Preventivní kontrola PC a čištění před tvorbou zálohy. Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: memphisto, Mods_senior, Security team

neca
Level 2
Level 2
Příspěvky: 164
Registrován: leden 12
Pohlaví: Muž

Re: Preventivní kontrola PC a čištění před tvorbou zálohy.

Příspěvekod neca » 11 úno 2019 22:07

jaro3 píše:Není skrytá?

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému


Ashampoo_Snap_pondělí 11. února 2019_22h06m13s_003_.jpg
Není viz foto


Tak jsem ho zkusil spustit přes kompatibilitu s jiným systémem. Světe div se při nastavení na win7 se Zoek spouští, tak co s ním teď? Aby nesmazal např hesla stránek uložena ve Chromu nebo záložky chromu.
Nemáte oprávnění prohlížet přiložené soubory.



Reklama
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 40010
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Preventivní kontrola PC a čištění před tvorbou zálohy.

Příspěvekod jaro3 » 11 úno 2019 23:08

Ty nemáš zazálohované , napsané hesla?

Následující by mělo vše vrátit zpět , ale nevím jestli nebudou problémy..
Tak si to zazálohuj.

Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
-pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:

Kód: Vybrat vše

 
zoekbackups;
C:\zoek_backup:v

 

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log Zkopíruj sem celý obsah toho logu.
Pokud budou problémy , spusť zoek v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

neca
Level 2
Level 2
Příspěvky: 164
Registrován: leden 12
Pohlaví: Muž

Re: Preventivní kontrola PC a čištění před tvorbou zálohy.

Příspěvekod neca » 12 úno 2019 06:42

To víš, že hesla a všechno mám papírově zazálohované. To už jsem ti ale psal.


Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version)
Tool run by Roman on 12.02.2019 at 6:37:18,33.
Microsoft Windows 10 Pro 10.0.17134 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Roman\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2019-02-07-210107.log 8856 bytes

==== C:\zoek_backup content ======================

Folders:

C_PROGRA~2_COMMON~1_Wondershare (F=38 D=14 6927577 bytes)
C_PROGRA~3_Package Cache (F=42 D=47 151778987 bytes)
C_PROGRA~3_{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3} (F=1 D=1 3704 bytes)
C_Users_Roman_.android (F=2 D=0 2448 bytes)
C_Users_Roman_AppData_Local_CrashRpt (F=0 D=7 0 bytes)
C_Users_Roman_AppData_Local_Wondershare (F=2 D=1 82 bytes)
C_Users_Roman_AppData_Roaming_Temp (F=0 D=0 0 bytes)

Files:

C_WINDOWS_Installer_1e755d.msi.vir (02.08.2018 03:49 6451200 bytes)

C:\zoek_backup (files=87 folders=77 165164636 bytes)

==== EOF on 12.02.2019 at 6:39:47,86 ======================

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 40010
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Preventivní kontrola PC a čištění před tvorbou zálohy.

Příspěvekod jaro3 » 12 úno 2019 18:18

Tam toho moc není , ještě něco zkusím najít.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

neca
Level 2
Level 2
Příspěvky: 164
Registrován: leden 12
Pohlaví: Muž

Re: Preventivní kontrola PC a čištění před tvorbou zálohy.

Příspěvekod neca » 13 úno 2019 07:32

jaro3 píše:Tam toho moc není , ještě něco zkusím najít.


Tak Authy už mám obnovený a MyEtherWallet taky zaplať panbůh zato. Pak budem pokračovat. Authy jsem udělal formou nové instalace ale ne jako aplikace učtu ale jako samotný program v PC.
Tak MyEtherwallet jsem obnovil též. Super.

Tak teď co budeme dělat? Jak jsem psal na začátku jde mi o vyčištění PC z důvodu zazálohování. Jak jsme vraceli nějaké procesy zpět, nemám v kompu zase vir, nebo nějakou havěť?

A radu od tebe zda koupit noyý SSD + HDD. U toho SSD jsem ve Crystal disku neviděl žluté upozornění pouze u toho HDD.

SSD mám v záruce je třeba ho měnit?

Doporuč mi dobrý Antivir free Avast nebo AVG, Kaspersky, Bitdefender nevim?

Jak znovu aktivovat všechny firewolly, které jsem nějak povypínal v kompu? Už ani nevím co jsem všechno odklikal abych mohl spustit ten ZOEK, který se stejně spustil jen se synchronizací s win 7. Pobíráš to ještě? :)

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 40010
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Preventivní kontrola PC a čištění před tvorbou zálohy.

Příspěvekod jaro3 » 13 úno 2019 18:28

Tak to je fajn , že se to podařilo vrátit , já jsem to konzultoval a pomocí zoek to nejde , jen použít obnovu systému , vrátit pomocí bodu obnovy před dobu než se použil zoek.

Ohledně antiviru bych vynechal AVG , bere víc prostřeků a zanáší dost systém , je zkrátka dost rozlezlej.
Tak Avira , Avat anebo se dost používá Comodo , je free i s firewalem,

A radu od tebe zda koupit noyý SSD + HDD. U toho SSD jsem ve Crystal disku neviděl žluté upozornění pouze u toho HDD.
SSD mám v záruce je třeba ho měnit?

SSD má jiné parametry , takže žlutý nebude

(1) KINGSTON SHSS37A240G
000000000001 Počet přemapovaných sektorů
000000000001 Počet udalostí s číslem realokování sektorů
pokud je v záruce , tak bych ho reklamoval. Klidně přidej info z CDI.

ten druhý disk zazálohovat a vyměnit

ještě jednou dej logy z FRST.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

neca
Level 2
Level 2
Příspěvky: 164
Registrován: leden 12
Pohlaví: Muž

Re: Preventivní kontrola PC a čištění před tvorbou zálohy.

Příspěvekod neca » 13 úno 2019 18:38

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12.02.2019 01
Ran by Roman (administrator) on DESKTOP-O6D3TT1 (13-02-2019 18:32:12)
Running from C:\Users\Roman\Desktop
Loaded Profiles: Roman (Available Profiles: Roman)
Platform: Windows 10 Pro Version 1803 17134.590 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
() C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.31\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
() C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
() D:\Programy\Everythink\Everything\Everything.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Valve Corporation) D:\Programy\Steam\Steam.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIRPE.EXE
(Wargaming.net) C:\Games\World_of_Tanks\WargamingGameUpdater.exe
(Valve Corporation) D:\Programy\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) D:\Programy\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
() C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Valve Corporation) D:\Programy\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) D:\Programy\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) D:\Programy\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
() C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1811.3241.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [585296 2017-12-22] (Acronis International GmbH -> )
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1092304 2016-03-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [425864 2017-12-22] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4620736 2017-12-22] (Acronis International GmbH -> )
HKLM-x32\...\Winlogon: [Userinit] C:\WINDOWS\system32\userinit.exe, [27136 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\Run: [Steam] => D:\Programy\Steam\steam.exe [3141920 2019-02-02] (Valve -> Valve Corporation)
HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\Run: [Gaijin.Net Agent] => C:\Users\Roman\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2125384 2018-09-25] (Gaijin Network LTD -> Gaijin Entertainment)
HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\Run: [AshSnap] => C:\Program Files (x86)\Ashampoo\Ashampoo Snap 10\ashsnap.exe [6223760 2018-05-31] (Ashampoo GmbH & Co. KG -> Ashampoo GmbH & Co. KG)
HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30796352 2018-10-24] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIRPE.EXE [417776 2014-11-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\Run: [World of Tanks (1)] => C:\Games\World_of_Tanks\WargamingGameUpdater.exe [3139936 2018-06-25] (Wargaming.net Limited -> Wargaming.net)
HKU\S-1-5-18\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30796352 2018-10-24] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech Inc.)
HKLM\...\Drivers32: [MSVideo] => C:\WINDOWS\system32\vfwwdm32.dll [67072 2018-04-12] (Microsoft Corporation)
HKLM\...\Drivers32-x32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.96\Installer\chrmstp.exe [2019-02-12] (Google LLC -> Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acuity Update Tool.lnk [2017-11-25]
ShortcutTarget: Acuity Update Tool.lnk -> C:\Users\Roman\AppData\Roaming\MetaQuotes\Terminal\76AE827A66F7801B9D79B1FD1D2103FD\MQL4\Experts\AcuityUpdateTool\AcuityUpdateTool.exe ()
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6fbb34ec-5959-43f9-8070-f89720ac0664}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2017-11-26] [Legacy] [not signed]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2019-01-30] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2019-01-30] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.centrum.cz/
CHR Profile: C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default [2019-02-13]
CHR Extension: (Prezentace) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-07]
CHR Extension: (Dokumenty) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-07]
CHR Extension: (Disk Google) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-02-07]
CHR Extension: (IBM Security Rapport) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2019-02-10]
CHR Extension: (YouTube) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-07]
CHR Extension: (Tabulky) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-07]
CHR Extension: (Authy) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaedmjdfmmahhbjefcbgaolhhanlaolb [2019-02-12]
CHR Extension: (Dokumenty Google offline) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-02-07]
CHR Extension: (MyEtherWallet) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbmnnijcnlegkjjpcfjclmcfggfefdm [2019-02-13]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-02-07]
CHR Extension: (Gmail) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-02-07]
CHR Extension: (Chrome Media Router) - C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-12]
CHR Profile: C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-02-11]
CHR Profile: C:\Users\Roman\AppData\Local\Google\Chrome\User Data\System Profile [2019-02-11]
CHR HKU\S-1-5-21-917377831-1171802105-78364817-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcronisActiveProtectionService; C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [2723872 2017-12-22] (Acronis International GmbH -> Acronis International GmbH)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-03] (ASUSTeK Computer Inc. -> )
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.31\aaHMSvc.exe [975832 2017-01-25] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [779392 2019-01-24] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [145224 2017-02-27] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 Everything; D:\Programy\Everythink\Everything\Everything.exe [2199656 2018-02-09] (David Carpenter -> )
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes Corporation -> Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes Corporation -> Malwarebytes)
R2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4808088 2017-12-22] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [3004128 2017-12-22] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_status_server; C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [1742464 2017-12-22] (Acronis International GmbH -> )
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [787440 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [787440 2018-12-06] (NVIDIA Corporation -> NVIDIA Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [5264888 2018-12-26] (IBM -> IBM Corp.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2018-12-19] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2018-12-19] (Microsoft Corporation -> Microsoft Corporation)
S3 ekrnEpfw; "C:\Program Files\ESET\ESET Security\ekrn.exe" [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AnviFPFltd; C:\WINDOWS\System32\DRIVERS\AnviFPFltd.sys [28568 2015-01-29] (Anvei Technology Co., LTD -> AnviSoft.com)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-03] (ASUSTeK Computer Inc. -> )
R2 file_protector; C:\WINDOWS\System32\DRIVERS\file_protector.sys [569392 2017-12-25] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [379664 2017-12-25] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 GenericMount; C:\WINDOWS\System32\drivers\GenericMount.sys [54320 2009-09-21] (Symantec Corporation -> Symantec Corporation)
S3 GPUIO; C:\Program Files (x86)\Common Files\InstallShield\Driver\9\Intel 32\690b33e1-0462-4e84-9bea-c7552b45432a.sys [27120 2017-11-24] (ASUSTeK Computer Inc. -> )
S3 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [34064 2017-05-08] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation -> Malwarebytes Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_4aa19ae78d94d8a3\nvlddmkm.sys [20706184 2019-02-01] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2018-10-25] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [70024 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [74576 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [501256 2018-12-26] (IBM -> IBM Corp.)
R1 RapportCerberus_1930247; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1930247.sys [1657968 2019-02-05] (IBM -> IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [725192 2018-12-26] (IBM -> IBM Corp.)
R0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [461768 2018-12-26] (IBM -> IBM Corp.)
R0 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [608840 2018-12-26] (IBM -> IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [758168 2018-12-26] (IBM -> IBM Corp.)
S3 RtlWlanu_OldIC; C:\WINDOWS\System32\drivers\rtwlanu_oldIC.sys [3814400 2018-04-12] (Microsoft Windows -> Realtek Semiconductor Corporation )
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1310552 2017-12-25] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [213336 2017-12-25] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 tnd; C:\WINDOWS\system32\DRIVERS\tnd.sys [690520 2017-12-25] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [331976 2017-12-25] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R0 volume_tracker; C:\WINDOWS\System32\DRIVERS\volume_tracker.sys [243472 2017-12-25] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46680 2018-12-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [330936 2018-12-19] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-19] (Microsoft Windows -> Microsoft Corporation)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [270608 2017-11-26] (Beijing Duodian Online Science and Technology Co.,Ltd -> BigNox Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-02-11] (Zemana Ltd. -> Zemana Ltd.)
S0 edevmon; system32\DRIVERS\edevmon.sys [X]
S3 RtlWlanu; \SystemRoot\System32\drivers\rtwlanu.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\Roman\Documents\BitcoinZ\BitcoinZ.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

