Preventivní kontrola PC a čištění před tvorbou zálohy. Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

neca
Level 2
Level 2
Příspěvky: 164
Registrován: leden 12
Pohlaví: Muž
Stav:
Offline

Re: Preventivní kontrola PC a čištění před tvorbou zálohy.

Příspěvekod neca » 09 úno 2019 08:10

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 8.02.2019
Ran by Roman (administrator) on DESKTOP-O6D3TT1 (09-02-2019 08:07:15)
Running from C:\Users\Roman\Desktop
Loaded Profiles: Roman (Available Profiles: Roman)
Platform: Windows 10 Pro Version 1803 17134.523 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.31\aaHMSvc.exe
() C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
() C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
() D:\Programy\Everythink\Everything\Everything.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
() C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Video.UI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Valve Corporation) D:\Programy\Steam\Steam.exe
(Gaijin Entertainment) C:\Users\Roman\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe
(Ashampoo GmbH & Co. KG) C:\Program Files (x86)\Ashampoo\Ashampoo Snap 10\ashsnap.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIRPE.EXE
(Valve Corporation) D:\Programy\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Wargaming.net) C:\Games\World_of_Tanks\WargamingGameUpdater.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) D:\Programy\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Valve Corporation) D:\Programy\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
() C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Valve Corporation) D:\Programy\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Valve Corporation) D:\Programy\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
() C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [585296 2017-12-22] (Acronis International GmbH -> )
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [177928 2018-11-29] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1092304 2016-03-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [425864 2017-12-22] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4620736 2017-12-22] (Acronis International GmbH -> )
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\Run: [Steam] => D:\Programy\Steam\steam.exe [3141920 2019-02-02] (Valve -> Valve Corporation)
HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\Run: [Gaijin.Net Agent] => C:\Users\Roman\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2125384 2018-09-25] (Gaijin Network LTD -> Gaijin Entertainment)
HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\Run: [AshSnap] => C:\Program Files (x86)\Ashampoo\Ashampoo Snap 10\ashsnap.exe [6223760 2018-05-31] (Ashampoo GmbH & Co. KG -> Ashampoo GmbH & Co. KG)
HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30796352 2018-10-24] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIRPE.EXE [417776 2014-11-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\Run: [World of Tanks (1)] => C:\Games\World_of_Tanks\WargamingGameUpdater.exe [3139936 2018-06-25] (Wargaming.net Limited -> Wargaming.net)
HKU\S-1-5-18\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30796352 2018-10-24] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-15] (Google Inc -> Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acuity Update Tool.lnk [2017-11-25]
ShortcutTarget: Acuity Update Tool.lnk -> C:\Users\Roman\AppData\Roaming\MetaQuotes\Terminal\76AE827A66F7801B9D79B1FD1D2103FD\MQL4\Experts\AcuityUpdateTool\AcuityUpdateTool.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6fbb34ec-5959-43f9-8070-f89720ac0664}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-917377831-1171802105-78364817-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-917377831-1171802105-78364817-1001 -> {0B95B3F4-0A26-41F9-AA9C-5B11C159ECF9} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13014
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2017-11-26] [Legacy] [not signed]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2019-01-30] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2019-01-30] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.centrum.cz/
CHR Profile: C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default [2019-02-09]
CHR Extension: (Prezentace) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-07]
CHR Extension: (Dokumenty) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-07]
CHR Extension: (Disk Google) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-02-07]
CHR Extension: (IBM Security Rapport) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2019-02-07]
CHR Extension: (YouTube) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-07]
CHR Extension: (Tabulky) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-07]
CHR Extension: (Dokumenty Google offline) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-02-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-02-07]
CHR Extension: (Gmail) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-02-07]
CHR Extension: (Chrome Media Router) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-07]
CHR HKU\S-1-5-21-917377831-1171802105-78364817-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcronisActiveProtectionService; C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [2723872 2017-12-22] (Acronis International GmbH -> Acronis International GmbH)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-03] (ASUSTeK Computer Inc. -> )
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.31\aaHMSvc.exe [975832 2017-01-25] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [779392 2018-05-22] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2302160 2018-11-29] (ESET, spol. s r.o. -> ESET)
S3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2302160 2018-11-29] (ESET, spol. s r.o. -> ESET)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [145224 2017-02-27] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 Everything; D:\Programy\Everythink\Everything\Everything.exe [2199656 2018-02-09] (David Carpenter -> )
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes Corporation -> Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes Corporation -> Malwarebytes)
R2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4808088 2017-12-22] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [3004128 2017-12-22] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_status_server; C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [1742464 2017-12-22] (Acronis International GmbH -> )
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [787440 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [787440 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [5264888 2018-12-26] (IBM -> IBM Corp.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2018-12-19] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2018-12-19] (Microsoft Corporation -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AnviFPFltd; C:\WINDOWS\System32\DRIVERS\AnviFPFltd.sys [28568 2015-01-29] (Anvei Technology Co., LTD -> AnviSoft.com)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-03] (ASUSTeK Computer Inc. -> )
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [143448 2018-11-29] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15872 2018-10-17] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [188832 2018-10-17] (ESET, spol. s r.o. -> ESET)
S4 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [50144 2018-10-17] (ESET, spol. s r.o. -> ESET)
S4 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [82304 2018-10-17] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [109864 2018-10-17] (ESET, spol. s r.o. -> ESET)
R2 file_protector; C:\WINDOWS\System32\DRIVERS\file_protector.sys [569392 2017-12-25] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [379664 2017-12-25] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 GenericMount; C:\WINDOWS\System32\drivers\GenericMount.sys [54320 2009-09-21] (Symantec Corporation -> Symantec Corporation)
S3 GPUIO; C:\Program Files (x86)\Common Files\InstallShield\Driver\9\Intel 32\690b33e1-0462-4e84-9bea-c7552b45432a.sys [27120 2017-11-24] (ASUSTeK Computer Inc. -> )
S3 iaLPSSi_GPIO; C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [38128 2018-04-12] (Intel Corporation - Client Components Group -> Intel Corporation)
S3 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [34064 2017-05-08] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation -> Malwarebytes Corporation)
R3 MEIx64; C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys [202032 2016-01-19] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_4aa19ae78d94d8a3\nvlddmkm.sys [20706184 2019-02-01] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2018-10-25] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [70024 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [74576 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [501256 2018-12-26] (IBM -> IBM Corp.)
R1 RapportCerberus_1930247; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1930247.sys [1657968 2019-02-05] (IBM -> IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [725192 2018-12-26] (IBM -> IBM Corp.)
R0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [461768 2018-12-26] (IBM -> IBM Corp.)
