Prosím o kontrolu Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

JimmyTudeski
nováček
Příspěvky: 30
Registrován: červen 19
Pohlaví: Muž
Stav:
Offline

Prosím o kontrolu

Příspěvekod JimmyTudeski » 27 srp 2019 10:18

Jsou to asi dva měsíce, kdy jsme tady na fóru vyřešili můj problém. Od té doby všechno krásně fungovalo, ale před časem jsem začal mít problém s větráčkem na CPU. Skříň je čistá - nic nenarušuje tok vzduchu; nastavení v biosu a další podobné návody jsem zkoušel, ale pořád se nemůžu dostat pod nějakých 1800 otáček, tak mě napadlo, jestli to nemůže být softwarový problém.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:13:33, on 27.08.2019
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17763.0592)
Boot mode: Normal

Running processes:
C:\Users\uzivatel\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
D:\data\Plocha\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
O1 - Hosts: ::1 localhost
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O4 - HKLM\..\Run: [WDAppManager] C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\uzivatel\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Spotify] C:\Users\uzivatel\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - AMD - C:\Windows\System32\DriverStore\FileRepository\c0339148.inf_amd64_2aa98027cbb86d51\B339146\atiesrxx.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service: ESET Firewall Helper (ekrnEpfw) - ESET - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.100\elevation_service.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe
O23 - Service: Intel(R) TPM Provisioning Service - Intel(R) Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: Origin Web Helper Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginWebHelperService.exe
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Universal Service (RtkAudioUniversalService) - Unknown owner - C:\Windows\System32\RtkAudUService64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10299 bytes

Reklama
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod jaro3 » 27 srp 2019 18:32

A jaké máš vytížení CPU a teploty?

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
http://www.geekstogo.com/forum/files/fi ... -oldtimer/
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode
http://www.bleepingcomputer.com/download/adwcleaner/
http://www.adlice.com/downloadprogress/

Ulož si ho na svojí plochu . Klikni na „Souhlasím“ k povrzení podmínek.
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Skenování“
Po skenu se objeví log , který se otevře. ( jinak je uložen systémovem disku jako C:\AdwCleaner [C?].txt ), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware na plochu , nainstaluj a spusť ho
-Pokud není program aktuální , klikni na možnost „Aktualizovat nyní“ či „Opravit nyní“.
- bude nalezena aktualizace a nainstaluje se.
- poté klikni na Spustit skenování
- po proběhnutí skenu se ti objeví hláška vpravo dole, tak klikni na Zobrazit zprávu a vyber Export a vyber Kopírovat do schránky a vlož sem celý log. Nebo klikni na „Textový soubor ( .txt)“ a log si ulož.
-jinak se log nachází v programu po kliknutí na „Zprávy“ , nebo je uložen zde: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs

- po té klikni na tlačítko Dokončit, a program zavři křížkem vpravo nahoře.
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

JimmyTudeski
nováček
Příspěvky: 30
Registrován: červen 19
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod JimmyTudeski » 28 srp 2019 11:55

Když pozavírám všechny okna, tak je vytížení CPU v jednotkách procent. Teplota se v pohodě drží pod 40°.


# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build: 07-23-2019
# Database: 2019-08-27.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 08-28-2019
# Duration: 00:00:10
# OS: Windows 10 Home
# Scanned: 35522
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########


Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 28.08.19
Čas skenování: 11:50
Logovací soubor: 42835b88-c979-11e9-8d7a-e0d55ef7f35c.json

-Informace o softwaru-
Verze: 3.8.3.2965
Verze komponentů: 1.0.613
Aktualizovat verzi balíku komponent: 1.0.12215
Licence: Zkušební

-Systémová informace-
OS: Windows 10 (Build 17763.678)
CPU: x64
Systém souborů: NTFS
Uživatel: DESKTOP-IERC611\uzivatel

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 277241
Zjištěné hrozby: 0
Hrozby umístěné do karantény: 0
Uplynulý čas: 1 min, 43 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

WMI: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod jaro3 » 28 srp 2019 18:05

taky to může být špatné , vadné řízení otáček ( základní deska).

Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
https://downloads.malwarebytes.com/file/JRT-EOL
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

Sophos Virus Removal Tool je praktický softwarový nástroj, který by mohl odstranit infekce, které antivirový program nedetekuje .
Stáhněte si ho zde z některého odkazu:
http://www.majorgeeks.com/files/details ... _tool.html
http://www.majorgeeks.com/mg/get/sophos ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,2.html

Viry mohou zpomalit počítač, nebo se snaží ukrást vaše data, a ani nevíte , že je máte. Co potřebujete, je rychlý a snadný způsob, jak je najít a zbavit se jich, pokud již máte antivirový program v počítači nainstalován , můžete nainstalovat i nástroj Sophos Virus Removal , který identifikuje a vyčistí zbylé infekce, které mohl Váš antivirový program přehlédnout.
K použití Sophos Virus Removal Tool na něj poklepejte a stiskněte tlačítko „Start scanning“ . Pak bude Sophos Virus Removal Tool vyhledávat a odstraňovat viry, které najde. Může být vyžadován restart.
Pokud byly nalezeny viry , tak po skenu klikni na „Details…“ a potom na „View log file“. Zkopíruj celý log a vlož ho sem. Potom zavři „threat detail“ a klikni na „Start cleanup“.
Jinak se log nachází zde:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.adlice.com/download/roguekil ... HlwZT14ODY
64bit.:
http://www.adlice.com/download/roguekil ... HlwZT14NjQ
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7,8,10 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“
- Program skenuje procesy PC. Po proskenování klikni na „Open Report “ , v okně pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
-pokud bude mít log více než 60.000 znaků , rozděl ho a vlož do více příspěvků

další odkazy:
http://www.adlice.com/download/roguekiller/
http://www.bleepingcomputer.com/download/roguekiller/
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

JimmyTudeski
nováček
Příspěvky: 30
Registrován: červen 19
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod JimmyTudeski » 29 srp 2019 13:05

Sophos žádnou hrozbu nenašel

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by uzivatel (Administrator) on 29.08.2019 at 11:14:06,51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.08.2019 at 11:15:42,07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

RogueKiller Anti-Malware V13.4.3.0 (x64) [Aug 20 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.17763) 64 bits
Started in : Normal mode
User : uzivatel [Administrator]
Started from : D:\data\Plocha\RogueKiller_portable64.exe
Signatures : 20190828_155619, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2019/08/29 13:00:04 (Duration : 00:04:02)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod jaro3 » 29 srp 2019 18:45

Vypni antivir i firewall.
Stáhni Zoek.exe
http://download.bleepingcomputer.com/smeenk/zoek.exe

Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
-pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log Zkopíruj sem celý obsah toho logu.
Pokud budou problémy , spusť zoek v nouz. režimu.

Stáhni si Zemana AntiMalware Free z tohoto odkazu:
https://www.zemana.com/Download/AntiMal ... .Setup.exe
a ulož si ho na plochu.
Poklepej na tento soubor na ploše a postupuj podle pokynů k instalaci programu.
Přijmi licenci k používání programu EULA , pokud se nabídne.
Pokud je k dispozici aktualizace programu , klepni na tlačítko „Update now“ ( aktualizovat nyní).
Můžeš si zatrhnout i vytvoření bodu obnovy:
Klikni na ozubené kolečko , poté na „Skenování“ a zatrhni „vytvářet body obnovy“.
Vrať se zpět ( klikni na domeček).
Zavři všechny otevřené soubory, složky a prohlížeče
Neměň žádné nastavení. Klikni na „Skenovat“.
Po skenu lze vidět , zda jsou nějaké nákazy. Klikni na „Další“. Nákazy budou přemístěny do karantény.
Když je skenování dokončeno, objeví se tisková zpráva , zkopíruj sem celý obsah té zprávy.
Jinak můžeš zprávy vidět , když klikneš vpravo nahoře na „ zprávy“.


Vlož nový log z HJT + informuj o problémech
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

JimmyTudeski
nováček
Příspěvky: 30
Registrován: červen 19
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod JimmyTudeski » 30 srp 2019 13:34

Se Zoek se mi bohužel nedaří. Vypnul jsem antivir i firewall, spustil jako správce ale bohužel mi naskakuje okno viz. níže.

Zemana žádnou nákazu nezjistil.
Přílohy
Bez názvu111111.jpg

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod jaro3 » 30 srp 2019 18:40

Protože Ti ho při stažení zablokoval antivir...musel bys dát v antiviru vyjímku . Jaký máš prohlížeč?
C:\zoek_backup -- tuto složku smaž.