neca
Level 2
Level 2
Příspěvky: 164
Registrován: leden 12
Pohlaví: Muž

Re: Preventivní kontrola PC a čištění před tvorbou zálohy.

Příspěvekod neca » 13 úno 2019 18:41

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-13 07:41 - 2019-02-06 08:54 - 004527584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-02-13 07:41 - 2019-02-06 08:53 - 001634704 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-02-13 07:41 - 2019-02-06 08:35 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-02-13 07:41 - 2019-02-06 08:32 - 003648512 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-02-13 07:41 - 2019-02-06 08:30 - 004052992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-02-13 07:41 - 2019-02-06 08:30 - 001662464 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-02-13 07:41 - 2019-02-06 08:30 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-02-13 07:41 - 2019-02-06 08:11 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-02-13 07:41 - 2019-02-06 07:57 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-02-13 07:41 - 2019-02-06 07:52 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-02-13 07:41 - 2019-02-06 07:52 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-02-13 07:41 - 2019-02-06 07:52 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-02-13 07:41 - 2019-02-06 04:01 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-02-13 07:41 - 2019-02-06 04:01 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-02-13 07:41 - 2019-02-06 04:01 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-02-13 07:41 - 2019-02-06 04:01 - 000720480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-02-13 07:41 - 2019-02-06 04:01 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-02-13 07:41 - 2019-02-06 04:01 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-02-13 07:41 - 2019-02-06 04:01 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-02-13 07:41 - 2019-02-06 04:01 - 000033576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
2019-02-13 07:41 - 2019-02-06 04:00 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-02-13 07:41 - 2019-02-06 04:00 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-02-13 07:41 - 2019-02-06 04:00 - 006572416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-02-13 07:41 - 2019-02-06 04:00 - 002719760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-02-13 07:41 - 2019-02-06 04:00 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-02-13 07:41 - 2019-02-06 04:00 - 002421264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-02-13 07:41 - 2019-02-06 04:00 - 001257904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-02-13 07:41 - 2019-02-06 04:00 - 001140680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-02-13 07:41 - 2019-02-06 04:00 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-02-13 07:41 - 2019-02-06 04:00 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-02-13 07:41 - 2019-02-06 04:00 - 000945680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-02-13 07:41 - 2019-02-06 04:00 - 000899728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-02-13 07:41 - 2019-02-06 04:00 - 000466960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-02-13 07:41 - 2019-02-06 04:00 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-02-13 07:41 - 2019-02-06 04:00 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-02-13 07:41 - 2019-02-06 04:00 - 000038792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
2019-02-13 07:41 - 2019-02-06 03:59 - 001922064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-02-13 07:41 - 2019-02-06 03:59 - 001457248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-02-13 07:41 - 2019-02-06 03:59 - 000983128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-02-13 07:41 - 2019-02-06 03:59 - 000144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2019-02-13 07:41 - 2019-02-06 03:52 - 022014464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-02-13 07:41 - 2019-02-06 03:45 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-02-13 07:41 - 2019-02-06 03:42 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-02-13 07:41 - 2019-02-06 03:41 - 025853952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-02-13 07:41 - 2019-02-06 03:41 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-02-13 07:41 - 2019-02-06 03:40 - 005792256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-02-13 07:41 - 2019-02-06 03:40 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2019-02-13 07:41 - 2019-02-06 03:38 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-02-13 07:41 - 2019-02-06 03:38 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-02-13 07:41 - 2019-02-06 03:37 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-02-13 07:41 - 2019-02-06 03:37 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-02-13 07:41 - 2019-02-06 03:33 - 022714880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-02-13 07:41 - 2019-02-06 03:29 - 004865536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-02-13 07:41 - 2019-02-06 03:28 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-02-13 07:41 - 2019-02-06 03:28 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2019-02-13 07:41 - 2019-02-06 03:27 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-02-13 07:41 - 2019-02-06 03:27 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-02-13 07:41 - 2019-02-06 03:27 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-02-13 07:41 - 2019-02-06 03:27 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-02-13 07:41 - 2019-02-06 03:26 - 007599616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-02-13 07:41 - 2019-02-06 03:26 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-02-13 07:41 - 2019-02-06 03:26 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-02-13 07:41 - 2019-02-06 03:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-02-13 07:41 - 2019-02-06 03:26 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-02-13 07:41 - 2019-02-06 03:25 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-02-13 07:41 - 2019-02-06 03:25 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-02-13 07:41 - 2019-02-06 03:24 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-02-13 07:41 - 2019-02-06 03:24 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-02-13 07:41 - 2019-02-06 03:23 - 000393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2019-02-13 07:41 - 2019-02-06 03:22 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-02-13 07:41 - 2019-02-06 03:22 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-02-13 07:41 - 2019-02-06 03:21 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-02-13 07:41 - 2019-02-06 02:04 - 000001314 _____ C:\WINDOWS\system32\tcbres.wim
2019-02-13 07:41 - 2019-01-12 09:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-02-13 07:41 - 2019-01-12 03:28 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-02-13 07:41 - 2019-01-09 19:08 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-02-13 07:41 - 2019-01-09 18:57 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-02-13 07:41 - 2019-01-09 18:42 - 004716032 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-02-13 07:41 - 2019-01-09 18:41 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-02-13 07:41 - 2019-01-09 18:41 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-02-13 07:41 - 2019-01-09 18:40 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2019-02-13 07:41 - 2019-01-09 18:36 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2019-02-13 07:41 - 2019-01-09 18:35 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-02-13 07:41 - 2019-01-09 11:14 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-02-13 07:41 - 2019-01-09 10:55 - 011919872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-02-13 07:41 - 2019-01-09 10:55 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2019-02-13 07:41 - 2019-01-09 09:55 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-02-13 07:41 - 2019-01-09 09:48 - 000527368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-02-13 07:41 - 2019-01-09 06:59 - 000611848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-02-13 07:41 - 2019-01-09 06:44 - 000078688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-02-13 07:41 - 2019-01-09 06:43 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-02-13 07:41 - 2019-01-09 06:43 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-02-13 07:41 - 2019-01-09 06:43 - 002253480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-02-13 07:41 - 2019-01-09 06:43 - 001981280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-02-13 07:41 - 2019-01-09 06:43 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-02-13 07:41 - 2019-01-09 06:43 - 000607376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-02-13 07:41 - 2019-01-09 06:43 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-02-13 07:41 - 2019-01-09 06:43 - 000287640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2019-02-13 07:41 - 2019-01-09 06:43 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-02-13 07:41 - 2019-01-09 06:43 - 000127744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-02-13 07:41 - 2019-01-09 06:43 - 000071456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
2019-02-13 07:41 - 2019-01-09 06:42 - 001035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-02-13 07:41 - 2019-01-09 06:42 - 000092704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-02-13 07:41 - 2019-01-09 06:40 - 002765336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-02-13 07:41 - 2019-01-09 06:40 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-02-13 07:41 - 2019-01-09 06:40 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-02-13 07:41 - 2019-01-09 06:40 - 000226104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-02-13 07:41 - 2019-01-09 06:40 - 000090872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-02-13 07:41 - 2019-01-09 06:39 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-02-13 07:41 - 2019-01-09 06:39 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-02-13 07:41 - 2019-01-09 06:39 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-02-13 07:41 - 2019-01-09 06:39 - 001943128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-02-13 07:41 - 2019-01-09 06:39 - 000789696 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-02-13 07:41 - 2019-01-09 06:39 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-02-13 07:41 - 2019-01-09 06:39 - 000349656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2019-02-13 07:41 - 2019-01-09 06:39 - 000269624 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-02-13 07:41 - 2019-01-09 06:39 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-02-13 07:41 - 2019-01-09 06:39 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-02-13 07:41 - 2019-01-09 06:39 - 000164192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-02-13 07:41 - 2019-01-09 06:39 - 000085472 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
2019-02-13 07:41 - 2019-01-09 06:33 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-02-13 07:41 - 2019-01-09 06:32 - 013878272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-02-13 07:41 - 2019-01-09 06:29 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-02-13 07:41 - 2019-01-09 06:29 - 002500096 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-02-13 07:41 - 2019-01-09 06:27 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-02-13 07:41 - 2019-01-09 06:27 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-02-13 07:41 - 2019-01-09 06:27 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2019-02-13 07:41 - 2019-01-09 06:26 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-02-13 07:41 - 2019-01-09 06:26 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-02-13 07:41 - 2019-01-09 06:26 - 002966016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-02-13 07:41 - 2019-01-09 06:25 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-02-13 07:41 - 2019-01-09 06:24 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-02-13 07:41 - 2019-01-09 06:24 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-02-13 07:41 - 2019-01-09 06:24 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-02-13 07:41 - 2019-01-09 06:23 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-02-13 07:41 - 2019-01-09 06:23 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-02-13 07:41 - 2019-01-09 06:23 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-02-13 07:41 - 2019-01-09 06:23 - 001189888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2019-02-13 07:41 - 2019-01-09 06:23 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-02-13 07:41 - 2019-01-09 06:23 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-02-13 07:41 - 2019-01-09 06:23 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2019-02-13 07:41 - 2019-01-09 06:23 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2019-02-13 07:41 - 2019-01-09 06:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-02-13 07:41 - 2019-01-09 06:22 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-02-13 07:41 - 2019-01-09 06:22 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-02-13 07:41 - 2019-01-09 06:22 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2019-02-13 07:41 - 2019-01-09 06:22 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-02-13 07:41 - 2019-01-09 06:22 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-02-13 07:41 - 2019-01-09 06:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-13 07:41 - 2019-01-09 06:22 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-02-13 07:41 - 2019-01-09 06:21 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-02-13 07:41 - 2019-01-09 06:21 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-02-13 07:41 - 2019-01-09 06:21 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-13 07:41 - 2019-01-09 06:20 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-02-13 07:41 - 2019-01-09 06:20 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-02-13 07:41 - 2019-01-09 06:20 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-02-13 07:41 - 2019-01-09 06:20 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-02-13 07:41 - 2019-01-09 06:19 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-02-13 07:41 - 2019-01-09 06:19 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-02-13 07:41 - 2019-01-09 06:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2019-02-13 07:41 - 2019-01-09 06:19 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-02-13 07:41 - 2019-01-09 06:18 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2019-02-13 07:41 - 2019-01-09 05:34 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-02-13 07:41 - 2019-01-09 05:34 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2019-02-13 07:41 - 2019-01-08 10:08 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-02-13 07:41 - 2019-01-08 04:06 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-02-13 07:41 - 2019-01-08 04:06 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-02-13 07:41 - 2019-01-08 04:06 - 000000072 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2019-02-12 22:34 - 2019-02-12 22:34 - 000002446 _____ C:\Users\Roman\Desktop\Authy Desktop.lnk
