spustenie cmd.exe pri starte Windowsu Vyřešeno

Sekce věnovaná virům a jiným škodlivým kódům, rovněž ale nástrojům, kterým se lze proti nim bránit…

Moderátoři: Mods_senior, Security team

luker13
nováček
Příspěvky: 11
Registrován: leden 18
Pohlaví: Muž
Stav:
Offline

Re: spustenie cmd.exe pri starte Windowsu

Příspěvekod luker13 » 18 led 2018 20:55

nic sa nedeje to ja som rad ze niekto ma namahu a pomoze :)



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:51:19, on 18. 1. 2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.2007)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Users\Borovský Lukáš\Desktop\HijackThis.exe
C:\WINDOWS\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\SysWOW64\userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll
O2 - BHO: AviraBrowserSafety.BrowserSafety - {c3c77255-42c0-499f-b664-6e981a0b1647} - mscoree.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Live Update] C:\Program Files (x86)\MSI\Live Update\Live Update.exe /REMINDER
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [ControlCenterCount] C:\Program Files (x86)\MSI\ControlCenter\ControlCenterCount.exe
O4 - HKLM\..\Run: [Super Charger] C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Global Startup: GoPro Importer.lnk = C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe
O9 - Extra button: Avira Browser Safety - {d8f67242-b229-4065-95fa-391b077ed6ca} - mscoree.dll (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: abs - {E00957BD-D0E1-4EB9-A025-7743FDC8B27B} - mscoree.dll (file missing)
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: MSI_LiveUpdate_Service - Micro-Star International - C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
O23 - Service: MSI_SuperCharger - MSI - C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: Origin Web Helper Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginWebHelperService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAM Controller Service (ZAMSvc) - Copyright 2017. - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe

--
End of file - 9724 bytes

Reklama
luker13
nováček
Příspěvky: 11
Registrován: leden 18
Pohlaví: Muž
Stav:
Offline

Re: spustenie cmd.exe pri starte Windowsu

Příspěvekod luker13 » 18 led 2018 20:57

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.01.2018 01
Ran by Borovský Lukáš (administrator) on BOROVSKÝLUKÁŠ (18-01-2018 20:48:06)
Running from C:\Users\Borovský Lukáš\Desktop
Loaded Profiles: Borovský Lukáš (Available Profiles: Borovský Lukáš & DefaultAppPool)
Platform: Windows 10 Home Version 1607 14393.2035 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
(Micro-Star International) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Windows\System32\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Realtek Semiconductor) C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
(Sonix) C:\Windows\vsnp2uvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-28] (Microsoft Corporation)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [3476432 2014-09-18] (Micro-Star International)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32\...\Run: [ControlCenterCount] => C:\Program Files (x86)\MSI\ControlCenter\ControlCenterCount.exe [872448 2012-03-26] (MSI CO.,LTD.)
HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1014736 2014-07-22] (MSI)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [snp2uvc] => C:\WINDOWS\vsnp2uvc.exe [662016 2009-08-12] (Sonix)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2017-12-21] (Avira Operations GmbH & Co. KG)
HKLM\...\Winlogon: [Userinit] C:\WINDOWS\SysWOW64\userinit.exe,
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoPro Importer.lnk [2015-01-26]
ShortcutTarget: GoPro Importer.lnk -> C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe (GoPro)
AlternateShell:

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.111.254.1 192.168.1.1
Tcpip\..\Interfaces\{66056268-21a2-4a22-a52b-0cf52a901316}: [DhcpNameServer] 10.111.254.1 192.168.1.1

Internet Explorer:
==================
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-08] (Oracle Corporation)
BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-08] (Oracle Corporation)
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Borovský Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\HsRMqSG9.default [2018-01-18]
FF Homepage: Mozilla\Firefox\Profiles\HsRMqSG9.default -> about:home
FF NewTab: Mozilla\Firefox\Profiles\HsRMqSG9.default -> about:newtab
FF Extension: (Avira Browser Safety) - C:\Users\Borovský Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\HsRMqSG9.default\Extensions\abs@avira.com [2015-07-25] [Legacy] [not signed]
FF Extension: (No Name) - C:\Users\Borovský Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\HsRMqSG9.default\extensions\abs@avira.com [not found]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-09] ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [No File]
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-09] ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-08] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Borovský Lukáš\AppData\Local\Google\Chrome\User Data\Default [2018-01-18]
CHR Extension: (Prezentácie) - C:\Users\Borovský Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-18]
CHR Extension: (Dokumenty) - C:\Users\Borovský Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-18]
CHR Extension: (Disk Google) - C:\Users\Borovský Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-18]
CHR Extension: (YouTube) - C:\Users\Borovský Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-18]
CHR Extension: (Tabuľky) - C:\Users\Borovský Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-18]
CHR Extension: (Avira Browser Safety) - C:\Users\Borovský Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2018-01-18]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Borovský Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-18]
CHR Extension: (Skype) - C:\Users\Borovský Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2018-01-18]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Borovský Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-18]
CHR Extension: (Gmail) - C:\Users\Borovský Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-18]
CHR Extension: (Chrome Media Router) - C:\Users\Borovský Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-18]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [444600 2017-12-21] (Avira Operations GmbH & Co. KG)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1723856 2014-09-18] (Micro-Star International)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [162800 2014-03-17] (MSI)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2155328 2017-12-21] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3025224 2017-12-21] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-10-28] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-10-28] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103704 2017-10-09] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
R2 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-29] ()
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193968 2018-01-18] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2018-01-18] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2018-01-18] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-01-18] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2018-01-18] (Malwarebytes)
R1 MpKsld283510b; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8ABA32D8-7FF6-479C-BEBF-9272A34D0FE6}\MpKsld283510b.sys [58120 2018-01-18] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
S3 NTIOLib_MSISMB_CC; C:\Program Files (x86)\MSI\ControlCenter\Sleep\NTIOLib_X64.sys [13368 2012-11-09] (MSI)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-09-19] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-09-19] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-09-16] (NVIDIA Corporation)
S3 PAC7302; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [532480 2009-04-28] (PixArt Imaging Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [5195776 2016-07-16] (Realtek Semiconductor Corporation )
S3 SNP2UVC; C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [3567232 2011-09-09] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2018-01-18] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-01-18] (Zemana Ltd.)
U3 idsvc; no ImagePath
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