R0 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [608840 2018-12-26] (IBM -> IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [758168 2018-12-26] (IBM -> IBM Corp.)
S3 RtlWlanu_OldIC; C:\WINDOWS\System32\drivers\rtwlanu_oldIC.sys [3814400 2018-04-12] (Microsoft Windows -> Realtek Semiconductor Corporation )
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1310552 2017-12-25] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [213336 2017-12-25] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 tnd; C:\WINDOWS\system32\DRIVERS\tnd.sys [690520 2017-12-25] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 trufos; C:\WINDOWS\System32\drivers\trufos.sys [439576 2018-12-30] (Bitdefender SRL -> BitDefender S.R.L.)
S3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [331976 2017-12-25] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R0 volume_tracker; C:\WINDOWS\System32\DRIVERS\volume_tracker.sys [243472 2017-12-25] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46680 2018-12-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [330936 2018-12-19] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-19] (Microsoft Windows -> Microsoft Corporation)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [270608 2017-11-26] (Beijing Duodian Online Science and Technology Co.,Ltd -> BigNox Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-02-11] (Zemana Ltd. -> Zemana Ltd.)
S0 edevmon; system32\DRIVERS\edevmon.sys [X]
S3 RtlWlanu; \SystemRoot\System32\drivers\rtwlanu.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\Roman\Documents\BitcoinZ\BitcoinZ.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-09 08:07 - 2019-02-09 08:08 - 000023284 _____ C:\Users\Roman\Desktop\FRST.txt
2019-02-09 08:06 - 2019-02-09 08:07 - 000000000 ____D C:\FRST
2019-02-09 08:02 - 2019-02-09 08:02 - 002434048 _____ (Farbar) C:\Users\Roman\Desktop\FRST64.exe
2019-02-08 22:07 - 2019-02-08 22:07 - 002038755 _____ C:\Users\Roman\Desktop\zoek.exe
2019-02-08 20:37 - 2019-02-08 20:37 - 000000000 ____D C:\Users\Roman\AppData\Local\PeerDistRepub
2019-02-08 20:31 - 2019-02-08 20:31 - 000000000 ____D C:\Users\Roman\AppData\Roaming\Google
2019-02-07 22:05 - 2019-02-07 22:05 - 006624296 _____ (Zemana Ltd. ) C:\Users\Roman\Desktop\Zemana.AntiMalware.Setup.exe
2019-02-07 22:05 - 2019-02-07 22:05 - 000008859 _____ C:\Users\Roman\Desktop\zoek-results.txt
2019-02-07 22:01 - 2019-02-07 22:01 - 000000000 ____D C:\Users\Roman\AppData\Local\VirtualStore
2019-02-07 22:01 - 2019-02-07 22:01 - 000000000 ____D C:\Users\Roman\AppData\Local\CrashRpt
2019-02-07 21:57 - 2014-02-13 23:59 - 000024064 _____ C:\WINDOWS\zoek-delete.exe
2019-02-07 21:26 - 2019-02-07 21:51 - 000000000 ____D C:\zoek_backup
2019-02-07 21:23 - 2019-02-07 21:23 - 000001722 _____ C:\Users\Roman\Desktop\scan.txt
2019-02-06 22:46 - 2019-02-06 22:46 - 000002786 _____ C:\Users\Roman\Desktop\RogueKiller..txt
2019-02-06 22:42 - 2019-02-06 22:42 - 000002788 _____ C:\Users\Roman\Desktop\as_C8FC.tmp.txt
2019-02-06 21:20 - 2019-02-06 21:20 - 000000000 ____D C:\ProgramData\RogueKiller
2019-02-06 19:59 - 2019-02-06 19:59 - 000002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2019-02-06 19:59 - 2019-02-06 19:59 - 000000000 ____D C:\ProgramData\Sophos
2019-02-06 19:59 - 2019-02-06 19:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2019-02-06 19:59 - 2019-02-06 19:59 - 000000000 ____D C:\Program Files (x86)\Sophos
2019-02-06 19:56 - 2019-02-06 19:56 - 033492536 _____ C:\Users\Roman\Desktop\RogueKiller_portable64.exe
2019-02-06 19:53 - 2019-02-06 19:58 - 206758184 _____ (Sophos Limited) C:\Users\Roman\Desktop\Sophos Virus Removal Tool.exe
2019-02-06 19:52 - 2019-02-06 19:52 - 000000553 _____ C:\Users\Roman\Desktop\JRT.txt
2019-02-06 19:48 - 2019-02-06 19:48 - 001790024 _____ (Malwarebytes) C:\Users\Roman\Desktop\JRT.exe
2019-02-06 19:04 - 2019-02-06 19:04 - 000000000 ____D C:\Users\Roman\AppData\Roaming\EasyAntiCheat
2019-02-06 18:06 - 2019-02-06 18:06 - 000001729 _____ C:\Users\Roman\Desktop\AdwCleaner[S02].txt
2019-02-06 18:03 - 2019-02-06 18:03 - 007316688 _____ (Malwarebytes) C:\Users\Roman\Desktop\AdwCleaner.exe
2019-02-06 18:00 - 2019-02-06 18:00 - 000448512 _____ (OldTimer Tools) C:\Users\Roman\Desktop\TFC.exe
2019-02-06 16:23 - 2019-02-06 16:23 - 000388608 _____ (Trend Micro Inc.) C:\Users\Roman\Desktop\HijackThis.exe
2019-02-06 13:20 - 2019-02-06 13:20 - 000000000 ____D C:\Users\Roman\AppData\LocalLow\rondomedia GmbH
2019-02-06 12:52 - 2019-02-06 12:52 - 000000803 _____ C:\Users\Roman\Desktop\RESCUE 2013.lnk
2019-02-06 12:52 - 2019-02-06 12:52 - 000000000 ____D C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RESCUE 2013 – MESTO V OHROŽENÍ
2019-02-06 11:44 - 2019-02-06 11:48 - 1153706619 _____ C:\Users\Roman\Desktop\Dok.rar
2019-02-06 11:40 - 2019-02-06 11:40 - 941644390 _____ C:\Users\Roman\Desktop\registry po opravě CCcleanerem.rar
2019-02-06 11:34 - 2019-02-06 11:35 - 000000000 ____D C:\Program Files\WinRAR
2019-02-06 11:34 - 2019-02-06 11:34 - 000000000 ____D C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-02-06 11:34 - 2019-02-06 11:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-02-06 09:49 - 2019-02-06 09:49 - 000000955 _____ C:\Users\Public\Desktop\Anvi Folder Locker.lnk
2019-02-06 09:49 - 2019-02-06 09:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2019-02-06 09:49 - 2019-02-06 09:49 - 000000000 ____D C:\ProgramData\Anvisoft
2019-02-06 09:47 - 2019-02-06 09:47 - 014558584 _____ (Anvisoft) C:\Users\Roman\Downloads\aflsetup.exe
2019-02-06 09:08 - 2019-02-09 07:52 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2019-02-06 09:07 - 2019-02-06 09:13 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2019-02-06 09:07 - 2019-02-06 09:07 - 000001167 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2019-02-06 09:07 - 2019-02-06 09:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2019-02-06 09:07 - 2019-02-06 09:07 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-02-06 09:07 - 2015-10-05 09:50 - 000109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2019-02-06 09:07 - 2015-10-05 09:50 - 000064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2019-02-06 09:07 - 2015-10-05 09:50 - 000025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-02-06 07:49 - 2019-02-06 07:51 - 183502792 _____ C:\Users\Roman\Desktop\hgm83s8z.exe
2019-02-06 07:45 - 2019-01-30 21:07 - 000133512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2019-02-06 07:42 - 2019-02-01 22:36 - 000047592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2019-02-06 07:42 - 2019-02-01 02:40 - 001005984 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2019-02-06 07:42 - 2019-02-01 02:40 - 001005984 _____ C:\WINDOWS\system32\vulkan-1.dll
2019-02-06 07:42 - 2019-02-01 02:40 - 000869792 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2019-02-06 07:42 - 2019-02-01 02:40 - 000869792 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2019-02-06 07:42 - 2019-02-01 02:40 - 000551680 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2019-02-06 07:42 - 2019-02-01 02:40 - 000456640 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2019-02-06 07:42 - 2019-02-01 02:40 - 000269752 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2019-02-06 07:42 - 2019-02-01 02:40 - 000269752 _____ C:\WINDOWS\system32\vulkaninfo.exe
2019-02-06 07:42 - 2019-02-01 02:40 - 000244128 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-02-06 07:42 - 2019-02-01 02:40 - 000244128 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2019-02-06 07:42 - 2019-02-01 02:38 - 010894304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 009254696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 005273048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 004624184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 002031896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 001734560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6441881.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 001534912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 001467864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6441881.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 001464008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 001129352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 000752440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 000668640 _____ C:\WINDOWS\system32\nvofapi64.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 000631688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 000611744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 000534544 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 000522120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 040235120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 035140696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 020101600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 017428328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 001471816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 001462232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 001169152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 001152200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 001145720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 000915120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 000822784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 000794656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 000638200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2019-02-06 07:42 - 2019-02-01 02:36 - 004296808 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2019-02-06 07:30 - 2019-02-06 07:30 - 019341880 _____ (Piriform Software Ltd) C:\Users\Roman\Downloads\ccsetup552.exe