Vypni antivir , antispyware , firewall , stáhni znovu zoek na plochu a spusť jako správce.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

JimmyTudeski
nováček
Příspěvky: 30
Registrován: červen 19
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod JimmyTudeski » 02 zář 2019 12:48

Jasně, blokoval to Malwarebytes

Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version)
Tool run by uzivatel on 02.09.2019 at 12:30:36,63.
Microsoft Windows 10 Home 10.0.18362 x64
Running in: Normal Mode Internet Access Detected
Launched: D:\data\Plocha\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

02.09.2019 12:32:36 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\uzivatel\AppData\Local\DBG deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Packages deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~3\Package Cache deleted

==== Chromium Look ======================

Google Chrome Version: 76.0.3809.132


Google Play - uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi
Chrome Media Router - uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

==== Reset Google Chrome ======================

C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Preferences.bak was reset successfully
C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.bak was reset successfully
C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\uzivatel\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\uzivatel\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Edge Cache ======================

Edge Cache is not empty, a reboot is needed

==== Empty Chrome Cache ======================

C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\System Profile\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=4 folders=3 9306447 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\uzivatel\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\uzivatel\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\uzivatel\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge" not found
"C:\Users\uzivatel\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp" not found

==== EOF on 02.09.2019 at 12:44:08,75 ======================

JimmyTudeski
nováček
Příspěvky: 30
Registrován: červen 19
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod JimmyTudeski » 02 zář 2019 12:52

Tady je ještě nový log z HJT. Bohužel musím říct, že hledání problému který stojí za tím větráčkem na procesoru musí pokračovat. Na druhou stranu je ale super, že významně spadlo vytížení RAM (o nějakých cca 20%), takže mi to v něčem určitě pomohlo, díky.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:49:12, on 02.09.2019
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.18362.0001)
Boot mode: Normal

Running processes:
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Users\uzivatel\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
D:\data\Plocha\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O4 - HKLM\..\Run: [WDAppManager] C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\uzivatel\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Spotify] C:\Users\uzivatel\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - AMD - C:\WINDOWS\System32\DriverStore\FileRepository\c0339148.inf_amd64_2aa98027cbb86d51\B339146\atiesrxx.exe
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_4a9b6 - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service: ESET Firewall Helper (ekrnEpfw) - ESET - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.132\elevation_service.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe
O23 - Service: Intel(R) TPM Provisioning Service - Intel(R) Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: Origin Web Helper Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginWebHelperService.exe
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Universal Service (RtkAudioUniversalService) - Unknown owner - C:\WINDOWS\System32\RtkAudUService64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11224 bytes

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod jaro3 » 02 zář 2019 18:26

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

JimmyTudeski
nováček
Příspěvky: 30
Registrován: červen 19
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu

Příspěvekod JimmyTudeski » 03 zář 2019 15:55

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2019
Ran by uzivatel (administrator) on DESKTOP-IERC611 (Gigabyte Technology Co., Ltd. B360M-DS3H) (03-09-2019 15:45:00)
Running from D:\data\Plocha
Loaded Profiles: uzivatel (Available Profiles: uzivatel)
Platform: Windows 10 Home Version 1903 18362.295 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320584 2018-02-13] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [757184 2018-06-28] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmdS.exe [180448 2019-07-30] (ESET, spol. s r.o. -> ESET)
HKU\S-1-5-21-2044785028-3156583648-1372798179-1001\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [3210528 2019-08-22] (Valve -> Valve Corporation)
HKU\S-1-5-21-2044785028-3156583648-1372798179-1001\...\Run: [Spotify] => C:\Users\uzivatel\AppData\Roaming\Spotify\Spotify.exe [25591712 2019-07-11] (Spotify AB -> Spotify Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.132\Installer\chrmstp.exe [2019-08-30] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05AE2393-3B9C-4090-ABCB-FBD94191BBCE} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [156712 2019-08-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {15C27D3C-8164-44A4-A8FD-ECF8D6816D41} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [58760 2019-02-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {1990488F-6BBB-4D21-BD74-8C4BAB76BDD9} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27367016 2019-08-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {1DA579EF-C8B0-4B61-8430-3A348ABF6A85} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6299288 2019-08-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {210D38EE-700A-4CDC-86AF-DD5178C585A4} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2174608 2019-08-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {33599CE8-4AAC-4171-817E-1A3936755268} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [468992 2019-02-13] (Advanced Micro Devices, Inc.) [File not signed]
Task: {4F50FB2A-7D6F-4317-8597-AC9946310BC6} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe
Task: {675C0F42-7A68-4226-947A-138450E1247B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1236048 2019-07-24] (Adobe Inc. -> Adobe Systems)
Task: {699F4F31-4055-49D4-B3B2-FD374E7425C9} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2174608 2019-08-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {8B780719-5D40-4495-B7DA-91534548B5EB} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\IntelPTTEKRecertification.exe [817472 2017-11-16] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {B67DAE13-8347-4B05-BBBC-B51C02653DEA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6299288 2019-08-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {BCA60A4F-A189-4D50-BECD-58847F1732CF} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [156712 2019-08-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {C2AF8DBA-725C-471B-9393-F2240209718A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27367016 2019-08-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {F392CD76-A75A-493F-8DBA-45C550FAFE1D} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [468992 2019-02-13] (Advanced Micro Devices, Inc.) [File not signed]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Intel PTT EK Recertification.job => C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\IntelPTTEKRecertification.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.88.1 10.107.4.100 10.107.4.129
Tcpip\..\Interfaces\{f5ad9351-f062-4e5e-a9ee-1f035074bfa6}: [DhcpNameServer] 192.168.88.1 10.107.4.100 10.107.4.129

