DaS_21.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: d48bafc5-63dc-4ebf-84c4-fe3737947632
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (02/13/2019 06:29:09 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-O6D3TT1)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-O6D3TT1\Roman (SID: S-1-5-21-917377831-1171802105-78364817-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/13/2019 06:10:10 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-O6D3TT1)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-O6D3TT1\Roman (SID: S-1-5-21-917377831-1171802105-78364817-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/13/2019 05:58:27 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-O6D3TT1)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-O6D3TT1\Roman (SID: S-1-5-21-917377831-1171802105-78364817-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/13/2019 05:53:00 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-O6D3TT1)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-O6D3TT1\Roman (SID: S-1-5-21-917377831-1171802105-78364817-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/13/2019 05:42:59 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-O6D3TT1)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-O6D3TT1\Roman (SID: S-1-5-21-917377831-1171802105-78364817-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/13/2019 05:34:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscBrokerManager
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/13/2019 05:33:26 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-O6D3TT1)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-O6D3TT1\Roman (SID: S-1-5-21-917377831-1171802105-78364817-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/13/2019 05:33:23 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-O6D3TT1)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-O6D3TT1\Roman (SID: S-1-5-21-917377831-1171802105-78364817-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.


Windows Defender:
===================================
Date: 2019-02-11 19:20:08.755
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Occamy.C
ID: 2147726780
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Roman\Downloads\zoek.exe; webfile:_C:\Users\Roman\Downloads\zoek.exe|http://download.bleepingcomputer.com/smeenk/zoek.exe|pid:6396,ProcessStart:131943800688598296
Původ zjišťování: Internet
Typ zjišťování: FastPath
Zdroj zjišťování: Soubory ke stažení a přílohy
Uživatel: DESKTOP-O6D3TT1\Roman
Název procesu: Unknown
Verze podpisu: AV: 1.285.1358.0, AS: 1.285.1358.0, NIS: 1.285.1358.0
Verze modulu: AM: 1.1.15600.4, NIS: 1.1.15600.4

Date: 2019-02-11 19:18:52.971
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Occamy.C
ID: 2147726780
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Roman\Downloads\zoek.exe; webfile:_C:\Users\Roman\Downloads\zoek.exe|http://download.bleepingcomputer.com/smeenk/zoek.exe|pid:6396,ProcessStart:131943800688598296
Původ zjišťování: Internet
Typ zjišťování: FastPath
Zdroj zjišťování: Soubory ke stažení a přílohy
Uživatel: DESKTOP-O6D3TT1\Roman
Název procesu: Unknown
Verze podpisu: AV: 1.285.1358.0, AS: 1.285.1358.0, NIS: 1.285.1358.0
Verze modulu: AM: 1.1.15600.4, NIS: 1.1.15600.4

Date: 2019-02-11 14:17:52.486
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Occamy.C
ID: 2147726780
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Roman\Downloads\zoek.exe; webfile:_C:\Users\Roman\Downloads\zoek.exe|http://download.bleepingcomputer.com/smeenk/zoek.exe|pid:1552,ProcessStart:131943646456347542
Původ zjišťování: Internet
Typ zjišťování: FastPath
Zdroj zjišťování: Soubory ke stažení a přílohy
Uživatel: DESKTOP-O6D3TT1\Roman
Název procesu: Unknown
Verze podpisu: AV: 1.285.1351.0, AS: 1.285.1351.0, NIS: 1.285.1351.0
Verze modulu: AM: 1.1.15600.4, NIS: 1.1.15600.4

Date: 2019-02-11 14:15:25.103
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Occamy.C
ID: 2147726780
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_G:\zoek.exe
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: DESKTOP-O6D3TT1\Roman
Název procesu: C:\Windows\explorer.exe
Verze podpisu: AV: 1.285.1351.0, AS: 1.285.1351.0, NIS: 1.285.1351.0
Verze modulu: AM: 1.1.15600.4, NIS: 1.1.15600.4

Date: 2019-02-11 14:14:53.601
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Occamy.C
ID: 2147726780
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_G:\zoek.exe
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: DESKTOP-O6D3TT1\Roman
Název procesu: C:\Windows\explorer.exe
Verze podpisu: AV: 1.285.1351.0, AS: 1.285.1351.0, NIS: 1.285.1351.0
Verze modulu: AM: 1.1.15600.4, NIS: 1.1.15600.4

Date: 2019-02-11 12:38:16.229
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.
Důvod: Antimalwarová ochrana přestala z neznámých důvodů fungovat. V některých případech lze tento problém vyřešit restartováním služby.

Date: 2019-02-05 20:25:43.538
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.283.1869.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15500.2
Kód chyby: 0x80240016
Popis chyby :Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2018-12-29 11:27:53.916
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.
Důvod: Antimalwarová ochrana přestala z neznámých důvodů fungovat. V některých případech lze tento problém vyřešit restartováním služby.