2019-02-06 07:26 - 2019-02-06 07:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Securely File Shredder
2019-02-06 07:26 - 2019-02-06 07:26 - 000000000 ____D C:\Program Files\Securely File Shredder
2019-02-06 07:24 - 2019-02-06 07:24 - 000472936 _____ (Reason Company Software Inc.) C:\Users\Roman\Downloads\SecurelyFileShredder_Setup.exe
2019-02-05 22:04 - 2019-02-05 22:04 - 000000000 ____D C:\Users\Roman\AppData\Local\Eraser 6
2019-02-05 21:01 - 2019-02-05 21:01 - 000000000 ____D C:\Users\Roman\AppData\Roaming\BitcoinZ
2019-02-05 21:01 - 2019-02-05 21:01 - 000000000 ____D C:\Users\Roman\AppData\Local\BitcoinZWallet
2019-02-05 20:43 - 2019-02-05 20:43 - 000000000 ____D C:\Users\Roman\AppData\Roaming\Mozilla
2019-02-05 20:43 - 2019-02-05 20:43 - 000000000 ____D C:\Users\Roman\AppData\Local\Trusteer
2019-02-05 20:43 - 2019-02-05 20:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ochrana koncového bodu Trusteer
2019-02-05 20:43 - 2019-02-05 20:43 - 000000000 ____D C:\Program Files (x86)\Trusteer
2019-02-05 20:43 - 2018-12-26 21:05 - 000608840 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKE64.sys
2019-02-05 20:43 - 2018-12-26 21:05 - 000461768 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys
2019-02-05 20:42 - 2019-02-05 20:42 - 000488952 _____ (IBM Corp.) C:\Users\Roman\Downloads\RapportSetup.exe
2019-02-05 20:42 - 2019-02-05 20:42 - 000000000 ____D C:\ProgramData\Trusteer
2019-02-05 20:33 - 2019-01-01 08:12 - 007520104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-02-05 20:32 - 2019-01-01 14:50 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-02-05 20:32 - 2019-01-01 14:47 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
2019-02-05 20:32 - 2019-01-01 14:46 - 012710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-02-05 20:32 - 2019-01-01 14:45 - 000714752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2019-02-05 20:32 - 2019-01-01 14:45 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2019-02-05 20:32 - 2019-01-01 14:43 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-02-05 20:32 - 2019-01-01 14:20 - 011902976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-02-05 20:32 - 2019-01-01 14:20 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowslivelogin.dll
2019-02-05 20:32 - 2019-01-01 14:18 - 000500736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2019-02-05 20:32 - 2019-01-01 14:17 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2019-02-05 20:32 - 2019-01-01 08:14 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-02-05 20:32 - 2019-01-01 08:14 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-02-05 20:32 - 2019-01-01 08:14 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-02-05 20:32 - 2019-01-01 08:14 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-02-05 20:32 - 2019-01-01 08:14 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-02-05 20:32 - 2019-01-01 08:14 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-02-05 20:32 - 2019-01-01 08:13 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-02-05 20:32 - 2019-01-01 08:13 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2019-02-05 20:32 - 2019-01-01 08:13 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-02-05 20:32 - 2019-01-01 08:13 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-02-05 20:32 - 2019-01-01 08:13 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-02-05 20:32 - 2019-01-01 08:12 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-02-05 20:32 - 2019-01-01 08:12 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-02-05 20:32 - 2019-01-01 08:12 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-02-05 20:32 - 2019-01-01 08:12 - 002421288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-02-05 20:32 - 2019-01-01 08:12 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-02-05 20:32 - 2019-01-01 08:12 - 000268304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-02-05 20:32 - 2019-01-01 08:12 - 000128824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2019-02-05 20:32 - 2019-01-01 08:12 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-02-05 20:32 - 2019-01-01 07:55 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-02-05 20:32 - 2019-01-01 07:50 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-02-05 20:32 - 2019-01-01 07:50 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-02-05 20:32 - 2019-01-01 07:48 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-02-05 20:32 - 2019-01-01 07:48 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2019-02-05 20:32 - 2019-01-01 07:48 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Print.Workflow.Source.dll
2019-02-05 20:32 - 2019-01-01 07:47 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-02-05 20:32 - 2019-01-01 07:47 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-02-05 20:32 - 2019-01-01 07:46 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-02-05 20:32 - 2019-01-01 07:46 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-02-05 20:32 - 2019-01-01 07:46 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-02-05 20:32 - 2019-01-01 07:45 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-02-05 20:32 - 2019-01-01 07:45 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-02-05 20:32 - 2019-01-01 07:45 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-02-05 20:32 - 2019-01-01 07:44 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-02-05 20:32 - 2019-01-01 07:44 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-02-05 20:32 - 2019-01-01 07:44 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-02-05 20:32 - 2019-01-01 07:44 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2019-02-05 20:32 - 2019-01-01 07:44 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-02-05 20:32 - 2019-01-01 07:43 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-02-05 20:32 - 2019-01-01 07:42 - 004939776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-02-05 20:32 - 2019-01-01 07:42 - 002247680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2019-02-05 20:32 - 2019-01-01 07:42 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-02-05 20:32 - 2019-01-01 07:42 - 000717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2019-02-05 20:32 - 2019-01-01 07:41 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-02-05 20:32 - 2019-01-01 07:41 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-02-05 20:32 - 2019-01-01 07:41 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2019-02-05 20:32 - 2019-01-01 07:41 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-02-05 20:32 - 2019-01-01 07:37 - 006571584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-02-05 20:32 - 2019-01-01 07:37 - 002478664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-02-05 20:32 - 2019-01-01 07:37 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-02-05 20:32 - 2019-01-01 07:37 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-02-05 20:32 - 2019-01-01 07:37 - 000880048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2019-02-05 20:32 - 2019-01-01 07:37 - 000581808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-02-05 20:32 - 2019-01-01 07:37 - 000381240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-02-05 20:32 - 2019-01-01 07:29 - 022016512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-02-05 20:32 - 2019-01-01 07:22 - 019405312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-02-05 20:32 - 2019-01-01 07:17 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-02-05 20:32 - 2019-01-01 07:16 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-02-05 20:32 - 2019-01-01 07:16 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-02-05 20:32 - 2019-01-01 07:16 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2019-02-05 20:32 - 2019-01-01 07:15 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-02-05 20:32 - 2019-01-01 07:15 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-02-05 20:32 - 2019-01-01 07:15 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-02-05 20:32 - 2019-01-01 07:15 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-02-05 20:32 - 2019-01-01 07:14 - 004514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-02-05 20:32 - 2019-01-01 07:14 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-02-05 20:32 - 2019-01-01 07:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-02-05 20:32 - 2019-01-01 07:13 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-02-05 20:32 - 2019-01-01 07:13 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2019-02-05 20:32 - 2019-01-01 07:13 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-02-05 20:32 - 2019-01-01 07:12 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-02-05 20:32 - 2019-01-01 07:12 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2019-02-05 20:32 - 2019-01-01 07:12 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-02-05 20:32 - 2019-01-01 07:12 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2019-02-05 20:32 - 2019-01-01 06:23 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-02-05 20:32 - 2018-12-19 05:49 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-02-05 20:21 - 2019-02-05 20:21 - 000000000 ____D C:\WINDOWS\CSC