2019-02-12 22:34 - 2019-02-12 22:34 - 000000000 ____D C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twilio Inc
2019-02-12 22:34 - 2019-02-12 22:34 - 000000000 ____D C:\Users\Roman\AppData\Roaming\Authy Desktop
2019-02-12 22:33 - 2019-02-12 22:34 - 000000000 ____D C:\Users\Roman\AppData\Local\SquirrelTemp
2019-02-12 22:33 - 2019-02-12 22:34 - 000000000 ____D C:\Users\Roman\AppData\Local\authy-electron
2019-02-12 22:32 - 2019-02-12 22:33 - 060539880 _____ (Twilio Inc.) C:\Users\Roman\Downloads\Authy Desktop Setup 1.7.0.exe
2019-02-12 19:47 - 2019-02-12 19:47 - 000000000 ____D C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome
2019-02-12 19:41 - 2018-09-20 05:12 - 001483576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2019-02-12 14:46 - 2019-02-12 14:46 - 000740139 _____ C:\Users\Roman\Downloads\2190911383.pdf
2019-02-12 12:27 - 2019-02-12 12:27 - 000049309 _____ C:\Users\Roman\Downloads\Potvrzeni_78-8138720277_12022019.pdf
2019-02-11 19:26 - 2019-02-11 19:26 - 002038755 _____ C:\Users\Roman\Desktop\zoek.exe
2019-02-11 19:24 - 2019-02-11 19:24 - 000000422 __RSH C:\ProgramData\ntuser.pol
2019-02-11 12:38 - 2019-02-11 12:38 - 000169974 _____ C:\WINDOWS\ntbtlog.txt
2019-02-11 12:38 - 2019-02-11 12:38 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-02-11 09:17 - 2019-02-13 18:30 - 000000000 ____D C:\Users\Roman\Desktop\FRST-OlderVersion
2019-02-10 07:51 - 2019-02-11 09:18 - 000001403 _____ C:\Users\Roman\Desktop\Fixlog.txt
2019-02-09 08:08 - 2019-02-09 08:08 - 000058840 _____ C:\Users\Roman\Desktop\Addition.txt
2019-02-09 08:07 - 2019-02-13 18:33 - 000022596 _____ C:\Users\Roman\Desktop\FRST.txt
2019-02-09 08:06 - 2019-02-13 18:32 - 000000000 ____D C:\FRST
2019-02-09 08:02 - 2019-02-13 18:30 - 002433536 _____ (Farbar) C:\Users\Roman\Desktop\FRST64.exe
2019-02-08 20:37 - 2019-02-08 20:37 - 000000000 ____D C:\Users\Roman\AppData\Local\PeerDistRepub
2019-02-08 20:31 - 2019-02-08 20:31 - 000000000 ____D C:\Users\Roman\AppData\Roaming\Google
2019-02-07 22:05 - 2019-02-07 22:05 - 006624296 _____ (Zemana Ltd. ) C:\Users\Roman\Desktop\Zemana.AntiMalware.Setup.exe
2019-02-07 22:05 - 2019-02-07 22:05 - 000008859 _____ C:\Users\Roman\Desktop\zoek-results.txt
2019-02-07 22:01 - 2019-02-07 22:01 - 000000000 ____D C:\Users\Roman\AppData\Local\VirtualStore
2019-02-07 22:01 - 2019-02-07 22:01 - 000000000 ____D C:\Users\Roman\AppData\Local\CrashRpt
2019-02-07 21:26 - 2019-02-07 21:51 - 000000000 ____D C:\zoek_backup
2019-02-07 21:23 - 2019-02-07 21:23 - 000001722 _____ C:\Users\Roman\Desktop\scan.txt
2019-02-06 22:46 - 2019-02-06 22:46 - 000002786 _____ C:\Users\Roman\Desktop\RogueKiller..txt
2019-02-06 21:20 - 2019-02-06 21:20 - 000000000 ____D C:\ProgramData\RogueKiller
2019-02-06 19:59 - 2019-02-06 19:59 - 000002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2019-02-06 19:59 - 2019-02-06 19:59 - 000000000 ____D C:\ProgramData\Sophos
2019-02-06 19:59 - 2019-02-06 19:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2019-02-06 19:59 - 2019-02-06 19:59 - 000000000 ____D C:\Program Files (x86)\Sophos
2019-02-06 19:56 - 2019-02-06 19:56 - 033492536 _____ C:\Users\Roman\Desktop\RogueKiller_portable64.exe
2019-02-06 19:53 - 2019-02-06 19:58 - 206758184 _____ (Sophos Limited) C:\Users\Roman\Desktop\Sophos Virus Removal Tool.exe
2019-02-06 19:52 - 2019-02-06 19:52 - 000000553 _____ C:\Users\Roman\Desktop\JRT.txt
2019-02-06 19:48 - 2019-02-06 19:48 - 001790024 _____ (Malwarebytes) C:\Users\Roman\Desktop\JRT.exe
2019-02-06 19:04 - 2019-02-06 19:04 - 000000000 ____D C:\Users\Roman\AppData\Roaming\EasyAntiCheat
2019-02-06 18:06 - 2019-02-06 18:06 - 000001729 _____ C:\Users\Roman\Desktop\AdwCleaner[S02].txt
2019-02-06 18:03 - 2019-02-06 18:03 - 007316688 _____ (Malwarebytes) C:\Users\Roman\Desktop\AdwCleaner.exe
2019-02-06 18:00 - 2019-02-06 18:00 - 000448512 _____ (OldTimer Tools) C:\Users\Roman\Desktop\TFC.exe
2019-02-06 16:23 - 2019-02-06 16:23 - 000388608 _____ (Trend Micro Inc.) C:\Users\Roman\Desktop\HijackThis.exe
2019-02-06 13:20 - 2019-02-06 13:20 - 000000000 ____D C:\Users\Roman\AppData\LocalLow\rondomedia GmbH
2019-02-06 12:52 - 2019-02-06 12:52 - 000000803 _____ C:\Users\Roman\Desktop\RESCUE 2013.lnk
2019-02-06 12:52 - 2019-02-06 12:52 - 000000000 ____D C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RESCUE 2013 – MESTO V OHROŽENÍ
2019-02-06 11:44 - 2019-02-06 11:48 - 1153706619 _____ C:\Users\Roman\Desktop\Dok.rar
2019-02-06 11:40 - 2019-02-06 11:40 - 941644390 _____ C:\Users\Roman\Desktop\registry po opravě CCcleanerem.rar
2019-02-06 11:34 - 2019-02-06 11:35 - 000000000 ____D C:\Program Files\WinRAR
2019-02-06 11:34 - 2019-02-06 11:34 - 000000000 ____D C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-02-06 11:34 - 2019-02-06 11:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-02-06 09:49 - 2019-02-06 09:49 - 000000955 _____ C:\Users\Public\Desktop\Anvi Folder Locker.lnk
2019-02-06 09:49 - 2019-02-06 09:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2019-02-06 09:49 - 2019-02-06 09:49 - 000000000 ____D C:\ProgramData\Anvisoft
2019-02-06 09:47 - 2019-02-06 09:47 - 014558584 _____ (Anvisoft) C:\Users\Roman\Downloads\aflsetup.exe
2019-02-06 09:08 - 2019-02-13 17:32 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2019-02-06 09:07 - 2019-02-06 09:13 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2019-02-06 09:07 - 2019-02-06 09:07 - 000001167 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2019-02-06 09:07 - 2019-02-06 09:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2019-02-06 09:07 - 2019-02-06 09:07 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-02-06 09:07 - 2015-10-05 09:50 - 000109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2019-02-06 09:07 - 2015-10-05 09:50 - 000064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2019-02-06 09:07 - 2015-10-05 09:50 - 000025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-02-06 07:45 - 2019-01-30 21:07 - 000133512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2019-02-06 07:42 - 2019-02-01 22:36 - 000047592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2019-02-06 07:42 - 2019-02-01 02:40 - 001005984 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2019-02-06 07:42 - 2019-02-01 02:40 - 001005984 _____ C:\WINDOWS\system32\vulkan-1.dll
2019-02-06 07:42 - 2019-02-01 02:40 - 000869792 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2019-02-06 07:42 - 2019-02-01 02:40 - 000869792 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2019-02-06 07:42 - 2019-02-01 02:40 - 000551680 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2019-02-06 07:42 - 2019-02-01 02:40 - 000456640 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2019-02-06 07:42 - 2019-02-01 02:40 - 000269752 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2019-02-06 07:42 - 2019-02-01 02:40 - 000269752 _____ C:\WINDOWS\system32\vulkaninfo.exe
2019-02-06 07:42 - 2019-02-01 02:40 - 000244128 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-02-06 07:42 - 2019-02-01 02:40 - 000244128 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2019-02-06 07:42 - 2019-02-01 02:38 - 010894304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 009254696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 005273048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 004624184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 002031896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 001734560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6441881.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 001534912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 001467864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6441881.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 001464008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 001129352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 000752440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 000668640 _____ C:\WINDOWS\system32\nvofapi64.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 000631688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 000611744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 000534544 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2019-02-06 07:42 - 2019-02-01 02:38 - 000522120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 040235120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 035140696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 020101600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 017428328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 001471816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 001462232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 001169152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 001152200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 001145720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 000915120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 000822784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 000794656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2019-02-06 07:42 - 2019-02-01 02:37 - 000638200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2019-02-06 07:42 - 2019-02-01 02:36 - 004296808 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2019-02-06 07:30 - 2019-02-06 07:30 - 019341880 _____ (Piriform Software Ltd) C:\Users\Roman\Downloads\ccsetup552.exe
2019-02-06 07:26 - 2019-02-06 07:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Securely File Shredder
2019-02-06 07:26 - 2019-02-06 07:26 - 000000000 ____D C:\Program Files\Securely File Shredder
2019-02-06 07:24 - 2019-02-06 07:24 - 000472936 _____ (Reason Company Software Inc.) C:\Users\Roman\Downloads\SecurelyFileShredder_Setup.exe
2019-02-05 22:04 - 2019-02-05 22:04 - 000000000 ____D C:\Users\Roman\AppData\Local\Eraser 6
2019-02-05 21:01 - 2019-02-05 21:01 - 000000000 ____D C:\Users\Roman\AppData\Roaming\BitcoinZ
2019-02-05 21:01 - 2019-02-05 21:01 - 000000000 ____D C:\Users\Roman\AppData\Local\BitcoinZWallet
2019-02-05 20:43 - 2019-02-05 20:43 - 000000000 ____D C:\Users\Roman\AppData\Roaming\Mozilla
2019-02-05 20:43 - 2019-02-05 20:43 - 000000000 ____D C:\Users\Roman\AppData\Local\Trusteer
2019-02-05 20:43 - 2019-02-05 20:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ochrana koncového bodu Trusteer
2019-02-05 20:43 - 2019-02-05 20:43 - 000000000 ____D C:\Program Files (x86)\Trusteer
2019-02-05 20:43 - 2018-12-26 21:05 - 000608840 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKE64.sys
2019-02-05 20:43 - 2018-12-26 21:05 - 000461768 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys
2019-02-05 20:42 - 2019-02-05 20:42 - 000488952 _____ (IBM Corp.) C:\Users\Roman\Downloads\RapportSetup.exe
2019-02-05 20:42 - 2019-02-05 20:42 - 000000000 ____D C:\ProgramData\Trusteer
2019-02-05 20:32 - 2019-01-01 14:47 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
2019-02-05 20:32 - 2019-01-01 14:45 - 000714752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2019-02-05 20:32 - 2019-01-01 14:45 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2019-02-05 20:32 - 2019-01-01 14:20 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowslivelogin.dll
2019-02-05 20:32 - 2019-01-01 14:18 - 000500736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2019-02-05 20:32 - 2019-01-01 14:17 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2019-02-05 20:32 - 2019-01-01 08:13 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-02-05 20:32 - 2019-01-01 08:13 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2019-02-05 20:32 - 2019-01-01 08:13 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-02-05 20:32 - 2019-01-01 08:13 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-02-05 20:32 - 2019-01-01 08:13 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-02-05 20:32 - 2019-01-01 08:12 - 000128824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2019-02-05 20:32 - 2019-01-01 07:48 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-02-05 20:32 - 2019-01-01 07:48 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2019-02-05 20:32 - 2019-01-01 07:48 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Print.Workflow.Source.dll
2019-02-05 20:32 - 2019-01-01 07:47 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-02-05 20:32 - 2019-01-01 07:46 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-02-05 20:32 - 2019-01-01 07:46 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-02-05 20:32 - 2019-01-01 07:45 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-02-05 20:32 - 2019-01-01 07:44 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-02-05 20:32 - 2019-01-01 07:44 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2019-02-05 20:32 - 2019-01-01 07:44 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-02-05 20:32 - 2019-01-01 07:43 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-02-05 20:32 - 2019-01-01 07:42 - 002247680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2019-02-05 20:32 - 2019-01-01 07:42 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-02-05 20:32 - 2019-01-01 07:42 - 000717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2019-02-05 20:32 - 2019-01-01 07:41 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-02-05 20:32 - 2019-01-01 07:41 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-02-05 20:32 - 2019-01-01 07:41 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2019-02-05 20:32 - 2019-01-01 07:37 - 002478664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-02-05 20:32 - 2019-01-01 07:37 - 000880048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2019-02-05 20:32 - 2019-01-01 07:37 - 000381240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-02-05 20:32 - 2019-01-01 07:17 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-02-05 20:32 - 2019-01-01 07:16 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2019-02-05 20:32 - 2019-01-01 07:15 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-02-05 20:32 - 2019-01-01 07:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-02-05 20:32 - 2019-01-01 07:13 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-02-05 20:32 - 2019-01-01 07:13 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2019-02-05 20:32 - 2019-01-01 07:12 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-02-05 20:32 - 2019-01-01 07:12 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2019-02-05 20:32 - 2019-01-01 07:12 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-02-05 20:32 - 2019-01-01 07:12 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2019-02-05 20:21 - 2019-02-05 20:21 - 000000000 ____D C:\WINDOWS\CSC