luker13
nováček
Příspěvky: 11
Registrován: leden 18
Pohlaví: Muž
Stav:
Offline

Re: spustenie cmd.exe pri starte Windowsu

Příspěvekod luker13 » 18 led 2018 20:59

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-18 20:48 - 2018-01-18 20:49 - 000016402 _____ C:\Users\Borovský Lukáš\Desktop\FRST.txt
2018-01-18 20:47 - 2018-01-18 20:48 - 000000000 ____D C:\FRST
2018-01-18 20:46 - 2018-01-18 20:47 - 002393088 _____ (Farbar) C:\Users\Borovský Lukáš\Desktop\FRST64.exe
2018-01-18 20:45 - 2018-01-18 20:46 - 002393088 _____ (Farbar) C:\Users\Borovský Lukáš\Downloads\FRST64.exe
2018-01-18 19:50 - 2018-01-18 19:51 - 000000000 ___HD C:\$WINDOWS.~BT
2018-01-18 19:40 - 2018-01-18 20:00 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-01-18 19:40 - 2018-01-18 20:00 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-01-18 19:40 - 2018-01-18 20:00 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-01-18 19:40 - 2018-01-18 20:00 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-01-18 19:40 - 2018-01-18 19:54 - 000193968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-01-18 19:39 - 2018-01-18 19:39 - 000881904 _____ (Plumbytes Software) C:\Users\Borovský Lukáš\Downloads\antimalwaresetup.exe
2018-01-18 19:33 - 2018-01-18 19:35 - 005660870 _____ (Swearware) C:\Users\Borovský Lukáš\Desktop\ComboFix.exe
2018-01-18 19:32 - 2018-01-18 19:32 - 005660870 _____ (Swearware) C:\Users\Borovský Lukáš\Downloads\ComboFix.exe
2018-01-18 19:25 - 2018-01-18 19:25 - 000000840 _____ C:\Users\Borovský Lukáš\Desktop\2018.01.18-19.10.14-i0-t92-d0.txt
2018-01-18 19:09 - 2018-01-18 20:48 - 000110936 _____ C:\WINDOWS\ZAM.krnl.trace
2018-01-18 19:09 - 2018-01-18 20:48 - 000084501 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-01-18 19:09 - 2018-01-18 19:09 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2018-01-18 19:09 - 2018-01-18 19:09 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2018-01-18 19:09 - 2018-01-18 19:09 - 000001221 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2018-01-18 19:09 - 2018-01-18 19:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2018-01-18 19:09 - 2018-01-18 19:09 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-01-18 19:08 - 2018-01-18 19:08 - 006625600 _____ (Zemana Ltd. ) C:\Users\Borovský Lukáš\Desktop\Zemana.AntiMalware.Setup.exe
2018-01-18 19:08 - 2018-01-18 19:08 - 000000000 ____D C:\Users\Borovský Lukáš\AppData\Local\Zemana
2018-01-18 19:07 - 2018-01-18 19:07 - 006625600 _____ (Zemana Ltd. ) C:\Users\Borovský Lukáš\Downloads\Zemana.AntiMalware.Setup.exe
2018-01-18 19:06 - 2018-01-18 19:06 - 000000000 ____D C:\Users\Borovský Lukáš\AppData\Roaming\Google
2018-01-18 18:58 - 2018-01-18 18:58 - 000006456 _____ C:\Users\Borovský Lukáš\Desktop\zoek-results.txt
2018-01-18 18:54 - 2018-01-18 18:51 - 000024064 _____ C:\WINDOWS\zoek-delete.exe
2018-01-18 18:51 - 2018-01-18 18:51 - 000000000 ____D C:\zoek_backup
2018-01-18 18:50 - 2018-01-18 18:51 - 001313792 _____ C:\Users\Borovský Lukáš\Desktop\zoek.exe
2018-01-18 18:50 - 2018-01-18 18:50 - 001313792 _____ C:\Users\Borovský Lukáš\Downloads\zoek.exe
2018-01-18 18:48 - 2018-01-18 18:48 - 000006616 _____ C:\Users\Borovský Lukáš\Desktop\rk_EA64.tmp.txt
2018-01-17 21:39 - 2018-01-11 08:20 - 000280408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-01-17 21:39 - 2018-01-11 08:16 - 007812960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-01-17 21:39 - 2018-01-11 08:14 - 002254688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-01-17 21:39 - 2018-01-11 08:10 - 000168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-01-17 21:39 - 2018-01-11 08:10 - 000082784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-01-17 21:39 - 2018-01-11 08:06 - 000187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-01-17 21:39 - 2018-01-11 08:05 - 000267048 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2018-01-17 21:39 - 2018-01-11 08:03 - 007216560 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-01-17 21:39 - 2018-01-11 08:03 - 000223072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2018-01-17 21:39 - 2018-01-11 08:02 - 001095008 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-01-17 21:39 - 2018-01-11 08:02 - 000987488 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-01-17 21:39 - 2018-01-11 08:02 - 000948568 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2018-01-17 21:39 - 2018-01-11 08:02 - 000812888 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2018-01-17 21:39 - 2018-01-11 08:02 - 000624560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-01-17 21:39 - 2018-01-11 08:02 - 000509792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-01-17 21:39 - 2018-01-11 08:02 - 000450392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-01-17 21:39 - 2018-01-11 08:02 - 000431288 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2018-01-17 21:39 - 2018-01-11 08:02 - 000070288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2018-01-17 21:39 - 2018-01-11 08:01 - 022222936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-01-17 21:39 - 2018-01-11 08:00 - 000277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-01-17 21:39 - 2018-01-11 07:59 - 001416224 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-01-17 21:39 - 2018-01-11 07:58 - 001102688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-01-17 21:39 - 2018-01-11 07:28 - 002715648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2018-01-17 21:39 - 2018-01-11 07:28 - 000250048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2018-01-17 21:39 - 2018-01-11 07:27 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManMigrationPlugin.dll
2018-01-17 21:39 - 2018-01-11 07:26 - 005726408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-01-17 21:39 - 2018-01-11 07:26 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2018-01-17 21:39 - 2018-01-11 07:26 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAuto.dll
2018-01-17 21:39 - 2018-01-11 07:26 - 000037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsmprovhost.exe
2018-01-17 21:39 - 2018-01-11 07:26 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsmplpxy.dll
2018-01-17 21:39 - 2018-01-11 07:25 - 000367200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-01-17 21:39 - 2018-01-11 07:25 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys
2018-01-17 21:39 - 2018-01-11 07:25 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2018-01-17 21:39 - 2018-01-11 07:24 - 020969376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-01-17 21:39 - 2018-01-11 07:23 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2018-01-17 21:39 - 2018-01-11 07:22 - 001261288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-01-17 21:39 - 2018-01-11 07:22 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll
2018-01-17 21:39 - 2018-01-11 07:21 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2018-01-17 21:39 - 2018-01-11 07:20 - 000238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2018-01-17 21:39 - 2018-01-11 07:19 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\qasf.dll
2018-01-17 21:39 - 2018-01-11 07:18 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptnet.dll
2018-01-17 21:39 - 2018-01-11 07:17 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2018-01-17 21:39 - 2018-01-11 07:17 - 000589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2018-01-17 21:39 - 2018-01-11 07:17 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll
2018-01-17 21:39 - 2018-01-11 07:17 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-01-17 21:39 - 2018-01-11 07:17 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2018-01-17 21:39 - 2018-01-11 07:17 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\netfxperf.dll
2018-01-17 21:39 - 2018-01-11 07:16 - 000460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2018-01-17 21:39 - 2018-01-11 07:13 - 001485824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-01-17 21:39 - 2018-01-11 07:12 - 003616256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-01-17 21:39 - 2018-01-11 07:12 - 002695680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2018-01-17 21:39 - 2018-01-11 07:11 - 002333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2018-01-17 21:39 - 2018-01-11 07:11 - 001518080 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-01-17 21:39 - 2018-01-11 07:11 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2018-01-17 21:39 - 2018-01-11 07:10 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2018-01-17 21:39 - 2018-01-11 07:10 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2018-01-17 21:39 - 2018-01-11 07:10 - 000173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdrom.sys
2018-01-17 21:39 - 2018-01-11 07:10 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAuto.dll
2018-01-17 21:39 - 2018-01-11 07:10 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManMigrationPlugin.dll
2018-01-17 21:39 - 2018-01-11 07:10 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsmplpxy.dll
2018-01-17 21:39 - 2018-01-11 07:09 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2018-01-17 21:39 - 2018-01-11 07:09 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsmprovhost.exe
2018-01-17 21:39 - 2018-01-11 07:09 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2018-01-17 21:39 - 2018-01-11 07:07 - 000389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceCenter.dll
2018-01-17 21:39 - 2018-01-11 07:07 - 000139264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qasf.dll
2018-01-17 21:39 - 2018-01-11 07:07 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptnet.dll
2018-01-17 21:39 - 2018-01-11 07:05 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2018-01-17 21:39 - 2018-01-11 06:59 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netfxperf.dll
2018-01-17 21:39 - 2018-01-11 06:56 - 001886720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2018-01-17 21:39 - 2018-01-11 06:55 - 002998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-01-17 21:39 - 2016-08-06 05:16 - 000073568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-01-17 21:39 - 2016-08-06 05:16 - 000020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2018-01-17 21:36 - 2018-01-18 18:18 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-01-17 21:35 - 2018-01-17 22:15 - 000000000 ____D C:\ProgramData\RogueKiller
2018-01-17 21:21 - 2018-01-17 21:21 - 000000000 ____D C:\ProgramData\Sophos
2018-01-17 21:20 - 2018-01-17 21:20 - 000002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2018-01-17 21:20 - 2018-01-17 21:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2018-01-17 21:20 - 2018-01-17 21:20 - 000000000 ____D C:\Program Files (x86)\Sophos
2018-01-17 21:00 - 2018-01-17 21:35 - 026907720 _____ (Adlice Software) C:\Users\Borovský Lukáš\Desktop\RogueKiller_portable64.exe
2018-01-17 20:58 - 2018-01-17 21:17 - 187351200 _____ (Sophos Limited) C:\Users\Borovský Lukáš\Downloads\Sophos Virus Removal Tool.exe
2018-01-17 20:58 - 2018-01-17 21:00 - 026907720 _____ (Adlice Software) C:\Users\Borovský Lukáš\Downloads\RogueKiller_portable64.exe
2018-01-17 20:46 - 2018-01-17 20:47 - 001790024 _____ (Malwarebytes) C:\Users\Borovský Lukáš\Desktop\JRT.exe
2018-01-17 20:45 - 2018-01-17 20:46 - 001790024 _____ (Malwarebytes) C:\Users\Borovský Lukáš\Downloads\JRT.exe
2018-01-17 18:36 - 2018-01-17 20:44 - 000000000 ____D C:\AdwCleaner
2018-01-17 18:01 - 2018-01-17 18:36 - 008198432 _____ (Malwarebytes) C:\Users\Borovský Lukáš\Desktop\AdwCleaner.exe
2018-01-17 18:01 - 2018-01-17 18:01 - 008198432 _____ (Malwarebytes) C:\Users\Borovský Lukáš\Downloads\AdwCleaner.exe
2018-01-17 18:00 - 2018-01-17 18:02 - 000448512 _____ (OldTimer Tools) C:\Users\Borovský Lukáš\Desktop\TFC.exe
2018-01-17 18:00 - 2018-01-17 18:00 - 000448512 _____ (OldTimer Tools) C:\Users\Borovský Lukáš\Downloads\TFC.exe
2018-01-17 15:44 - 2018-01-17 15:45 - 000388608 _____ (Trend Micro Inc.) C:\Users\Borovský Lukáš\Desktop\HijackThis.exe
2018-01-16 18:22 - 2018-01-16 18:23 - 1527846865 _____ C:\Users\Borovský Lukáš\Downloads\2018-standard-logopack_fmscout.com.zip
2018-01-16 17:45 - 2018-01-16 17:48 - 002981075 _____ C:\Users\Borovský Lukáš\Downloads\Slovakia - Fortuna liga 2017-18_v1.01.zip
2018-01-16 17:42 - 2018-01-16 17:45 - 003111128 _____ C:\Users\Borovský Lukáš\Downloads\slovakia_-_doxxbet_liga.zip
2018-01-16 17:30 - 2018-01-16 17:58 - 133788226 _____ C:\Users\Borovský Lukáš\Downloads\trophies-megapack.zip
2018-01-16 17:30 - 2018-01-16 17:30 - 091419727 _____ C:\Users\Borovský Lukáš\Downloads\FlutSkin_lightFM18_15.zip
2018-01-16 17:04 - 2018-01-16 17:04 - 000831796 _____ C:\Users\Borovský Lukáš\Downloads\FM18 Real Names Fix Files from sortitoutsi.net v1.3.rar
2018-01-16 16:05 - 2017-12-10 19:58 - 000735376 _____ (Sysinternals - www.sysinternals.com) C:\Users\Borovský Lukáš\Desktop\Autoruns.exe
2018-01-16 15:45 - 2018-01-16 15:46 - 001329727 _____ C:\Users\Borovský Lukáš\Downloads\Autoruns.zip
2018-01-15 19:49 - 2018-01-15 19:49 - 000000000 ____D C:\Users\Borovský Lukáš\Documents\Sports Interactive
2018-01-15 18:49 - 2018-01-15 18:49 - 000000222 _____ C:\Users\Borovský Lukáš\Desktop\Football Manager 2018.url
2018-01-15 17:59 - 2018-01-15 17:59 - 000000000 ____D C:\Users\Borovský Lukáš\AppData\LocalLow\Temp
2018-01-15 15:53 - 2018-01-15 15:53 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-01-15 15:53 - 2018-01-15 15:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-15 15:53 - 2018-01-15 15:53 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-15 15:53 - 2018-01-15 15:53 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-15 15:53 - 2017-11-29 09:11 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-01-14 19:52 - 2018-01-14 19:55 - 056363453 _____ C:\Users\Borovský Lukáš\Documents\Crack_Football Manager 2018.rar
2018-01-14 19:45 - 2018-01-14 19:46 - 000644820 _____ C:\WINDOWS\Minidump\011418-52375-01.dmp
2018-01-14 16:18 - 2018-01-18 20:03 - 000003628 _____ C:\WINDOWS\System32\Tasks\NaaenLxAqIy
2018-01-14 16:18 - 2018-01-16 22:51 - 000003358 _____ C:\WINDOWS\System32\Tasks\YeijTuumu
2018-01-14 16:18 - 2018-01-14 16:18 - 000003762 _____ C:\WINDOWS\System32\Tasks\EcRzIbz
2018-01-14 16:18 - 2018-01-14 16:18 - 000000001 _____ C:\Users\Borovský Lukáš\AppData\Local\WMI.ini
2018-01-14 16:18 - 2016-07-16 12:43 - 000001331 _____ C:\Users\Borovský Lukáš\AppData\Local\AaOvQwmiIAWa
2018-01-14 16:18 - 2016-07-16 12:43 - 000001135 _____ C:\Users\Borovský Lukáš\AppData\Local\KVuI
2018-01-14 16:18 - 2016-07-16 12:43 - 000000080 _____ C:\WINDOWS\vDTe
2018-01-14 16:18 - 2016-07-16 12:43 - 000000072 _____ C:\Users\Borovský Lukáš\AppData\Roaming\GWIFgmX
2018-01-14 16:18 - 2016-07-16 12:42 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\uRHGFneiFKj.exe
2018-01-12 17:57 - 2018-01-12 17:57 - 000068797 _____ C:\Users\Borovský Lukáš\Downloads\Faktura_81555527_1180056378.pdf
2018-01-09 20:34 - 2017-10-04 09:21 - 000029352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2018-01-09 20:34 - 2017-10-04 09:21 - 000019088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2018-01-09 20:34 - 2017-10-04 04:45 - 000030888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2018-01-09 20:34 - 2017-10-04 04:45 - 000019088 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2018-01-06 12:00 - 2018-01-06 12:00 - 000007601 _____ C:\Users\Borovský Lukáš\AppData\Local\Resmon.ResmonCfg
2018-01-04 22:36 - 2018-01-01 06:24 - 000316760 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-01-04 22:36 - 2018-01-01 06:24 - 000198848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2018-01-04 22:36 - 2018-01-01 06:23 - 000434520 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-01-04 22:36 - 2018-01-01 06:22 - 001177680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-01-04 22:36 - 2018-01-01 06:22 - 000409944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2018-01-04 22:36 - 2018-01-01 06:22 - 000328000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-01-04 22:36 - 2018-01-01 06:21 - 002760216 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-01-04 22:36 - 2018-01-01 06:21 - 000715096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-01-04 22:36 - 2018-01-01 06:21 - 000155992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-01-04 22:36 - 2018-01-01 06:20 - 000160600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pacer.sys
2018-01-04 22:36 - 2018-01-01 06:20 - 000103304 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2018-01-04 22:36 - 2018-01-01 06:19 - 001277816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-01-04 22:36 - 2018-01-01 06:18 - 002529112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-01-04 22:36 - 2018-01-01 06:18 - 000588816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp110_win.dll
2018-01-04 22:36 - 2018-01-01 06:11 - 000053080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vdrvroot.sys
