Skenovaní portů Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

petazi
nováček
Příspěvky: 12
Registrován: březen 18
Pohlaví: Žena
Stav:
Offline

Skenovaní portů  Vyřešeno

Příspěvekod petazi » 15 bře 2018 12:53

Dobrý den,
dnes mi přišel email ze školy, že můj notebook během přihlášení na wifi prováděl skenování portů a může být zavirovaný. S tímto popisem byla spojení má IP adresa.
* Analyzer: HostStats
* Popis: Horizontal SYN scan
* Kategorie: Recon.Scanning

Jak se toho zbavím? Děkuji za rady.

Reklama
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Skenovaní portů

Příspěvekod jaro3 » 15 bře 2018 17:17

Vlož log z HJT:
http://www.pc-help.cz/viewtopic.php?f=70&t=5119

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
http://www.geekstogo.com/forum/files/fi ... -oldtimer/
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode
http://www.bleepingcomputer.com/download/adwcleaner/
http://www.adlice.com/downloadprogress/

Ulož si ho na svojí plochu . Klikni na „Souhlasím“ k povrzení podmínek.
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Skenování“
Po skenu se objeví log , který se otevře. ( jinak je uložen systémovem disku jako C:\AdwCleaner [C?].txt ), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
-Pokud není program aktuální , klikni na možnost „Aktualizovat nyní“ či „Opravit nyní“.
- bude nalezena aktualizace a nainstaluje se.
- poté klikni na Skenovat nyní
- po proběhnutí programu se ti objeví hláška vpravo dole, tak klikni na Zobrazit zprávu a vyber Export a vyber Kopírovat do schránky a vlož sem celý log. Nebo klikni na „Textový soubor ( .txt)“ a log si ulož.
-jinak se log nachází zde: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs

- po té klikni na tlačítko Dokončit, a program zavři křížkem vpravo nahoře.
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

petazi
nováček
Příspěvky: 12
Registrován: březen 18
Pohlaví: Žena
Stav:
Offline

Re: Skenovaní portů

Příspěvekod petazi » 15 bře 2018 17:54

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:53:17, on 15.03.2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.16299.0015)

FIREFOX: 51.0.1 (x86 cs)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\petaz\AppData\Local\Akamai\netsession_win.exe
C:\Users\petaz\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\ASUSWSLoader.exe
C:\Program Files\AVAST Software\SecureLine\SecureLine.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Users\petaz\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe
C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe
C:\Users\petaz\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus15.msn.com/?pc=ASTE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus15.msn.com/?pc=ASTE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\MICROS~1\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [WebStorage] C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\ASUSWSLoader.exe
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [Autodesk Desktop App] "C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe" -tray
O4 - HKCU\..\Run: [CCleaner Monitoring] "D:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\petaz\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Spotify] C:\Users\petaz\AppData\Roaming\Spotify\Spotify.exe --autostart
O4 - HKCU\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
O4 - HKCU\..\Run: [Spotify Web Helper] C:\Users\petaz\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User 'Default user')
O4 - Global Startup: avast! SecureLine.lnk = C:\Program Files\AVAST Software\SecureLine\SecureLine.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do OneNotu - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Autodesk Desktop App Service (AdAppMgrSvc) - Autodesk Inc. - C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
O23 - Service: Asus WebStorage Windows Service - ASUS Cloud Corporation - C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\AsusWSWinService.exe
O23 - Service: Asus GiftBox Desktop (ASUSGiftBoxDekstop) - ASUS - C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGIFTBOXDesktop.exe
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Unknown owner - C:\WINDOWS\system32\DbxSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @oem68.inf,%ServiceDisplayName%;ESIF Upper Framework Service (esifsvc) - Intel Corporation - C:\WINDOWS\SysWOW64\esif_uf.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Security Assist - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
O23 - Service: Intel(R) Security Assist Helper (isaHelperSvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: WPS Office Update Service (Kingsoft_WPS_UpdateService) - Zhuhai Kingsoft Office Software Co.,Ltd - C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsupdatesvr.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Avast SecureLine (SecureLine) - Unknown owner - C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)

--
End of file - 14130 bytes



# AdwCleaner 7.0.8.0 - Logfile created on Thu Mar 15 16:39:15 2018
# Updated on 2018/08/02 by Malwarebytes
# Database: 2018-03-14.3
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

PUP.Optional.Legacy, SearchProvider found: Conduit - search.conduit.com

/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271


*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########




Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 15.03.18
Čas skenování: 17:28
Logovací soubor: f69d849e-286d-11e8-bfbc-9c5c8e108cc6.json
Správce: Ano

-Informace o softwaru-
Verze: 3.4.4.2398
Verze komponentů: 1.0.322
Aktualizovat verzi balíku komponent: 1.0.4368
Licence: Zkušební

-Systémová informace-
OS: Windows 10 (Build 16299.309)
CPU: x64
Systém souborů: NTFS
Uživatel: DESKTOP-PFI72DJ\petaz

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 315821
Zjištěné hrozby: 5
Hrozby umístěné do karantény: 0
(Nebyly zjištěny žádné škodlivé položky)
Uplynulý čas: 6 min, 57 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 5
PUP.Optional.Conduit, C:\USERS\PETAZ\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Žádná uživatelská akce, [529], [454832],1.0.4368
PUP.Optional.Conduit, C:\USERS\PETAZ\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Žádná uživatelská akce, [529], [454832],1.0.4368
PUP.Optional.Conduit, C:\USERS\PETAZ\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Žádná uživatelská akce, [529], [454832],1.0.4368
PUP.Optional.Conduit, C:\USERS\PETAZ\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Žádná uživatelská akce, [529], [454832],1.0.4368
PUP.Optional.Conduit, C:\USERS\PETAZ\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Žádná uživatelská akce, [529], [454832],1.0.4368

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Skenovaní portů

Příspěvekod jaro3 » 15 bře 2018 19:17

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce
klikni na „Skenování“ , po prohledání klikni na „ Čištění

Program provede opravu, po automatickém restartu klikni na „Log soubor“ a pak poklepej na odpovídají log, (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
https://downloads.malwarebytes.com/file/JRT-EOL
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

. spusť znovu Malwarebytes' Anti-Malware a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Sophos Virus Removal Tool je praktický softwarový nástroj, který by mohl odstranit infekce, které antivirový program nedetekuje .
Stáhněte si ho zde z některého odkazu:
http://www.majorgeeks.com/mg/get/sophos ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,2.html

Viry mohou zpomalit počítač, nebo se snaží ukrást vaše data, a ani nevíte , že je máte. Co potřebujete, je rychlý a snadný způsob, jak je najít a zbavit se jich, pokud již máte antivirový program v počítači nainstalován , můžete nainstalovat i nástroj Sophos Virus Removal , který identifikuje a vyčistí zbylé infekce, které mohl Váš antivirový program přehlédnout.
K použití Sophos Virus Removal Tool na něj poklepejte a stiskněte tlačítko „Start scanning“ . Pak bude Sophos Virus Removal Tool vyhledávat a odstraňovat viry, které najde. Může být vyžadován restart.


Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.adlice.com/download/roguekil ... HlwZT14ODY
64bit.:
http://www.adlice.com/download/roguekil ... HlwZT14NjQ
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7,8,10 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“
- Program skenuje procesy PC. Po proskenování klikni na „Open Report “ , v okně pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
-pokud bude mít log více než 60.000 znaků , rozděl ho a vlož do více příspěvků

další odkazy:
http://www.adlice.com/download/roguekiller/
http://www.bleepingcomputer.com/download/roguekiller/
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

petazi
nováček
Příspěvky: 12
Registrován: březen 18
Pohlaví: Žena
Stav:
Offline

Re: Skenovaní portů

Příspěvekod petazi » 15 bře 2018 22:02

# AdwCleaner 7.0.8.0 - Logfile created on Thu Mar 15 19:51:52 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

No malicious registry entries deleted.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

SearchProvider deleted: Conduit - search.conduit.com


*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [1125 B] - [2018/3/15 16:39:15]
C:/AdwCleaner/AdwCleaner[S1].txt - [1193 B] - [2018/3/15 19:51:33]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by petaz (Administrator) on 15.03.2018 at 21:10:20,28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0


Deleted the following from C:\Users\petaz\AppData\Roaming\Mozilla\Firefox\Profiles\gvjjpc8c.default\prefs.js
user_pref(browser.urlbar.suggest.searches, true);



Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.03.2018 at 21:13:31,47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 15.03.18
Čas skenování: 21:14
Logovací soubor: 6b0c692a-288d-11e8-992b-9c5c8e108cc6.json
Správce: Ano

-Informace o softwaru-
Verze: 3.4.4.2398
Verze komponentů: 1.0.322
Aktualizovat verzi balíku komponent: 1.0.4372
Licence: Zkušební

-Systémová informace-
OS: Windows 10 (Build 16299.309)
CPU: x64
Systém souborů: NTFS
Uživatel: DESKTOP-PFI72DJ\petaz

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 315202
Zjištěné hrozby: 5
Hrozby umístěné do karantény: 5
Uplynulý čas: 4 min, 13 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 5
PUP.Optional.Conduit, C:\USERS\PETAZ\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Nahrazen, [529], [454832],1.0.4372
PUP.Optional.Conduit, C:\USERS\PETAZ\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Nahrazen, [529], [454832],1.0.4372
PUP.Optional.Conduit, C:\USERS\PETAZ\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Nahrazen, [529], [454832],1.0.4372
PUP.Optional.Conduit, C:\USERS\PETAZ\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Nahrazen, [529], [454832],1.0.4372
PUP.Optional.Conduit, C:\USERS\PETAZ\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Nahrazen, [529], [454832],1.0.4372

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)






RogueKiller V12.12.8.0 (x64) [Mar 12 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 10 (10.0.16299) 64 bits version
Spuštěno : Normální režim
Uživatel : petaz [Práva správce]
Started from : C:\Users\petaz\Downloads\RogueKiller_portable64.exe
Mód : Prohledat -- Datum : 03/15/2018 21:24:21 (Duration : 00:29:28)

¤¤¤ Procesy : 1 ¤¤¤
[VT.Unknown] DbxSvc.exe(6448) -- C:\Windows\System32\DbxSvc.exe[7] -> Nalezeno

¤¤¤ Registry : 4 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-256473343-3516038385-862030457-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus15.msn.com/?pc=ASTE -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-256473343-3516038385-862030457-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus15.msn.com/?pc=ASTE -> Nalezeno
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-256473343-3516038385-862030457-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://asus15.msn.com/?pc=ASTE -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-256473343-3516038385-862030457-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://asus15.msn.com/?pc=ASTE -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [http://www.seznam.cz/] -> Nalezeno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST1000LM024 HN-M101MBB +++++
--- User ---
[MBR] 91fd1b0babfdd1a0b37edfbe6db7aea8
[BSP] b5498778f168233113436090662a0f58 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 567296 | Size: 380772 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 780388352 | Size: 499 MB
4 - Basic data partition | Offset (sectors): 781410304 | Size: 572321 MB
User = LL1 ... OK
User = LL2 ... OK

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Skenovaní portů

Příspěvekod jaro3 » 15 bře 2018 22:22

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“,
po jeho skončení - vše zatrhni (dej zatržítka vlevo od nálezů , do bílých políček)
- pak klikni na "Remove Selected"
- Počkej, dokud Status box nezobrazí " Removal finished, please review result "
- Klikni na "Open report " a pak na " Open TXT“ a zkopíruj ten log a vlož obsah té zprávy prosím sem. Log je možno nalézt v C:\ProgramData\RogueKiller\Logs - Zavři RogueKiller.

Vypni antivir i firewall.
Stáhni Zoek.exe
http://download.bleepingcomputer.com/smeenk/zoek.exe

klik nahoře vpravo na .rar-file a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
-pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log Zkopíruj sem celý obsah toho logu.
Pokud budou problémy , spusť zoek v nouz. režimu.

Stáhni si Zemana AntiMalware Free z tohoto odkazu:
https://www.zemana.com/Download/AntiMal ... .Setup.exe
a ulož si ho na plochu.
Poklepej na tento soubor na ploše a postupuj podle pokynů k instalaci programu.
Přijmi licenci k používání programu EULA , pokud se nabídne.
Pokud je k dispozici aktualizace programu , klepni na tlačítko „Update now“ ( aktualizovat nyní).
Můžeš si zatrhnout i vytvoření bodu obnovy:
Klikni na ozubené kolečko , poté na „Skenování“ a zatrhni „vytvářet body obnovy“.
Vrať se zpět ( klikni na domeček).
Zavři všechny otevřené soubory, složky a prohlížeče
Neměň žádné nastavení. Klikni na „Skenovat“.
Po skenu lze vidět , zda jsou nějaké nákazy. Klikni na „Další“. Nákazy budou přemístěny do karantény.
Když je skenování dokončeno, objeví se tisková zpráva , zkopíruj sem celý obsah té zprávy.
Jinak můžeš zprávy vidět , když klikneš vpravo nahoře na „ zprávy“.