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-13 18:32 - 2018-02-11 14:39 - 000104643 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2019-02-13 18:29 - 2018-05-22 10:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-02-13 18:29 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-13 18:08 - 2017-11-29 10:15 - 000000000 ___HD C:\Users\Roman\Desktop\_SNAPDOC
2019-02-13 17:47 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2019-02-13 17:38 - 2018-05-22 10:46 - 001689050 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-02-13 17:38 - 2018-04-12 16:51 - 000715034 _____ C:\WINDOWS\system32\perfh005.dat
2019-02-13 17:38 - 2018-04-12 16:51 - 000144328 _____ C:\WINDOWS\system32\perfc005.dat
2019-02-13 17:34 - 2017-11-24 20:21 - 000000000 ____D C:\ProgramData\NVIDIA
2019-02-13 17:33 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-02-13 17:32 - 2018-05-22 10:42 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-02-13 17:32 - 2018-05-22 10:36 - 000411760 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-02-13 17:32 - 2018-04-11 22:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-02-13 17:31 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2019-02-13 17:31 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2019-02-13 17:31 - 2018-04-12 00:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-02-13 17:31 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-02-13 17:31 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-02-13 17:31 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-02-13 08:05 - 2017-11-26 11:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2019-02-13 07:45 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-02-13 07:41 - 2017-11-24 19:40 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-02-13 07:39 - 2017-11-24 19:40 - 129330784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-02-12 19:49 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-12 19:34 - 2018-05-23 08:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossout
2019-02-12 06:36 - 2017-11-24 20:41 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-12 06:36 - 2017-11-24 20:41 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-02-11 19:24 - 2016-07-16 12:47 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2019-02-11 16:00 - 2017-11-28 08:28 - 000000000 ____D C:\Users\Roman\AppData\Local\JForex
2019-02-10 18:55 - 2018-12-30 05:49 - 000003376 _____ C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onLogOn
2019-02-10 18:55 - 2018-12-30 05:49 - 000003370 _____ C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onTime
2019-02-10 11:46 - 2017-11-26 15:29 - 000000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2019-02-10 11:45 - 2017-11-26 15:28 - 000000000 ____D C:\Program Files\Common Files\logishrd
2019-02-10 08:01 - 2017-12-30 10:57 - 000001098 _____ C:\Users\Roman\Desktop\CrystalDiskInfo.lnk
2019-02-10 07:58 - 2018-05-22 10:42 - 000003372 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-917377831-1171802105-78364817-1001
2019-02-10 07:58 - 2018-05-22 10:38 - 000002383 _____ C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-10 07:58 - 2017-11-24 17:00 - 000000000 ___RD C:\Users\Roman\OneDrive
2019-02-10 07:46 - 2018-04-12 00:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-02-09 08:03 - 2018-02-14 19:31 - 000000000 ____D C:\Users\Roman\AppData\Local\Everything
2019-02-09 08:03 - 2018-02-14 17:02 - 000000000 ____D C:\Users\Roman\AppData\Roaming\Everything
2019-02-07 22:16 - 2018-07-11 12:12 - 000000000 ____D C:\ProgramData\Packages
2019-02-07 21:51 - 2018-05-22 10:38 - 000000000 ____D C:\Users\Roman
2019-02-07 21:28 - 2017-11-29 10:29 - 000000000 ____D C:\Users\Roman\AppData\Local\CrashDumps
2019-02-06 15:32 - 2017-11-28 15:38 - 000000000 ____D C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2019-02-06 09:21 - 2018-07-20 20:06 - 000000000 ____D C:\Users\Roman\AppData\Roaming\system32
2019-02-06 07:52 - 2018-12-30 21:33 - 000000000 ____D C:\Users\Roman\Doctor Web
2019-02-06 07:46 - 2017-11-24 20:21 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-02-06 07:46 - 2017-11-24 17:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2019-02-06 07:45 - 2017-11-24 20:21 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-02-06 07:31 - 2018-05-22 10:42 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-02-06 07:31 - 2017-11-28 15:28 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-02-06 07:16 - 2017-11-28 15:28 - 000000000 ____D C:\Program Files\CCleaner
2019-02-05 20:26 - 2017-11-24 19:43 - 000000000 ____D C:\Program Files\rempl
2019-02-05 20:25 - 2017-11-25 20:07 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-02-02 23:53 - 2018-04-12 00:41 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-02-02 23:53 - 2018-04-12 00:41 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-02-01 22:36 - 2017-11-09 04:38 - 001682392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2019-02-01 22:36 - 2017-11-09 04:38 - 000228768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2019-02-01 02:37 - 2017-11-25 22:34 - 005036824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2019-01-31 07:09 - 2017-11-25 22:34 - 000049634 _____ C:\WINDOWS\system32\nvinfo.pb
2019-01-31 07:09 - 2017-11-25 22:10 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2019-01-30 21:09 - 2017-11-24 20:21 - 005364776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2019-01-30 21:09 - 2017-11-24 20:21 - 002624824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2019-01-30 21:09 - 2017-11-24 20:21 - 001767920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2019-01-30 21:09 - 2017-11-24 20:21 - 000651248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2019-01-30 21:09 - 2017-11-24 20:21 - 000450600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2019-01-30 21:09 - 2017-11-24 20:21 - 000124968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2019-01-30 21:09 - 2017-11-24 20:21 - 000082800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2019-01-30 14:15 - 2017-11-24 20:21 - 008488852 _____ C:\WINDOWS\system32\nvcoproc.bin
2019-01-26 15:03 - 2017-11-24 20:21 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat

==================== Files in the root of some directories =======

2018-03-19 08:45 - 2005-09-09 19:55 - 037766164 _____ () C:\Program Files (x86)\Data1.cab
2018-03-19 08:45 - 2005-09-09 19:55 - 007155864 _____ () C:\Program Files (x86)\NGhost10.msi
2018-03-19 08:45 - 2005-09-09 19:55 - 000000035 _____ () C:\Program Files (x86)\SCSSDist.ini
2018-02-01 13:03 - 2018-02-01 13:03 - 000000615 _____ () C:\Users\Roman\AppData\Roaming\jd-gui.cfg
2018-03-18 22:47 - 2018-03-18 22:47 - 000000001 _____ () C:\Users\Roman\AppData\Local\RawCopy.1.01.agreement
2018-03-18 22:48 - 2018-03-18 22:48 - 000000001 _____ () C:\Users\Roman\AppData\Local\RawCopy.sourcedisk.index

Some files in TEMP:
====================
2019-02-11 22:18 - 2009-11-10 20:09 - 000157184 _____ () C:\Users\Roman\AppData\Local\Temp\virustotal.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-22 10:36

==================== End of FRST.txt ============================

neca
Level 2
Level 2
Příspěvky: 164
Registrován: leden 12
Pohlaví: Muž

Re: Preventivní kontrola PC a čištění před tvorbou zálohy.

Příspěvekod neca » 13 úno 2019 18:42

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12.02.2019 01
Ran by Roman (13-02-2019 18:33:34)
Running from C:\Users\Roman\Desktop
Windows 10 Pro Version 1803 17134.590 (X64) (2018-05-22 09:42:38)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-917377831-1171802105-78364817-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-917377831-1171802105-78364817-503 - Limited - Disabled)
Guest (S-1-5-21-917377831-1171802105-78364817-501 - Limited - Disabled)
Roman (S-1-5-21-917377831-1171802105-78364817-1001 - Administrator - Enabled) => C:\Users\Roman
WDAGUtilityAccount (S-1-5-21-917377831-1171802105-78364817-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acronis True Image (HKLM-x32\...\{027399E9-B197-43FF-BE79-490D9F106DDF}) (Version: 22.5.10640 - Acronis) Hidden
Acronis True Image (HKLM-x32\...\{027399E9-B197-43FF-BE79-490D9F106DDF}Visible) (Version: 22.5.10640 - Acronis)
Active@ UNDELETE Ultimate 10 (HKLM\...\{9F0B916A-F7DD-4335-923E-397979C6AE1B}_is1) (Version: 10 - LSoft Technologies Inc)
Acuity Expert Advisor (HKLM-x32\...\{8D7F1211-6E40-43E5-97B2-FAE136D2BBC1}) (Version: 1.00.0000 - Acuity Trading Ltd)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated)
Aktualizace NVIDIA 34.0.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 34.0.0.0 - NVIDIA Corporation) Hidden
ANT Drivers Installer x64 (HKLM\...\{D559687A-60C5-4786-9429-C21EC195789D}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Anvi Folder Locker 1.0.1225.0 (HKLM-x32\...\Anvi Folder Locker) (Version: 1.0.1225.0 - Anvisoft)
Ardor 2.0.11 (HKLM\...\Ardor 2.0.11) (Version: 2.0.11 - jelurida.com)
Ardor 2.0.12 (HKLM\...\Ardor 2.0.12) (Version: 2.0.12 - jelurida.com)
Ardor 2.0.13 (HKLM\...\Ardor 2.0.13) (Version: 2.0.13 - jelurida.com)
Ardor 2.0.14 (HKLM\...\Ardor 2.0.14) (Version: 2.0.14 - jelurida.com)
Ardor 2.0.14(1) (HKLM\...\Ardor 2.0.14(1)) (Version: 2.0.14 - jelurida.com)
Ardor 2.1.1e (HKLM\...\Ardor 2.1.1e) (Version: 2.1.1e - jelurida.com)
Ardor 2.1.2 (HKLM\...\Ardor 2.1.2) (Version: 2.1.2 - jelurida.com)
Ardor 2.1.2(1) (HKLM\...\Ardor 2.1.2(1)) (Version: 2.1.2 - jelurida.com)
Ashampoo Snap 10 (HKLM-x32\...\{0A11EA01-7909-E272-BFA6-BC39E55F240A}_is1) (Version: 10.0.7 - Ashampoo GmbH & Co. KG)
ASUS GPU TweakII (HKLM-x32\...\{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.5.6.1 - ASUSTek COMPUTER INC.) Hidden
ASUS GPU TweakII (HKLM-x32\...\InstallShield_{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.5.6.1 - ASUSTek COMPUTER INC.)
Authy Desktop (HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\authy-electron) (Version: 1.7.0 - Twilio Inc.)
Balíček ovladače systému Windows - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Balíček ovladače systému Windows - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.52 - Piriform)
Crossout Launcher 1.0.3.73 (HKLM-x32\...\CrossOutLauncher_is1) (Version: - )
CrystalDiskInfo 7.5.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.5.0 - Crystal Dew World)
Data Lifeguard Diagnostic for Windows 1.31 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
DataNumen Word Repair v2.5 (HKLM-x32\...\DataNumen Word Repair v2.5) (Version: - )
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 418.81 - NVIDIA Corporation) Hidden
DocRepair (HKLM-x32\...\DocRepair) (Version: - )
Elevated Installer (HKLM-x32\...\{0BF90608-2F95-4C7C-9A85-E90E0CAF4FE9}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
Epson Easy Photo Print 2 (HKLM-x32\...\{F05A434E-D3CF-4B44-9D3E-779D42090781}) (Version: 2.8.0.0 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{E244A764-EDD0-46B0-8689-661F6B28D9E5}) (Version: 3.10.0069 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
EPSON L386 Series Printer Uninstall (HKLM\...\EPSON L386 Series) (Version: - Seiko Epson Corporation)
Epson Printer Connection Checker (HKLM-x32\...\{9ABD2971-9B8B-4958-9100-4EAFCC32A86D}) (Version: 3.0.0.0 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{4830989D-5FA5-41DF-A02F-5D1B4D5C73B8}) (Version: 4.4.10 - Seiko Epson Corporation)
Everything 1.4.1.895 (x64) (HKLM\...\Everything) (Version: 1.4.1.895 - David Carpenter)
Garmin Express (HKLM-x32\...\{95D0EADA-5123-41C0-931A-F37946BC0E8E}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{eab4691c-4022-41cd-8d39-c3097ba62d4b}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries)
GetDataBack Simple (HKLM-x32\...\{D06B8000-52B4-4D0B-A003-DA83ED982B51}) (Version: 1.02.000 - Runtime Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.96 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
HD Tune Pro 5.70 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
Java(TM) SE Development Kit 10.0.2 (64-bit) (HKLM\...\{71307D56-8005-5F5E-9227-BFA2754D6E54}) (Version: 10.0.2.0 - Oracle Corporation)
JForex Platform (HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\0122-2184-6270-6926) (Version: 2.12 - Dukascopy Europe)
Malwarebytes Anti-Malware verze 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MetaTrader 4 Admiral Markets (HKLM-x32\...\MetaTrader 4 Admiral Markets) (Version: 4.00 - MetaQuotes Software Corp.)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Nox APP Player (HKLM-x32\...\Nox) (Version: 5.2.1.0 - Duodian Technology Co. Ltd.)
NQuotes (HKLM-x32\...\NQuotes) (Version: 1.13 - Brainroom Ltd.)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.12 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.16.0.140 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.16.0.140 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 418.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 418.81 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.38.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.13 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 418.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 418.81 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation)
NXT 1.11.10 (HKLM\...\NXT 1.11.10) (Version: 1.11.10 - jelurida.com)
NXT 1.11.11 (HKLM\...\NXT 1.11.11) (Version: 1.11.11 - jelurida.com)
NXT 1.11.12 (HKLM\...\NXT 1.11.12) (Version: 1.11.12 - jelurida.com)
NXT 1.11.13 (HKLM\...\NXT 1.11.13) (Version: 1.11.13 - jelurida.com)
NXT 1.11.14 (HKLM\...\NXT 1.11.14) (Version: 1.11.14 - jelurida.com)
NXT 1.11.15 (HKLM\...\NXT 1.11.15) (Version: 1.11.15 - jelurida.com)
Ochrana koncového bodu Trusteer (HKLM-x32\...\Rapport_msi) (Version: 3.5.1930.243 - Trusteer)
Ovládací panel NVIDIA 418.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 418.81 - NVIDIA Corporation) Hidden
ProRealTime (HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\ProRealTime_is1) (Version: 1.13 - IT-Finance)
Příručky společnosti EPSON (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.54.0.0 - Seiko Epson Corporation)
Rapport (HKLM-x32\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1930.243 - Trusteer) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
RESCUE 2013 (HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\RESCUE 2013) (Version: 1.32.00.00 - rondomedia GmbH)
SD Card Recovery (HKLM-x32\...\{09907A60-5843-4E83-A471-3102A42231B8}_is1) (Version: - LC Technology International, Inc.)
Securely File Shredder (HKLM-x32\...\Securely File Shredder) (Version: 1.0 - Reason Company Software Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.7.0 - Sophos Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Telegram Desktop version 1.5.2 (HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.5.2 - Telegram Messenger LLP)
UE4 Prerequisites (x64) (HKLM\...\{488048BA-66A9-462E-9C36-00B3F364FAF2}) (Version: 1.0.8.0 - Epic Games, Inc.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
USB Disk Storage Format Tool 5.3 (HKLM\...\USB Disk Storage Format Tool_is1) (Version: - Authorsoft Corporation)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
World of Tanks (HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version: - Wargaming.net)
Zoner Photo Studio 17 (HKLM\...\ZonerPhotoStudio17_CZ_is1) (Version: 17.0.1.1 - ZONER software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-917377831-1171802105-78364817-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-917377831-1171802105-78364817-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-917377831-1171802105-78364817-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-917377831-1171802105-78364817-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-917377831-1171802105-78364817-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-917377831-1171802105-78364817-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AcronisDrive] -> {5D74FD4B-4EFB-4586-8022-8637BBE40970} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-12-22] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-12-22] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-12-22] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-12-22] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [..AFPOverlay] -> {DE0FD55D-8EDC-4F4B-A396-97D9A0117276} => D:\Programy\Anvi FolderLocker\Anvi Folder Locker\x64\PwdHelper64.dll [2015-02-02] (Anvei Technology Co., LTD -> AnviSoft.com)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [AFPMenu] -> {A99A80A9-C66D-4848-AC5D-4804323868A8} => D:\Programy\Anvi FolderLocker\Anvi Folder Locker\x64\PwdHelper64.dll [2015-02-02] (Anvei Technology Co., LTD -> AnviSoft.com)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [AFPMenu] -> {A99A80A9-C66D-4848-AC5D-4804323868A8} => D:\Programy\Anvi FolderLocker\Anvi Folder Locker\x64\PwdHelper64.dll [2015-02-02] (Anvei Technology Co., LTD -> AnviSoft.com)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AFPMenu] -> {A99A80A9-C66D-4848-AC5D-4804323868A8} => D:\Programy\Anvi FolderLocker\Anvi Folder Locker\x64\PwdHelper64.dll [2015-02-02] (Anvei Technology Co., LTD -> AnviSoft.com)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11ED233C-92A4-4540-A076-9B9ECF6A0ABC} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3DB4CC2C-E5E8-44A4-A878-A1E9FE694CB5} - System32\Tasks\EPSON L386 Series Update {14275174-FCFF-4428-8639-17C9D2F4FF7B} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSRPE.EXE (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {3FA458E0-2E68-45E8-B4D4-D759406E753C} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {471BF423-C3BD-44D4-81A8-877328F55870} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe (Garmin International, Inc. -> )
Task: {4947C734-450E-403E-8B59-ECC35666DAA4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {58372006-C3DC-4258-BF11-2D906EB453BA} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6C696AE0-2FF4-4817-9E8C-DF3F674EB92F} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7F5DD47E-ECC6-45BF-885B-37B6697B6BF9} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Roman\Downloads\esetonlinescanner_csy.exe (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {89772F79-7BAF-47DF-844D-0461553D97C2} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {98F35EF5-93FC-46E9-86FC-FC9A7AB886AE} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B1DA89CE-865C-48C3-8268-26D22F30966D} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Ltd)
Task: {B2D269E4-3C68-437D-B3D0-21C44291EEB7} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BE8DB59A-7081-4DD2-BE36-E3FC55A093F4} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C3372962-7A58-4476-9052-CB8ACDD1E5AD} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C4027F2D-16EB-42E3-ABE4-28EBAC2C1EAC} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C56920A7-54C8-48B3-9302-ADAACBAD5387} - System32\Tasks\CrystalDiskInfo => D:\Programy\Crystal info\CrystalDiskInfo\DiskInfo32.exe
Task: {C902E3A6-A44E-4192-B74F-6EF1BA9391DA} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Roman\Downloads\esetonlinescanner_csy.exe (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {CBBFA0AC-7747-4A5B-8CC8-FF9654E8D900} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {CF0B854B-20C1-4919-B5F2-92E8EAC50908} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\EPSON L386 Series Update {14275174-FCFF-4428-8639-17C9D2F4FF7B}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSRPE.EXE:/EXE:{14275174-FCFF-4428-8639-17C9D2F4FF7B} /F:UpdateWORKGROUP\DESKTOP-O6D3TT1$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Authy.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gaedmjdfmmahhbjefcbgaolhhanlaolb