2018-01-04 22:36 - 2018-01-01 06:09 - 000167840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2018-01-04 22:36 - 2018-01-01 06:08 - 000791264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-01-04 22:36 - 2018-01-01 06:08 - 000183856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2018-01-04 22:36 - 2018-01-01 06:07 - 000482384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-01-04 22:36 - 2018-01-01 06:07 - 000263464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-01-04 22:36 - 2018-01-01 06:05 - 002262768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-01-04 22:36 - 2018-01-01 06:05 - 001981280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-01-04 22:36 - 2018-01-01 06:05 - 000433824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2018-01-04 22:36 - 2018-01-01 06:05 - 000084656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2018-01-04 22:36 - 2018-01-01 06:05 - 000067104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2018-01-04 22:36 - 2018-01-01 06:02 - 000546960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-01-04 22:36 - 2018-01-01 06:01 - 000415248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp110_win.dll
2018-01-04 22:36 - 2018-01-01 05:58 - 022571520 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-01-04 22:36 - 2018-01-01 05:58 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2018-01-04 22:36 - 2018-01-01 05:58 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll
2018-01-04 22:36 - 2018-01-01 05:56 - 005688832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-01-04 22:36 - 2018-01-01 05:54 - 000962760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-01-04 22:36 - 2018-01-01 05:52 - 000349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskcomp.dll
2018-01-04 22:36 - 2018-01-01 05:52 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\traffic.dll
2018-01-04 22:36 - 2018-01-01 05:52 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gmsaclient.dll
2018-01-04 22:36 - 2018-01-01 05:52 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscproxystub.dll
2018-01-04 22:36 - 2018-01-01 05:52 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshhyperv.dll
2018-01-04 22:36 - 2018-01-01 05:51 - 000052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-01-04 22:36 - 2018-01-01 05:51 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2018-01-04 22:36 - 2018-01-01 05:51 - 000037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2018-01-04 22:36 - 2018-01-01 05:50 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-01-04 22:36 - 2018-01-01 05:50 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2018-01-04 22:36 - 2018-01-01 05:50 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ssdpapi.dll
2018-01-04 22:36 - 2018-01-01 05:50 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2018-01-04 22:36 - 2018-01-01 05:50 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\virtdisk.dll
2018-01-04 22:36 - 2018-01-01 05:50 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\traffic.dll
2018-01-04 22:36 - 2018-01-01 05:50 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rfxvmt.dll
2018-01-04 22:36 - 2018-01-01 05:50 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2018-01-04 22:36 - 2018-01-01 05:49 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2018-01-04 22:36 - 2018-01-01 05:49 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2018-01-04 22:36 - 2018-01-01 05:49 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2018-01-04 22:36 - 2018-01-01 05:49 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2018-01-04 22:36 - 2018-01-01 05:49 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-01-04 22:36 - 2018-01-01 05:49 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2018-01-04 22:36 - 2018-01-01 05:49 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-01-04 22:36 - 2018-01-01 05:49 - 000037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2018-01-04 22:36 - 2018-01-01 05:49 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshqos.dll
2018-01-04 22:36 - 2018-01-01 05:48 - 000310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-01-04 22:36 - 2018-01-01 05:48 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2018-01-04 22:36 - 2018-01-01 05:48 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2018-01-04 22:36 - 2018-01-01 05:48 - 000168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-01-04 22:36 - 2018-01-01 05:48 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-01-04 22:36 - 2018-01-01 05:48 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2018-01-04 22:36 - 2018-01-01 05:48 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
2018-01-04 22:36 - 2018-01-01 05:48 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2018-01-04 22:36 - 2018-01-01 05:48 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpapi.dll
2018-01-04 22:36 - 2018-01-01 05:48 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Synth3dVsc.sys
2018-01-04 22:36 - 2018-01-01 05:48 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3dlg.dll
2018-01-04 22:36 - 2018-01-01 05:48 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-01-04 22:36 - 2018-01-01 05:48 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dmvsc.sys
2018-01-04 22:36 - 2018-01-01 05:48 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerSvc.dll
2018-01-04 22:36 - 2018-01-01 05:48 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshqos.dll
2018-01-04 22:36 - 2018-01-01 05:47 - 000712192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-01-04 22:36 - 2018-01-01 05:47 - 000410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2018-01-04 22:36 - 2018-01-01 05:47 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-01-04 22:36 - 2018-01-01 05:47 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\nsisvc.dll
2018-01-04 22:36 - 2018-01-01 05:46 - 000396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-01-04 22:36 - 2018-01-01 05:46 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-01-04 22:36 - 2018-01-01 05:46 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\keyiso.dll
2018-01-04 22:36 - 2018-01-01 05:45 - 018365952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-01-04 22:36 - 2018-01-01 05:45 - 000332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2018-01-04 22:36 - 2018-01-01 05:45 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-01-04 22:36 - 2018-01-01 05:44 - 023673856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-01-04 22:36 - 2018-01-01 05:44 - 019410432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-01-04 22:36 - 2018-01-01 05:44 - 013101056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-01-04 22:36 - 2018-01-01 05:44 - 012201472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-01-04 22:36 - 2018-01-01 05:44 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdPnp.dll
2018-01-04 22:36 - 2018-01-01 05:43 - 000746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2018-01-04 22:36 - 2018-01-01 05:43 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-01-04 22:36 - 2018-01-01 05:42 - 000513024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2018-01-04 22:36 - 2018-01-01 05:42 - 000367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-01-04 22:36 - 2018-01-01 05:42 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-01-04 22:36 - 2018-01-01 05:42 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2018-01-04 22:36 - 2018-01-01 05:42 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2018-01-04 22:36 - 2018-01-01 05:42 - 000139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-01-04 22:36 - 2018-01-01 05:42 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2018-01-04 22:36 - 2018-01-01 05:42 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmiprop.dll
2018-01-04 22:36 - 2018-01-01 05:41 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-01-04 22:36 - 2018-01-01 05:41 - 000691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-01-04 22:36 - 2018-01-01 05:41 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-01-04 22:36 - 2018-01-01 05:41 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-01-04 22:36 - 2018-01-01 05:41 - 000226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2018-01-04 22:36 - 2018-01-01 05:41 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-01-04 22:36 - 2018-01-01 05:41 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWNet.dll
2018-01-04 22:36 - 2018-01-01 05:40 - 008128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-01-04 22:36 - 2018-01-01 05:40 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-01-04 22:36 - 2018-01-01 05:40 - 000597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2018-01-04 22:36 - 2018-01-01 05:40 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-01-04 22:36 - 2018-01-01 05:40 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2018-01-04 22:36 - 2018-01-01 05:40 - 000390144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-01-04 22:36 - 2018-01-01 05:40 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2018-01-04 22:36 - 2018-01-01 05:40 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2018-01-04 22:36 - 2018-01-01 05:40 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-01-04 22:36 - 2018-01-01 05:40 - 000214016 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2018-01-04 22:36 - 2018-01-01 05:39 - 000968704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2018-01-04 22:36 - 2018-01-01 05:39 - 000945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2018-01-04 22:36 - 2018-01-01 05:39 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2018-01-04 22:36 - 2018-01-01 05:39 - 000636928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-01-04 22:36 - 2018-01-01 05:39 - 000557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-01-04 22:36 - 2018-01-01 05:39 - 000472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2018-01-04 22:36 - 2018-01-01 05:39 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2018-01-04 22:36 - 2018-01-01 05:39 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2018-01-04 22:36 - 2018-01-01 05:39 - 000292864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2018-01-04 22:36 - 2018-01-01 05:39 - 000267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2018-01-04 22:36 - 2018-01-01 05:39 - 000236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpsrv.dll
2018-01-04 22:36 - 2018-01-01 05:38 - 006063616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-01-04 22:36 - 2018-01-01 05:38 - 003661824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-01-04 22:36 - 2018-01-01 05:38 - 002370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-01-04 22:36 - 2018-01-01 05:38 - 002097664 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-01-04 22:36 - 2018-01-01 05:38 - 001779200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-01-04 22:36 - 2018-01-01 05:38 - 001184256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2018-01-04 22:36 - 2018-01-01 05:38 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-01-04 22:36 - 2018-01-01 05:37 - 004752896 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-01-04 22:36 - 2018-01-01 05:37 - 002896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-01-04 22:36 - 2018-01-01 05:37 - 001601024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-01-04 22:36 - 2018-01-01 05:37 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-01-04 22:36 - 2018-01-01 05:37 - 000792576 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-01-04 22:36 - 2018-01-01 05:37 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-01-04 22:36 - 2018-01-01 05:37 - 000583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-01-04 22:36 - 2018-01-01 05:37 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2018-01-04 22:36 - 2018-01-01 05:36 - 002483200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-01-04 22:36 - 2018-01-01 05:36 - 002030080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-01-04 22:36 - 2018-01-01 05:36 - 001984512 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-01-04 22:36 - 2018-01-01 05:36 - 001636864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-01-04 22:36 - 2018-01-01 05:36 - 001512448 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2018-01-04 22:36 - 2018-01-01 05:36 - 001509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-01-04 22:36 - 2018-01-01 05:36 - 001414144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2018-01-04 22:36 - 2018-01-01 05:36 - 000944128 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-01-04 22:36 - 2018-01-01 05:36 - 000885248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-01-04 22:36 - 2018-01-01 05:36 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-01-04 22:36 - 2018-01-01 05:36 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-01-04 22:36 - 2018-01-01 05:36 - 000694272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-01-04 22:36 - 2018-01-01 05:36 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-01-04 22:36 - 2018-01-01 05:35 - 001577984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-01-04 22:36 - 2018-01-01 05:35 - 000387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2018-01-04 22:36 - 2018-01-01 05:35 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2018-01-04 22:36 - 2018-01-01 05:35 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvvmtransport.dll
2018-01-04 22:36 - 2018-01-01 05:34 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvvmtransport.dll
2018-01-04 22:36 - 2018-01-01 05:34 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfhost.exe
2018-01-04 22:35 - 2018-01-01 06:30 - 000379736 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-01-04 22:35 - 2018-01-01 06:28 - 000423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2018-01-04 22:35 - 2018-01-01 06:28 - 000074072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2018-01-04 22:35 - 2018-01-01 06:25 - 000104280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-01-04 22:35 - 2018-01-01 06:24 - 001355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-01-04 22:35 - 2018-01-01 06:24 - 001174552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-01-04 22:35 - 2018-01-01 06:24 - 001051616 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-01-04 22:35 - 2018-01-01 06:24 - 000894632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-01-04 22:35 - 2018-01-01 06:23 - 000246864 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2018-01-04 22:35 - 2018-01-01 06:22 - 000652344 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-01-04 22:35 - 2018-01-01 06:22 - 000484184 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-01-04 22:35 - 2018-01-01 06:22 - 000062808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2018-01-04 22:35 - 2018-01-01 06:21 - 000527800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2018-01-04 22:35 - 2018-01-01 06:21 - 000046936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmstorfl.sys
2018-01-04 22:35 - 2018-01-01 06:21 - 000036184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storvsc.sys
2018-01-04 22:35 - 2018-01-01 06:20 - 002447208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-01-04 22:35 - 2018-01-01 06:20 - 000318776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-01-04 22:35 - 2018-01-01 06:20 - 000119640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-01-04 22:35 - 2018-01-01 06:20 - 000116568 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-01-04 22:35 - 2018-01-01 06:20 - 000085240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2018-01-04 22:35 - 2018-01-01 06:20 - 000079704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2018-01-04 22:35 - 2018-01-01 06:20 - 000031576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhv.sys
2018-01-04 22:35 - 2018-01-01 06:20 - 000028448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbuspipe.dll
2018-01-04 22:35 - 2018-01-01 06:20 - 000020312 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhv1394.dll
2018-01-04 22:35 - 2018-01-01 06:19 - 000153432 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2018-01-04 22:35 - 2018-01-01 06:18 - 000630080 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-01-04 22:35 - 2018-01-01 06:18 - 000456024 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-01-04 22:35 - 2018-01-01 06:18 - 000022224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumbase.dll
2018-01-04 22:35 - 2018-01-01 06:18 - 000015056 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumdll.dll
2018-01-04 22:35 - 2018-01-01 06:11 - 000110936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-01-04 22:35 - 2018-01-01 05:58 - 000474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2018-01-04 22:35 - 2018-01-01 05:54 - 007219712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-01-04 22:35 - 2018-01-01 05:51 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmgid.sys
2018-01-04 22:35 - 2018-01-01 05:50 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
2018-01-04 22:35 - 2018-01-01 05:50 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2018-01-04 22:35 - 2018-01-01 05:50 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2018-01-04 22:35 - 2018-01-01 05:50 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