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2044785028-3156583648-1372798179-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2044785028-3156583648-1372798179-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2019-06-13] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-03-13] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-23] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-08-23] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-23] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-08-23] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-23] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-08-23] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-23] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-08-23] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-06-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-03-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-03-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-08-21] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> file:///D:/DATA/Downloads/Wohnout---Laskonky-a-kremrole-(2014)/Wohnout%20-%20Laskonky%20a%20kremrole%20(2014)
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxp://www.google.com/"
CHR Profile: C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default [2019-09-03]
CHR Extension: (Prezentace) - C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-09-02]
CHR Extension: (Dokumenty) - C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-09-02]
CHR Extension: (Disk Google) - C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-09-02]
CHR Extension: (YouTube) - C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-09-02]
CHR Extension: (Tabulky) - C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-09-02]
CHR Extension: (Dokumenty Google offline) - C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-09-02]
CHR Extension: (Google Play) - C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2019-09-02]
CHR Extension: (Mapy Google) - C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2019-09-02]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-09-02]
CHR Extension: (Gmail) - C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-09-02]
CHR Extension: (Chrome Media Router) - C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-09-02]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\c0339148.inf_amd64_2aa98027cbb86d51\B339146\atiesrxx.exe [509040 2019-02-13] (Advanced Micro Devices, Inc. -> AMD)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11568224 2019-08-24] (Microsoft Corporation -> Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2428848 2019-07-30] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2428848 2019-07-30] (ESET, spol. s r.o. -> ESET)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe [743728 2017-11-16] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe [720184 2017-11-16] (Intel(R) Trust Services -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [214672 2018-01-31] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2329904 2019-08-09] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3204912 2019-08-09] (Electronic Arts, Inc. -> Electronic Arts)
R2 RtkAudioUniversalService; C:\WINDOWS\System32\RtkAudUService64.exe [757184 2018-06-28] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4098056 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [113992 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0339148.inf_amd64_2aa98027cbb86d51\B339146\atikmdag.sys [52815992 2019-02-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0339148.inf_amd64_2aa98027cbb86d51\B339146\atikmpag.sys [590960 2019-02-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [103240 2019-02-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [107400 2018-10-03] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [149144 2019-07-30] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15800 2019-06-05] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [189232 2019-07-30] (ESET, spol. s r.o. -> ESET)
S4 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [50144 2018-10-17] (ESET, spol. s r.o. -> ESET)
S4 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [82304 2018-10-17] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [113336 2019-07-30] (ESET, spol. s r.o. -> ESET)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
S3 gdrv; C:\Windows\gdrv.sys [26792 2019-01-30] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [942128 2018-02-13] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-08-28] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-09-02] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-09-02] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-09-02] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116112 2019-09-02] (Malwarebytes Corporation -> Malwarebytes)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1010648 2017-10-20] (Realtek Semiconductor Corp. -> Realtek )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46472 2019-03-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [333784 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [62432 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S1 amsdk; \??\C:\WINDOWS\system32\drivers\amsdk.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-03 15:44 - 2019-09-03 15:45 - 000000000 ____D C:\FRST
2019-09-02 12:48 - 2019-09-02 12:48 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-09-02 12:48 - 2019-09-02 12:48 - 000116112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-09-02 12:48 - 2019-09-02 12:48 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-09-02 12:44 - 2019-09-02 12:44 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-09-02 12:43 - 2014-02-13 23:59 - 000024064 _____ C:\WINDOWS\zoek-delete.exe
2019-09-02 12:30 - 2019-09-02 12:41 - 000000000 ____D C:\zoek_backup
2019-08-30 15:22 - 2019-08-30 15:22 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2019-08-29 22:08 - 2019-08-29 21:16 - 000000000 ____D C:\Windows.old
2019-08-29 22:07 - 2019-08-29 22:08 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2019-08-29 22:06 - 2019-08-29 22:07 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2019-08-29 22:06 - 2019-08-29 22:06 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2019-08-29 22:04 - 2019-08-29 22:04 - 025901056 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 022625280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 019849216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 019811328 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 018017792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 014814208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 009926672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-08-29 22:04 - 2019-08-29 22:04 - 008012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 007802224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 007753728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 007251808 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 007174656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 007008768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 006518184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 006403072 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 006218752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 006071432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 006059520 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 005941760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 005916160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 005753944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 005500416 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 005087744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 005083352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 005014016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 004863488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 004578816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 004562904 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-08-29 22:04 - 2019-08-29 22:04 - 004537344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 004481024 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 004348408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 004306432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 004129616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 004034048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 004008960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 003915536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-08-29 22:04 - 2019-08-29 22:04 - 003837440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 003771392 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 003750912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 003735264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 003635200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 003550720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 003525592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 003487232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 003372744 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 003243080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 002990096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-08-29 22:04 - 2019-08-29 22:04 - 002956984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 002876416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 002871824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-08-29 22:04 - 2019-08-29 22:04 - 002798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-08-29 22:04 - 2019-08-29 22:04 - 002771752 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 002764040 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2019-08-29 22:04 - 2019-08-29 22:04 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2019-08-29 22:04 - 2019-08-29 22:04 - 002698552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-08-29 22:04 - 2019-08-29 22:04 - 002697728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 002586608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 002576384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 002561536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 002494440 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 002490712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 002398720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 002314440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 002306048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 002258640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 002235936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 002216448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 002175288 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 002132520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 002096128 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 002094592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 002081976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 002072152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 002031104 _____ C:\WINDOWS\system32\rdpnano.