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-09 08:08 - 2018-02-11 14:39 - 000060171 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2019-02-09 08:03 - 2018-02-14 19:31 - 000000000 ____D C:\Users\Roman\AppData\Local\Everything
2019-02-09 08:03 - 2018-02-14 17:02 - 000000000 ____D C:\Users\Roman\AppData\Roaming\Everything
2019-02-09 08:01 - 2017-11-29 10:15 - 000000000 ___HD C:\Users\Roman\Desktop\_SNAPDOC
2019-02-09 07:58 - 2018-05-22 10:46 - 001689050 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-02-09 07:58 - 2018-04-12 16:51 - 000715034 _____ C:\WINDOWS\system32\perfh005.dat
2019-02-09 07:58 - 2018-04-12 16:51 - 000144328 _____ C:\WINDOWS\system32\perfc005.dat
2019-02-09 07:58 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2019-02-09 07:54 - 2017-11-24 20:21 - 000000000 ____D C:\ProgramData\NVIDIA
2019-02-09 07:52 - 2018-05-22 10:42 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-02-09 07:52 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-02-09 07:52 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-08 22:32 - 2018-04-11 22:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-02-08 22:19 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-08 21:06 - 2018-05-22 10:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-02-07 22:16 - 2018-07-11 12:12 - 000000000 ____D C:\ProgramData\Packages
2019-02-07 21:51 - 2018-05-22 10:38 - 000000000 ____D C:\Users\Roman
2019-02-07 21:28 - 2017-11-29 10:29 - 000000000 ____D C:\Users\Roman\AppData\Local\CrashDumps
2019-02-06 15:32 - 2017-11-28 15:38 - 000000000 ____D C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2019-02-06 09:21 - 2018-07-20 20:06 - 000000000 ____D C:\Users\Roman\AppData\Roaming\system32
2019-02-06 07:52 - 2018-12-30 21:33 - 000000000 ____D C:\Users\Roman\Doctor Web
2019-02-06 07:46 - 2017-11-24 20:21 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-02-06 07:46 - 2017-11-24 17:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2019-02-06 07:45 - 2017-11-24 20:21 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-02-06 07:31 - 2018-05-22 10:42 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-02-06 07:31 - 2017-11-28 15:28 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-02-06 07:16 - 2017-11-28 15:28 - 000000000 ____D C:\Program Files\CCleaner
2019-02-05 22:06 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-02-05 22:06 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-02-05 20:34 - 2018-05-22 10:42 - 000003372 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-917377831-1171802105-78364817-1001
2019-02-05 20:34 - 2018-05-22 10:38 - 000002383 _____ C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-05 20:34 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-02-05 20:34 - 2017-11-24 17:00 - 000000000 ___RD C:\Users\Roman\OneDrive
2019-02-05 20:32 - 2017-11-24 19:40 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-02-05 20:31 - 2017-11-24 19:40 - 132790320 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-02-05 20:26 - 2017-11-24 19:43 - 000000000 ____D C:\Program Files\rempl
2019-02-05 20:25 - 2017-11-25 20:07 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-02-05 20:21 - 2018-12-30 05:49 - 000003376 _____ C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onLogOn
2019-02-05 20:21 - 2018-12-30 05:49 - 000003370 _____ C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onTime
2019-02-01 22:36 - 2017-11-09 04:38 - 001682392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2019-02-01 22:36 - 2017-11-09 04:38 - 000228768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2019-02-01 02:37 - 2017-11-25 22:34 - 005036824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2019-01-31 07:09 - 2017-11-25 22:34 - 000049634 _____ C:\WINDOWS\system32\nvinfo.pb
2019-01-31 07:09 - 2017-11-25 22:10 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2019-01-30 21:09 - 2017-11-24 20:21 - 005364776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2019-01-30 21:09 - 2017-11-24 20:21 - 002624824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2019-01-30 21:09 - 2017-11-24 20:21 - 001767920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2019-01-30 21:09 - 2017-11-24 20:21 - 000651248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2019-01-30 21:09 - 2017-11-24 20:21 - 000450600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2019-01-30 21:09 - 2017-11-24 20:21 - 000124968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2019-01-30 21:09 - 2017-11-24 20:21 - 000082800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2019-01-30 14:15 - 2017-11-24 20:21 - 008488852 _____ C:\WINDOWS\system32\nvcoproc.bin
2019-01-26 15:03 - 2017-11-24 20:21 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat

==================== Files in the root of some directories =======

2018-03-19 08:45 - 2005-09-09 19:55 - 037766164 _____ () C:\Program Files (x86)\Data1.cab
2018-03-19 08:45 - 2005-09-09 19:55 - 007155864 _____ () C:\Program Files (x86)\NGhost10.msi
2018-03-19 08:45 - 2005-09-09 19:55 - 000000035 _____ () C:\Program Files (x86)\SCSSDist.ini
2018-03-19 08:45 - 2005-09-09 19:55 - 004588454 _____ (Symantec ) C:\Program Files (x86)\setup.exe
2018-02-01 13:03 - 2018-02-01 13:03 - 000000615 _____ () C:\Users\Roman\AppData\Roaming\jd-gui.cfg
2018-03-18 22:47 - 2018-03-18 22:47 - 000000001 _____ () C:\Users\Roman\AppData\Local\RawCopy.1.01.agreement
2018-03-18 22:48 - 2018-03-18 22:48 - 000000001 _____ () C:\Users\Roman\AppData\Local\RawCopy.sourcedisk.index

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-22 10:36

==================== End of FRST.txt ============================

Reklama
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Preventivní kontrola PC a čištění před tvorbou zálohy.

Příspěvekod jaro3 » 09 úno 2019 14:40

HKLM\...\StartupApproved\Run: => "TNOD UP"???
\Active Undelete 10.2.9.1 Ultimate + Crack [Kedar_CZ]\crack.exe->(PECompact2 v2.50+)
E:\Nová složka\Active Undelete 10.2.9.1 Ultimate + Crack [Kedar_CZ]\crack.exe; file:_E:\Nová složka\Active Undelete 10.2.9.1 Ultimate + Crack [Kedar_CZ]\crack.exe->(PECompact2 v2.50+)
Pů Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: DESKTOP-O6D3TT1\Roman
Název procesu: C:\Users\Roman\Downloads\esetonlinescanner_csy.exevod zjišťování: Místní počítač

Odinstaluj nelegální ESET Security!!

A nainstaluj si free antivir , Avast Comodo , Avira ap.

Task: C:\WINDOWS\Tasks\EPSON L386 Series Update {14275174-FCFF-4428-8639-17C9D2F4FF7B}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSRPE.EXE:/EXE:{14275174-FCFF-4428-8639-17C9D2F4FF7B} /F:UpdateWORKGROUP\DESKTOP-O6D3TT1$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

Epson je v pořádku?

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
Task: {21DA73F2-1D3B-4A00-97F4-06F7DF473A61} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-24] (Google Inc -> Google Inc.)
Task: {6356913A-19C3-4A24-A8A3-B78BDF123318} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-24] (Google Inc -> Google Inc.)
Task: {75E1DDBA-BF2C-4F83-B389-3533BE79D70C} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
SearchScopes: HKU\S-1-5-21-917377831-1171802105-78364817-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-917377831-1171802105-78364817-1001 -> {0B95B3F4-0A26-41F9-AA9C-5B11C159ECF9} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13014
CHR HKU\S-1-5-21-917377831-1171802105-78364817-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
S3 trufos; C:\WINDOWS\System32\drivers\trufos.sys [439576 2018-12-30] (Bitdefender SRL -> BitDefender S.R.L.)
C:\Program Files (x86)\setup.exe

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.

C:\Users\Roman\Desktop\as_C8FC.tmp.txt
C:\Users\Roman\Desktop\hgm83s8z.exe
znáš tyto soubory?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

neca
Level 2
Level 2
Příspěvky: 164
Registrován: leden 12
Pohlaví: Muž
Stav:
Offline

Re: Preventivní kontrola PC a čištění před tvorbou zálohy.

Příspěvekod neca » 10 úno 2019 07:56

Epson v pořádku, když tak mám instalační CD.


Fix result of Farbar Recovery Scan Tool (x64) Version: 8.02.2019
Ran by Roman (10-02-2019 07:51:47) Run:1
Running from C:\Users\Roman\Desktop
Loaded Profiles: Roman (Available Profiles: Roman)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
Task: {21DA73F2-1D3B-4A00-97F4-06F7DF473A61} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-24] (Google Inc -> Google Inc.)
Task: {6356913A-19C3-4A24-A8A3-B78BDF123318} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-24] (Google Inc -> Google Inc.)
Task: {75E1DDBA-BF2C-4F83-B389-3533BE79D70C} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
SearchScopes: HKU\S-1-5-21-917377831-1171802105-78364817-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-917377831-1171802105-78364817-1001 -> {0B95B3F4-0A26-41F9-AA9C-5B11C159ECF9} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13014
CHR HKU\S-1-5-21-917377831-1171802105-78364817-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
S3 trufos; C:\WINDOWS\System32\drivers\trufos.sys [439576 2018-12-30] (Bitdefender SRL -> BitDefender S.R.L.)
C:\Program Files (x86)\setup.exe

EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{21DA73F2-1D3B-4A00-97F4-06F7DF473A61}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21DA73F2-1D3B-4A00-97F4-06F7DF473A61}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6356913A-19C3-4A24-A8A3-B78BDF123318}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6356913A-19C3-4A24-A8A3-B78BDF123318}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{75E1DDBA-BF2C-4F83-B389-3533BE79D70C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75E1DDBA-BF2C-4F83-B389-3533BE79D70C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => moved successfully
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKU\S-1-5-21-917377831-1171802105-78364817-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} => removed successfully
HKLM\Software\Classes\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => not found
HKU\S-1-5-21-917377831-1171802105-78364817-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0B95B3F4-0A26-41F9-AA9C-5B11C159ECF9} => removed successfully
HKLM\Software\Classes\CLSID\{0B95B3F4-0A26-41F9-AA9C-5B11C159ECF9} => not found
HKU\S-1-5-21-917377831-1171802105-78364817-1001\SOFTWARE\Google\Chrome\Extensions\bbjllphbppobebmjpjcijfbakobcheof => could not remove. Access Denied.
HKLM\System\CurrentControlSet\Services\trufos => removed successfully
trufos => service removed successfully
C:\Program Files (x86)\setup.exe => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1663500047 B
Java, Flash, Steam htmlcache => 209162800 B
Windows/system/drivers => 142839 B
Edge => 0 B
Chrome => 255810053 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 7188 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
Roman => 9670059 B

RecycleBin => 0 B
EmptyTemp: => 2 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 10-02-2019 07:53:46)


Result of scheduled keys to remove after reboot:

HKU\S-1-5-21-917377831-1171802105-78364817-1001\SOFTWARE\Google\Chrome\Extensions\bbjllphbppobebmjpjcijfbakobcheof => could not remove. Access Denied.