==================== Loaded Modules (Whitelisted) ==============

2017-12-22 01:00 - 2017-12-22 01:00 - 001216760 _____ () C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
2017-11-24 20:20 - 2013-07-03 20:32 - 000936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2017-12-25 12:42 - 2017-12-25 12:42 - 006096688 _____ () C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
2018-02-14 17:02 - 2018-02-09 05:11 - 002199656 _____ () D:\Programy\Everythink\Everything\Everything.exe
2018-09-11 06:38 - 2018-12-06 11:14 - 001315312 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-12-22 00:45 - 2017-12-22 00:45 - 005825576 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2018-11-20 04:46 - 2018-11-20 04:46 - 004310296 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-12 09:23 - 2018-11-09 03:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2019-02-13 07:41 - 2019-02-06 03:25 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-10-04 07:22 - 2018-10-04 07:22 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2019-02-05 20:24 - 2019-02-05 20:25 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2019-02-05 20:24 - 2019-02-05 20:25 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2019-02-05 20:24 - 2019-02-05 20:25 - 011029504 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\LibWrapper.dll
2019-02-05 20:24 - 2019-02-05 20:25 - 002923520 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\skypert.dll
2019-02-05 20:24 - 2019-02-05 20:25 - 000688128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-12-15 14:58 - 2018-12-15 14:59 - 002384384 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\Processing.NDI.Lib.UWP.x64.dll
2019-02-05 20:24 - 2019-02-05 20:25 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-09-11 06:38 - 2018-12-06 11:14 - 101252592 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2018-09-11 06:38 - 2018-12-06 11:14 - 004620272 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libglesv2.dll
2018-09-11 06:38 - 2018-12-06 11:14 - 000109040 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libegl.dll
2017-12-22 00:46 - 2017-12-22 00:46 - 000585296 _____ () C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
2019-02-05 20:21 - 2018-12-06 00:47 - 001066784 _____ () D:\Programy\Steam\bin\cef\cef.win7x64\SDL2.dll
2019-02-05 20:21 - 2018-11-20 01:56 - 102804768 _____ () D:\Programy\Steam\bin\cef\cef.win7x64\libcef.dll
2017-12-22 01:45 - 2017-12-22 01:45 - 004620736 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
2019-02-05 20:21 - 2018-11-20 01:56 - 004866336 _____ () D:\Programy\Steam\bin\cef\cef.win7x64\libglesv2.dll
2019-02-05 20:21 - 2018-11-20 01:56 - 000116000 _____ () D:\Programy\Steam\bin\cef\cef.win7x64\libegl.dll
2017-12-22 00:45 - 2017-12-22 00:45 - 007003048 _____ () C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
2019-02-05 20:24 - 2019-02-05 20:25 - 000481280 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2019-02-05 20:24 - 2019-02-05 20:25 - 080636416 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-11-24 20:54 - 2017-11-24 20:57 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2019-02-05 20:24 - 2019-02-05 20:25 - 003824640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2019-02-05 20:24 - 2019-02-05 20:25 - 000012288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2019-02-05 20:24 - 2019-02-05 20:25 - 014225408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2019-02-05 20:24 - 2019-02-05 20:25 - 002871296 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-08-31 19:08 - 2018-08-31 19:08 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-07-26 20:16 - 2018-07-26 20:17 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-02-05 20:24 - 2019-02-05 20:25 - 000146432 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\SKU.dll
2019-02-05 20:24 - 2019-02-05 20:24 - 000282624 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-11-06 11:10 - 2018-11-06 11:10 - 002538056 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-02-05 20:24 - 2019-02-05 20:24 - 001757696 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.dll
2018-12-08 13:23 - 2018-12-08 13:23 - 004220928 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1811.3241.0_x64__8wekyb3d8bbwe\Calculator.exe
2018-12-08 13:22 - 2018-12-08 13:22 - 004380232 _____ () C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.0_2.1810.18003.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-11-24 20:20 - 2019-02-13 17:32 - 000043152 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2017-11-24 20:20 - 2013-07-03 20:32 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2017-12-22 01:44 - 2017-12-22 01:44 - 003485808 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\atih_mms_addon.dll
2017-12-22 01:43 - 2017-12-22 01:43 - 001331696 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\services_mms_addon.dll
2017-12-22 00:45 - 2017-12-22 00:45 - 000685488 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\sqlite3.dll
2017-12-22 01:43 - 2017-12-25 13:50 - 022715144 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
2017-12-22 00:48 - 2017-12-22 00:48 - 000412704 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\resource.dll
2017-12-22 00:34 - 2017-12-22 00:34 - 000136736 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\afcdpapi.dll
2017-12-22 00:45 - 2017-12-22 00:45 - 000255008 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\sync_agent_api.dll
2017-12-22 00:45 - 2017-12-22 00:45 - 000160168 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\libevent.dll
2017-12-22 00:45 - 2017-12-22 00:45 - 000277538 _____ () C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\LIBMAGIC.dll
2017-12-22 00:45 - 2017-12-22 00:45 - 002386352 _____ () C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\xerces_c.dll
2017-11-25 22:10 - 2018-12-06 11:14 - 001033200 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2019-02-05 20:21 - 2018-12-06 00:47 - 000885536 _____ () D:\Programy\Steam\SDL2.dll
2018-07-25 06:34 - 2016-09-01 02:02 - 004969248 _____ () D:\Programy\Steam\v8.dll
2019-02-05 20:21 - 2019-02-02 18:33 - 002667296 _____ () D:\Programy\Steam\video.dll
2018-07-25 06:34 - 2016-09-01 02:02 - 001563936 _____ () D:\Programy\Steam\icui18n.dll
2018-07-25 06:34 - 2016-09-01 02:02 - 001195296 _____ () D:\Programy\Steam\icuuc.dll
2019-02-05 20:21 - 2018-11-05 19:53 - 000810784 _____ () D:\Programy\Steam\libavformat-57.dll
2019-02-05 20:21 - 2018-11-05 19:53 - 005137696 _____ () D:\Programy\Steam\libavcodec-57.dll
2019-02-05 20:21 - 2018-11-05 19:53 - 000351520 _____ () D:\Programy\Steam\libavresample-3.dll
2019-02-05 20:21 - 2018-11-05 19:53 - 000847136 _____ () D:\Programy\Steam\libavutil-55.dll
2019-02-05 20:21 - 2018-11-05 19:53 - 000783648 _____ () D:\Programy\Steam\libswscale-4.dll
2019-02-05 20:21 - 2019-02-02 18:33 - 001031456 _____ () D:\Programy\Steam\bin\chromehtml.DLL
2018-07-25 06:34 - 2016-07-04 23:17 - 000266560 _____ () D:\Programy\Steam\openvr_api.dll
2017-12-22 00:45 - 2017-12-22 00:45 - 008986144 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_resources.dll
2017-12-22 00:45 - 2017-12-22 00:45 - 000796192 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_supp.dll
2017-12-22 00:46 - 2017-12-22 00:46 - 000054816 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\rpc_client.dll
2017-12-22 00:45 - 2017-12-22 00:45 - 000444336 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2017-12-22 00:34 - 2017-12-22 00:34 - 000115632 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\expat.dll