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001999648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001954960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001940952 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001912576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001893888 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001866064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConstraintIndex.Search.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001847808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001840968 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001822720 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001815040 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001788944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001754240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-08-29 22:04 - 2019-08-29 22:04 - 001724928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001721144 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001690624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001661544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001651848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001647280 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001633864 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001611416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001608192 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001562640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001562112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001555688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001539584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001535288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001531992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001515008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaclient.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001510952 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001509936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-08-29 22:04 - 2019-08-29 22:04 - 001505080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001493392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001488384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001473488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001458176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001437184 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2019-08-29 22:04 - 2019-08-29 22:04 - 001413328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001408000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001395600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001393960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001391416 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-08-29 22:04 - 2019-08-29 22:04 - 001375232 _____ (Microsoft Corporation) C:\WINDOWS\system32\APMon.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001366528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001366128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-08-29 22:04 - 2019-08-29 22:04 - 001364480 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001356800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001345024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001343488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001334064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ttdrecordcpu.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001321472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001319936 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001304888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001301504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001301008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-08-29 22:04 - 2019-08-29 22:04 - 001297720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001283384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-08-29 22:04 - 2019-08-29 22:04 - 001282560 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001273344 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001273176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001262016 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001260032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpsharercom.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001259008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001248256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2019-08-29 22:04 - 2019-08-29 22:04 - 001244728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001244672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\opengl32.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001213240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001192096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2019-08-29 22:04 - 2019-08-29 22:04 - 001182240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-08-29 22:04 - 2019-08-29 22:04 - 001178608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001171968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001154960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001124864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CBDHSvc.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001106288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001101312 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001098712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001080832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001079296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001072144 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-08-29 22:04 - 2019-08-29 22:04 - 001067008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001065984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001062912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2019-08-29 22:04 - 2019-08-29 22:04 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001059840 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2019-08-29 22:04 - 2019-08-29 22:04 - 001056704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001039872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2019-08-29 22:04 - 2019-08-29 22:04 - 001020768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001012792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001007160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001007104 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001006592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 001000960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 000996352 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2019-08-29 22:04 - 2019-08-29 22:04 - 000984376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 000975360 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 000952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 000950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2019-08-29 22:04 - 2019-08-29 22:04 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 000928776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-08-29 22:04 - 2019-08-29 22:04 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 000919040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 000913408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 000913168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2019-08-29 22:04 - 2019-08-29 22:04 - 000912896 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 000910848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 000892488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 000889664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 000888056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 000883712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\opengl32.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 000879792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 000875008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 000875008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 000864768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 000861696 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 000858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 000844800 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2019-08-29 22:04 - 2019-08-29 22:04 - 000843776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 000842552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 000839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 000833536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 000830976 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 000829776 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2019-08-29 22:04 - 2019-08-29 22:04 - 000822072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 000821904 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-08-29 22:04 - 2019-08-29 22:04 - 000818688 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 000818656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 000813568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-08-29 22:04 - 2019-08-29 22:04 - 000811160 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-08-29 22:04 - 2019-08-29 22:04 - 000811160 _____ C:\WINDOWS\system32\locale.nls


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 9 hostů