==== End of Fixlog 07:53:46 ====

neca
Level 2
Level 2
Příspěvky: 164
Registrován: leden 12
Pohlaví: Muž
Stav:
Offline

Re: Preventivní kontrola PC a čištění před tvorbou zálohy.

Příspěvekod neca » 10 úno 2019 08:03

C:\Users\Roman\Desktop\as_C8FC.tmp.txt
C:\Users\Roman\Desktop\hgm83s8z.exe
znáš tyto soubory?

Neznám




---------------------------------------------------------------------------
CrystalDiskInfo 7.5.0 (C) 2008-2017 hiyohiyo
Crystal Dew World : https://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 10 Professional [10.0 Build 17134] (x64)
Date : 2019/02/10 8:02:09

-- Controller Map ----------------------------------------------------------
+ Standardní řadič SATA AHCI [ATA]
- KINGSTON SHSS37A240G
- ASUS DRW-24F1MT
- WDC WD1600JS-60MHB5
- Řadič prostorů úložišť [SCSI]

-- Disk List ---------------------------------------------------------------
(1) KINGSTON SHSS37A240G : 240,0 GB [0/0/0, pd1]
(2) WDC WD1600JS-60MHB5 : 160,0 GB [1/0/0, pd1] - wd

----------------------------------------------------------------------------
(1) KINGSTON SHSS37A240G
----------------------------------------------------------------------------
Model : KINGSTON SHSS37A240G
Firmware : SAFM00.r
Serial Number : 50026B7258082019
Disk Size : 240,0 GB (8,4/137,4/240,0/240,0)
Buffer Size : 10104 KB
Queue Depth : 32
# of Sectors : 468862128
Rotation Rate : ---- (SSD)
Interface : Serial ATA
Major Version : ACS-2
Minor Version : ----
Transfer Mode : SATA/600 | SATA/600
Power On Hours : 10153 hod.
Power On Count : 1260 krát
Temperature : 29 C (84 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, 48bit LBA, NCQ, TRIM
APM Level : 00FEh [ON]
AAM Level : ----
Drive Letter : C: D:

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 100 _50 000000000000 Počet chyb čtení
02 100 100 _50 000000000000 Průchodnost disku
03 100 100 _50 000000000000 Čas na roztočení ploten
05 100 100 _50 000000000001 Počet přemapovaných sektorů
07 100 100 _50 000000000000 Počet chybných hledání
08 100 100 _50 000000000000 Čas potřebný na vyhledání
09 100 100 __0 0000000027A9 Hodin v činnosti
0C 100 100 __0 0000000004EC Počet cyklů zapnutí zařízení
A8 100 100 __0 000000000000 Specifický pro výrobce
AA _98 _98 _10 0001000002D6 Specifický pro výrobce
AD 100 100 __0 0000006E00C8 Specifický pro výrobce
AF 100 100 _50 000000000000 Specifický pro výrobce
B7 100 100 100 000000C8006E Specifický pro výrobce
BB 100 100 __0 000000000000 Specifický pro výrobce
C0 100 100 __0 000000000034 Unsafe Shutdown Count
C2 _71 _51 _30 00310015001D Teplota
C4 100 100 _10 000000000001 Počet udalostí s číslem realokování sektorů
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C7 100 100 _50 000000000000 Specifický pro výrobce
DA 100 100 _50 000000000000 Specifický pro výrobce
E7 100 100 __0 000000000061 Specifický pro výrobce
E9 100 100 __0 000000005DFA Specifický pro výrobce
F0 100 100 __0 000000000000 Specifický pro výrobce
F1 100 100 __0 000000003CC5 Total Host Writes
F2 100 100 __0 000000019C59 Total Host Reads
F4 100 100 __0 00000000006E Specifický pro výrobce
F5 100 100 __0 0000000000C8 Specifický pro výrobce
F6 100 100 __0 000000728A40 Specifický pro výrobce

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0040 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 3530 3032 3642 3732 3538 3038 3230 3139 2020 2020
020: 0000 4EF0 0000 5341 464D 3030 2E72 4B49 4E47 5354
030: 4F4E 2053 4853 5333 3741 3234 3047 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4000 0000 0000 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 5F20
070: 0000 0000 0000 0000 0000 001F E70E 0006 004C 0040
080: 03F8 0000 746B 7D09 4063 7469 BC09 4063 207F 0001
090: 0001 00FE FFFE 0000 0000 0000 0000 0000 0000 0000
100: 44B0 1BF2 0000 0000 0000 0008 4000 0000 0000 0000
110: 0000 0000 0000 0000 0000 0000 0000 0000 0000 4019
120: 4019 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0003 0001
170: 0000 0000 0003 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0BB8 0064 0000
190: 0080 0100 0AEF 0001 0000 0080 0000 0000 0000 0000
200: 0000 0000 9696 9595 9601 9696 0000 0000 0000 4000
210: 0000 0000 0000 0000 0000 0000 0000 0001 0000 0000
220: 0000 0000 107F 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 FFFF 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 6CA5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 0B 00 64 64 00 00 00 00 00 00 00 02 05
010: 00 64 64 00 00 00 00 00 00 00 03 07 00 64 64 00
020: 00 00 00 00 00 00 05 13 00 64 64 01 00 00 00 00
030: 00 00 07 0B 00 64 64 00 00 00 00 00 00 00 08 05
040: 00 64 64 00 00 00 00 00 00 00 09 12 00 64 64 A9
050: 27 00 00 00 00 00 0C 12 00 64 64 EC 04 00 00 00
060: 00 00 A8 12 00 64 64 00 00 00 00 00 00 00 AA 03
070: 00 62 62 D6 02 00 00 01 00 00 AD 12 00 64 64 C8
080: 00 6E 00 00 00 00 AF 13 00 64 64 00 00 00 00 00
090: 00 00 B7 12 00 64 64 6E 00 C8 00 00 00 00 BB 12
0A0: 00 64 64 00 00 00 00 00 00 00 C0 12 00 64 64 34
0B0: 00 00 00 00 00 00 C2 23 00 47 33 1D 00 15 00 31
0C0: 00 00 C4 02 00 64 64 01 00 00 00 00 00 00 C5 32
0D0: 00 64 64 00 00 00 00 00 00 00 C7 0B 00 64 64 00
0E0: 00 00 00 00 00 00 DA 0B 00 64 64 00 00 00 00 00
0F0: 00 00 E7 13 00 64 64 61 00 00 00 00 00 00 E9 0B
100: 00 64 64 FA 5D 00 00 00 00 00 F0 13 00 64 64 00
110: 00 00 00 00 00 00 F1 12 00 64 64 C5 3C 00 00 00
120: 00 00 F2 12 00 64 64 59 9C 01 00 00 00 00 F4 02
130: 00 64 64 6E 00 00 00 00 00 00 F5 02 00 64 64 C8
140: 00 00 00 00 00 00 F6 12 00 64 64 40 8A 72 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 1E 00 00 5B
170: 03 00 01 00 01 02 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 32 00 64 64 00 00 00 00 00 00 00 02 32
010: 00 64 64 00 00 00 00 00 00 00 03 32 00 64 64 00
020: 00 00 00 00 00 00 05 32 00 64 64 00 00 00 00 00
030: 00 00 07 32 00 64 64 00 00 00 00 00 00 00 08 32
040: 00 64 64 00 00 00 00 00 00 00 09 00 00 64 64 00
050: 00 00 00 00 00 00 0C 00 00 64 64 00 00 00 00 00
060: 00 00 A8 00 00 64 64 00 00 00 00 00 00 00 AA 0A
070: 00 64 64 00 00 00 00 00 00 00 AD 00 00 64 64 00
080: 00 00 00 00 00 00 AF 32 00 64 64 00 00 00 00 00
090: 00 00 B7 64 00 64 64 00 00 00 00 00 00 00 BB 00
0A0: 00 64 64 00 00 00 00 00 00 00 C0 00 00 64 64 00
0B0: 00 00 00 00 00 00 C2 1E 00 64 64 00 00 00 00 00
0C0: 00 00 C4 0A 00 64 64 00 00 00 00 00 00 00 C5 00
0D0: 00 64 64 00 00 00 00 00 00 00 C7 32 00 64 64 00
0E0: 00 00 00 00 00 00 DA 32 00 64 64 00 00 00 00 00
0F0: 00 00 E7 00 00 64 64 00 00 00 00 00 00 00 E9 00
100: 00 64 64 00 00 00 00 00 00 00 F0 00 00 64 64 00
110: 00 00 00 00 00 00 F1 00 00 64 64 00 00 00 00 00
120: 00 00 F2 00 00 64 64 00 00 00 00 00 00 00 F4 00
130: 00 64 64 00 00 00 00 00 00 00 F5 00 00 64 64 00
140: 00 00 00 00 00 00 F6 00 00 64 64 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3B