neca
Level 2
Level 2
Příspěvky: 164
Registrován: leden 12
Pohlaví: Muž

Re: Preventivní kontrola PC a čištění před tvorbou zálohy.

Příspěvekod neca » 13 úno 2019 18:43

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 12:47 - 2019-02-07 21:29 - 000000841 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-917377831-1171802105-78364817-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\StartupFolder: => "Acuity Update Tool.lnk"
HKLM\...\StartupApproved\Run: => "MouseDriver"
HKLM\...\StartupApproved\Run: => "TNOD UP"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-917377831-1171802105-78364817-1001\...\StartupApproved\Run: => "World of Tanks"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F433FCF7-86A4-436A-9F38-B64661BF6C0F}] => (Allow) E:\Car Mechanic Simulator 2018\steamapps\common\Car Mechanic Simulator 2018\cms2018.exe ()
FirewallRules: [{7D97AB8E-3E6A-45D8-AA63-5CA3283B2163}] => (Allow) E:\Car Mechanic Simulator 2018\steamapps\common\Car Mechanic Simulator 2018\cms2018.exe ()
FirewallRules: [{0EB1C376-EAF0-437D-B4CE-9DF62FC4CB4B}] => (Allow) LPort=8125
FirewallRules: [{BA7F3BE0-6D50-4442-B04B-249159F34548}] => (Allow) LPort=8123
FirewallRules: [{3DA501E3-CC53-49EE-B3EE-609E849DC6D8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B39BAA5C-F32B-4888-B74B-DFFB7FDFD9EC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0123B9E1-6C73-45D1-BDA5-EE93263329F7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0175C699-D1A5-451A-815A-4D434BFD412C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{186CB6C8-DDF3-42EA-9EAC-AA4496EB3C88}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{35375BDE-5A57-4225-8281-5588C64B7AFB}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\ga_service.exe (Acronis International GmbH -> )
FirewallRules: [{1626B614-4E71-4DA6-AEB4-B85A8EB43F7F}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe (Acronis International GmbH -> )
FirewallRules: [{4BD9739A-C15F-4B13-AAFB-BF97A3301809}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{554B8429-2E75-4217-BBCE-172B0E805B50}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\acronis_drive.exe (Acronis International GmbH -> )
FirewallRules: [{D19F2803-3CE6-4479-8572-52F8609830DD}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\SystemReport.exe (Acronis International GmbH -> )
FirewallRules: [{7AF439CC-7BD2-42F9-9CC0-8BDEF0B1CBED}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\MediaBuilder.exe (Acronis International GmbH -> )
FirewallRules: [{7ADE461B-135D-414E-B057-AA3B6AA10B7A}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe (Acronis International GmbH -> )
FirewallRules: [{4E137290-8D9C-44BF-BEA6-65528674E773}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe (Acronis International GmbH -> )
FirewallRules: [{E4F46B72-2487-4842-A3ED-37E0CAC0708D}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis International GmbH -> )
FirewallRules: [{1914E070-A12E-4926-87C4-F3EF78FE47CB}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe (Acronis International GmbH -> )
FirewallRules: [{76521A65-A80F-437E-8D25-F9F7CCF20A41}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{BE260B7D-DF01-480B-9C54-3FEBBA435A53}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> )
FirewallRules: [{E0D98A43-AA7F-44F1-B66A-48C6620EDD7B}] => (Allow) C:\Program Files\Zoner\Photo Studio 17\Program32\MediaServer.exe (ZONER software, a.s. -> ZONER software)
FirewallRules: [{C2EE37FD-06AF-4DC4-B6B6-2EE38F2DA13E}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{D0F4386F-C2DE-469A-89EB-077A5F73EFF1}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{C3B360BC-EA4A-497E-BA8B-44EC3D931BD8}] => (Allow) C:\Program Files (x86)\Nox\bin\Nox.exe (Beijing Duodian Online Science and Technology Co.,Ltd -> Duodian Technology Co. Ltd.)
FirewallRules: [{AD83030C-A651-4139-89DB-61A12E9FE47E}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe (Beijing Duodian Online Science and Technology Co.,Ltd -> )
FirewallRules: [TCP Query User{E24BB9DC-681B-4990-BB07-82A176373E1B}C:\program files\nxt\nxt.exe] => (Allow) C:\program files\nxt\nxt.exe ()
FirewallRules: [UDP Query User{82200298-4A89-48EA-9137-DAC80D892A33}C:\program files\nxt\nxt.exe] => (Allow) C:\program files\nxt\nxt.exe ()
FirewallRules: [{2CC1A70F-14A2-4560-AF6B-8603F43C072D}] => (Allow) D:\Programy\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{F50C8D93-85A3-4C13-AAC6-6762A81867E2}] => (Allow) D:\Programy\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{1DA7C3FD-E96B-4899-8357-20FEA3A296DB}] => (Allow) D:\Programy\Steam\steamapps\common\Crossout\launcher.exe (Gaijin Network LTD -> Gaijin Entertainment Corp.)
FirewallRules: [{01D5351C-6382-4F22-BE65-B2BDC86BDA02}] => (Allow) D:\Programy\Steam\steamapps\common\Crossout\launcher.exe (Gaijin Network LTD -> Gaijin Entertainment Corp.)
FirewallRules: [{988113B2-6236-40D9-B32A-3F4967ADCD0C}] => (Allow) D:\Programy\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{936B3F7B-2912-47D3-B25A-89EF773905F9}] => (Allow) D:\Programy\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{316F1C9E-4877-42F6-966E-30599C887CFD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5C0DA9F6-AB80-44FE-889D-7315E95D53D7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{9FC74FF4-90B0-442A-8A48-181B3A34C7E4}C:\program files\ardor\ardor.exe] => (Allow) C:\program files\ardor\ardor.exe ()
FirewallRules: [UDP Query User{F8F0A7D9-873F-4729-A253-99C4A3BF0130}C:\program files\ardor\ardor.exe] => (Allow) C:\program files\ardor\ardor.exe ()
FirewallRules: [{AD47C878-D236-4408-840C-F9A76F8664F5}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Ltd)
FirewallRules: [{11F7FC11-198E-4886-ACFC-B894544BABB8}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Ltd)
FirewallRules: [{C112217C-FAF5-44D4-8049-04C04EB78AC6}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{17D4EC0F-214D-49DA-B04D-C92C19A54CE6}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{0677CC7C-9006-4E56-88B5-B9B9B6F2F203}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{8A970E0C-DCC0-42CD-A10B-1DA930BBFD8C}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{BC317072-43BC-45DC-B1B4-E946DC610A9D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{8DDFAFC4-7102-41D7-9959-3DDA580E1A78}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{CBB440C4-A7F1-423A-8098-E8590D6C0758}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E2C1557A-A91A-4F73-AF00-F4DC49552D21}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{52E97030-BF80-4092-AC51-E124622F27FF}C:\program files\nxt\nxt.exe] => (Allow) C:\program files\nxt\nxt.exe ()
FirewallRules: [UDP Query User{3CAEA1AA-7A65-43DD-9AC4-11E2A0334C7C}C:\program files\nxt\nxt.exe] => (Allow) C:\program files\nxt\nxt.exe ()
FirewallRules: [TCP Query User{A3F3CF40-D7BD-4FFC-BCD8-747B281A3292}C:\program files\ardor\ardor.exe] => (Allow) C:\program files\ardor\ardor.exe ()
FirewallRules: [UDP Query User{4DE31957-91C1-4719-A423-0BD06AC5CBAA}C:\program files\ardor\ardor.exe] => (Allow) C:\program files\ardor\ardor.exe ()
FirewallRules: [{F4A6C2C8-F84B-4A42-A7EE-931C29DEBC6F}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Ltd)
FirewallRules: [{D49B20A6-922B-4B18-A615-B36305E7CA14}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Ltd)
FirewallRules: [{BC602F58-D20F-44DD-B94D-555FEB9FBEF4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

10-02-2019 08:12:22 Naplánovaný kontrolní bod
13-02-2019 08:05:24 Installed Epson Software Updater

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/11/2019 09:18:34 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x8007001f, Zařízení připojené k systému nefunguje.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (02/11/2019 09:18:06 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {74a0464f-317d-449b-84d2-26acd0dfdaad}

Error: (02/11/2019 08:58:08 AM) (Source: Acronis Scheduler) (EventID: 1) (User: NT AUTHORITY)
Description: Plánovač nemohl spustit úlohu >> "" s GUID '88E136F3-E71B-47BD-98D0-1A20E70D076F' kvůli chybě 87> (Plánovač obdržel požadavek s neplatným parametrem.).