2018-01-04 22:35 - 2018-01-01 05:50 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnEapAuthProxy.dll
2018-01-04 22:35 - 2018-01-01 05:50 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hyperkbd.sys
2018-01-04 22:35 - 2018-01-01 05:50 - 000009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshhyperv.dll
2018-01-04 22:35 - 2018-01-01 05:50 - 000009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vms3cap.sys
2018-01-04 22:35 - 2018-01-01 05:49 - 000152576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
2018-01-04 22:35 - 2018-01-01 05:49 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2018-01-04 22:35 - 2018-01-01 05:49 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-01-04 22:35 - 2018-01-01 05:49 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2018-01-04 22:35 - 2018-01-01 05:49 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2018-01-04 22:35 - 2018-01-01 05:49 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2018-01-04 22:35 - 2018-01-01 05:49 - 000076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2018-01-04 22:35 - 2018-01-01 05:49 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvhostsvc.dll
2018-01-04 22:35 - 2018-01-01 05:49 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2018-01-04 22:35 - 2018-01-01 05:49 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-01-04 22:35 - 2018-01-01 05:49 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2018-01-04 22:35 - 2018-01-01 05:49 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2018-01-04 22:35 - 2018-01-01 05:49 - 000045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-01-04 22:35 - 2018-01-01 05:49 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\gmsaclient.dll
2018-01-04 22:35 - 2018-01-01 05:49 - 000037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnEapPeerProxy.dll
2018-01-04 22:35 - 2018-01-01 05:49 - 000034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2018-01-04 22:35 - 2018-01-01 05:49 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2018-01-04 22:35 - 2018-01-01 05:49 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\VMBusHID.sys
2018-01-04 22:35 - 2018-01-01 05:49 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2018-01-04 22:35 - 2018-01-01 05:49 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2018-01-04 22:35 - 2018-01-01 05:49 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmgencounter.sys
2018-01-04 22:35 - 2018-01-01 05:48 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2018-01-04 22:35 - 2018-01-01 05:48 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2018-01-04 22:35 - 2018-01-01 05:48 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2018-01-04 22:35 - 2018-01-01 05:48 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2018-01-04 22:35 - 2018-01-01 05:48 - 000137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2018-01-04 22:35 - 2018-01-01 05:48 - 000136704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
2018-01-04 22:35 - 2018-01-01 05:48 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2018-01-04 22:35 - 2018-01-01 05:48 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
2018-01-04 22:35 - 2018-01-01 05:48 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\container_xml.dll
2018-01-04 22:35 - 2018-01-01 05:48 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2018-01-04 22:35 - 2018-01-01 05:48 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2018-01-04 22:35 - 2018-01-01 05:48 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\efslsaext.dll
2018-01-04 22:35 - 2018-01-01 05:48 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2018-01-04 22:35 - 2018-01-01 05:48 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2018-01-04 22:35 - 2018-01-01 05:48 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\efssvc.dll
2018-01-04 22:35 - 2018-01-01 05:48 - 000052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2018-01-04 22:35 - 2018-01-01 05:48 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\virtdisk.dll
2018-01-04 22:35 - 2018-01-01 05:48 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
2018-01-04 22:35 - 2018-01-01 05:48 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-01-04 22:35 - 2018-01-01 05:48 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysntfy.dll
2018-01-04 22:35 - 2018-01-01 05:48 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
2018-01-04 22:35 - 2018-01-01 05:48 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2018-01-04 22:35 - 2018-01-01 05:48 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2018-01-04 22:35 - 2018-01-01 05:48 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
2018-01-04 22:35 - 2018-01-01 05:48 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2018-01-04 22:35 - 2018-01-01 05:47 - 000420352 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-01-04 22:35 - 2018-01-01 05:47 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2018-01-04 22:35 - 2018-01-01 05:47 - 000201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-01-04 22:35 - 2018-01-01 05:47 - 000160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2018-01-04 22:35 - 2018-01-01 05:47 - 000141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2018-01-04 22:35 - 2018-01-01 05:47 - 000132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2018-01-04 22:35 - 2018-01-01 05:47 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2018-01-04 22:35 - 2018-01-01 05:47 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2018-01-04 22:35 - 2018-01-01 05:47 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2018-01-04 22:35 - 2018-01-01 05:47 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2018-01-04 22:35 - 2018-01-01 05:47 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2018-01-04 22:35 - 2018-01-01 05:47 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2018-01-04 22:35 - 2018-01-01 05:47 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3dlg.dll
2018-01-04 22:35 - 2018-01-01 05:47 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2018-01-04 22:35 - 2018-01-01 05:46 - 000822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-01-04 22:35 - 2018-01-01 05:46 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2018-01-04 22:35 - 2018-01-01 05:46 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-01-04 22:35 - 2018-01-01 05:46 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2018-01-04 22:35 - 2018-01-01 05:45 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2018-01-04 22:35 - 2018-01-01 05:45 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-01-04 22:35 - 2018-01-01 05:45 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdPnp.dll
2018-01-04 22:35 - 2018-01-01 05:45 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2018-01-04 22:35 - 2018-01-01 05:45 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmictimeprovider.dll
2018-01-04 22:35 - 2018-01-01 05:44 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2018-01-04 22:35 - 2018-01-01 05:44 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2018-01-04 22:35 - 2018-01-01 05:44 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2018-01-04 22:35 - 2018-01-01 05:44 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmiprop.dll
2018-01-04 22:35 - 2018-01-01 05:44 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-01-04 22:35 - 2018-01-01 05:44 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\nrpsrv.dll
2018-01-04 22:35 - 2018-01-01 05:43 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2018-01-04 22:35 - 2018-01-01 05:43 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\xolehlp.dll
2018-01-04 22:35 - 2018-01-01 05:43 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWNet.dll
2018-01-04 22:35 - 2018-01-01 05:42 - 000590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2018-01-04 22:35 - 2018-01-01 05:42 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2018-01-04 22:35 - 2018-01-01 05:42 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-01-04 22:35 - 2018-01-01 05:42 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll
2018-01-04 22:35 - 2018-01-01 05:42 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2018-01-04 22:35 - 2018-01-01 05:42 - 000152576 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-01-04 22:35 - 2018-01-01 05:42 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2018-01-04 22:35 - 2018-01-01 05:42 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\keyiso.dll
2018-01-04 22:35 - 2018-01-01 05:42 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2018-01-04 22:35 - 2018-01-01 05:41 - 000781824 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-01-04 22:35 - 2018-01-01 05:41 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-01-04 22:35 - 2018-01-01 05:41 - 000464896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-01-04 22:35 - 2018-01-01 05:41 - 000349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvcext.dll
2018-01-04 22:35 - 2018-01-01 05:41 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-01-04 22:35 - 2018-01-01 05:41 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-01-04 22:35 - 2018-01-01 05:41 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2018-01-04 22:35 - 2018-01-01 05:41 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2018-01-04 22:35 - 2018-01-01 05:40 - 000678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2018-01-04 22:35 - 2018-01-01 05:40 - 000635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-01-04 22:35 - 2018-01-01 05:40 - 000396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2018-01-04 22:35 - 2018-01-01 05:40 - 000387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2018-01-04 22:35 - 2018-01-01 05:40 - 000360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2018-01-04 22:35 - 2018-01-01 05:40 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2018-01-04 22:35 - 2018-01-01 05:40 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2018-01-04 22:35 - 2018-01-01 05:40 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-01-04 22:35 - 2018-01-01 05:39 - 000715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-01-04 22:35 - 2018-01-01 05:39 - 000468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2018-01-04 22:35 - 2018-01-01 05:39 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-01-04 22:35 - 2018-01-01 05:39 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvc.dll
2018-01-04 22:35 - 2018-01-01 05:39 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-01-04 22:35 - 2018-01-01 05:39 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2018-01-04 22:35 - 2018-01-01 05:38 - 000673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-01-04 22:35 - 2018-01-01 05:38 - 000413696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-01-04 22:35 - 2018-01-01 05:38 - 000323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2018-01-04 22:35 - 2018-01-01 05:38 - 000283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2018-01-04 22:35 - 2018-01-01 05:37 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-01-04 22:35 - 2018-01-01 05:37 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-01-04 22:35 - 2018-01-01 05:37 - 000347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-01-04 22:35 - 2018-01-01 05:36 - 003542528 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-01-04 22:35 - 2018-01-01 05:36 - 001349120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2018-01-04 22:35 - 2018-01-01 05:36 - 001020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2018-01-04 22:35 - 2018-01-01 05:36 - 000982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-01-04 22:35 - 2018-01-01 05:36 - 000960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-01-04 22:35 - 2018-01-01 05:36 - 000948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-01-04 22:35 - 2018-01-01 05:36 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-01-04 22:35 - 2018-01-01 05:36 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-01-04 22:35 - 2018-01-01 05:36 - 000770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-01-04 22:35 - 2018-01-01 05:36 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2018-01-04 22:35 - 2018-01-01 05:36 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2018-01-04 22:35 - 2018-01-01 05:34 - 000571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-01-04 17:51 - 2018-01-04 17:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-18 20:44 - 2014-10-15 17:52 - 000000000 ____D C:\Program Files (x86)\Steam
2018-01-18 20:03 - 2016-11-06 10:59 - 000000000 ____D C:\ProgramData\NVIDIA
2018-01-18 19:59 - 2016-10-09 11:23 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-18 19:58 - 2016-07-16 07:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-01-18 19:54 - 2016-11-05 19:52 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-01-18 19:51 - 2016-10-09 11:54 - 000000000 ___DC C:\WINDOWS\Panther
2018-01-18 19:00 - 2016-11-08 18:34 - 000000000 ____D C:\Users\Borovský Lukáš\AppData\Local\CrashDumps
2018-01-18 18:12 - 2016-07-16 12:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-01-17 22:21 - 2016-07-16 12:45 - 000000000 ____D C:\WINDOWS\INF
2018-01-17 22:20 - 2016-10-09 10:56 - 000194472 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-01-17 22:11 - 2016-10-09 10:56 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-01-17 21:48 - 2016-07-16 12:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-17 15:43 - 2016-07-16 12:47 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-15 19:49 - 2014-12-20 18:25 - 000000000 ____D C:\Users\Public\Documents\Sports Interactive
2018-01-15 19:49 - 2014-12-20 18:25 - 000000000 ____D C:\Users\Borovský Lukáš\AppData\Local\Sports Interactive
2018-01-15 18:48 - 2015-04-12 14:06 - 000000000 ____D C:\Users\Borovský Lukáš\AppData\Local\Steam
2018-01-15 17:49 - 2016-07-16 07:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-01-15 17:29 - 2015-04-18 00:12 - 000000000 ____D C:\Program Files (x86)\Panda Security
2018-01-15 17:29 - 2014-10-14 15:56 - 000000000 ____D C:\ProgramData\Panda Security
2018-01-15 17:28 - 2014-10-14 15:58 - 000000000 ____D C:\Users\Borovský Lukáš\AppData\Roaming\Panda Security
2018-01-15 16:50 - 2014-10-14 11:21 - 000000000 ____D C:\Users\Borovský Lukáš\AppData\Local\VirtualStore
2018-01-15 16:08 - 2014-11-10 18:23 - 000000000 ____D C:\Program Files (x86)\VirtualDJ
2018-01-15 16:08 - 2014-11-10 18:21 - 000000000 ____D C:\Program Files (x86)\Total War ROME II
2018-01-14 22:22 - 2016-10-09 11:05 - 000000000 ____D C:\Users\Borovský Lukáš
2018-01-14 19:45 - 2016-11-05 17:06 - 000000000 ____D C:\WINDOWS\Minidump
2018-01-14 19:44 - 2015-04-26 19:29 - 1388964493 _____ C:\WINDOWS\MEMORY.DMP
2018-01-14 19:07 - 2014-10-14 16:27 - 000000000 ____D C:\Program Files (x86)\Origin Games
2018-01-14 19:07 - 2009-07-14 06:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-01-14 02:02 - 2014-10-14 16:20 - 000000000 ____D C:\ProgramData\Origin
2018-01-14 01:59 - 2017-01-12 16:07 - 000000000 ____D C:\Users\Borovský Lukáš\AppData\Local\Battle.net
2018-01-13 17:44 - 2014-10-14 16:27 - 000000000 ____D C:\Users\Borovský Lukáš\AppData\Roaming\Origin
2018-01-13 16:08 - 2017-01-12 16:05 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-01-12 21:07 - 2017-09-29 14:47 - 000000000 ____D C:\Program Files\rempl
2018-01-10 15:44 - 2015-07-29 20:01 - 000002441 _____ C:\Users\Borovský Lukáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-01-10 15:44 - 2015-07-29 20:01 - 000000000 ___RD C:\Users\Borovský Lukáš\OneDrive
2018-01-10 15:37 - 2017-10-12 08:09 - 000132324 _____ C:\WINDOWS\system32\perfh01B.dat
2018-01-10 15:37 - 2017-10-12 08:09 - 000042440 _____ C:\WINDOWS\system32\perfc01B.dat
2018-01-09 20:34 - 2014-10-15 17:19 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-01-09 20:32 - 2017-10-11 10:59 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-01-09 20:32 - 2014-10-15 17:19 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-01-09 15:38 - 2016-07-16 12:47 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-01-09 15:38 - 2016-07-16 12:47 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-01-05 21:21 - 2016-07-16 12:47 - 000000000 ____D C:\WINDOWS\rescache
2018-01-05 18:03 - 2015-07-29 19:54 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-01-04 22:56 - 2016-07-16 12:47 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-01-04 22:56 - 2016-07-16 12:47 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-01-04 20:43 - 2014-11-08 09:34 - 000002284 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-04 17:51 - 2016-10-09 11:00 - 000000000 ____D C:\ProgramData\Package Cache
2018-01-03 17:58 - 2014-11-13 18:56 - 000000000 ____D C:\Users\Borovský Lukáš\AppData\Roaming\vlc
2017-12-21 17:51 - 2014-10-14 16:20 - 000000000 ____D C:\Program Files (x86)\Origin
2017-12-21 04:41 - 2016-07-16 12:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-12-21 04:41 - 2016-07-16 12:49 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-19 16:54 - 2016-10-09 11:04 - 001730856 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-19 16:41 - 2016-07-16 12:47 - 000000000 ____D C:\WINDOWS\system32\NDF