Vlož nový log z HJT + informuj o problémech
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

petazi
nováček
Příspěvky: 12
Registrován: březen 18
Pohlaví: Žena
Stav:
Offline

Re: Skenovaní portů

Příspěvekod petazi » 16 bře 2018 21:10

{
"header": {
"program": {
"project": "RogueKiller",
"version": "12.12.8.0",
"x64": true,
"date": "Mar 12 2018",
"contact": "http://www.adlice.com/contact/",
"feedback": "https://forum.adlice.com",
"website": "http://www.adlice.com/download/roguekiller/",
"blog": "http://www.adlice.com"
},
"environment": {
"operating_system": "Windows 10 (10.0.16299) 64 bits version",
"boot": 0,
"winpe": false,
"user": "petaz",
"user_admin": true,
"program_location": "C:\\Users\\petaz\\Downloads\\RogueKiller_portable64.exe",
"x64": true,
"licensing": "free"
},
"report": {
"type": 2,
"aborted": false,
"date": "03/15/2018 22:34:14",
"duration": 1942,
"debug": false,
"count": 6,
"show_legit_hooks": false,
"expert_mode": false,
"switches": []
}
},
"information": {
"processes": [
{
"name": "[System Process]",
"name_parent": "",
"pid": 0,
"path": "",
"command_line": "",
"pid_parent": 0,
"path_parent": "",
"is_64": true
},
{
"name": "System",
"name_parent": "",
"pid": 4,
"path": "",
"command_line": "",
"pid_parent": 0,
"path_parent": "",
"is_64": true
},
{
"name": "smss.exe",
"name_parent": "",
"pid": 416,
"path": "C:\\Windows\\System32\\smss.exe",
"command_line": "",
"pid_parent": 4,
"path_parent": "",
"is_64": true
},
{
"name": "csrss.exe",
"name_parent": "",
"pid": 636,
"path": "C:\\Windows\\System32\\csrss.exe",
"command_line": "",
"pid_parent": 624,
"path_parent": "",
"is_64": true
},
{
"name": "wininit.exe",
"name_parent": "",
"pid": 736,
"path": "C:\\Windows\\System32\\wininit.exe",
"command_line": "",
"pid_parent": 624,
"path_parent": "",
"is_64": true
},
{
"name": "csrss.exe",
"name_parent": "",
"pid": 744,
"path": "C:\\Windows\\System32\\csrss.exe",
"command_line": "",
"pid_parent": 728,
"path_parent": "",
"is_64": true
},
{
"name": "services.exe",
"name_parent": "",
"pid": 808,
"path": "C:\\Windows\\System32\\services.exe",
"command_line": "",
"pid_parent": 736,
"path_parent": "",
"is_64": true
},
{
"name": "lsass.exe",
"name_parent": "",
"pid": 816,
"path": "C:\\Windows\\System32\\lsass.exe",
"command_line": "C:\\WINDOWS\\system32\\lsass.exe",
"pid_parent": 736,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 932,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k dcomlaunch -p -s PlugPlay",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "fontdrvhost.exe",
"name_parent": "",
"pid": 960,
"path": "C:\\Windows\\System32\\fontdrvhost.exe",
"command_line": "\"fontdrvhost.exe\"",
"pid_parent": 736,
"path_parent": "",
"is_64": true
},
{
"name": "WUDFHost.exe",
"name_parent": "",
"pid": 996,
"path": "C:\\Windows\\System32\\WUDFHost.exe",
"command_line": "\"C:\\Windows\\System32\\WUDFHost.exe\" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\\UMDFCommunicationPorts\\WUDF\\HostProcess-8a8e3df1-1b7e-4c32-a8f9-40d1cd596989 -SystemEventPortName:\\UMDFCommunicationPorts\\WUDF\\HostProcess-d22c32e7-a357-49a5-a229-4cbc876e2d1a -IoCancelEventPortName:\\UMDFCommunicationPorts\\WUDF\\HostProcess-657fedbc-5899-4475-9ff9-39a56b16c76b -NonStateChangingEventPortName:\\UMDFCommunicationPorts\\WUDF\\HostProcess-0d4153c0-095e-4912-9942-76edf2e5268e -LifetimeId:056e858b-45bc-4c37-86a0-94aeb638f781 -DeviceGroupId:",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1004,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k DcomLaunch -p",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 584,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k rpcss -p",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 884,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k dcomlaunch -p -s LSM",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "winlogon.exe",
"name_parent": "",
"pid": 1132,
"path": "C:\\Windows\\System32\\winlogon.exe",
"command_line": "winlogon.exe",
"pid_parent": 728,
"path_parent": "",
"is_64": true
},
{
"name": "fontdrvhost.exe",
"name_parent": "winlogon.exe",
"pid": 1188,
"path": "C:\\Windows\\System32\\fontdrvhost.exe",
"command_line": "\"fontdrvhost.exe\"",
"pid_parent": 1132,
"path_parent": "C:\\Windows\\System32\\winlogon.exe",
"is_64": true
},
{
"name": "dwm.exe",
"name_parent": "winlogon.exe",
"pid": 1260,
"path": "C:\\Windows\\System32\\dwm.exe",
"command_line": "\"dwm.exe\"",
"pid_parent": 1132,
"path_parent": "C:\\Windows\\System32\\winlogon.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1344,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -p -s NcbService",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1440,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -p -s hidserv",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1504,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservice -p -s SEMgrSvc",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1596,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservicenetworkrestricted -p -s EventLog",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1612,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s Schedule",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1648,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s ProfSvc",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1712,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s UserManager",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1740,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1788,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s lfsvc",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1836,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalServiceNoNetwork -p",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "nvvsvc.exe",
"name_parent": "",
"pid": 1880,
"path": "C:\\Windows\\System32\\nvvsvc.exe",
"command_line": "\"C:\\WINDOWS\\system32\\nvvsvc.exe\"",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1964,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservice -p -s nsi",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2000,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservicenetworkrestricted -p -s Dhcp",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1556,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -p -s SysMain",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2056,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservice -p -s EventSystem",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2064,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k networkservice -p -s NlaSvc",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2072,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s Themes",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2172,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s SENS",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2180,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k networkservice -p -s Dnscache",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2264,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservice -p -s netprofm",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "igfxCUIService.exe",
"name_parent": "",
"pid": 2304,
"path": "C:\\Windows\\System32\\igfxCUIService.exe",
"command_line": "C:\\WINDOWS\\system32\\igfxCUIService.exe",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2484,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2492,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservice -p -s FontCache",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2552,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s Winmgmt",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "Memory Compression",
"name_parent": "",
"pid": 2680,
"path": "MemCompression",
"command_line": "",
"pid_parent": 4,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2720,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\System32\\svchost.exe -k LocalServiceNetworkRestricted -p",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2784,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2932,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k appmodel -p -s StateRepository",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3012,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalServiceNetworkRestricted -p",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3020,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\System32\\svchost.exe -k LocalServiceNetworkRestricted -p",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3028,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localserviceandnoimpersonation -p -s FDResPub",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3172,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalSystemNetworkRestricted -p",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "AsLdrSrv.exe",
"name_parent": "",
"pid": 3240,
"path": "C:\\Program Files (x86)\\ASUS\\ATK Package\\ATK Hotkey\\AsLdrSrv.exe",
"command_line": "\"C:\\Program Files (x86)\\ASUS\\ATK Package\\ATK Hotkey\\AsLdrSrv.exe\"",
"pid_parent": 808,
"path_parent": "",
"is_64": false
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3248,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s ShellHWDetection",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "GFNEXSrv.exe",
"name_parent": "",
"pid": 3272,
"path": "C:\\Program Files (x86)\\ASUS\\ATK Package\\ATKGFNEX\\GFNEXSrv.exe",
"command_line": "\"C:\\Program Files (x86)\\ASUS\\ATK Package\\ATKGFNEX\\GFNEXSrv.exe\"",
"pid_parent": 808,
"path_parent": "",
"is_64": false
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3464,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s Appinfo",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "spoolsv.exe",
"name_parent": "",
"pid": 3676,
"path": "C:\\Windows\\System32\\spoolsv.exe",
"command_line": "C:\\WINDOWS\\System32\\spoolsv.exe",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3684,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservicenetworkrestricted -p -s HomeGroupProvider",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3804,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k networkservice -p -s LanmanWorkstation",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3812,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservicenetworkrestricted -p -s NgcCtnrSvc",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "AdAppMgrSvc.exe",
"name_parent": "",
"pid": 4004,
"path": "C:\\Program Files (x86)\\Autodesk\\Autodesk Desktop App\\AdAppMgrSvc.exe",
"command_line": "\"C:\\Program Files (x86)\\Autodesk\\Autodesk Desktop App\\AdAppMgrSvc.exe\" ",
"pid_parent": 808,
"path_parent": "",
"is_64": false
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 4012,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -s CertPropSvc",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "ASUSGiftBoxDesktop.exe",
"name_parent": "",
"pid": 4020,
"path": "C:\\Program Files (x86)\\ASUS\\ASUS GIFTBOX Desktop\\ASUSGIFTBOXDesktop.exe",
"command_line": "\"C:\\Program Files (x86)\\ASUS\\ASUS GIFTBOX Desktop\\ASUSGIFTBOXDesktop.exe\"",
"pid_parent": 808,
"path_parent": "",
"is_64": false
},
{
"name": "esif_uf.exe",
"name_parent": "",
"pid": 4032,
"path": "C:\\Windows\\SysWOW64\\esif_uf.exe",
"command_line": "C:\\WINDOWS\\SysWOW64\\esif_uf.exe",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "armsvc.exe",
"name_parent": "",
"pid": 4048,
"path": "C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe",
"command_line": "\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe\"",
"pid_parent": 808,
"path_parent": "",
"is_64": false
},
{
"name": "NvNetworkService.exe",
"name_parent": "",
"pid": 4080,
"path": "C:\\Program Files (x86)\\NVIDIA Corporation\\NetService\\NvNetworkService.exe",
"command_line": "\"C:\\Program Files (x86)\\NVIDIA Corporation\\NetService\\NvNetworkService.exe\"",
"pid_parent": 808,
"path_parent": "",
"is_64": false
},
{
"name": "vpnsvc.exe",
"name_parent": "",
"pid": 3088,
"path": "C:\\Program Files\\AVAST Software\\SecureLine\\vpnsvc.exe",
"command_line": "\"C:\\Program Files\\AVAST Software\\SecureLine\\VpnSvc.exe\"",
"pid_parent": 808,
"path_parent": "",
"is_64": false
},
{
"name": "AdminService.exe",
"name_parent": "",
"pid": 3132,
"path": "C:\\Program Files (x86)\\Bluetooth Suite\\adminservice.exe",
"command_line": "\"C:\\Program Files (x86)\\Bluetooth Suite\\adminservice.exe\"",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3140,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k networkservice -p -s CryptSvc",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2800,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\System32\\svchost.exe -k utcsvc -p",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2924,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservicenonetwork -p -s DPS",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3484,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s iphlpsvc",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 4148,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservice -p -s SstpSvc",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 4168,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 4180,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 4208,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s WpnService",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 4468,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservice -p -s WdiServiceHost",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 4604,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s LanmanServer",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "dasHost.exe",
"name_parent": "svchost.exe",
"pid": 4628,
"path": "C:\\Windows\\System32\\dasHost.exe",
"command_line": "dashost.exe {3dacf004-cc9b-4250-9e2248bb55b58019}",
"pid_parent": 4168,
"path_parent": "c:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 4644,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "SecurityHealthService.exe",
"name_parent": "",
"pid": 4812,
"path": "C:\\Windows\\System32\\SecurityHealthService.exe",
"command_line": "",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 4920,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "MBAMService.exe",
"name_parent": "",
"pid": 4980,
"path": "C:\\Program Files\\Malwarebytes\\Anti-Malware\\mbamservice.exe",
"command_line": "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\mbamservice.exe\"",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 5648,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -p -s Netman",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 6788,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -p -s NgcSvc",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 6888,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservice -p -s CDPSvc",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "mbamtray.exe",
"name_parent": "mbamservice.exe",
"pid": 7160,
"path": "C:\\Program Files\\Malwarebytes\\Anti-Malware\\mbamtray.exe",
"command_line": "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\mbamtray.exe\" ",
"pid_parent": 4980,
"path_parent": "C:\\Program Files\\Malwarebytes\\Anti-Malware\\mbamservice.exe",
"is_64": false
},
{
"name": "sihost.exe",
"name_parent": "svchost.exe",
"pid": 6540,
"path": "c:\\Windows\\System32\\sihost.exe",
"command_line": "sihost.exe",
"pid_parent": 1712,
"path_parent": "c:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 940,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k unistacksvcgroup -s CDPUserSvc",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1384,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k unistacksvcgroup -s WpnUserService",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "taskhostw.exe",
"name_parent": "svchost.exe",
"pid": 1752,
"path": "c:\\Windows\\System32\\taskhostw.exe",
"command_line": "taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}",
"pid_parent": 1612,
"path_parent": "c:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "PresentationFontCache.exe",
"name_parent": "",
"pid": 3772,
"path": "C:\\Windows\\Microsoft.Net\\Framework64\\v3.0\\WPF\\PresentationFontCache.exe",
"command_line": "C:\\WINDOWS\\Microsoft.Net\\Framework64\\v3.0\\WPF\\PresentationFontCache.exe",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 7224,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s TokenBroker",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 7376,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "ctfmon.exe",
"name_parent": "svchost.exe",
"pid": 7452,
"path": "C:\\Windows\\System32\\ctfmon.exe",
"command_line": "\"ctfmon.exe\"",
"pid_parent": 7376,
"path_parent": "c:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "explorer.exe",
"name_parent": "",
"pid": 7816,
"path": "C:\\Windows\\explorer.exe",
"command_line": "C:\\WINDOWS\\Explorer.EXE",
"pid_parent": 7732,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 7976,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "RAVBg64.exe",
"name_parent": "svchost.exe",
"pid": 2372,
"path": "C:\\Program Files\\Realtek\\Audio\\HDA\\RAVBg64.exe",
"command_line": "\"C:\\Program Files\\Realtek\\Audio\\HDA\\RAVBg64.exe\" /AECBYLISTENTOSTATUS",
"pid_parent": 1612,
"path_parent": "c:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "GoogleCrashHandler.exe",
"name_parent": "",
"pid": 8088,
"path": "C:\\Program Files (x86)\\Google\\Update\\1.3.33.7\\GoogleCrashHandler.exe",
"command_line": "\"C:\\Program Files (x86)\\Google\\Update\\1.3.33.7\\GoogleCrashHandler.exe\"",
"pid_parent": 4288,
"path_parent": "",
"is_64": false
},
{
"name": "GoogleCrashHandler64.exe",
"name_parent": "",
"pid": 4112,
"path": "C:\\Program Files (x86)\\Google\\Update\\1.3.33.7\\GoogleCrashHandler64.exe",
"command_line": "\"C:\\Program Files (x86)\\Google\\Update\\1.3.33.7\\GoogleCrashHandler64.exe\"",
"pid_parent": 4288,
"path_parent": "",
"is_64": true
},
{
"name": "SearchUI.exe",
"name_parent": "svchost.exe",
"pid": 2280,
"path": "C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe",
"command_line": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe\" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca",
"pid_parent": 1004,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 8184,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservice -p -s LicenseManager",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "SkypeHost.exe",
"name_parent": "svchost.exe",
"pid": 8344,
"path": "C:\\Program Files\\WindowsApps\\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\\SkypeHost.exe",
"command_line": "\"C:\\Program Files\\WindowsApps\\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\\SkypeHost.exe\" -ServerName:SkypeHost.ServerServer",
"pid_parent": 1004,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "CCleaner64.exe",
"name_parent": "",
"pid": 2580,
"path": "D:\\Program Files\\CCleaner\\CCleaner64.exe",
"command_line": "\"D:\\Program Files\\CCleaner\\CCleaner.exe\" /MONITOR /uac",
"pid_parent": 4876,
"path_parent": "",
"is_64": true
},
{
"name": "SearchIndexer.exe",
"name_parent": "",
"pid": 5928,
"path": "C:\\Windows\\System32\\SearchIndexer.exe",
"command_line": "C:\\WINDOWS\\system32\\SearchIndexer.exe /Embedding",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3656,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k unistacksvcgroup",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "jhi_service.exe",
"name_parent": "",
"pid": 6732,
"path": "C:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\DAL\\jhi_service.exe",
"command_line": "\"C:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\DAL\\jhi_service.exe\"",
"pid_parent": 808,
"path_parent": "",
"is_64": false
},
{
"name": "LMS.exe",
"name_parent": "",
"pid": 7912,
"path": "C:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\LMS\\LMS.exe",
"command_line": "\"C:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\LMS\\LMS.exe\"",
"pid_parent": 808,
"path_parent": "",
"is_64": false
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 9760,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservicenetworkrestricted -p -s wscsvc",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},