Date: 2018-12-29 11:26:39.623
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.
Důvod: Antimalwarová ochrana přestala z neznámých důvodů fungovat. V některých případech lze tento problém vyřešit restartováním služby.

CodeIntegrity:
===================================

Date: 2018-12-30 23:03:37.480
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-05-30 17:24:32.229
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Xeon(R) CPU E3-1231 v3 @ 3.40GHz
Percentage of memory in use: 33%
Total physical RAM: 8134.18 MB
Available physical RAM: 5415.29 MB
Total Virtual: 8646.18 MB
Available Virtual: 5111.71 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:171.92 GB) (Free:51.55 GB) NTFS
Drive d: (Nový svazek) (Fixed) (Total:50.15 GB) (Free:37.46 GB) NTFS
Drive e: (Nový svazek) (Fixed) (Total:149.05 GB) (Free:118.86 GB) NTFS

\\?\Volume{de6ea8d0-bd5e-4143-953f-32e602e8bcee}\ (Obnovení) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\\?\Volume{7cfd7bc6-5e06-4e37-abd8-9497eb3d495b}\ () (Fixed) (Total:0.83 GB) (Free:0.44 GB) NTFS
\\?\Volume{c2c46caf-66e9-43f1-a7be-eacf0dc4db22}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: DD6C5EF1)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 149.1 GB) (Disk ID: 2A022A01)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Preventivní kontrola PC a čištění před tvorbou zálohy.

Příspěvekod jaro3 » 13 úno 2019 21:13

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
ShortcutTarget: Acuity Update Tool.lnk -> C:\Users\Roman\AppData\Roaming\MetaQuotes\Terminal\76AE827A66F7801B9D79B1FD1D2103FD\MQL4\Experts\AcuityUpdateTool\AcuityUpdateTool.exe ()
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKU\S-1-5-21-917377831-1171802105-78364817-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
C:\Users\Roman\AppData\Local\Temp\virustotal.exe
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
S3 ekrnEpfw; "C:\Program Files\ESET\ESET Security\ekrn.exe" [X]
S0 edevmon; system32\DRIVERS\edevmon.sys [X]
Task: {7F5DD47E-ECC6-45BF-885B-37B6697B6BF9} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Roman\Downloads\esetonlinescanner_csy.exe (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {C902E3A6-A44E-4192-B74F-6EF1BA9391DA} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Roman\Downloads\esetonlinescanner_csy.exe (ESET, spol. s r.o. -> ESET spol. s r.o.)

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

S3 ekrnEpfw; "C:\Program Files\ESET\ESET Security\ekrn.exe" [X]
S0 edevmon; system32\DRIVERS\edevmon.sys [X]
Task: {7F5DD47E-ECC6-45BF-885B-37B6697B6BF9} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Roman\Downloads\esetonlinescanner_csy.exe (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {C902E3A6-A44E-4192-B74F-6EF1BA9391DA} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Roman\Downloads\esetonlinescanner_csy.exe (ESET, spol. s r.o. -> ESET spol. s r.o.)

máš něco od eset , nebo to jsou zbytky?

BitcoinZ -- ten program znáš , nenašel jsem nic v souvislosti s tím Z..
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

neca
Level 2
Level 2
Příspěvky: 164
Registrován: leden 12
Pohlaví: Muž
Stav:
Offline

Re: Preventivní kontrola PC a čištění před tvorbou zálohy.

Příspěvekod neca » 13 úno 2019 21:17

jaro3 píše:Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
ShortcutTarget: Acuity Update Tool.lnk -> C:\Users\Roman\AppData\Roaming\MetaQuotes\Terminal\76AE827A66F7801B9D79B1FD1D2103FD\MQL4\Experts\AcuityUpdateTool\AcuityUpdateTool.exe ()
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKU\S-1-5-21-917377831-1171802105-78364817-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
C:\Users\Roman\AppData\Local\Temp\virustotal.exe
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

S3 ekrnEpfw; "C:\Program Files\ESET\ESET Security\ekrn.exe" [X]
S0 edevmon; system32\DRIVERS\edevmon.sys [X]
Task: {7F5DD47E-ECC6-45BF-885B-37B6697B6BF9} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Roman\Downloads\esetonlinescanner_csy.exe (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {C902E3A6-A44E-4192-B74F-6EF1BA9391DA} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Roman\Downloads\esetonlinescanner_csy.exe (ESET, spol. s r.o. -> ESET spol. s r.o.)

máš něco od eset , nebo to jsou zbytky?

BitcoinZ -- ten program znáš , nenašel jsem nic v souvislosti s tím Z..


eset to budou zbytky a co se týče BitcoinZ to znám ale už to můžeme smazat. Takže pokud souhlasím se smazáním mám udělat viz výše? Nevymaže to nějaké záložky a hesla z Chrome?


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 6 hostů