==================== Files in the root of some directories =======

2018-01-14 16:18 - 2016-07-16 12:42 - 000058368 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\ZoGJEOH.exe
2018-01-14 16:18 - 2016-07-16 12:43 - 000000072 _____ () C:\Users\Borovský Lukáš\AppData\Roaming\GWIFgmX
2016-07-16 12:43 - 2016-07-16 12:43 - 000000072 _____ () C:\Users\Borovský Lukáš\AppData\Roaming\GWIFgmX.bat
2018-01-14 16:18 - 2016-07-16 12:43 - 000001331 _____ () C:\Users\Borovský Lukáš\AppData\Local\AaOvQwmiIAWa
2016-07-16 12:43 - 2016-07-16 12:43 - 000001331 _____ () C:\Users\Borovský Lukáš\AppData\Local\AaOvQwmiIAWa.bat
2018-01-14 16:18 - 2016-07-16 12:43 - 000001135 _____ () C:\Users\Borovský Lukáš\AppData\Local\KVuI
2016-07-16 12:43 - 2016-07-16 12:43 - 000001135 _____ () C:\Users\Borovský Lukáš\AppData\Local\KVuI.bat
2018-01-06 12:00 - 2018-01-06 12:00 - 000007601 _____ () C:\Users\Borovský Lukáš\AppData\Local\Resmon.ResmonCfg
2018-01-14 16:18 - 2018-01-14 16:18 - 000000001 _____ () C:\Users\Borovský Lukáš\AppData\Local\WMI.ini

luker13
nováček
Příspěvky: 11
Registrován: leden 18
Pohlaví: Muž
Stav:
Offline

Re: spustenie cmd.exe pri starte Windowsu

Příspěvekod luker13 » 18 led 2018 20:59

Some files in TEMP:
====================
2017-06-15 07:02 - 2017-06-15 07:02 - 000007915 _____ () C:\Users\Borovský Lukáš\AppData\Local\Temp\2012025157.exe
2017-06-15 07:02 - 2017-06-15 07:02 - 000007915 _____ () C:\Users\Borovský Lukáš\AppData\Local\Temp\261489307.exe
2017-06-15 07:02 - 2017-06-15 07:02 - 000007915 _____ () C:\Users\Borovský Lukáš\AppData\Local\Temp\32457317.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-15 19:29