----------------------------------------------------------------------------
(2) WDC WD1600JS-60MHB5
----------------------------------------------------------------------------
Model : WDC WD1600JS-60MHB5
Firmware : 10.02E04
Serial Number : WD-WCANM7348056
Disk Size : 160,0 GB (8,4/137,4/160,0/160,0)
Buffer Size : 8192 KB
Queue Depth : 1
# of Sectors : 312581808
Rotation Rate : Neznámy údaj
Interface : Serial ATA
Major Version : ATA/ATAPI-7
Minor Version : ----
Transfer Mode : ---- | SATA/300
Power On Hours : 24415 hod.
Power On Count : 3802 krát
Temperature : 29 C (84 F)
Health Status : Pozor
Features : S.M.A.R.T., 48bit LBA
APM Level : ----
AAM Level : ----
Drive Letter : E:

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 198 197 _51 00000001BBA2 Počet chyb čtení
03 182 180 _21 000000000F1A Čas na roztočení ploten
04 _95 _95 __0 000000001388 Počet spuštění/zastavení
05 200 200 140 000000000000 Počet přemapovaných sektorů
07 200 200 _51 000000000000 Počet chybných hledání
09 _67 _67 __0 000000005F5F Hodin v činnosti
0A 100 100 _51 000000000000 Počet opakovaných pokusů o roztočení ploten
0B 100 100 _51 000000000000 Počet pokusů o překalibrování
0C _97 _97 __0 000000000EDA Počet cyklů zapnutí zařízení
BE _71 _34 _45 00000000001D Teplota toku vzduchu
C2 118 _81 __0 00000000001D Teplota
C4 200 200 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 192 192 __0 0000000000D5 Počet podezřelých sektorů
C6 192 192 __0 0000000000D5 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
C8 196 196 _51 000000000097 Počet chyb při zápisu sektorů

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 427A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2057 442D 5743 414E 4D37 3334 3830 3536
020: 0000 4000 0032 3130 2E30 3245 3034 5744 4320 5744
030: 3136 3030 4A53 2D36 304D 4842 3520 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4001 0000 0000 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 0000 0406 0000 0048 0040
080: 00FE 0000 706B 7C01 4023 7069 3C01 4023 203F 001B
090: 001B 0000 FFFE 0000 0000 0000 0000 0000 0000 0000
100: 9EB0 12A1 0000 0000 0000 0000 0000 0000 0000 0000
110: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
120: 0000 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 1663 0000 0000 0000 0000 0000 0000
140: 0000 0000 0004 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 103F 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
220: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 8EA5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 0F 00 C6 C5 A2 BB 01 00 00 00 00 03 03
010: 00 B6 B4 1A 0F 00 00 00 00 00 04 32 00 5F 5F 88
020: 13 00 00 00 00 00 05 33 00 C8 C8 00 00 00 00 00
030: 00 00 07 0F 00 C8 C8 00 00 00 00 00 00 00 09 32
040: 00 43 43 5F 5F 00 00 00 00 00 0A 13 00 64 64 00
050: 00 00 00 00 00 00 0B 12 00 64 64 00 00 00 00 00
060: 00 00 0C 32 00 61 61 DA 0E 00 00 00 00 00 BE 22
070: 00 47 22 1D 00 00 00 00 00 00 C2 22 00 76 51 1D
080: 00 00 00 00 00 00 C4 32 00 C8 C8 00 00 00 00 00
090: 00 00 C5 12 00 C0 C0 D5 00 00 00 00 00 00 C6 10
0A0: 00 C0 C0 D5 00 00 00 00 00 00 C7 3E 00 C8 C8 00
0B0: 00 00 00 00 00 00 C8 09 00 C4 C4 97 00 00 00 00
0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 82 00 18 15 01 7B
170: 03 00 01 00 02 40 06 00 00 00 00 00 00 00 00 00
180: 00 00 01 04 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 24

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 33 C6 C8 C8 C8 00 00 00 00 00 00 03 15
010: 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00
020: 00 00 00 00 00 00 05 8C 00 00 00 00 00 00 00 00
030: 00 00 07 33 C8 C8 C8 C8 00 00 00 00 00 00 09 00
040: 00 00 00 00 00 00 00 00 00 00 0A 33 00 00 00 00
050: 00 00 00 00 00 00 0B 33 00 00 00 00 00 00 00 00
060: 00 00 0C 00 00 00 00 00 00 00 00 00 00 00 BE 2D
070: 00 00 00 00 00 00 00 00 00 00 C2 00 00 00 00 00
080: 00 00 00 00 00 00 C4 00 00 00 00 00 00 00 00 00
090: 00 00 C5 00 00 00 00 00 00 00 00 00 00 00 C6 00
0A0: 2B 88 0D 15 00 00 00 00 00 00 C7 00 00 00 00 00
0B0: 00 00 00 00 00 00 C8 33 C7 C4 C8 C8 00 00 00 00
0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 59

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Preventivní kontrola PC a čištění před tvorbou zálohy.