petazi
nováček
Příspěvky: 12
Registrován: březen 18
Pohlaví: Žena
Stav:
Offline

Re: Skenovaní portů

Příspěvekod petazi » 16 bře 2018 21:11

{
"name": "DbxSvc.exe",
"name_parent": "",
"pid": 6448,
"path": "C:\\Windows\\System32\\DbxSvc.exe",
"command_line": "C:\\WINDOWS\\system32\\DbxSvc.exe",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 9504,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2132,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservicenetworkrestricted -s RmSvc",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 11356,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -p -s BITS",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "esif_assist_64.exe",
"name_parent": "esif_uf.exe",
"pid": 13276,
"path": "C:\\Windows\\Temp\\DPTF\\esif_assist_64.exe",
"command_line": "\"C:\\WINDOWS\\TEMP\\DPTF\\esif_assist_64.exe\"",
"pid_parent": 4032,
"path_parent": "C:\\Windows\\SysWOW64\\esif_uf.exe",
"is_64": true
},
{
"name": "ShellExperienceHost.exe",
"name_parent": "svchost.exe",
"pid": 13272,
"path": "C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe",
"command_line": "\"C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe\" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca",
"pid_parent": 1004,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "RuntimeBroker.exe",
"name_parent": "svchost.exe",
"pid": 8464,
"path": "C:\\Windows\\System32\\RuntimeBroker.exe",
"command_line": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding",
"pid_parent": 1004,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "SettingSyncHost.exe",
"name_parent": "svchost.exe",
"pid": 12552,
"path": "C:\\Windows\\System32\\SettingSyncHost.exe",
"command_line": "C:\\WINDOWS\\system32\\SettingSyncHost.exe -Embedding",
"pid_parent": 1004,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "isa.exe",
"name_parent": "",
"pid": 4728,
"path": "C:\\Program Files (x86)\\Intel\\Intel(R) Security Assist\\isa.exe",
"command_line": "\"C:\\Program Files (x86)\\Intel\\Intel(R) Security Assist\\isa.exe\"",
"pid_parent": 808,
"path_parent": "",
"is_64": false
},
{
"name": "ApplicationFrameHost.exe",
"name_parent": "svchost.exe",
"pid": 7188,
"path": "C:\\Windows\\System32\\ApplicationFrameHost.exe",
"command_line": "C:\\WINDOWS\\system32\\ApplicationFrameHost.exe -Embedding",
"pid_parent": 1004,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "Video.UI.exe",
"name_parent": "svchost.exe",
"pid": 8948,
"path": "C:\\Program Files\\WindowsApps\\Microsoft.ZuneVideo_10.17122.16211.0_x64__8wekyb3d8bbwe\\Video.UI.exe",
"command_line": "\"C:\\Program Files\\WindowsApps\\Microsoft.ZuneVideo_10.17122.16211.0_x64__8wekyb3d8bbwe\\Video.UI.exe\" -ServerName:Microsoft.ZuneVideo.AppX758ya5sqdjd98rx6z7g95nw6jy7bqx9y.mca",
"pid_parent": 1004,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "SystemSettings.exe",
"name_parent": "svchost.exe",
"pid": 2156,
"path": "C:\\Windows\\ImmersiveControlPanel\\SystemSettings.exe",
"command_line": "\"C:\\Windows\\ImmersiveControlPanel\\SystemSettings.exe\" -ServerName:microsoft.windows.immersivecontrolpanel",
"pid_parent": 1004,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "RuntimeBroker.exe",
"name_parent": "svchost.exe",
"pid": 872,
"path": "C:\\Windows\\System32\\RuntimeBroker.exe",
"command_line": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding",
"pid_parent": 1004,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "Calculator.exe",
"name_parent": "svchost.exe",
"pid": 13128,
"path": "C:\\Program Files\\WindowsApps\\Microsoft.WindowsCalculator_10.1802.311.0_x64__8wekyb3d8bbwe\\Calculator.exe",
"command_line": "\"C:\\Program Files\\WindowsApps\\Microsoft.WindowsCalculator_10.1802.311.0_x64__8wekyb3d8bbwe\\Calculator.exe\" -ServerName:App.AppXsm3pg4n7er43kdh1qp4e79f1j7am68r8.mca",
"pid_parent": 1004,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "RuntimeBroker.exe",
"name_parent": "svchost.exe",
"pid": 9260,
"path": "C:\\Windows\\System32\\RuntimeBroker.exe",
"command_line": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding",
"pid_parent": 1004,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "WmiPrvSE.exe",
"name_parent": "svchost.exe",
"pid": 7332,
"path": "C:\\Windows\\System32\\wbem\\WmiPrvSE.exe",
"command_line": "C:\\WINDOWS\\system32\\wbem\\wmiprvse.exe",
"pid_parent": 1004,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "RuntimeBroker.exe",
"name_parent": "svchost.exe",
"pid": 4204,
"path": "C:\\Windows\\System32\\RuntimeBroker.exe",
"command_line": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding",
"pid_parent": 1004,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "WmiPrvSE.exe",
"name_parent": "svchost.exe",
"pid": 3200,
"path": "C:\\Windows\\System32\\wbem\\WmiPrvSE.exe",
"command_line": "C:\\WINDOWS\\system32\\wbem\\wmiprvse.exe",
"pid_parent": 1004,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "LockApp.exe",
"name_parent": "svchost.exe",
"pid": 13084,
"path": "C:\\Windows\\SystemApps\\Microsoft.LockApp_cw5n1h2txyewy\\LockApp.exe",
"command_line": "\"C:\\Windows\\SystemApps\\Microsoft.LockApp_cw5n1h2txyewy\\LockApp.exe\" -ServerName:WindowsDefaultLockScreen.AppX7y4nbzq37zn4ks9k7amqjywdat7d3j2z.mca",
"pid_parent": 1004,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "RuntimeBroker.exe",
"name_parent": "svchost.exe",
"pid": 1360,
"path": "C:\\Windows\\System32\\RuntimeBroker.exe",
"command_line": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding",
"pid_parent": 1004,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "audiodg.exe",
"name_parent": "svchost.exe",
"pid": 12164,
"path": "C:\\Windows\\System32\\audiodg.exe",
"command_line": "C:\\WINDOWS\\system32\\AUDIODG.EXE 0x51c",
"pid_parent": 2720,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 5804,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 8892,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\System32\\svchost.exe -k netsvcs -p -s Browser",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 10488,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k netsvcs -p -s gpsvc",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 13304,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\System32\\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts",
"pid_parent": 808,
"path_parent": "",
"is_64": true
}, {
"name": "smartscreen.exe",
"name_parent": "svchost.exe",
"pid": 3000,
"path": "C:\\Windows\\System32\\smartscreen.exe",
"command_line": "C:\\Windows\\System32\\smartscreen.exe -Embedding",
"pid_parent": 1004,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 10136,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 7220,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k netsvcs -p -s wlidsvc",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "RuntimeBroker.exe",
"name_parent": "svchost.exe",
"pid": 9644,
"path": "C:\\Windows\\System32\\RuntimeBroker.exe",
"command_line": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding",
"pid_parent": 1004,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "backgroundTaskHost.exe",
"name_parent": "svchost.exe",
"pid": 1620,
"path": "C:\\Windows\\System32\\backgroundTaskHost.exe",
"command_line": "\"C:\\WINDOWS\\system32\\backgroundTaskHost.exe\" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca",
"pid_parent": 1004,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3732,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k appmodel -p -s tiledatamodelsvc",
"pid_parent": 808,
"path_parent": "",
"is_64": true
},
{
"name": "RogueKiller_portable64.exe",
"name_parent": "RuntimeBroker.exe",
"pid": 6156,
"path": "C:\\Users\\petaz\\Downloads\\RogueKiller_portable64.exe",
"command_line": "\"C:\\Users\\petaz\\Downloads\\RogueKiller_portable64.exe\" ",
"pid_parent": 872,
"path_parent": "C:\\Windows\\System32\\RuntimeBroker.exe",
"is_64": true
}
]
},
"results": {
"processes": [
{
"scan_what": 1,
"scan_how": [
1,
4,
2,
5
],
"vendors": [
"VT.Unknown"
],
"name": "DbxSvc.exe",
"name_parent": "",
"pid": 6448,
"path": "C:\\Windows\\System32\\DbxSvc.exe",
"command_line": "C:\\WINDOWS\\system32\\DbxSvc.exe",
"window": "",
"pid_parent": 808,
"path_parent": "",
"file_status": "[7]",
"file_md5": "C1C0CBCD10205FAD266F1A73DEE9DBD8",
"file_exists": true,
"file_signed": true,
"file_signer": "Dropbox, Inc",
"file_vtscore": -1,
"vt_error": "",
"status_str": "Zastaveno [TermProc]",
"status_choice": 2,
"status_kill": 3,
"is_64": true
}
],
"modules": [],
"services": [],
"registry": [
{
"scan_what": 1,
"scan_how": [
14
],
"scan_how_trigger": 14,
"vendors": [
"PUM.HomePage"
],
"rule_name": "IE Settings",
"view": 256,
"value": "Start Page",
"subkey": "",
"value_old_data": "http://asus15.msn.com/?pc=ASTE",
"value_data": "http://go.microsoft.com/fwlink/p/?LinkId=255141",
"path": "HKEY_USERS\\S-1-5-21-256473343-3516038385-862030457-1001\\Software\\Microsoft\\Internet Explorer\\Main",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)",
"status_choice": 2,
"status_removed": 6
},
{
"scan_what": 1,
"scan_how": [
14
],
"scan_how_trigger": 14,
"vendors": [
"PUM.HomePage"
],
"rule_name": "IE Settings",
"view": 512,
"value": "Start Page",
"subkey": "",
"value_old_data": "http://asus15.msn.com/?pc=ASTE",
"value_data": "http://go.microsoft.com/fwlink/p/?LinkId=255141",
"path": "HKEY_USERS\\S-1-5-21-256473343-3516038385-862030457-1001\\Software\\Microsoft\\Internet Explorer\\Main",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)",
"status_choice": 2,
"status_removed": 6
},
{
"scan_what": 1,
"scan_how": [
14
],
"scan_how_trigger": 14,
"vendors": [
"PUM.HomePage"
],
"rule_name": "IE Settings",
"view": 256,
"value": "Default_Page_URL",
"subkey": "",
"value_old_data": "http://asus15.msn.com/?pc=ASTE",
"value_data": "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome",
"path": "HKEY_USERS\\S-1-5-21-256473343-3516038385-862030457-1001\\Software\\Microsoft\\Internet Explorer\\Main",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "Nahrazeno (http://www.microsoft.com/isapi/redir.dl ... ar=msnhome)",
"status_choice": 2,
"status_removed": 6
},
{
"scan_what": 1,
"scan_how": [
14
],
"scan_how_trigger": 14,
"vendors": [
"PUM.HomePage"
],
"rule_name": "IE Settings",
"view": 512,
"value": "Default_Page_URL",
"subkey": "",
"value_old_data": "http://asus15.msn.com/?pc=ASTE",
"value_data": "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome",
"path": "HKEY_USERS\\S-1-5-21-256473343-3516038385-862030457-1001\\Software\\Microsoft\\Internet Explorer\\Main",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "Nahrazeno (http://www.microsoft.com/isapi/redir.dl ... ar=msnhome)",
"status_choice": 2,
"status_removed": 6
}
],
"tasks": [],
"filesystem": [],
"wmi": [],
"hosts": {
"is_too_big": false,
"lines": []
},
"antirootkit": {
"is_driver_loaded": true,
"driver_error": 0,
"results": []
},
"web_browsers": [
{
"scan_what": 2,
"scan_how": [
2
],
"vendors": [
"PUM.HomePage"
],
"browser": 3,
"browser_str": "Chrome",
"config": {
"user": "Default [SecurePrefs]",
"line": "homepage [http://www.seznam.cz/]",
"key": "homepage",
"value": "http://www.seznam.cz/"
},
"status_str": "Smazáno",
"status_malicious": true,
"status_choice": 2,
"status_removed": 1
}
],
"disk": {
"results": [],
"mbr": "+++++ PhysicalDrive0: ST1000LM024 HN-M101MBB +++++\n--- User ---\n[MBR] 91fd1b0babfdd1a0b37edfbe6db7aea8\n[BSP] b5498778f168233113436090662a0f58 : Empty|VT.Unknown MBR Code\nPartition table:\n0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB\n1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB\n2 - Basic data partition | Offset (sectors): 567296 | Size: 380772 MB\n3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 780388352 | Size: 499 MB\n4 - Basic data partition | Offset (sectors): 781410304 | Size: 572321 MB\nUser = LL1 ... OK\nUser = LL2 ... OK\n\n"
}
}
}