==================== End of FRST.txt ============================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.01.2018 01
Ran by Borovský Lukáš (18-01-2018 20:49:45)
Running from C:\Users\Borovský Lukáš\Desktop
Windows 10 Home Version 1607 14393.2035 (X64) (2016-10-09 10:27:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1238180860-1766027694-2994458518-500 - Administrator - Disabled)
Borovský Lukáš (S-1-5-21-1238180860-1766027694-2994458518-1000 - Administrator - Enabled) => C:\Users\Borovský Lukáš
DefaultAccount (S-1-5-21-1238180860-1766027694-2994458518-503 - Limited - Disabled)
Guest (S-1-5-21-1238180860-1766027694-2994458518-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1238180860-1766027694-2994458518-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Slovak (HKLM-x32\...\{AC76BA86-7AD7-1051-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Aegisub 3.2.2 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.2.2 - Aegisub Team)
Aktualizácie NVIDIA 28.0.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 28.0.0.0 - NVIDIA Corporation) Hidden
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 385.69 - NVIDIA Corporation) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avidemux 2.7 - 64 bits (HKLM-x32\...\Avidemux 2.7 - 64 bits (64-bit)) (Version: 2.7.0.170814 - )
Avira (HKLM-x32\...\{518c54f5-fd43-4aa6-936b-8d7fd8c85cbd}) (Version: 1.2.103.26908 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{E3F659C3-7936-4321-B886-4DA527DA72FE}) (Version: 1.2.103.26908 - Avira Operations GmbH & Co. KG) Hidden
Avira Browser Safety (HKLM-x32\...\{9E10EA90-5E97-43B7-A246-FC7B4F5E9493}) (Version: 1.4.5.509 - Avira Operations GmbH & Co KG)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.0.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.8.2.48475 - Electronic Arts)
Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.52.9015 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
CLICKBIOSII (HKLM-x32\...\{EBCB111F-4907-4B28-BD03-F5BD901106D2}_is1) (Version: 1.0.123 - MSI)
ControlCenter (HKLM-x32\...\{AF14F0CD-5307-4134-BDFA-15974473C1EE}_is1) (Version: 2.5.060 - MSI)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Dead Space™ 2 (HKLM-x32\...\{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}) (Version: 1.0.941.0 - Electronic Arts)
DebugMode Wax 2.0 (HKLM-x32\...\DebugMode Wax 2.0) (Version: - )
Eye 312 (HKLM-x32\...\{74F923F2-2B11-4E2E-B638-A1772A9F7B7B}) (Version: 1.0.0.28 - KYE SYSTEMS CORP.)
FIFA 18 (HKLM-x32\...\{213CC10A-B8CB-4EBA-B277-6B08B7C22A65}) (Version: 1.0.50.12617 - Electronic Arts)
Fraps (HKLM-x32\...\Fraps) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Spoločnosť Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.115 - Google Inc.) Hidden
GoPro Studio 2.5.4 (HKLM-x32\...\GoPro Studio) (Version: 2.5.4 - GoPro, Inc.)
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Malwarebytes verzia 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-1238180860-1766027694-2994458518-1000\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
MSI Live Update (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.0.010 - MSI)
MSI Super Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.026 - MSI)
Mumble 1.2.8 (HKLM-x32\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)
NetworkGenie (HKLM-x32\...\{B416A23D-C2BD-4956-8BAE-5C3BAFF1AC1E}) (Version: 1.0.0.8 - MSI)
NVIDIA 3D Vision radič ovládača 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.9.0.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.9.0.97 - NVIDIA Corporation)
NVIDIA Softvér systému s podporou technológie PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.8.17910 - Electronic Arts, Inc.)
Ovládací panel NVIDIA 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 388.13 - NVIDIA Corporation) Hidden
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version: - PokerStars.eu)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.3.1 - Rockstar Games)
RollerCoaster Tycoon 2 (HKLM-x32\...\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}) (Version: - )
RollerCoaster Tycoon 2: Time Twister (HKLM-x32\...\{BA1E1AFD-D1F2-4C52-88C3-186FC5E61604}) (Version: 1.00.000 - )
RollerCoaster Tycoon 2: Wacky Worlds (HKLM-x32\...\{B1AD83A0-DC92-41E3-B111-E9472349768C}) (Version: - )
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
STAR WARS™ Battlefront™ (HKLM-x32\...\{E402D891-4E45-4ce9-B41F-DD35864EF170}) (Version: 1.0.7.64833 - Electronic Arts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamingGenie (HKLM-x32\...\{AF9B9CCF-D1B4-44B4-A030-BFCF5686AA5E}_is1) (Version: 1.0.1.3 - MSI)
TeamSpeak 3 Client (HKU\S-1-5-21-1238180860-1766027694-2994458518-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.31.37.1020 - Electronic Arts Inc.)
Time-Lapse Tool (HKLM-x32\...\{3C54E96B-C11E-4452-9BC9-55BF5D18ACF8}) (Version: 2.2.2631 - AI Devs)
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.10.1 - Electronic Arts)
Total War ROME II (HKLM-x32\...\VG90YWxXYXJST01FSUk=_is1) (Version: 1 - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{1F3E59DD-7DCE-4103-9528-57DA43134312}) (Version: 2.9.0.0 - Microsoft Corporation)
USB Video Device (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.54300.119 - Sonix)
VideoGenie (HKLM-x32\...\{FC54FD8D-789C-406D-BB88-F7C4421B7E83}_is1) (Version: 1.0.0.12 - MSI)
VirtualDJ 8 (HKLM-x32\...\{9ADBBA93-4625-4898-BB0D-BCE7EA9F8B4A}) (Version: 8.0.0 - Atomix Productions)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012 - GoPro)
Winki (HKLM-x32\...\{81CF5153-38CF-41e2-AC3C-3D477C987D96}_is1) (Version: 3.2.131 - MSI)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1238180860-1766027694-2994458518-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> "C:\WINDOWS\system32\igfxEM.exe" => No File
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-01-18] ()
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-08-27] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-08-27] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll -> No File
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-01-18] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-08-27] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-08-27] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01CDB28F-53D7-433D-B158-FBFCC0667E7F} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {08DCE3CB-9E72-48DD-AA46-4EEF9B1B992B} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {09E3B48B-09C6-4602-A537-D2137A412979} - System32\Tasks\{921B5C8E-1215-4DC6-9961-6FB7B4F434BF} => C:\Windows\system32\pcalua.exe -a E:\Redistributables\VCRed\vcredist_x86.exe -d E:\Redistributables\VCRed
Task: {0B258F6A-1508-4B8F-BD19-ECFB109CDF1E} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-09-19] (NVIDIA Corporation)
Task: {105A9FD2-FFD0-4C04-A49D-1AB532A17E4D} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {1B2CB4C3-0981-4EEF-BE8B-3AA127145DEE} - no filepath
Task: {1B934387-133B-4056-8FB3-BCEA30B29E11} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1CE8EBB1-9E72-4303-BB89-8DFB1BE8E36D} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {1E0A3EBC-F033-4C21-AC2B-E1D626E17CBE} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-09-19] (NVIDIA Corporation)
Task: {2636CD10-1D93-4AC6-8002-D605D1650C9B} - System32\Tasks\NaaenLxAqIy => C:\Users\Borovský Lukáš\AppData\Roaming\GWIFgmX.bat [2016-07-16] () <==== ATTENTION
Task: {265E7137-458C-4DCF-8C7E-B89A6CBA12CA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-10-09] (Microsoft Corporation)
Task: {2B3A9FF8-413E-4319-B4BF-8E83DF5F60A4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-10-09] (Microsoft Corporation)
Task: {31BF1EEE-04F3-46D8-AA28-9E16D7E79897} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {3B0BC525-96BD-4735-81F9-56E2156878CC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-10-09] (Microsoft Corporation)
Task: {411D5EC9-719C-4AAB-A9A4-91B6A1B8B549} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-09-19] (NVIDIA Corporation)
Task: {41C2A0B5-E0C8-4653-8994-0412659ECF80} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {44269F83-30CA-4F0C-B508-0FC7E1265813} - System32\Tasks\RtlNetworkGenieVistaStart => C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe [2014-04-23] (Realtek Semiconductor)
Task: {47F2544A-A769-4331-BEDA-451BD9208360} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {5C2945DC-913E-484A-A107-BC0158BB145E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {60ACC5CB-242F-49D8-8839-52DF5A611422} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Borovský Lukáš\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {6653F444-C086-4B0A-944B-1023D97E13FD} - System32\Tasks\YeijTuumu => C:\WINDOWS\vDTe.bat [2016-07-16] () <==== ATTENTION
Task: {678DED5B-CC0F-4817-BD15-F807BCEB6D36} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {71A4E460-6CED-4624-AA8C-4E988FDF190E} - no filepath
Task: {731A96E1-513D-43D4-9F15-83A35ADF229B} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-09-19] (NVIDIA Corporation)
Task: {764516D3-FBF6-442B-9E78-5FB61E2FCE9D} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {77047CE6-DE71-41DC-9696-367AB6FD3AAF} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7B107D0E-A7A4-47E3-8A2B-32991B6543A7} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-09-19] (NVIDIA Corporation)
Task: {7B468C17-BBA2-4402-953D-4CBBF982BA11} - System32\Tasks\{2FB01903-E771-495E-84A0-D20192E6CC32} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\Borovský Lukáš\Desktop\autorun.exe" -d "C:\Users\Borovský Lukáš\Desktop"
Task: {834E4B41-D70C-4049-A87B-05D1CA8A0E3D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {870DEF7B-06A7-4A4A-BA41-B79DF8412C10} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {87EA8B64-1455-4A9B-8EBC-D90A81EDC033} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-09] (Adobe Systems Incorporated)
Task: {8FBF857B-1852-41A2-98DC-C99CEDC45470} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {9204F528-62E7-4495-9DDF-1D784CD48D66} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9776F6DD-AAE8-4B8D-8F6A-55848758247B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9A569F4F-AF75-4F6E-809F-2FD944C902AC} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A1CD5714-579B-4FFE-BA35-E421A080A5AC} - System32\Tasks\{87061EC6-F29B-48A5-9BFB-4A8D46BAEE6A} => C:\Windows\system32\pcalua.exe -a C:\MSILU\DL_FILE\Realtek_HD_Audio_Drivers_6.0.1.7069.exe -d C:\MSILU\DL_FILE
Task: {A3B52DB2-C578-4561-9071-8846D80EFEBE} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A62CAAA1-FE17-4F76-922A-C90F05EE12EE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A9AD1D83-3C35-4329-AA36-A99BE05273D8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {AD0E1753-7A00-4AEA-9636-E899C5441022} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-01-09] (Microsoft Corporation)
Task: {B012BCCA-14C5-49BD-800A-4716FBB052BD} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C05B0E77-08AF-455E-8E86-C9BF0A519342} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {C0A4BD78-6811-4118-9473-5E8AC8D069D0} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {C0F136DE-349D-43E3-8D28-F32BF8E029C3} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {C83385A6-9324-4D7B-9DAC-CC53CBF06C30} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-09-19] (NVIDIA Corporation)
Task: {CD9F6B8F-3B51-42EC-BBE4-8E7D19121E9B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {CDC6BA55-B3FF-4CA7-B135-61AB150037B8} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {CEE068C9-223B-4E67-A98D-94A40BF2D037} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-09-19] (NVIDIA Corporation)
Task: {D40684AE-CA80-429B-B451-D5E901129183} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-09-19] (NVIDIA Corporation)
Task: {D4398828-D6B9-40E1-B318-DCE8FCF744BF} - System32\Tasks\{B88A616C-1FBC-4C71-BDFF-62FE1FB5ACED} => C:\Windows\system32\pcalua.exe -a C:\Users\luker13\Downloads\vcredist_x86.exe -d C:\Users\luker13\Downloads
Task: {D4D21785-0802-4D85-BAB5-9038293C9C20} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D68F1C7E-B7BB-4912-97F4-A677A15F163D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E37B3147-9FD3-4AF6-BF51-4D875C1D1A96} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {E53845DE-0767-4C94-824D-D608F67677E9} - System32\Tasks\EcRzIbz => C:\Program Files (x86)\Common Files\ZoGJEOH.exe [2016-07-16] (Microsoft Corporation)
Task: {EA980373-956A-47F9-AED5-5BDAEF3E39CD} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {EB78DBBF-66B4-40F3-9D4C-6FD2D4AA799E} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {ED6D6C42-D2E8-4639-AE4C-3A607303ECD1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-10-09] (Microsoft Corporation)
Task: {F1A2AB2C-C879-4784-9FD1-F442DBC956B6} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F4335C70-0CB4-4C2A-96F9-AA11236C85E7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F476D71E-DF40-430E-898D-2B26A78B23B7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F53C241B-522A-47D4-8D96-8994050C190D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {F74A9C71-E959-480A-9641-69E04331D1B3} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\RtlNetworkGenieVistaStart.job => C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Borovský Lukáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki
Shortcut: C:\Users\Borovský Lukáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-09-13 16:51 - 2017-09-07 07:01 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2018-01-15 15:53 - 2017-11-29 09:11 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-01-15 15:53 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2016-11-08 17:19 - 2017-09-19 08:23 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2014-10-28 16:25 - 2014-10-28 16:25 - 000076152 _____ () C:\Windows\system32\PnkBstrA.exe
2018-01-18 19:09 - 2018-01-18 19:09 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2016-10-09 11:49 - 2016-10-09 11:49 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 19:39 - 2017-03-04 07:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 19:40 - 2017-03-04 07:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 19:40 - 2017-03-04 07:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 19:40 - 2017-03-04 07:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-12-13 16:53 - 2017-11-30 08:32 - 002424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-12-13 16:53 - 2017-11-30 08:34 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2018-01-03 15:43 - 2018-01-03 15:50 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-03 15:43 - 2018-01-03 15:50 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-03 15:43 - 2018-01-03 15:50 - 024670720 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-03 15:43 - 2018-01-03 15:50 - 002550272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\skypert.dll
2018-01-04 20:43 - 2018-01-03 10:20 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
2018-01-04 20:43 - 2018-01-03 10:20 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libegl.dll
2014-10-14 17:30 - 2005-07-18 12:43 - 000160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll
2014-10-21 15:35 - 2014-04-21 14:09 - 000150528 _____ () C:\Program Files (x86)\MSI\NetworkGenie\gep.dll
2016-11-08 17:19 - 2017-09-19 08:23 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:054203E4 [141]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\AutorunsDisabled => "AlternateShell"="cmd.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2018-01-18 18:54 - 000000753 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1238180860-1766027694-2994458518-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Borovský Lukáš\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 10.111.254.1 - 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "GoPro Importer.lnk"
HKLM\...\StartupApproved\Run32: => "tsnp2uvc"
HKLM\...\StartupApproved\Run32: => "seznam-listicka-distribuce"
HKU\S-1-5-21-1238180860-1766027694-2994458518-1000\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1328B6C1-0A45-4BCD-84FC-BDF65A9B33B3}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{B721CE5F-3D36-4E4A-A993-34B2D206BFC1}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{776A9F41-A6AA-4D5A-8D55-536D1C86D7BA}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{4D3E6946-0567-4036-A98E-D47DD436F3A2}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{0FDE8EED-1FC6-4AC6-89D4-37C999B55F01}] => (Allow) C:\Program Files (x86)\Origin Games\Titanfall\Titanfall.exe
FirewallRules: [{4296353A-0F6E-4836-B569-7361B22F7ADE}] => (Allow) C:\Program Files (x86)\Origin Games\Titanfall\Titanfall.exe
FirewallRules: [{33AE35CD-E2F2-45F3-9DC5-7155077DE1B6}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{403E1224-394D-4E8B-AACD-D20BC30434BE}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{D976A459-6EF1-41AF-A01B-5131C90C676D}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{BBF2330A-EBCE-4683-AF42-DF62FCFDA359}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [UDP Query User{095AE7B2-3C67-4672-BB54-0996A997544A}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{FD3D0808-A6D6-4D3B-881C-374188F5ADDB}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{F4DD8C78-5992-4D8A-94B8-D327EF464C89}C:\program files (x86)\total war rome ii\rome2.exe] => (Allow) C:\program files (x86)\total war rome ii\rome2.exe
FirewallRules: [TCP Query User{0410EADD-7401-4A22-91C7-D3D500531E78}C:\program files (x86)\total war rome ii\rome2.exe] => (Allow) C:\program files (x86)\total war rome ii\rome2.exe
FirewallRules: [UDP Query User{A9DEDF64-6F8F-49EF-AB3F-D79997A3ECF8}C:\program files (x86)\origin games\fifa 15\fifa15.exe] => (Allow) C:\program files (x86)\origin games\fifa 15\fifa15.exe
FirewallRules: [TCP Query User{626243E3-B55D-4C77-9758-E148501CC063}C:\program files (x86)\origin games\fifa 15\fifa15.exe] => (Allow) C:\program files (x86)\origin games\fifa 15\fifa15.exe
FirewallRules: [{EFA29821-272E-4414-9A5C-9C8EA3BC674B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{B9E29EDF-38B4-4B91-AD26-11A4AF0241BC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{5249CE65-A7BD-49DF-B978-1442CBA2B8AA}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{F4E0A7BD-D2A3-46E2-8830-6C94B602CACC}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{C9C77247-C5EE-4FEB-8309-B801D16FD4D9}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F14F5460-EEB3-40A3-8A26-3E1885EF33B0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{C52992FF-0CD9-46DA-98F7-BBD9C2F0F79E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{C73F5D10-237F-4CC6-AE5D-7CD9D5B67A08}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SleepingDogs\HKShip.exe
FirewallRules: [{037127B9-4AC8-4A5B-9CC2-7D451194A582}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SleepingDogs\HKShip.exe
FirewallRules: [{8192EEF6-CCED-4013-9B2A-076ED2384E1A}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{03FD8709-5DBB-484B-91E5-6ABA75825620}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{43ACA3C0-348B-413C-8FFF-BC4FDD0ECEE7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alien Isolation\AI.exe
FirewallRules: [{9F177CFD-BCB9-4A52-9186-2444C0F65ECB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alien Isolation\AI.exe
FirewallRules: [{FF7DD279-F6C7-4FDC-89B5-66CF0DAD7F03}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{AB7286B1-BD12-44CB-A0AE-E1B99B5B1605}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C16E9810-F86E-4B58-988B-AE69AE60194A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D975F8D2-87E1-4F4D-BF21-26172D96755F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0B4CFD0D-A228-4526-8B93-583D2F6EB8EF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4D979566-F192-4196-B022-8009BA53F079}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{EBC3A617-FBC4-4DF9-A03F-A256736BAA6C}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{471BFCD4-679B-4877-87C5-43F76DFB3453}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{F4A1B54C-63CC-4F6C-B1C5-593EDB82BA1D}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{8A46C9BD-B015-4857-8F2C-C19AC3995D9B}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{C6D91EAF-D2B0-4DC6-8798-7CA0BE8C8337}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{27107229-4E3C-43A6-9BA4-F3146FF2974E}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{2608BE1B-9D20-4B85-9E8D-00E9872846D0}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{B377CB0B-9F92-4A6E-9D9B-4BDBC517603F}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{F63C89C4-D30B-4A3A-BB1C-25FA7B862C5C}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [TCP Query User{6FCE3C4A-1B79-47E7-8159-DE713D993FE8}C:\program files (x86)\origin games\star wars battlefront\starwarsbattlefront.exe] => (Allow) C:\program files (x86)\origin games\star wars battlefront\starwarsbattlefront.exe
FirewallRules: [UDP Query User{9D073600-30FF-41CF-B680-0086BC55CD80}C:\program files (x86)\origin games\star wars battlefront\starwarsbattlefront.exe] => (Allow) C:\program files (x86)\origin games\star wars battlefront\starwarsbattlefront.exe
FirewallRules: [TCP Query User{D2AE2475-BFDD-4863-9B83-2F2D83BED181}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{88AC24DB-CA7C-4626-8DB2-F6900A77B44E}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{D22DB06B-8941-4085-B8C7-2C2D99C4D2C7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{DCD652E3-2437-4072-BEB9-F36BE5C1418B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{8250E6F3-E4D6-48B9-9377-A99D1F4F11F9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{36814FBE-EC59-4CD9-84A5-040698F84437}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6B6B712C-8621-4DB7-90D8-96A40C38FCB2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D4D50AF0-7966-4821-8F50-F5C1819A043C}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BFLauncher.exe
FirewallRules: [{FFA347F3-980C-4081-BB2B-DD1597FC3F27}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BFLauncher.exe
FirewallRules: [{5FC28006-F431-4F90-9F9C-61774275EB50}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BFLauncher_x86.exe
FirewallRules: [{4260AD7D-2F66-4449-B267-4D0C20105657}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BFLauncher_x86.exe
FirewallRules: [TCP Query User{BDD60302-DE59-48FA-BA90-B724D427D371}C:\program files (x86)\origin games\battlefield 1\bf1.exe] => (Allow) C:\program files (x86)\origin games\battlefield 1\bf1.exe
FirewallRules: [UDP Query User{85949BC9-2CE5-4094-BC3A-06E049626B3F}C:\program files (x86)\origin games\battlefield 1\bf1.exe] => (Allow) C:\program files (x86)\origin games\battlefield 1\bf1.exe
FirewallRules: [TCP Query User{767F30BD-9836-40D8-A5F9-BE0BE728E12D}C:\program files (x86)\origin games\star wars battlefront\starwarsbattlefront.exe] => (Allow) C:\program files (x86)\origin games\star wars battlefront\starwarsbattlefront.exe
FirewallRules: [UDP Query User{C132CFD0-615E-4953-B1A2-C2C3E412EEBF}C:\program files (x86)\origin games\star wars battlefront\starwarsbattlefront.exe] => (Allow) C:\program files (x86)\origin games\star wars battlefront\starwarsbattlefront.exe
FirewallRules: [{AD7CF935-1874-4CA8-B7D3-AE971BCC7C91}] => (Allow) C:\Hry\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{A4A2AC6E-619C-47D9-95BE-0CE75C63AA65}] => (Allow) C:\Hry\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{E57A7B84-9D91-482D-BC33-0F2EF07D3545}] => (Allow) C:\Hry\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{0FA06914-341F-4CA8-AE40-0D166D4B0422}] => (Allow) C:\Hry\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{B613F52E-5F13-435D-858E-F17E6D511737}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{67C74EFF-30AF-4C44-A18B-ABC604983C5A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{DB468EF0-3EBA-4A00-9CEA-C18168147951}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{1C10E04F-A450-4122-B05B-441A53242A76}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CCB45A31-877C-445B-A407-0CF708B3A6F1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{3C2E745D-01C7-4F9B-855C-26EDABA82A96}C:\program files (x86)\origin games\fifa 18 demo\fifa18_demo.exe] => (Allow) C:\program files (x86)\origin games\fifa 18 demo\fifa18_demo.exe
FirewallRules: [UDP Query User{CF0F7D0E-C154-485B-951D-F2F925DFC0E7}C:\program files (x86)\origin games\fifa 18 demo\fifa18_demo.exe] => (Allow) C:\program files (x86)\origin games\fifa 18 demo\fifa18_demo.exe
FirewallRules: [TCP Query User{B1767E6F-FA7E-425D-9549-B23067EC6CBF}C:\program files (x86)\origin games\fifa 18\fifa18.exe] => (Allow) C:\program files (x86)\origin games\fifa 18\fifa18.exe
FirewallRules: [UDP Query User{17E1DF90-3843-4E53-8720-EDA2A0F8DC35}C:\program files (x86)\origin games\fifa 18\fifa18.exe] => (Allow) C:\program files (x86)\origin games\fifa 18\fifa18.exe
FirewallRules: [{36CB4F59-139B-4222-AEEB-F1BD6BF137A3}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 18\FIFASetup\fifaconfig.exe
FirewallRules: [{D35A651C-6646-4393-8439-E80F57C3D5C8}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 18\FIFASetup\fifaconfig.exe
FirewallRules: [{5D55E2D6-EF4A-433A-AFED-6B90F025328F}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{3AE77886-8AB5-4FAE-BA2B-0B05F387A674}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{DF0256FC-DF18-42F4-96FA-AEED3794DE90}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{441C5FF0-7A9C-476A-BC07-DC3B5E3EB03C}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{B58C9A58-1748-4F4A-8AF1-D2B6A7EA9327}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1CE468CB-13A3-4A52-8CE5-1ACA0CFB3A29}] => (Allow) C:\Users\Borovský Lukáš\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A3A237C9-F313-4E0E-BB04-19FAAC5C2066}] => (Allow) C:\Users\Borovský Lukáš\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{29A1E47F-FF96-4654-A60E-E2C2A8BD4357}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{FEA5E64A-15CA-471B-B834-6F4814BF91EF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{8E29D1F8-D5E1-4810-989C-3EDCCDC67F0C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Football Manager 2018\fm.exe
FirewallRules: [{7891CCD3-31B0-4026-A656-A4DD3690C71F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Football Manager 2018\fm.exe