Příspěvekod jaro3 » 10 úno 2019 19:01

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CreateRestorePoint:
CloseProcesses:
C:\Users\Roman\Desktop\as_C8FC.tmp.txt
C:\Users\Roman\Desktop\hgm83s8z.exe

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

(1) KINGSTON SHSS37A240G
000000000001 Počet přemapovaných sektorů
000000000001 Počet udalostí s číslem realokování sektorů

(2) WDC WD1600JS-60MHB5
0000000000D5 Počet podezřelých sektorů
0000000000D5 Počet neopravitelných sektorů
oba disky nejsou OK , měl by sis zazálohovat!

ten zoek spustit nejde?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

neca
Level 2
Level 2
Příspěvky: 164
Registrován: leden 12
Pohlaví: Muž
Stav:
Offline

Re: Preventivní kontrola PC a čištění před tvorbou zálohy.

Příspěvekod neca » 11 úno 2019 08:56

Zoek stále nejde zpustit, ted je dokonce vymazaný windows defenderem a nejde vůbec stáhnout, defender brání jakémukoliv pokusu o stažení Zoek. Byť je vypnutý. Zazálohovat samozřejmě chci, proto děláme kontrolu a vyčištění, to už jsem ale psal poprvé. Že se smazali ty doplňky, mě vůbec nenapadlo protože jsou důležité. Otevření samotného CHrome teď už taky dobře nejde, včera se třeba vůbec nechtěl zpustit až po restartu PC. Když v chrome zadám do pole přihlášení do emailu na centrumu svůj email vždy automaticky doplnil heslo pro otevření to už teď také nejde, musím kliknout ještě na okýnko pro heslo aby se načetlo. Nevím jak mám zablokovat ten defender aby mi vůbec ten zoek zpustil koneckonců teď jej uplně vymazal a jak jsem psal nejde stáhnout.


jaro3 píše:Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CreateRestorePoint:
CloseProcesses:
C:\Users\Roman\Desktop\as_C8FC.tmp.txt
C:\Users\Roman\Desktop\hgm83s8z.exe

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

(1) KINGSTON SHSS37A240G
000000000001 Počet přemapovaných sektorů
000000000001 Počet udalostí s číslem realokování sektorů

(2) WDC WD1600JS-60MHB5
0000000000D5 Počet podezřelých sektorů
0000000000D5 Počet neopravitelných sektorů
oba disky nejsou OK , měl by sis zazálohovat!

ten zoek spustit nejde?

neca
Level 2
Level 2
Příspěvky: 164
Registrován: leden 12
Pohlaví: Muž
Stav:
Offline

Re: Preventivní kontrola PC a čištění před tvorbou zálohy.

Příspěvekod neca » 11 úno 2019 09:21

Ashampoo_Snap_pondělí 11. února 2019_09h25m52s_001_.jpg
Tak spouštět CHROME už jde a hesla už doplňuje sám. Takže to je good. Teď ještě ty doplňky. Nevím stále jak stáhnout ZOEK a spustit.

Fix result of Farbar Recovery Scan Tool (x64) Version: 10.02.2019 01
Ran by Roman (11-02-2019 09:18:05) Run:2
Running from C:\Users\Roman\Desktop
Loaded Profiles: Roman (Available Profiles: Roman)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
C:\Users\Roman\Desktop\as_C8FC.tmp.txt
C:\Users\Roman\Desktop\hgm83s8z.exe

EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Users\Roman\Desktop\as_C8FC.tmp.txt => moved successfully
C:\Users\Roman\Desktop\hgm83s8z.exe => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 25515194 B
Java, Flash, Steam htmlcache => 9179366 B
Windows/system/drivers => 50996 B
Edge => 0 B
Chrome => 299669854 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 6866 B
NetworkService => 0 B
Roman => 31933258 B

RecycleBin => 0 B
EmptyTemp: => 356.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 09:18:46 ====

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Preventivní kontrola PC a čištění před tvorbou zálohy.

Příspěvekod jaro3 » 11 úno 2019 18:06

ten zoek vyhodnocují antiviry jako nákazu , je třeba všechny ochrany vypnout před jeho stažením..
Co se týká těch doplňků , ono v tom logu je spíš čištění od balastu. Je taky možné , že se prostě ztratily. Máš i na tom prvním disku vadné sektory , i když se doplní náhradními , data tam budou chybět. Tak zkus znovu nainstalovat.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

neca
Level 2
Level 2
Příspěvky: 164
Registrován: leden 12
Pohlaví: Muž
Stav:
Offline

Re: Preventivní kontrola PC a čištění před tvorbou zálohy.

Příspěvekod neca » 11 úno 2019 18:56

jaro3 píše:ten zoek vyhodnocují antiviry jako nákazu , je třeba všechny ochrany vypnout před jeho stažením..
Co se týká těch doplňků , ono v tom logu je spíš čištění od balastu. Je taky možné , že se prostě ztratily. Máš i na tom prvním disku vadné sektory , i když se doplní náhradními , data tam budou chybět. Tak zkus znovu nainstalovat.


Teď jsem psal na podporu snad mi to obnoví zatím jen AUTHY. Bude to teda procedura na min 24 hod. MyEtherwallet ještě nevím.
Teď se mi Zoek podařilo nainstalovat ale při zpouštění i jako zprávce vyskočí toto. Co s tím?
Ashampoo_Snap_pondělí 11. února 2019_19h29m02s_001_.jpg

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Preventivní kontrola PC a čištění před tvorbou zálohy.

Příspěvekod jaro3 » 11 úno 2019 20:53

A tys neměl někde napsané , zazálohované ty údaje?

Pokud se Ti objevila složka v C:\zoek , tak jí smaž , nebo ji jen otevři.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

neca
Level 2
Level 2
Příspěvky: 164
Registrován: leden 12
Pohlaví: Muž
Stav:
Offline

Re: Preventivní kontrola PC a čištění před tvorbou zálohy.

Příspěvekod neca » 11 úno 2019 21:10

jaro3 píše:A tys neměl někde napsané , zazálohované ty údaje? Mám je zálohované papírově raději, ale bude to mazec to naházet růčo.


Pokud se Ti objevila složka v C:\zoek , tak jí smaž , nebo ji jen otevři.
Neobjevila.
Ashampoo_Snap_pondělí 11. února 2019_21h12m14s_002_.jpg

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Preventivní kontrola PC a čištění před tvorbou zálohy.

Příspěvekod jaro3 » 11 úno 2019 21:41

Není skrytá?

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 6 hostů