Zoek.exe v5.0.0.2 Updated 21-Februari-2018(online version)
Tool run by petaz on 16.03.2018 at 20:32:17,18.
Microsoft Windows 10 Home 10.0.16299 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\petaz\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

16.03.2018 20:34:12 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== FireFox Fix ======================

Deleted from C:\Users\petaz\AppData\Roaming\Mozilla\Firefox\Profiles\gvjjpc8c.default\prefs.js:

Added to C:\Users\petaz\AppData\Roaming\Mozilla\Firefox\Profiles\gvjjpc8c.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\petaz\AppData\Roaming\Mozilla\Firefox\Profiles\gvjjpc8c.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\petaz\AppData\Roaming\Mozilla\Firefox\Profiles\gvjjpc8c.default
- Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=PRASU1&src=IE11TR&pc=ASTE
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=PRASU1&src=IE11TR&pc=ASTE
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

==== Reset Google Chrome ======================

C:\Users\petaz\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\petaz\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\petaz\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\petaz\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\petaz\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\petaz\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found




Zemana AntiMalware 2.74.2.150 (instalační verze)

-------------------------------------------------------
Scan Result : Dokončeno
Scan Date : 2018.3.16
Operating System : Windows 10 64-bit
Processor : 4X Intel(R) Core(TM) i7-5500U CPU @ 2.40GHz
BIOS Mode : UEFI
CUID : 12088093A769F009BD365A
Scan Type : Skenování systému
Duration : 12m 22s
Scanned Objects : 66760
Detected Objects : 0
Excluded Objects : 0
Read Level : Normal
Auto Upload : Zapnuto
Detect All Extensions : Vypnuto
Scan Documents : Vypnuto
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Nebyly zjištěny žádné hrozby





Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:57:47, on 16.03.2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.16299.0015)

FIREFOX: 51.0.1 (x86 cs)
Boot mode: Normal

Running processes:
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\petaz\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files\AVAST Software\SecureLine\SecureLine.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe
C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\Users\petaz\AppData\Local\Akamai\netsession_win.exe
C:\Users\petaz\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
C:\Users\petaz\Downloads\HijackThis.exe
C:\WINDOWS\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\MICROS~1\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [WebStorage] C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\ASUSWSLoader.exe
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [Autodesk Desktop App] "C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe" -tray
O4 - HKCU\..\Run: [CCleaner Monitoring] "D:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\petaz\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Spotify] C:\Users\petaz\AppData\Roaming\Spotify\Spotify.exe --autostart
O4 - HKCU\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
O4 - HKCU\..\Run: [Spotify Web Helper] C:\Users\petaz\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User 'Default user')
O4 - Global Startup: avast! SecureLine.lnk = C:\Program Files\AVAST Software\SecureLine\SecureLine.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do OneNotu - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Autodesk Desktop App Service (AdAppMgrSvc) - Autodesk Inc. - C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
O23 - Service: Asus WebStorage Windows Service - ASUS Cloud Corporation - C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\AsusWSWinService.exe
O23 - Service: Asus GiftBox Desktop (ASUSGiftBoxDekstop) - ASUS - C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGIFTBOXDesktop.exe
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Unknown owner - C:\WINDOWS\system32\DbxSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @oem68.inf,%ServiceDisplayName%;ESIF Upper Framework Service (esifsvc) - Intel Corporation - C:\WINDOWS\SysWOW64\esif_uf.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Security Assist - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
O23 - Service: Intel(R) Security Assist Helper (isaHelperSvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: WPS Office Update Service (Kingsoft_WPS_UpdateService) - Zhuhai Kingsoft Office Software Co.,Ltd - C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsupdatesvr.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Avast SecureLine (SecureLine) - Unknown owner - C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)
O23 - Service: ZAM Controller Service (ZAMSvc) - Copyright 2017. - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe

--
End of file - 14237 bytes





Počítač si znovu budu brát do školy až v úterý, ale nepřijde mi, že by byl nějak zpomalený já ho teda moc nepoužívám, ale to co po něm chci tak zvládá bez větších problémů.. hlavně ten sajrajt se mi do počítače musel dostat někdy minulý týden, protože každé úterý jsme připojená na školní wifi a nikdy předtím mi nic nepřišlo...

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Skenovaní portů

Příspěvekod jaro3 » 16 bře 2018 21:15

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe


Ještě to projedem..

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

petazi
nováček
Příspěvky: 12
Registrován: březen 18
Pohlaví: Žena
Stav:
Offline

Re: Skenovaní portů

Příspěvekod petazi » 16 bře 2018 21:25

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by petaz (16-03-2018 21:22:44)
Running from C:\Users\petaz\Downloads
Windows 10 Home Version 1709 16299.309 (X64) (2017-12-27 23:09:58)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-256473343-3516038385-862030457-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-256473343-3516038385-862030457-503 - Limited - Disabled)
Guest (S-1-5-21-256473343-3516038385-862030457-501 - Limited - Disabled)
petaz (S-1-5-21-256473343-3516038385-862030457-1001 - Administrator - Enabled) => C:\Users\petaz
WDAGUtilityAccount (S-1-5-21-256473343-3516038385-862030457-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