Error: (02/11/2019 08:37:07 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Zálohování se nedokončilo z důvodu chyby zápisu do umístění zálohy G:\. Chyba: Umístění zálohy se nepovedlo najít nebo není platné. Zkontrolujte nastavení zálohování a umístění zálohy. (0x81000006).

Error: (02/10/2019 07:52:16 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x8007001f, Zařízení připojené k systému nefunguje.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (02/10/2019 07:51:47 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {fb9aa36f-ecbc-4e74-9567-5e15ced47324}

Error: (02/07/2019 09:28:41 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (02/07/2019 09:28:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: DaS_21.exe, verze: 2.1.0.4, časové razítko: 0x540c90b2
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.17134.441, časové razítko: 0x428de48c
Kód výjimky: 0xe0434352
Posun chyby: 0x000000000003a388
ID chybujícího procesu: 0x2f3c
Čas spuštění chybující aplikace: 0x01d4bf23b536fbba
Cesta k chybující aplikaci: C:\Users\Roman\AppData\Local\Temp\DaS_21.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: d48bafc5-63dc-4ebf-84c4-fe3737947632
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (02/13/2019 06:29:09 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-O6D3TT1)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-O6D3TT1\Roman (SID: S-1-5-21-917377831-1171802105-78364817-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/13/2019 06:10:10 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-O6D3TT1)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-O6D3TT1\Roman (SID: S-1-5-21-917377831-1171802105-78364817-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/13/2019 05:58:27 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-O6D3TT1)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-O6D3TT1\Roman (SID: S-1-5-21-917377831-1171802105-78364817-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/13/2019 05:53:00 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-O6D3TT1)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-O6D3TT1\Roman (SID: S-1-5-21-917377831-1171802105-78364817-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/13/2019 05:42:59 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-O6D3TT1)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-O6D3TT1\Roman (SID: S-1-5-21-917377831-1171802105-78364817-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/13/2019 05:34:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscBrokerManager
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/13/2019 05:33:26 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-O6D3TT1)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-O6D3TT1\Roman (SID: S-1-5-21-917377831-1171802105-78364817-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/13/2019 05:33:23 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-O6D3TT1)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-O6D3TT1\Roman (SID: S-1-5-21-917377831-1171802105-78364817-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.


Windows Defender:
===================================
Date: 2019-02-11 19:20:08.755
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Occamy.C
ID: 2147726780
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Roman\Downloads\zoek.exe; webfile:_C:\Users\Roman\Downloads\zoek.exe|http://download.bleepingcomputer.com/smeenk/zoek.exe|pid:6396,ProcessStart:131943800688598296
Původ zjišťování: Internet
Typ zjišťování: FastPath
Zdroj zjišťování: Soubory ke stažení a přílohy
Uživatel: DESKTOP-O6D3TT1\Roman
Název procesu: Unknown
Verze podpisu: AV: 1.285.1358.0, AS: 1.285.1358.0, NIS: 1.285.1358.0
Verze modulu: AM: 1.1.15600.4, NIS: 1.1.15600.4

Date: 2019-02-11 19:18:52.971
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Occamy.C
ID: 2147726780
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Roman\Downloads\zoek.exe; webfile:_C:\Users\Roman\Downloads\zoek.exe|http://download.bleepingcomputer.com/smeenk/zoek.exe|pid:6396,ProcessStart:131943800688598296
Původ zjišťování: Internet
Typ zjišťování: FastPath
Zdroj zjišťování: Soubory ke stažení a přílohy
Uživatel: DESKTOP-O6D3TT1\Roman
Název procesu: Unknown
Verze podpisu: AV: 1.285.1358.0, AS: 1.285.1358.0, NIS: 1.285.1358.0
Verze modulu: AM: 1.1.15600.4, NIS: 1.1.15600.4

Date: 2019-02-11 14:17:52.486
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Occamy.C
ID: 2147726780
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Roman\Downloads\zoek.exe; webfile:_C:\Users\Roman\Downloads\zoek.exe|http://download.bleepingcomputer.com/smeenk/zoek.exe|pid:1552,ProcessStart:131943646456347542
Původ zjišťování: Internet
Typ zjišťování: FastPath
Zdroj zjišťování: Soubory ke stažení a přílohy
Uživatel: DESKTOP-O6D3TT1\Roman
Název procesu: Unknown
Verze podpisu: AV: 1.285.1351.0, AS: 1.285.1351.0, NIS: 1.285.1351.0
Verze modulu: AM: 1.1.15600.4, NIS: 1.1.15600.4

Date: 2019-02-11 14:15:25.103
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Occamy.C
ID: 2147726780
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_G:\zoek.exe
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: DESKTOP-O6D3TT1\Roman
Název procesu: C:\Windows\explorer.exe
Verze podpisu: AV: 1.285.1351.0, AS: 1.285.1351.0, NIS: 1.285.1351.0
Verze modulu: AM: 1.1.15600.4, NIS: 1.1.15600.4

Date: 2019-02-11 14:14:53.601
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Occamy.C
ID: 2147726780
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_G:\zoek.exe
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: DESKTOP-O6D3TT1\Roman
Název procesu: C:\Windows\explorer.exe
Verze podpisu: AV: 1.285.1351.0, AS: 1.285.1351.0, NIS: 1.285.1351.0
Verze modulu: AM: 1.1.15600.4, NIS: 1.1.15600.4

Date: 2019-02-11 12:38:16.229
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.
Důvod: Antimalwarová ochrana přestala z neznámých důvodů fungovat. V některých případech lze tento problém vyřešit restartováním služby.

Date: 2019-02-05 20:25:43.538
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.283.1869.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15500.2
Kód chyby: 0x80240016
Popis chyby :Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2018-12-29 11:27:53.916
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.
Důvod: Antimalwarová ochrana přestala z neznámých důvodů fungovat. V některých případech lze tento problém vyřešit restartováním služby.

Date: 2018-12-29 11:26:39.623
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.
Důvod: Antimalwarová ochrana přestala z neznámých důvodů fungovat. V některých případech lze tento problém vyřešit restartováním služby.

CodeIntegrity:
===================================

Date: 2018-12-30 23:03:37.480
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-05-30 17:24:32.229
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Xeon(R) CPU E3-1231 v3 @ 3.40GHz
Percentage of memory in use: 33%
Total physical RAM: 8134.18 MB
Available physical RAM: 5415.29 MB
Total Virtual: 8646.18 MB
Available Virtual: 5111.71 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:171.92 GB) (Free:51.55 GB) NTFS
Drive d: (Nový svazek) (Fixed) (Total:50.15 GB) (Free:37.46 GB) NTFS
Drive e: (Nový svazek) (Fixed) (Total:149.05 GB) (Free:118.86 GB) NTFS

\\?\Volume{de6ea8d0-bd5e-4143-953f-32e602e8bcee}\ (Obnovení) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\\?\Volume{7cfd7bc6-5e06-4e37-abd8-9497eb3d495b}\ () (Fixed) (Total:0.83 GB) (Free:0.44 GB) NTFS
\\?\Volume{c2c46caf-66e9-43f1-a7be-eacf0dc4db22}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: DD6C5EF1)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 149.1 GB) (Disk ID: 2A022A01)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 40010
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Preventivní kontrola PC a čištění před tvorbou zálohy.

Příspěvekod jaro3 » 13 úno 2019 21:13

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
ShortcutTarget: Acuity Update Tool.lnk -> C:\Users\Roman\AppData\Roaming\MetaQuotes\Terminal\76AE827A66F7801B9D79B1FD1D2103FD\MQL4\Experts\AcuityUpdateTool\AcuityUpdateTool.exe ()
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKU\S-1-5-21-917377831-1171802105-78364817-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
C:\Users\Roman\AppData\Local\Temp\virustotal.exe
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
S3 ekrnEpfw; "C:\Program Files\ESET\ESET Security\ekrn.exe" [X]
S0 edevmon; system32\DRIVERS\edevmon.sys [X]
Task: {7F5DD47E-ECC6-45BF-885B-37B6697B6BF9} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Roman\Downloads\esetonlinescanner_csy.exe (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {C902E3A6-A44E-4192-B74F-6EF1BA9391DA} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Roman\Downloads\esetonlinescanner_csy.exe (ESET, spol. s r.o. -> ESET spol. s r.o.)

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

S3 ekrnEpfw; "C:\Program Files\ESET\ESET Security\ekrn.exe" [X]
S0 edevmon; system32\DRIVERS\edevmon.sys [X]
Task: {7F5DD47E-ECC6-45BF-885B-37B6697B6BF9} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Roman\Downloads\esetonlinescanner_csy.exe (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {C902E3A6-A44E-4192-B74F-6EF1BA9391DA} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Roman\Downloads\esetonlinescanner_csy.exe (ESET, spol. s r.o. -> ESET spol. s r.o.)

máš něco od eset , nebo to jsou zbytky?

BitcoinZ -- ten program znáš , nenašel jsem nic v souvislosti s tím Z..
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

neca
Level 2
Level 2
Příspěvky: 164
Registrován: leden 12
Pohlaví: Muž

Re: Preventivní kontrola PC a čištění před tvorbou zálohy.

Příspěvekod neca » 13 úno 2019 21:17

jaro3 píše:Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
ShortcutTarget: Acuity Update Tool.lnk -> C:\Users\Roman\AppData\Roaming\MetaQuotes\Terminal\76AE827A66F7801B9D79B1FD1D2103FD\MQL4\Experts\AcuityUpdateTool\AcuityUpdateTool.exe ()
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKU\S-1-5-21-917377831-1171802105-78364817-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
C:\Users\Roman\AppData\Local\Temp\virustotal.exe
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

S3 ekrnEpfw; "C:\Program Files\ESET\ESET Security\ekrn.exe" [X]
S0 edevmon; system32\DRIVERS\edevmon.sys [X]
Task: {7F5DD47E-ECC6-45BF-885B-37B6697B6BF9} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Roman\Downloads\esetonlinescanner_csy.exe (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {C902E3A6-A44E-4192-B74F-6EF1BA9391DA} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Roman\Downloads\esetonlinescanner_csy.exe (ESET, spol. s r.o. -> ESET spol. s r.o.)

máš něco od eset , nebo to jsou zbytky?

BitcoinZ -- ten program znáš , nenašel jsem nic v souvislosti s tím Z..


eset to budou zbytky a co se týče BitcoinZ to znám ale už to můžeme smazat. Takže pokud souhlasím se smazáním mám udělat viz výše? Nevymaže to nějaké záložky a hesla z Chrome?


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 8 hostů