A360 Desktop (HKLM\...\{B65CD59E-A771-4354-AA4B-C3E01B496BCD}) (Version: 8.2.3.1800 - Autodesk)
ACA & MEP 2018 Object Enabler (HKLM\...\{28B89EEF-1004-0000-5102-CF3F3A09B77D}) (Version: 8.0.40.0 - Autodesk) Hidden
ACAD Private (HKLM\...\{28B89EEF-1001-0000-3102-CF3F3A09B77D}) (Version: 22.0.49.0 - Autodesk) Hidden
Adobe Reader XI (11.0.23) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-256473343-3516038385-862030457-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
Aktualizace NVIDIA 2.11.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
ASUS GIFTBOX Desktop (HKLM-x32\...\{4701E5AB-AF91-4D40-8F18-358CC80E4E5B}) (Version: 1.1.6 - ASUS)
ASUS HiPost (HKLM-x32\...\{04768366-F421-4BA5-8423-B84F644B5249}) (Version: 1.0.6 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.12 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.13.0004 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0041 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.105 - ICEpower a/s)
AutoCAD 2018 – Čeština (Czech) (HKLM\...\{28B89EEF-1001-0405-2102-CF3F3A09B77D}) (Version: 22.0.49.0 - Autodesk) Hidden
AutoCAD 2018 (HKLM\...\{28B89EEF-1001-0000-0102-CF3F3A09B77D}) (Version: 22.0.49.0 - Autodesk) Hidden
AutoCAD 2018 Language Pack – Čeština (Czech) (HKLM\...\{28B89EEF-1001-0405-1102-CF3F3A09B77D}) (Version: 22.0.49.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2018 (HKLM-x32\...\{177AD7F6-9C77-4E50-BA53-B7259C5F282D}) (Version: 16.11.1.0 - Autodesk)
Autodesk App Manager 2016-2018 (HKLM-x32\...\{20EC0CA2-346E-4660-9903-51B278DF15F6}) (Version: 2.4.0 - Autodesk)
Autodesk AutoCAD 2018 – Čeština (Czech) (HKLM\...\AutoCAD 2018 – Čeština (Czech)) (Version: 22.0.49.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.8 (HKLM-x32\...\{214D3370-746E-4886-8EAA-5769EB87D044}) (Version: 1.2.8.0 - Autodesk)
Autodesk License Service (x64) - 5.1.4 (HKLM\...\{3609A8D9-FC0C-4C9B-9F58-0B1D1A4FE556}) (Version: 5.1.4.0 - Autodesk)
Autodesk Material Library 2018 (HKLM-x32\...\{7847611E-92E9-4917-B395-71C91D523104}) (Version: 16.11.1.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2018 (HKLM-x32\...\{FCDED119-A969-4E48-8A32-D21AD6B03253}) (Version: 16.11.1.0 - Autodesk)
Autodesk ReCap (HKLM\...\{6ED27C84-0000-1033-0102-D4DAEFFC23C2}) (Version: 4.0.0.28 - Autodesk) Hidden
Autodesk ReCap (HKLM\...\Autodesk ReCap 360) (Version: 4.0.0.28 - Autodesk)
Avast SecureLine for Asustek (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.239.3 - AVAST Software)
Balíček ovladače systému Windows - ASUS (ATP) Mouse (11/11/2015 1.0.0.262) (HKLM\...\A044C5901003C24E6891688653ABA1068D04A1A0) (Version: 11/11/2015 1.0.0.262 - ASUS)
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.2 - ASUSTek Computer Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 45.4.92 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.)
FARO LS 1.1.600.6 (64bit) (HKLM-x32\...\{510A08AF-1649-4844-94E5-EAC43A023685}) (Version: 6.0.6.5 - FARO Scanner Production)
GeoGebra 5 (HKLM-x32\...\GeoGebra 5) (Version: 5.0.286.0 - International GeoGebra Institute)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.162 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1018 - Intel Corporation)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel(R) Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Junko (HKLM-x32\...\{446861AA-5F30-42F3-BD70-8743E462D59E}) (Version: 1.0.0 - Pmcc)
Malwarebytes verze 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Language Pack 2013 - Czech/čeština (HKLM\...\Office15.OMUI.cs-cz) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-256473343-3516038385-862030457-1001\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 cs)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (HKLM\...\{90150000-001F-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (HKLM\...\{90150000-001F-041B-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenOffice 4.1.3 (HKLM-x32\...\{7308600A-5231-459C-A3E2-A637F842CACA}) (Version: 4.13.9783 - Apache Software Foundation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Ovládací panel NVIDIA 369.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 369.09 - NVIDIA Corporation) Hidden
Počítačová aplikace Autodesk (HKLM-x32\...\Autodesk Desktop App) (Version: 7.0.7.232 - Autodesk)
Python 2.7.14 (HKLM-x32\...\{0398A685-FD8D-46B3-9816-C47319B0CF5E}) (Version: 2.7.14150 - Python Software Foundation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.2 - Qualcomm Atheros)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31233 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0100-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
Speciální aplikace Autodesk 2016-2018 (HKLM-x32\...\{384C4B74-B749-4AB6-9367-4D51A6AA9CB8}) (Version: 2.4.0 - Autodesk)
Spotify (HKU\S-1-5-21-256473343-3516038385-862030457-1001\...\Spotify) (Version: 1.0.75.483.g7ff4a0dc - Spotify AB)
The Sims 4 (HKLM-x32\...\The Sims 4_is1) (Version: - )
Update for Skype for Business 2015 (KB4018290) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{845EC284-26A3-46CA-9140-FA924FC134E0}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4018290) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{845EC284-26A3-46CA-9140-FA924FC134E0}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4018290) 64-Bit Edition (HKLM\...\{90150000-012B-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{845EC284-26A3-46CA-9140-FA924FC134E0}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4018290) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{845EC284-26A3-46CA-9140-FA924FC134E0}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.2.524 - ASUS Cloud Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WPS Office for ASUS (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.4947 - Kingsoft Corp.)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-256473343-3516038385-862030457-1001_Classes\CLSID\{0D327DA6-B4DF-4842-B833-2CFF84F0948F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-256473343-3516038385-862030457-1001_Classes\CLSID\{720DB9AF-D62C-4ED0-A377-429C22312852}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe => No File
CustomCLSID: HKU\S-1-5-21-256473343-3516038385-862030457-1001_Classes\CLSID\{9AAF0EB6-42D8-46C1-A2EF-679511B37A0D}\localserver32 -> D:\Autodesk\AutoCAD 2018\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-256473343-3516038385-862030457-1001_Classes\CLSID\{B6EB585B-B467-4E46-A9C7-48D7D6FD26CB}\localserver32 -> D:\Autodesk\AutoCAD 2018\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-256473343-3516038385-862030457-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> D:\Autodesk\AutoCAD 2018\cs-CZ\acadficn.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2017-02-03] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-03-16] ()
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2017-02-03] (Autodesk)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2326} => C:\Windows\system32\mscoree.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-30] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-08-01] (NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-03-16] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00FA36F3-5604-424B-BC8C-0EFECA19A54E} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {2BCBC27A-1CBF-47CF-BF8B-554AE0742862} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-07-29] (Realtek Semiconductor)
Task: {2F48398C-4B36-429E-85F0-3CD87AD2EC47} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {3D6FAEA4-6096-4206-BD68-669764196D75} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {49BC6256-C195-4B8F-BBB1-5918A08B6F10} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {53BDC57E-C8A9-4DB3-931B-5D86A4E54A57} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-04] (Google Inc.)
Task: {7C15190D-F577-4EAB-B181-2263F2293755} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {8B059D6C-B6BF-4534-A9D8-8999E296D8B6} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2015-05-25] (ASUSTek Computer Inc.)
Task: {991B1661-2FCF-4B95-A425-C6A734C82A68} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-12-14] (AsusTek)
Task: {9A05F3E6-4AFA-49D4-AE73-1F91E4EFFA6A} - System32\Tasks\WpsUpdateTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsupdate.exe [2015-08-15] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {AA39B44F-9C5E-415D-9CF3-499836E7E404} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {AF7E7051-3CE0-41A5-B41C-4932AF0F5638} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-05-14] (ASUSTek Computer Inc.)
Task: {C3697E3B-8741-46A5-BDDF-2720B7DDB355} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe
Task: {C67145EF-9439-40D7-B3DF-E7D13B48E20C} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {CAE361E8-16CE-4FBB-862B-BF9FD19C7107} - System32\Tasks\CCleanerSkipUAC => D:\Program Files\CCleaner\CCleaner.exe [2016-09-28] (Piriform Ltd)
Task: {CC2D0060-D734-4317-BFDD-027930C8949A} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe [2016-11-04] (AVAST Software)
Task: {CEA129FF-CC49-438F-A326-3A36675CF21F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-04] (Google Inc.)
Task: {D8856E3D-A126-4864-8F53-F09EFBB869FF} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {E3BB06DB-5995-409B-A1C7-16967827AA8F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe
Task: {E69CCD88-ACAA-4061-926F-CACD8C1F1D4D} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {E8CB19C8-F907-49DB-ACC9-C4FBE061D219} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2015-08-25] (ASUS)
Task: {F14F559F-F359-4638-A3BC-1D7086DFB907} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {F2F9AB24-027E-42CC-B97A-834C1E834E1F} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-07-29] (Realtek Semiconductor)
Task: {F3F4D75D-27FA-451C-9E4B-79D3C17396D3} - System32\Tasks\WpsNotifyTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsnotify.exe [2015-08-15] (Zhuhai Kingsoft Office Software Co.,Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsnotify.exe
Task: C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsupdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-29 14:41 - 2017-09-29 14:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-05-31 00:35 - 2016-08-01 13:54 - 000133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-11-04 14:09 - 2016-11-04 14:09 - 000592392 _____ () C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
2018-03-15 17:26 - 2018-03-01 11:31 - 002488608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-03-15 17:26 - 2018-02-05 15:44 - 002299168 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2016-11-30 21:57 - 2016-11-30 21:57 - 000401888 _____ () C:\WINDOWS\system32\igfxTray.exe
2018-03-14 21:24 - 2018-02-22 01:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-14 21:24 - 2018-02-22 01:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-02-27 14:40 - 2018-02-27 14:40 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-02-27 14:40 - 2018-02-27 14:40 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-02-27 14:40 - 2018-02-27 14:41 - 021824000 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-02-27 14:40 - 2018-02-27 14:40 - 002529792 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\skypert.dll
2018-02-27 14:40 - 2018-02-27 14:40 - 000649216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2016-09-28 17:25 - 2016-09-28 17:25 - 000061440 _____ () D:\Program Files\CCleaner\lang\lang-1029.dll
2018-03-16 20:31 - 2018-03-16 20:31 - 000061952 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11802.1001.11.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2018-03-16 20:31 - 2018-03-16 20:31 - 000173568 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11802.1001.11.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-02-20 09:27 - 2017-12-19 07:47 - 000061864 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\QtSolutions_Service-head.dll
2018-02-20 09:27 - 2017-12-19 07:47 - 000140200 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qjson0.dll
2015-08-25 10:40 - 2015-08-25 10:40 - 000027648 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2015-08-25 10:40 - 2015-08-25 10:40 - 000124928 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2015-12-24 20:59 - 2016-06-15 02:14 - 000020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-11-04 14:09 - 2016-11-04 14:09 - 038907672 _____ () C:\Program Files\AVAST Software\SecureLine\libcef.dll
2015-08-07 02:09 - 2015-08-07 02:09 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2018-03-15 20:59 - 2018-03-15 12:50 - 000746312 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-03-15 20:59 - 2018-03-15 12:50 - 002079048 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2018-03-15 20:59 - 2018-03-15 12:50 - 000100312 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2018-03-15 20:59 - 2018-03-15 12:50 - 000018896 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2018-03-15 20:59 - 2018-03-15 12:53 - 000020808 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2018-03-15 20:59 - 2018-03-15 12:50 - 000035808 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2018-03-15 20:59 - 2018-03-15 12:50 - 000694232 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2018-03-15 20:59 - 2018-03-15 12:52 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2018-03-15 20:59 - 2018-03-15 12:50 - 000130520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2018-03-15 20:59 - 2018-03-15 12:52 - 001856864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2018-03-15 20:59 - 2018-03-15 12:52 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2018-03-15 20:59 - 2018-03-15 12:50 - 000145880 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2018-03-15 20:59 - 2018-03-15 12:50 - 000116696 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2018-03-15 20:59 - 2018-03-15 12:50 - 000105944 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2018-03-15 20:59 - 2018-03-15 12:53 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2018-03-15 20:59 - 2018-03-15 12:52 - 000063312 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2018-03-15 20:59 - 2018-03-15 12:50 - 000024536 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2018-03-15 20:59 - 2018-03-15 12:52 - 000077120 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2018-03-15 20:59 - 2018-03-15 12:50 - 000020952 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2018-03-15 20:59 - 2018-03-15 12:50 - 000124888 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2018-03-15 20:59 - 2018-03-15 12:50 - 000114136 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2018-03-15 20:59 - 2018-03-15 12:50 - 000392664 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2018-03-15 20:59 - 2018-03-15 12:53 - 000392520 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2018-03-15 20:59 - 2018-03-15 12:53 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2018-03-15 20:59 - 2018-03-15 12:50 - 000043480 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2018-03-15 20:59 - 2018-03-15 12:50 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2018-03-15 20:59 - 2018-03-15 12:50 - 000175576 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2018-03-15 20:59 - 2018-03-15 12:50 - 000030168 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2018-03-15 20:59 - 2018-03-15 12:50 - 000026072 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2018-03-15 20:59 - 2018-03-15 12:50 - 000048600 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2018-03-15 20:59 - 2018-03-15 12:50 - 000057816 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2018-03-15 20:59 - 2018-03-15 12:52 - 000021840 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2018-03-15 20:59 - 2018-03-15 12:53 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2018-03-15 20:59 - 2018-03-15 12:52 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2018-03-15 20:59 - 2018-03-15 12:53 - 000066400 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2018-03-15 20:59 - 2018-03-15 12:52 - 001798464 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2018-03-15 20:59 - 2018-03-15 12:50 - 000084944 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2018-03-15 20:59 - 2018-03-15 12:52 - 001959232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2018-03-15 20:59 - 2018-03-15 12:52 - 003863880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2018-03-15 20:59 - 2018-03-15 12:52 - 000155472 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2018-03-15 20:59 - 2018-03-15 12:52 - 000521544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2018-03-15 20:59 - 2018-03-15 12:52 - 000051024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2018-03-15 20:59 - 2018-03-15 12:52 - 000043336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2018-03-15 20:59 - 2018-03-15 12:52 - 000131400 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2018-03-15 20:59 - 2018-03-15 12:52 - 000219984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2018-03-15 20:59 - 2018-03-15 12:52 - 000204104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2018-03-15 20:59 - 2018-03-15 12:53 - 000025440 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2018-03-15 20:59 - 2018-03-15 12:50 - 000060888 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2018-03-15 20:59 - 2018-03-15 12:53 - 000054616 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2018-03-15 20:59 - 2018-03-15 12:50 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2018-03-15 20:59 - 2018-03-15 12:53 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2018-03-15 20:59 - 2018-03-15 12:53 - 000087904 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2018-03-15 20:59 - 2018-03-15 12:50 - 000028632 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2018-03-15 20:59 - 2018-03-15 12:53 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2018-03-15 20:59 - 2018-03-15 12:53 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2018-03-15 20:59 - 2018-03-15 12:53 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2018-03-15 20:59 - 2018-03-15 12:52 - 000027496 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2018-03-15 20:59 - 2018-03-15 12:50 - 000349144 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2018-03-15 20:59 - 2018-03-15 12:52 - 000101704 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2018-03-15 20:59 - 2018-03-15 12:53 - 000023904 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2018-03-15 20:59 - 2018-03-15 12:52 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2018-03-15 20:59 - 2018-03-15 12:50 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-03-15 20:59 - 2018-03-15 12:52 - 000032608 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2018-03-15 20:59 - 2018-03-15 12:50 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2018-03-15 20:59 - 2018-03-15 12:53 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-03-15 20:59 - 2018-03-15 12:52 - 000181064 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2018-03-15 20:59 - 2018-03-15 12:53 - 000030544 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2018-03-15 20:59 - 2018-03-15 12:52 - 000024384 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-03-15 20:59 - 2018-03-15 12:52 - 001638208 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2018-03-15 20:59 - 2018-03-15 12:53 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-03-15 20:59 - 2018-03-15 12:52 - 000546632 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2018-03-15 20:59 - 2018-03-15 12:52 - 000359744 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2018-03-15 20:59 - 2018-03-15 12:52 - 000038216 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd
2018-02-20 09:27 - 2017-12-19 07:07 - 000050008 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\QtSolutions_MFCMigrationFramework_Ad_2.dll
2018-02-20 09:27 - 2017-12-19 07:07 - 000058712 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qoauth_Ad_1.dll
2018-02-20 09:27 - 2017-12-19 07:06 - 000202072 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qjson_Ad_0.dll
2018-02-20 09:27 - 2017-12-19 07:06 - 000748888 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qca_Ad_2.dll
2018-02-20 09:27 - 2017-10-31 19:52 - 000205352 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\plugins\crypto\qca-ossl_Ad_2.dll
2018-02-20 09:27 - 2017-09-05 09:09 - 059523896 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\libcef.dll
2018-02-20 09:27 - 2017-09-05 09:09 - 002203448 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\libglesv2.dll
2018-02-20 09:27 - 2017-09-05 09:09 - 000087352 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-256473343-3516038385-862030457-1001\Software\Classes\.scr: AutoCADScriptFile => C:\WINDOWS\system32\notepad.exe "%1"

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 12:04 - 2018-03-16 20:34 - 000000753 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-256473343-3516038385-862030457-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\petaz\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img1.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{CD8AA7A3-6074-42E4-8EB6-71D06186A97C}C:\users\petaz\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\petaz\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{EC9213ED-3E8A-4F9B-915E-7176D4446F91}C:\users\petaz\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\petaz\appdata\roaming\spotify\spotify.exe
FirewallRules: [{D028E0F1-2EF4-443A-AF9A-828B5FE83F54}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A0C9D34D-8B27-408F-BAED-EB426D2F4029}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A8A969B9-BACF-47F1-BBBD-E12B185625CE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C91E67A9-51A7-4422-BB5A-A95ED72D6540}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3E6DEB76-A933-4F37-84E4-FB16EA9E4006}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{83153748-56CB-4255-B821-356C9083D726}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{E688DA7F-88FA-4AE5-9C93-FD4A1747B93C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{AAE5210B-94E7-42D7-B8AD-385CEB0C3888}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{18597F29-C0A7-4702-8834-FDC906643963}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{7EF08939-5775-40F7-9F5D-304105C910CF}C:\users\petaz\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\petaz\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{D8E40570-8D0F-4932-A18B-5DCE0D87F21D}C:\users\petaz\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\petaz\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{E1FA32F5-8A6F-4BC9-AD5B-97991ECB2585}C:\users\petaz\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\petaz\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{3B98D02F-426B-4BFD-8B1F-60149F503D1C}C:\users\petaz\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\petaz\appdata\local\akamai\netsession_win.exe
FirewallRules: [{16E11B5E-6A77-442D-A5C7-FDAAB14AFCD6}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
FirewallRules: [{9611A4CC-0179-49A4-A576-FB86221632BF}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
FirewallRules: [TCP Query User{B948522F-38CB-46DD-A246-DB0AC6B9F0C7}C:\users\petaz\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\petaz\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{32C2A432-FB47-449F-B719-4ABD4ECF4A62}C:\users\petaz\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\petaz\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{28999544-3526-4287-9359-D2372D8F5A12}C:\users\petaz\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\petaz\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{7D24630D-1042-4486-840A-12006B2DD8B6}C:\users\petaz\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\petaz\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{C3BE2ACA-AA7D-49D6-AEA0-00BC04074B79}C:\users\petaz\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\petaz\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{B016D0F8-E4D7-46C4-986A-794E748ABE7C}C:\users\petaz\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\petaz\appdata\roaming\spotify\spotify.exe
FirewallRules: [{16482F39-1C5E-4591-990E-07B4271962B2}] => (Allow) D:\Program Files\KMSnano\qemu-system-i386.exe
FirewallRules: [{A51EF23F-CD28-4209-A073-CCB10E435F80}] => (Allow) D:\Program Files\KMSnano\qemu-system-i386.exe
FirewallRules: [{B9E2E7DA-D53C-45AA-A2D3-1B9F57F1F3F0}] => (Allow) D:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{9262264E-F650-49A9-9C08-A269C524331E}] => (Allow) D:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{E0A1BD03-AE0B-4512-8D57-5FA3F4223B6E}] => (Allow) D:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{DB70AB71-60CE-4FC3-AED3-BA4F1656B16B}] => (Allow) D:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{E116EA93-27C7-42D7-A19F-87A4B20ADA56}] => (Allow) D:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{F5A6053C-5C46-4207-9E71-07C5E85388AB}] => (Allow) D:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{31867A4D-6F07-4965-804F-33DCD0C537B1}] => (Allow) D:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{3227545A-07D3-459D-A438-02ADDEB5D84B}] => (Allow) D:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{CCD35593-1B2D-41C3-8EFB-033E8FBDEEC3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{7CCF7AE9-9A37-4B23-9199-05E1FD67AAEB}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

28-02-2018 19:33:51 Removed paint.net
14-03-2018 21:23:20 Windows Update
15-03-2018 21:10:23 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/16/2018 09:21:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: backgroundTaskHost.exe, verze: 10.0.16299.15, časové razítko: 0x290d9f78
Název chybujícího modulu: twinapi.appcore.dll, verze: 10.0.16299.19, časové razítko: 0x63553d36
Kód výjimky: 0xc000027b
Posun chyby: 0x0000000000094ef5
ID chybujícího procesu: 0x2dd4
Čas spuštění chybující aplikace: 0x01d3bd646bbab14c
Cesta k chybující aplikaci: C:\WINDOWS\system32\backgroundTaskHost.exe
Cesta k chybujícímu modulu: C:\Windows\System32\twinapi.appcore.dll
ID zprávy: 73a59dce-b49e-451e-8970-bd45629b4ef6
Úplný název chybujícího balíčku: Ceskatelevize.iVysln_1.2.0.0_x64__ndqbq1wc819cy
ID aplikace související s chybujícím balíčkem: App

Error: (03/16/2018 08:41:14 PM) (Source: MsiInstaller) (EventID: 11310) (User: DESKTOP-PFI72DJ)
Description: Produkt: Akamai NetSession Interface - Chyba 1310 Při zápisu do souboru C:\Users\petaz\AppData\Local\Akamai\admintool.exe došlo k chybě. Systémová chyba 0. Přesvědčte se, zda máte přístup do adresáře.

Error: (03/16/2018 08:40:41 PM) (Source: MsiInstaller) (EventID: 11310) (User: DESKTOP-PFI72DJ)
Description: Produkt: Akamai NetSession Interface - Chyba 1310 Při zápisu do souboru C:\Users\petaz\AppData\Local\Akamai\admintool.exe došlo k chybě. Systémová chyba 0. Přesvědčte se, zda máte přístup do adresáře.

Error: (03/16/2018 08:27:34 PM) (Source: COM) (EventID: 10031) (User: )
Description: Při zrušení zařazení vlastního zařazeného objektu byla provedena kontrola zásad zrušení zařazení a třída {41FD88F7-F295-4D39-91AC-A85F3149A05B} byla odmítnuta.

Error: (03/16/2018 08:27:34 PM) (Source: COM) (EventID: 10031) (User: )
Description: Při zrušení zařazení vlastního zařazeného objektu byla provedena kontrola zásad zrušení zařazení a třída {95CABCC9-BC57-4C12-B8DF-BA193232AA01} byla odmítnuta.

Error: (03/16/2018 08:27:33 PM) (Source: COM) (EventID: 10031) (User: )
Description: Při zrušení zařazení vlastního zařazeného objektu byla provedena kontrola zásad zrušení zařazení a třída {41FD88F7-F295-4D39-91AC-A85F3149A05B} byla odmítnuta.

Error: (03/16/2018 08:27:33 PM) (Source: COM) (EventID: 10031) (User: )
Description: Při zrušení zařazení vlastního zařazeného objektu byla provedena kontrola zásad zrušení zařazení a třída {41FD88F7-F295-4D39-91AC-A85F3149A05B} byla odmítnuta.

Error: (03/16/2018 08:27:29 PM) (Source: ESENT) (EventID: 455) (User: )
Description: CCleaner64 (2580,R,0) testing: Při otevírání souboru protokolu C:\Users\petaz\AppData\Local\Microsoft\Windows\WebCache\V01.log došlo k chybě -1032 (0xfffffbf8).


System errors:
=============
Error: (03/16/2018 08:57:56 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-PFI72DJ)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-PFI72DJ\petaz (SID: S-1-5-21-256473343-3516038385-862030457-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/16/2018 08:57:12 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-PFI72DJ)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-PFI72DJ\petaz (SID: S-1-5-21-256473343-3516038385-862030457-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/16/2018 08:53:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/16/2018 08:46:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/16/2018 08:41:06 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-PFI72DJ)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-PFI72DJ\petaz (SID: S-1-5-21-256473343-3516038385-862030457-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/16/2018 08:40:21 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-PFI72DJ)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-PFI72DJ\petaz (SID: S-1-5-21-256473343-3516038385-862030457-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/16/2018 08:38:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/16/2018 08:38:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.


Windows Defender:
===================================
Date: 2018-03-15 17:19:00.569
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {9CF55637-EF52-4862-AC09-43F168F6CC13}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Úplné prohledávání
Uživatel: DESKTOP-PFI72DJ\petaz

Date: 2018-03-15 13:16:40.950
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {8A924790-3B99-41B4-B026-F569EA5ED422}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Úplné prohledávání
Uživatel: DESKTOP-PFI72DJ\petaz

Date: 2018-03-12 21:25:05.793
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {80A934B7-475C-43CD-8C34-8C80F664B31B}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2018-02-15 21:41:01.565
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {4537F421-FDAB-4839-8CAD-626A63154619}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2018-02-15 21:33:31.349
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {869F02D5-F5D7-4001-AB46-CE9ACF5D39E8}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2018-03-13 19:52:57.976
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x80004005
Popis chyby: Nespecifikovaná chyba
Důvod: Ovladač filtru přeskočil prohledávání položek a je v režimu průchodu. Příčinou může být nízký stav prostředků.

Date: 2018-03-04 09:23:54.465
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x80004005
Popis chyby: Nespecifikovaná chyba
Důvod: Ovladač filtru přeskočil prohledávání položek a je v režimu průchodu. Příčinou může být nízký stav prostředků.

Date: 2018-02-24 17:21:54.256
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x80004005
Popis chyby: Nespecifikovaná chyba
Důvod: Ovladač filtru přeskočil prohledávání položek a je v režimu průchodu. Příčinou může být nízký stav prostředků.

Date: 2018-02-18 22:11:04.436
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x80004005
Popis chyby: Nespecifikovaná chyba
Důvod: Ovladač filtru přeskočil prohledávání položek a je v režimu průchodu. Příčinou může být nízký stav prostředků.

Date: 2018-02-14 07:01:22.687
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.261.1167.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.14500.5
Kód chyby: 0x80240016
Popis chyby :Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

CodeIntegrity:
===================================

Date: 2018-03-15 17:27:10.888
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-5500U CPU @ 2.40GHz
Percentage of memory in use: 30%
Total physical RAM: 8094.39 MB
Available physical RAM: 5642.86 MB
Total Virtual: 9374.39 MB
Available Virtual: 6882.88 MB

petazi
nováček
Příspěvky: 12
Registrován: březen 18
Pohlaví: Žena
Stav:
Offline

Re: Skenovaní portů

Příspěvekod petazi » 16 bře 2018 21:25

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:371.85 GB) (Free:128.59 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:558.91 GB) (Free:273.01 GB) NTFS

\\?\Volume{722e1bcf-c448-4d42-a0cd-54add61e53bc}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
\\?\Volume{831f1f5d-4564-4ff8-a701-86c41f2b704a}\ (RECOVERY) (Fixed) (Total:0.49 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 4919899B)

Partition: GPT.

==================== End of Addition.txt ============================

petazi
nováček
Příspěvky: 12
Registrován: březen 18
Pohlaví: Žena
Stav:
Offline

Re: Skenovaní portů

Příspěvekod petazi » 16 bře 2018 21:26

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by petaz (administrator) on DESKTOP-PFI72DJ (16-03-2018 21:21:46)
Running from C:\Users\petaz\Downloads
Loaded Profiles: petaz (Available Profiles: petaz)
Platform: Windows 10 Home Version 1709 16299.309 (X64) Language: Čeština (Česko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\AsusWSWinService.exe
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGiftBoxDesktop.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files\AVAST Software\SecureLine\vpnsvc.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Piriform Ltd) D:\Program Files\CCleaner\CCleaner64.exe
(Spotify Ltd) C:\Users\petaz\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\SecureLine\secureline.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\AcWebBrowser.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\AcWebBrowser.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Akamai Technologies, Inc.) C:\Users\petaz\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\petaz\AppData\Local\Akamai\netsession_win.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\AsusWSPanel.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(AVAST Software) C:\Program Files\AVAST Software\SecureLine\slupdate.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\ASUSWSLoader.exe [63272 2015-05-31] ()
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567936 2018-03-15] (Dropbox, Inc.)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [706392 2017-12-19] (Autodesk, Inc.)
HKU\S-1-5-21-256473343-3516038385-862030457-1001\...\Run: [CCleaner Monitoring] => D:\Program Files\CCleaner\CCleaner64.exe [8944344 2016-09-28] (Piriform Ltd)
HKU\S-1-5-21-256473343-3516038385-862030457-1001\...\Run: [Akamai NetSession Interface] => C:\Users\petaz\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-256473343-3516038385-862030457-1001\...\Run: [Spotify] => C:\Users\petaz\AppData\Roaming\Spotify\Spotify.exe [21894544 2018-03-08] (Spotify Ltd)
HKU\S-1-5-21-256473343-3516038385-862030457-1001\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [2007576 2017-02-03] (Autodesk, Inc.)
HKU\S-1-5-21-256473343-3516038385-862030457-1001\...\Run: [Spotify Web Helper] => C:\Users\petaz\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-03-08] (Spotify Ltd)
HKU\S-1-5-21-256473343-3516038385-862030457-1001\...\Policies\Explorer: []
HKU\S-1-5-21-256473343-3516038385-862030457-1001\...\MountPoints2: {e263f504-dd2a-11e7-9bf4-80a589942273} - "F:\OnePlus_setup.exe" /s
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [2007576 2017-02-03] (Autodesk, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\avast! SecureLine.lnk [2015-12-24]
ShortcutTarget: avast! SecureLine.lnk -> C:\Program Files\AVAST Software\SecureLine\SecureLine.exe (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{89073ed6-2c6e-4ef8-8572-2304babdaeb2}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{8a23fdfa-eb43-4ed3-af10-35e7799dbacf}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9f5e1eac-86a4-43de-acfb-f60a58f8a110}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-256473343-3516038385-862030457-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> D:\Program Files\Microsoft Office\Office15\OCHelper.dll [2018-02-15] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> D:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: gvjjpc8c.default
FF ProfilePath: C:\Users\petaz\AppData\Roaming\Mozilla\Firefox\Profiles\gvjjpc8c.default [2018-03-16]
FF Homepage: Mozilla\Firefox\Profiles\gvjjpc8c.default -> about:home
FF NewTab: Mozilla\Firefox\Profiles\gvjjpc8c.default -> about:newtab
FF Extension: (Greasemonkey) - C:\Users\petaz\AppData\Roaming\Mozilla\Firefox\Profiles\gvjjpc8c.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-11-23] [Legacy]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: Adobe Reader -> D:\Adobe\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\petaz\AppData\Local\Google\Chrome\User Data\Default [2018-03-16]
CHR Extension: (Prezentace) - C:\Users\petaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-16]
CHR Extension: (Dokumenty) - C:\Users\petaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-16]
CHR Extension: (Disk Google) - C:\Users\petaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-16]
CHR Extension: (YouTube) - C:\Users\petaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-16]
CHR Extension: (Dokumenty Google offline) - C:\Users\petaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-03-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\petaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-03-16]
CHR Extension: (Gmail) - C:\Users\petaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-03-16]
CHR Extension: (Chrome Media Router) - C:\Users\petaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-16]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1364904 2017-12-19] (Autodesk Inc.)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\AsusWSWinService.exe [71168 2015-05-31] (ASUS Cloud Corporation) [File not signed]
R2 ASUSGiftBoxDekstop; C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGIFTBOXDesktop.exe [315704 2015-07-20] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [323152 2015-07-29] (Windows (R) Win 7 DDK provider)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-03-15] (Dropbox, Inc.)
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1385640 2015-08-17] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-11-30] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-08-07] (Intel Corporation)
S2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsupdatesvr.exe [133480 2015-08-15] (Zhuhai Kingsoft Office Software Co.,Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [592392 2016-11-04] ()
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-03] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-03] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [101368 2015-12-14] (ASUS Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [53752 2015-08-17] (Intel Corporation)
R3 dptf_pch; C:\WINDOWS\System32\drivers\dptf_pch.sys [50696 2015-08-17] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [261624 2015-08-17] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76200 2018-01-18] ()
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [88256 2015-06-26] (Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193248 2018-03-15] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [109800 2018-03-16] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45960 2018-03-16] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-03-16] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [101600 2018-03-16] (Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvlddmkm.sys [13754936 2016-11-06] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [887552 2015-07-15] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [428032 2017-02-16] (Realsil Semiconductor Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-03-03] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [288296 2018-03-03] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-03] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2018-03-16] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-03-16] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-16 21:21 - 2018-03-16 21:22 - 000017823 _____ C:\Users\petaz\Downloads\FRST.txt
2018-03-16 21:21 - 2018-03-16 21:21 - 000000000 ____D C:\FRST
2018-03-16 21:20 - 2018-03-16 21:20 - 000000000 ____D C:\Users\petaz\Downloads\backups
2018-03-16 21:17 - 2018-03-16 21:17 - 002403328 _____ (Farbar) C:\Users\petaz\Downloads\FRST64.exe
2018-03-16 20:42 - 2018-03-16 21:21 - 000033614 _____ C:\WINDOWS\ZAM.krnl.trace
2018-03-16 20:42 - 2018-03-16 21:21 - 000027525 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-03-16 20:42 - 2018-03-16 20:42 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2018-03-16 20:42 - 2018-03-16 20:42 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2018-03-16 20:42 - 2018-03-16 20:42 - 000001219 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2018-03-16 20:42 - 2018-03-16 20:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2018-03-16 20:42 - 2018-03-16 20:42 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-03-16 20:41 - 2018-03-16 20:41 - 006625600 _____ (Zemana Ltd. ) C:\Users\petaz\Downloads\Zemana.AntiMalware.Setup.exe
2018-03-16 20:41 - 2018-03-16 20:41 - 000000000 ____D C:\Users\petaz\AppData\Local\Zemana
2018-03-16 20:40 - 2018-03-16 20:40 - 000006006 _____ C:\Users\petaz\Desktop\zoek-results.txt
2018-03-16 20:37 - 2018-03-16 20:37 - 000045960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-03-16 20:35 - 2018-03-16 20:32 - 000024064 _____ C:\WINDOWS\zoek-delete.exe
2018-03-16 20:32 - 2018-03-16 20:32 - 000000000 ____D C:\zoek_backup
2018-03-16 20:30 - 2018-03-16 20:30 - 001168896 _____ C:\Users\petaz\Downloads\zoek.exe
2018-03-15 23:08 - 2018-03-15 23:08 - 000005058 _____ C:\Users\petaz\Desktop\rk_1189.tmp.txt
2018-03-15 22:30 - 2018-03-15 22:30 - 000000000 ____D C:\ProgramData\Sophos
2018-03-15 21:24 - 2018-03-15 22:34 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-03-15 21:23 - 2018-03-15 22:04 - 000000000 ____D C:\ProgramData\RogueKiller
2018-03-15 21:23 - 2018-03-15 21:23 - 026972232 _____ (Adlice Software) C:\Users\petaz\Downloads\RogueKiller_portable64.exe
2018-03-15 21:22 - 2018-03-15 21:22 - 000002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2018-03-15 21:22 - 2018-03-15 21:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2018-03-15 21:21 - 2018-03-15 21:21 - 000000000 ____D C:\Program Files (x86)\Sophos
2018-03-15 21:20 - 2018-03-15 21:20 - 194119512 _____ (Sophos Limited) C:\Users\petaz\Downloads\Sophos Virus Removal Tool.exe
2018-03-15 21:19 - 2018-03-15 21:19 - 000002208 _____ C:\Users\petaz\Desktop\text.txt
2018-03-15 21:13 - 2018-03-15 21:13 - 000000842 _____ C:\Users\petaz\Desktop\JRT.txt
2018-03-15 21:04 - 2018-03-15 21:04 - 000000000 ____D C:\Users\petaz\Documents\FeedbackHub
2018-03-15 21:02 - 2018-03-15 21:02 - 001790024 _____ (Malwarebytes) C:\Users\petaz\Downloads\JRT.exe
2018-03-15 20:59 - 2018-03-15 20:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-03-15 17:41 - 2018-03-15 17:41 - 000001125 _____ C:\Users\petaz\Desktop\AdwCleaner[S0].txt
2018-03-15 17:36 - 2018-03-15 17:36 - 000002353 _____ C:\Users\petaz\Desktop\Malwarebytes.txt
2018-03-15 17:27 - 2018-03-16 20:37 - 000109800 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-03-15 17:27 - 2018-03-16 20:37 - 000101600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-03-15 17:27 - 2018-03-15 17:27 - 000193248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-03-15 17:26 - 2018-03-16 20:37 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-03-15 17:26 - 2018-03-15 17:26 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-15 17:26 - 2018-03-15 17:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-15 17:26 - 2018-03-15 17:26 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-15 17:26 - 2018-03-15 17:26 - 000000000 ____D C:\Program Files\Malwarebytes
2018-03-15 17:26 - 2018-01-18 09:03 - 000076200 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-03-15 17:25 - 2018-03-15 21:00 - 000000000 ____D C:\AdwCleaner
2018-03-15 17:25 - 2018-03-15 17:25 - 069748432 _____ (Malwarebytes ) C:\Users\petaz\Downloads\mb3-setup-consumer-3.4.4.2398-1.0.322-1.0.4352.exe
2018-03-15 17:24 - 2018-03-15 17:24 - 008222496 _____ (Malwarebytes) C:\Users\petaz\Downloads\AdwCleaner.exe
2018-03-15 17:23 - 2018-03-15 17:23 - 000448512 _____ (OldTimer Tools) C:\Users\petaz\Downloads\TFC.exe
2018-03-15 17:17 - 2018-03-15 17:17 - 000388608 _____ (Trend Micro Inc.) C:\Users\petaz\Downloads\HijackThis.exe
2018-03-15 16:55 - 2018-03-15 16:55 - 003772189 _____ C:\Users\petaz\Desktop\plakat_ss1.pdf
2018-03-15 15:16 - 2018-03-15 15:16 - 000015360 _____ C:\Users\petaz\Downloads\uk_63.xls
2018-03-15 15:09 - 2018-03-15 15:14 - 000013236 _____ C:\Users\petaz\Downloads\1_du5.xlsx
2018-03-15 15:08 - 2018-03-15 15:08 - 004876811 _____ C:\Users\petaz\Downloads\5-ukol.pdf
2018-03-15 12:50 - 2018-03-15 12:50 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-03-15 12:50 - 2018-03-15 12:50 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-03-15 12:50 - 2018-03-15 12:50 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-03-15 12:50 - 2018-03-15 12:50 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-03-14 23:36 - 2018-03-02 22:09 - 000834552 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-03-14 23:36 - 2018-03-02 22:09 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-14 21:24 - 2018-03-02 04:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-03-14 21:24 - 2018-03-02 04:02 - 000037888 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll
2018-03-14 21:24 - 2018-03-02 04:01 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-03-14 21:24 - 2018-03-02 04:00 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2018-03-14 21:24 - 2018-03-02 04:00 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll
2018-03-14 21:24 - 2018-03-02 04:00 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-03-14 21:24 - 2018-03-02 03:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-03-14 21:24 - 2018-03-01 21:28 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-03-14 21:24 - 2018-03-01 08:50 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-03-14 21:24 - 2018-03-01 08:49 - 000389536 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-03-14 21:24 - 2018-03-01 08:48 - 000664472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-03-14 21:24 - 2018-03-01 08:47 - 000749464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-03-14 21:24 - 2018-03-01 08:47 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-03-14 21:24 - 2018-03-01 08:46 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-03-14 21:24 - 2018-03-01 08:46 - 001568664 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-03-14 21:24 - 2018-03-01 08:46 - 000609176 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-03-14 21:24 - 2018-03-01 08:46 - 000138144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-03-14 21:24 - 2018-03-01 08:45 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-03-14 21:24 - 2018-03-01 08:40 - 002514936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-03-14 21:24 - 2018-03-01 08:40 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-03-14 21:24 - 2018-03-01 08:40 - 000273304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-03-14 21:24 - 2018-03-01 08:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-03-14 21:24 - 2018-03-01 08:31 - 008602520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-03-14 21:24 - 2018-03-01 08:30 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-03-14 21:24 - 2018-03-01 08:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-03-14 21:24 - 2018-03-01 08:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-03-14 21:24 - 2018-03-01 08:27 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-03-14 21:24 - 2018-03-01 08:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-03-14 21:24 - 2018-03-01 08:25 - 000377752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-03-14 21:24 - 2018-03-01 08:23 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-03-14 21:24 - 2018-03-01 08:19 - 000710768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-03-14 21:24 - 2018-03-01 08:17 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-03-14 21:24 - 2018-03-01 08:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-03-14 21:24 - 2018-03-01 08:17 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-03-14 21:24 - 2018-03-01 08:15 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-03-14 21:24 - 2018-03-01 08:14 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-03-14 21:24 - 2018-03-01 08:14 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-03-14 21:24 - 2018-03-01 08:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll
2018-03-14 21:24 - 2018-03-01 08:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-03-14 21:24 - 2018-03-01 08:14 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-03-14 21:24 - 2018-03-01 08:14 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-03-14 21:24 - 2018-03-01 08:14 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-03-14 21:24 - 2018-03-01 08:12 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-03-14 21:24 - 2018-03-01 08:12 - 000250264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2018-03-14 21:24 - 2018-03-01 08:12 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-03-14 21:24 - 2018-03-01 08:11 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-03-14 21:24 - 2018-03-01 08:10 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-03-14 21:24 - 2018-03-01 08:10 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-03-14 21:24 - 2018-03-01 08:10 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2018-03-14 21:24 - 2018-03-01 08:09 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-03-14 21:24 - 2018-03-01 07:51 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-03-14 21:24 - 2018-03-01 07:48 - 001930736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-03-14 21:24 - 2018-03-01 07:39 - 000213400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-03-14 21:24 - 2018-03-01 07:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-03-14 21:24 - 2018-03-01 07:29 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-03-14 21:24 - 2018-03-01 07:29 - 000574960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-03-14 21:24 - 2018-03-01 07:28 - 006480616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-03-14 21:24 - 2018-03-01 07:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-03-14 21:24 - 2018-03-01 07:28 - 000115096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2018-03-14 21:24 - 2018-03-01 07:27 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-03-14 21:24 - 2018-03-01 07:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2018-03-14 21:24 - 2018-03-01 07:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-03-14 21:24 - 2018-03-01 07:26 - 001057816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-03-14 21:24 - 2018-03-01 07:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll
2018-03-14 21:24 - 2018-03-01 07:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-03-14 21:24 - 2018-03-01 07:09 - 025251840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-03-14 21:24 - 2018-03-01 07:03 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-03-14 21:24 - 2018-03-01 07:03 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-03-14 21:24 - 2018-03-01 07:03 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-03-14 21:24 - 2018-03-01 07:03 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-03-14 21:24 - 2018-03-01 07:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-03-14 21:24 - 2018-03-01 07:01 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-03-14 21:24 - 2018-03-01 07:01 - 006575616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-03-14 21:24 - 2018-03-01 07:01 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-03-14 21:24 - 2018-03-01 07:01 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-03-14 21:24 - 2018-03-01 07:00 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-03-14 21:24 - 2018-03-01 06:59 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-03-14 21:24 - 2018-03-01 06:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-03-14 21:24 - 2018-03-01 06:58 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-03-14 21:24 - 2018-03-01 06:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2018-03-14 21:24 - 2018-03-01 06:58 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-03-14 21:24 - 2018-03-01 06:57 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-03-14 21:24 - 2018-03-01 06:56 - 018922496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-03-14 21:24 - 2018-03-01 06:56 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-03-14 21:24 - 2018-03-01 06:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-03-14 21:24 - 2018-03-01 06:54 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-03-14 21:24 - 2018-03-01 06:54 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-03-14 21:24 - 2018-03-01 06:54 - 001296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-03-14 21:24 - 2018-03-01 06:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-03-14 21:24 - 2018-03-01 06:54 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-03-14 21:24 - 2018-03-01 06:54 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-03-14 21:24 - 2018-03-01 06:53 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-03-14 21:24 - 2018-03-01 06:53 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-03-14 21:24 - 2018-03-01 06:53 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-03-14 21:24 - 2018-03-01 06:53 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-03-14 21:24 - 2018-03-01 06:53 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-03-14 21:24 - 2018-03-01 06:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-03-14 21:24 - 2018-03-01 06:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-03-14 21:24 - 2018-03-01 06:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-03-14 21:24 - 2018-03-01 06:53 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-03-14 21:24 - 2018-03-01 06:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2018-03-14 21:24 - 2018-03-01 06:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-03-14 21:24 - 2018-03-01 06:52 - 006030336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-03-14 21:24 - 2018-03-01 06:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2018-03-14 21:24 - 2018-03-01 06:51 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-03-14 21:24 - 2018-03-01 06:51 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-03-14 21:24 - 2018-03-01 06:51 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-03-14 21:24 - 2018-03-01 06:50 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-03-14 21:24 - 2018-03-01 06:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-03-14 21:24 - 2018-03-01 06:50 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-03-14 21:24 - 2018-03-01 06:50 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-03-14 21:24 - 2018-03-01 06:50 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-03-14 21:24 - 2018-03-01 06:49 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-03-14 21:24 - 2018-03-01 06:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-03-14 21:24 - 2018-03-01 06:49 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-03-14 21:24 - 2018-03-01 06:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2018-03-14 21:24 - 2018-03-01 06:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-03-14 21:24 - 2018-03-01 06:48 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-03-14 21:24 - 2018-03-01 06:47 - 023674368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-03-14 21:24 - 2018-03-01 06:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-03-14 21:24 - 2018-03-01 06:47 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-03-14 21:24 - 2018-03-01 06:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-03-14 21:24 - 2018-03-01 06:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-03-14 21:24 - 2018-03-01 06:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-03-14 21:24 - 2018-03-01 06:45 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-03-14 21:24 - 2018-03-01 06:45 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-03-14 21:24 - 2018-03-01 06:45 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-03-14 21:24 - 2018-03-01 06:44 - 008030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-03-14 21:24 - 2018-03-01 06:44 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-03-14 21:24 - 2018-03-01 06:43 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-03-14 21:24 - 2018-03-01 06:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2018-03-14 21:24 - 2018-03-01 06:42 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-03-14 21:24 - 2018-03-01 06:41 - 008103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-03-14 21:24 - 2018-03-01 06:41 - 004745728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-03-14 21:24 - 2018-03-01 06:41 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-03-14 21:24 - 2018-03-01 06:41 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-03-14 21:24 - 2018-03-01 06:41 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-03-14 21:24 - 2018-03-01 06:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-03-14 21:24 - 2018-03-01 06:39 - 002222592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-03-14 21:24 - 2018-03-01 06:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-03-14 21:24 - 2018-03-01 06:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-03-14 21:24 - 2018-03-01 06:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-03-14 21:24 - 2018-03-01 06:38 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-03-14 21:24 - 2018-03-01 06:38 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-03-14 21:24 - 2018-03-01 06:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-03-14 21:24 - 2018-03-01 06:36 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-03-14 21:24 - 2018-03-01 06:35 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-03-14 21:24 - 2018-03-01 06:35 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2018-03-14 21:24 - 2018-03-01 06:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-03-14 21:24 - 2018-02-22 03:23 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-03-14 21:24 - 2018-02-22 03:23 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-03-14 21:24 - 2018-02-22 03:13 - 000279456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-03-14 21:24 - 2018-02-22 03:13 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-03-14 21:24 - 2018-02-22 03:11 - 000109984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-03-14 21:24 - 2018-02-22 03:10 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-03-14 21:24 - 2018-02-22 03:08 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-03-14 21:24 - 2018-02-22 03:08 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-03-14 21:24 - 2018-02-22 03:08 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-03-14 21:24 - 2018-02-22 03:07 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-03-14 21:24 - 2018-02-22 03:07 - 001209248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-03-14 21:24 - 2018-02-22 03:07 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2018-03-14 21:24 - 2018-02-22 03:03 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-03-14 21:24 - 2018-02-22 03:03 - 000082848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-03-14 21:24 - 2018-02-22 03:02 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-03-14 21:24 - 2018-02-22 03:00 - 000187296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-03-14 21:24 - 2018-02-22 02:59 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-03-14 21:24 - 2018-02-22 02:54 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-03-14 21:24 - 2018-02-22 02:52 - 000103328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-03-14 21:24 - 2018-02-22 02:51 - 000555424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-03-14 21:24 - 2018-02-22 02:51 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-03-14 21:24 - 2018-02-22 02:51 - 000045472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-03-14 21:24 - 2018-02-22 02:50 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-03-14 21:24 - 2018-02-22 02:50 - 000229272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-03-14 21:24 - 2018-02-22 01:41 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-03-14 21:24 - 2018-02-22 01:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-03-14 21:24 - 2018-02-22 01:30 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-03-14 21:24 - 2018-02-22 01:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-03-14 21:24 - 2018-02-22 01:30 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-03-14 21:24 - 2018-02-22 01:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-03-14 21:24 - 2018-02-22 01:26 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-03-14 21:24 - 2018-02-22 01:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-03-14 21:24 - 2018-02-22 01:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-03-14 21:24 - 2018-02-22 01:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-03-09 15:26 - 2018-03-09 15:26 - 000011645 _____ C:\Users\petaz\Downloads\[CzT]Rychly_prachy_134_Aneta_24_11_2017_CZ_1080p_.torrent
2018-03-06 08:30 - 2018-03-13 09:24 - 000000000 ____D C:\Users\petaz\Documents\CAD
2018-02-28 21:59 - 2018-02-28 21:59 - 000001557 _____ C:\Users\petaz\eb.cfg
2018-02-28 21:55 - 2018-02-28 21:55 - 000000000 ____D C:\Python27
2018-02-28 21:55 - 2018-02-28 21:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
2018-02-28 21:52 - 2018-02-28 21:53 - 019238912 _____ C:\Users\petaz\Downloads\python-2.7.14.msi
2018-02-28 21:50 - 2018-02-28 21:51 - 023525438 _____ C:\Users\petaz\Downloads\edubeam_3.5.0.exe
2018-02-24 20:09 - 2018-02-24 20:09 - 001732137 _____ C:\Users\petaz\Downloads\1-ukol.pdf
2018-02-20 20:55 - 2018-02-20 20:57 - 028389176 _____ C:\Users\petaz\Downloads\FYzika 10 - priklady RNDr. Jaroslava Drchalova, CSc.rar
2018-02-20 09:30 - 2018-03-03 20:09 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-02-20 09:27 - 2018-02-20 09:27 - 000001455 _____ C:\Users\Public\Desktop\Počítačová aplikace Autodesk.lnk
2018-02-20 09:25 - 2018-02-20 09:25 - 000002078 _____ C:\Users\Public\Desktop\A360 Desktop.lnk
2018-02-20 09:17 - 2018-02-20 09:27 - 000000000 ____D C:\Program Files (x86)\Autodesk
2018-02-20 09:17 - 2018-02-20 09:17 - 000001717 _____ C:\Users\Public\Desktop\Autodesk ReCap.lnk
2018-02-20 09:17 - 2018-02-20 09:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk ReCap
2018-02-20 09:11 - 2018-02-20 09:11 - 000001796 _____ C:\Users\Public\Desktop\AutoCAD 2018 – Čeština (Czech).lnk
2018-02-20 09:11 - 2018-02-20 09:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2018 – Čeština (Czech)
2018-02-20 09:09 - 2018-02-20 09:09 - 000000000 ____D C:\Users\petaz\Documents\Inventor Server SDK ACAD 2018
2018-02-20 09:09 - 2018-02-20 09:09 - 000000000 ____D C:\Program Files\Common Files\Macrovision Shared
2018-02-20 09:04 - 2018-02-20 09:24 - 000000000 ____D C:\Program Files\Autodesk
2018-02-20 08:54 - 2018-02-20 09:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2018-02-20 08:41 - 2018-02-20 08:42 - 013931800 _____ C:\Users\petaz\Downloads\AutoCAD_2018_Czech_Win_32_64bit_wi_cs-CZ_Setup.exe
2018-02-20 08:41 - 2018-02-20 08:41 - 000485168 _____ (Autodesk Inc.) C:\Users\petaz\Downloads\AutoCAD_2018_Czech_Win_32_64bit_wi_cs-CZ_Setup_webinstall.exe
2018-02-14 07:14 - 2018-02-10 07:20 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-02-14 07:14 - 2018-02-10 07:16 - 000739696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-02-14 07:14 - 2018-02-10 07:15 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-02-14 07:14 - 2018-02-10 07:15 - 000471968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-02-14 07:14 - 2018-02-10 07:14 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-02-14 07:14 - 2018-02-10 07:13 - 000373656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-02-14 07:14 - 2018-02-10 07:12 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-02-14 07:14 - 2018-02-10 07:09 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-02-14 07:14 - 2018-02-10 07:08 - 003010248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-02-14 07:14 - 2018-02-10 07:06 - 000727448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-02-14 07:14 - 2018-02-10 07:06 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-02-14 07:14 - 2018-02-10 07:06 - 000087384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-02-14 07:14 - 2018-02-10 07:04 - 001254144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-02-14 07:14 - 2018-02-10 07:04 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-02-14 07:14 - 2018-02-10 07:04 - 000614296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-02-14 07:14 - 2018-02-10 07:04 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-02-14 07:14 - 2018-02-10 07:02 - 002773400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-02-14 07:14 - 2018-02-10 07:02 - 000617304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-02-14 07:14 - 2018-02-10 06:21 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-02-14 07:14 - 2018-02-10 06:17 - 000597160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-02-14 07:14 - 2018-02-10 06:06 - 006014688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-02-14 07:14 - 2018-02-10 06:06 - 004670728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-02-14 07:14 - 2018-02-10 06:06 - 000982528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-02-14 07:14 - 2018-02-10 06:05 - 001149272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-02-14 07:14 - 2018-02-10 06:05 - 000662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2018-02-14 07:14 - 2018-02-10 06:05 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-02-14 07:14 - 2018-02-10 06:05 - 000074992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2018-02-14 07:14 - 2018-02-10 05:49 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-02-14 07:14 - 2018-02-10 05:49 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-02-14 07:14 - 2018-02-10 05:47 - 017160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-02-14 07:14 - 2018-02-10 05:47 - 013704192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-02-14 07:14 - 2018-02-10 05:46 - 002393600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-02-14 07:14 - 2018-02-10 05:46 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-02-14 07:14 - 2018-02-10 05:46 - 000169472 _____ (Microsoft Corporation)


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 10 hostů