==================== Restore Points =========================

09-01-2018 20:30:58 Windows Update
12-01-2018 21:06:43 Windows Update
17-01-2018 21:19:42 Installed Sophos Virus Removal Tool.

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/18/2018 08:00:48 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\Borovský Lukáš\Desktop\Autoruns.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.

Error: (01/18/2018 07:54:53 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\Borovský Lukáš\Desktop\Autoruns.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.

Error: (01/18/2018 06:57:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: Explorer.EXE, verzia: 10.0.14393.1532, časová značka: 0x5965adb0
Názov chybujúceho modulu: windows.immersiveshell.serviceprovider.dll, verzia: 10.0.14393.1593, časová značka: 0x5980caee
Kód výnimky: 0x80270233
Odstup chyby: 0x0000000000033c25
Identifikácia chybujúceho procesu: 0x1150
Čas spustenia chybujúcej aplikácie: 0x01d39085aad41817
Cesta chybujúcej aplikácie: C:\WINDOWS\Explorer.EXE
Cesta chybujúceho modulu: C:\Windows\System32\windows.immersiveshell.serviceprovider.dll
Identifikácia hlásenia: b0bc84ba-3d5e-4ba7-807c-1927026db225
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (01/18/2018 06:54:51 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (01/18/2018 06:53:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Cryptographic Services zlyhala pri spracovávaní volania OnIdentity() v objekte System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/18/2018 06:46:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: wmiprvse.exe, verzia: 10.0.14393.2035, časová značka: 0x5a5703ea
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.14393.1715, časová značka: 0x59b0d03e
Kód výnimky: 0xc0000374
Odstup chyby: 0x00000000000f8363
Identifikácia chybujúceho procesu: 0x1be8
Čas spustenia chybujúcej aplikácie: 0x01d3907fbd8d4857
Cesta chybujúcej aplikácie: C:\WINDOWS\system32\wbem\wmiprvse.exe
Cesta chybujúceho modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
Identifikácia hlásenia: 51736d76-cd13-462e-8d11-3fd108df0adf
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (01/17/2018 10:13:23 PM) (Source: Microsoft Security Client) (EventID: 2003) (User: )
Description: Event-ID 2003

Error: (01/17/2018 10:13:23 PM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
Description: Event-ID 2002

Error: (01/17/2018 10:12:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: wmiprvse.exe, verzia: 10.0.14393.0, časová značka: 0x57899ab2
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.14393.1715, časová značka: 0x59b0d03e
Kód výnimky: 0xc0000374
Odstup chyby: 0x00000000000f8363
Identifikácia chybujúceho procesu: 0x1ee8
Čas spustenia chybujúcej aplikácie: 0x01d38fd7d5b15286
Cesta chybujúcej aplikácie: C:\WINDOWS\system32\wbem\wmiprvse.exe
Cesta chybujúceho modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
Identifikácia hlásenia: fb44765d-151d-4560-aec8-0d3acf1f64ce
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (01/17/2018 09:21:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: mbamservice.exe, verzia: 3.1.0.595, časová značka: 0x59f745cb
Názov chybujúceho modulu: mbamservice.exe, verzia: 3.1.0.595, časová značka: 0x59f745cb
Kód výnimky: 0xc0000005
Odstup chyby: 0x00000000001c6e66
Identifikácia chybujúceho procesu: 0xa48
Čas spustenia chybujúcej aplikácie: 0x01d38fd0b03556ad
Cesta chybujúcej aplikácie: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Cesta chybujúceho modulu: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Identifikácia hlásenia: 9468b374-cab8-42a8-8b7e-c41085e8c5ac
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:


System errors:
=============
Error: (01/18/2018 08:00:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba CDPUserSvc_30698 bola ukončená s nasledujúcou chybou:
Unspecified error

Error: (01/18/2018 07:59:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba NvTelemetryContainer bola ukončená s nasledujúcou chybou:
A generic command executable returned a result that indicates failure.

Error: (01/18/2018 07:59:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Spustenie služby NetTcpPortSharing, od ktorej závisí služba NetTcpActivator, zlyhalo kvôli nasledujúcej chybe:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (01/18/2018 07:58:39 PM) (Source: DCOM) (EventID: 10005) (User: BorovskýLukáš)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/18/2018 07:58:38 PM) (Source: DCOM) (EventID: 10005) (User: BorovskýLukáš)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/18/2018 07:58:30 PM) (Source: DCOM) (EventID: 10005) (User: BorovskýLukáš)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/18/2018 07:57:51 PM) (Source: DCOM) (EventID: 10005) (User: BorovskýLukáš)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/18/2018 07:57:45 PM) (Source: DCOM) (EventID: 10005) (User: BorovskýLukáš)
Description: DCOM got error "1084" attempting to start the service BITS with arguments "Unavailable" in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (01/18/2018 07:57:45 PM) (Source: DCOM) (EventID: 10005) (User: BorovskýLukáš)
Description: DCOM got error "1084" attempting to start the service BITS with arguments "Unavailable" in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (01/18/2018 07:57:45 PM) (Source: DCOM) (EventID: 10005) (User: BorovskýLukáš)
Description: DCOM got error "1084" attempting to start the service BITS with arguments "Unavailable" in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}


CodeIntegrity:
===================================
Date: 2018-01-18 19:40:06.912
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-01-17 21:21:07.584
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-01-15 15:53:31.989
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2017-06-28 21:46:48.901
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-06-08 18:57:03.487
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-05-08 13:54:47.401
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-01-22 20:51:38.755
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3570 CPU @ 3.40GHz
Percentage of memory in use: 17%
Total physical RAM: 16316.43 MB
Available physical RAM: 13488.39 MB
Total Virtual: 17340.43 MB
Available Virtual: 14513.59 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1386.17 GB) (Free:736.62 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.56 GB) (Free:0.99 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 88BCD514)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1386.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=449 MB) - (Type=27)
Partition 4: (Not Active) - (Size=10.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: spustenie cmd.exe pri starte Windowsu

Příspěvekod jaro3 » 18 led 2018 22:13

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\SysWOW64\userinit.exe,
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O18 - Protocol: abs - {E00957BD-D0E1-4EB9-A025-7743FDC8B27B} - mscoree.dll (file missing)




Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
C:\WINDOWS\System32\Tasks\NaaenLxAqIy
C:\WINDOWS\System32\Tasks\YeijTuumu
C:\WINDOWS\System32\Tasks\EcRzIbz
C:\Users\Borovský Lukáš\AppData\Local\WMI.ini
C:\Users\Borovský Lukáš\AppData\Local\AaOvQwmiIAWa
C:\Users\Borovský Lukáš\AppData\Local\KVuI
C:\WINDOWS\vDTe
C:\Users\Borovský Lukáš\AppData\Roaming\GWIFgmX
C:\WINDOWS\uRHGFneiFKj.exe
C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
C:\Program Files (x86)\Panda Security
C:\ProgramData\Panda Security
C:\Users\Borovský Lukáš\AppData\Roaming\Panda Security
C:\Users\Borovský Lukáš\AppData\Roaming\GWIFgmX
C:\Users\Borovský Lukáš\AppData\Roaming\GWIFgmX.bat
C:\Users\Borovský Lukáš\AppData\Local\AaOvQwmiIAWa
C:\Users\Borovský Lukáš\AppData\Local\AaOvQwmiIAWa.bat
C:\Users\Borovský Lukáš\AppData\Local\KVuI
C:\Users\Borovský Lukáš\AppData\Local\KVuI.bat
C:\Users\Borovský Lukáš\AppData\Local\WMI.ini
C:\Users\Borovský Lukáš\AppData\Local\Temp\2012025157.exe
C:\Users\Borovský Lukáš\AppData\Local\Temp\261489307.exe
C:\Users\Borovský Lukáš\AppData\Local\Temp\32457317.exe
CustomCLSID: HKU\S-1-5-21-1238180860-1766027694-2994458518-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> "C:\WINDOWS\system32\igfxEM.exe" => No File
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => -> No File
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll -> No File
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll -> No File
Task: {1B2CB4C3-0981-4EEF-BE8B-3AA127145DEE} - no filepath
Task: {1E0A3EBC-F033-4C21-AC2B-E1D626E17CBE} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-09-19] (NVIDIA Corporation)
Task: {2636CD10-1D93-4AC6-8002-D605D1650C9B} - System32\Tasks\NaaenLxAqIy => C:\Users\Borovský Lukáš\AppData\Roaming\GWIFgmX.bat [2016-07-16] () <==== ATTENTION
Task: {31BF1EEE-04F3-46D8-AA28-9E16D7E79897} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {41C2A0B5-E0C8-4653-8994-0412659ECF80} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {47F2544A-A769-4331-BEDA-451BD9208360} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {5C2945DC-913E-484A-A107-BC0158BB145E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {6653F444-C086-4B0A-944B-1023D97E13FD} - System32\Tasks\YeijTuumu => C:\WINDOWS\vDTe.bat [2016-07-16] () <==== ATTENTION
Task: {71A4E460-6CED-4624-AA8C-4E988FDF190E} - no filepath
Task: {834E4B41-D70C-4049-A87B-05D1CA8A0E3D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9776F6DD-AAE8-4B8D-8F6A-55848758247B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A3B52DB2-C578-4561-9071-8846D80EFEBE} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A62CAAA1-FE17-4F76-922A-C90F05EE12EE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A9AD1D83-3C35-4329-AA36-A99BE05273D8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {B012BCCA-14C5-49BD-800A-4716FBB052BD} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {CD9F6B8F-3B51-42EC-BBE4-8E7D19121E9B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {D68F1C7E-B7BB-4912-97F4-A677A15F163D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F53C241B-522A-47D4-8D96-8994050C190D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
AlternateDataStreams: C:\ProgramData\TEMP:054203E4 [141]
HKLM\...\StartupApproved\Run32: => "tsnp2uvc"
HKLM\...\StartupApproved\Run32: => "seznam-listicka-distribuce"

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

Avira je funkční?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

luker13
nováček
Příspěvky: 11
Registrován: leden 18
Pohlaví: Muž
Stav:
Offline

Re: spustenie cmd.exe pri starte Windowsu

Příspěvekod luker13 » 18 led 2018 22:33

aviru pouzivam ako ad block v chrome .... pouzival som ju ako antivir ale uz mam len adblock ...je nejaka lepsia alternativa?

EDIT: myslim ze problem vyrieseny ... restartoval som pc a tabulka sa neobjavila (ani v malwarebytes sprave nie je nic napisane)



Fix result of Farbar Recovery Scan Tool (x64) Version: 17.01.2018 01
Ran by Borovský Lukáš (18-01-2018 22:33:55) Run:1
Running from C:\Users\Borovský Lukáš\Desktop
Loaded Profiles: Borovský Lukáš (Available Profiles: Borovský Lukáš & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
C:\WINDOWS\System32\Tasks\NaaenLxAqIy
C:\WINDOWS\System32\Tasks\YeijTuumu
C:\WINDOWS\System32\Tasks\EcRzIbz
C:\Users\Borovsk� Luk�\AppData\Local\WMI.ini
C:\Users\Borovsk� Luk�\AppData\Local\AaOvQwmiIAWa
C:\Users\Borovsk� Luk�\AppData\Local\KVuI
C:\WINDOWS\vDTe
C:\Users\Borovsk� Luk�\AppData\Roaming\GWIFgmX
C:\WINDOWS\uRHGFneiFKj.exe
C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
C:\Program Files (x86)\Panda Security
C:\ProgramData\Panda Security
C:\Users\Borovsk� Luk�\AppData\Roaming\Panda Security
C:\Users\Borovsk� Luk�\AppData\Roaming\GWIFgmX
C:\Users\Borovsk� Luk�\AppData\Roaming\GWIFgmX.bat
C:\Users\Borovsk� Luk�\AppData\Local\AaOvQwmiIAWa
C:\Users\Borovsk� Luk�\AppData\Local\AaOvQwmiIAWa.bat
C:\Users\Borovsk� Luk�\AppData\Local\KVuI
C:\Users\Borovsk� Luk�\AppData\Local\KVuI.bat
C:\Users\Borovsk� Luk�\AppData\Local\WMI.ini
C:\Users\Borovsk� Luk�\AppData\Local\Temp\2012025157.exe
C:\Users\Borovsk� Luk�\AppData\Local\Temp\261489307.exe
C:\Users\Borovsk� Luk�\AppData\Local\Temp\32457317.exe
CustomCLSID: HKU\S-1-5-21-1238180860-1766027694-2994458518-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> "C:\WINDOWS\system32\igfxEM.exe" => No File
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => -> No File
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll -> No File
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll -> No File
Task: {1B2CB4C3-0981-4EEF-BE8B-3AA127145DEE} - no filepath
Task: {1E0A3EBC-F033-4C21-AC2B-E1D626E17CBE} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-09-19] (NVIDIA Corporation)
Task: {2636CD10-1D93-4AC6-8002-D605D1650C9B} - System32\Tasks\NaaenLxAqIy => C:\Users\Borovsk� Luk�\AppData\Roaming\GWIFgmX.bat [2016-07-16] () <==== ATTENTION
Task: {31BF1EEE-04F3-46D8-AA28-9E16D7E79897} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {41C2A0B5-E0C8-4653-8994-0412659ECF80} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {47F2544A-A769-4331-BEDA-451BD9208360} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {5C2945DC-913E-484A-A107-BC0158BB145E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {6653F444-C086-4B0A-944B-1023D97E13FD} - System32\Tasks\YeijTuumu => C:\WINDOWS\vDTe.bat [2016-07-16] () <==== ATTENTION
Task: {71A4E460-6CED-4624-AA8C-4E988FDF190E} - no filepath
Task: {834E4B41-D70C-4049-A87B-05D1CA8A0E3D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9776F6DD-AAE8-4B8D-8F6A-55848758247B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A3B52DB2-C578-4561-9071-8846D80EFEBE} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A62CAAA1-FE17-4F76-922A-C90F05EE12EE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A9AD1D83-3C35-4329-AA36-A99BE05273D8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {B012BCCA-14C5-49BD-800A-4716FBB052BD} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {CD9F6B8F-3B51-42EC-BBE4-8E7D19121E9B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {D68F1C7E-B7BB-4912-97F4-A677A15F163D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F53C241B-522A-47D4-8D96-8994050C190D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
AlternateDataStreams: C:\ProgramData\TEMP:054203E4 [141]
HKLM\...\StartupApproved\Run32: => "tsnp2uvc"
HKLM\...\StartupApproved\Run32: => "seznam-listicka-distribuce"

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl" => removed successfully
C:\WINDOWS\System32\Tasks\NaaenLxAqIy => moved successfully
C:\WINDOWS\System32\Tasks\YeijTuumu => moved successfully
C:\WINDOWS\System32\Tasks\EcRzIbz => moved successfully
"C:\Users\Borovsk� Luk�\AppData\Local\WMI.ini" => not found
"C:\Users\Borovsk� Luk�\AppData\Local\AaOvQwmiIAWa" => not found
"C:\Users\Borovsk� Luk�\AppData\Local\KVuI" => not found
C:\WINDOWS\vDTe => moved successfully
"C:\Users\Borovsk� Luk�\AppData\Roaming\GWIFgmX" => not found
C:\WINDOWS\uRHGFneiFKj.exe => moved successfully
C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => moved successfully
C:\Program Files (x86)\Panda Security => moved successfully
C:\ProgramData\Panda Security => moved successfully
"C:\Users\Borovsk� Luk�\AppData\Roaming\Panda Security" => not found
"C:\Users\Borovsk� Luk�\AppData\Roaming\GWIFgmX" => not found
"C:\Users\Borovsk� Luk�\AppData\Roaming\GWIFgmX.bat" => not found
"C:\Users\Borovsk� Luk�\AppData\Local\AaOvQwmiIAWa" => not found
"C:\Users\Borovsk� Luk�\AppData\Local\AaOvQwmiIAWa.bat" => not found
"C:\Users\Borovsk� Luk�\AppData\Local\KVuI" => not found
"C:\Users\Borovsk� Luk�\AppData\Local\KVuI.bat" => not found
"C:\Users\Borovsk� Luk�\AppData\Local\WMI.ini" => not found
"C:\Users\Borovsk� Luk�\AppData\Local\Temp\2012025157.exe" => not found
"C:\Users\Borovsk� Luk�\AppData\Local\Temp\261489307.exe" => not found
"C:\Users\Borovsk� Luk�\AppData\Local\Temp\32457317.exe" => not found
"HKU\S-1-5-21-1238180860-1766027694-2994458518-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}" => removed successfully
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\UAContextMenu" => removed successfully
"HKLM\Software\Classes\CLSID\{A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75}" => removed successfully
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets" => removed successfully
HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => key not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxOSP" => removed successfully
HKLM\Software\Classes\CLSID\{FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => key not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\UAContextMenu" => removed successfully
HKLM\Software\Classes\CLSID\{A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => key not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\UAContextMenu" => removed successfully
HKLM\Software\Classes\CLSID\{A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B2CB4C3-0981-4EEF-BE8B-3AA127145DEE} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B2CB4C3-0981-4EEF-BE8B-3AA127145DEE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1E0A3EBC-F033-4C21-AC2B-E1D626E17CBE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E0A3EBC-F033-4C21-AC2B-E1D626E17CBE}" => removed successfully
C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2636CD10-1D93-4AC6-8002-D605D1650C9B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2636CD10-1D93-4AC6-8002-D605D1650C9B}" => removed successfully
"C:\WINDOWS\System32\Tasks\NaaenLxAqIy" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NaaenLxAqIy" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{31BF1EEE-04F3-46D8-AA28-9E16D7E79897}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31BF1EEE-04F3-46D8-AA28-9E16D7E79897}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{41C2A0B5-E0C8-4653-8994-0412659ECF80}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{41C2A0B5-E0C8-4653-8994-0412659ECF80}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{47F2544A-A769-4331-BEDA-451BD9208360}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47F2544A-A769-4331-BEDA-451BD9208360}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5C2945DC-913E-484A-A107-BC0158BB145E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C2945DC-913E-484A-A107-BC0158BB145E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6653F444-C086-4B0A-944B-1023D97E13FD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6653F444-C086-4B0A-944B-1023D97E13FD}" => removed successfully
"C:\WINDOWS\System32\Tasks\YeijTuumu" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YeijTuumu" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71A4E460-6CED-4624-AA8C-4E988FDF190E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71A4E460-6CED-4624-AA8C-4E988FDF190E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{834E4B41-D70C-4049-A87B-05D1CA8A0E3D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{834E4B41-D70C-4049-A87B-05D1CA8A0E3D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9776F6DD-AAE8-4B8D-8F6A-55848758247B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9776F6DD-AAE8-4B8D-8F6A-55848758247B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A3B52DB2-C578-4561-9071-8846D80EFEBE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3B52DB2-C578-4561-9071-8846D80EFEBE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A62CAAA1-FE17-4F76-922A-C90F05EE12EE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A62CAAA1-FE17-4F76-922A-C90F05EE12EE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A9AD1D83-3C35-4329-AA36-A99BE05273D8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9AD1D83-3C35-4329-AA36-A99BE05273D8}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B012BCCA-14C5-49BD-800A-4716FBB052BD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B012BCCA-14C5-49BD-800A-4716FBB052BD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD9F6B8F-3B51-42EC-BBE4-8E7D19121E9B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD9F6B8F-3B51-42EC-BBE4-8E7D19121E9B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D68F1C7E-B7BB-4912-97F4-A677A15F163D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D68F1C7E-B7BB-4912-97F4-A677A15F163D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F53C241B-522A-47D4-8D96-8994050C190D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F53C241B-522A-47D4-8D96-8994050C190D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job" => not found
C:\ProgramData\TEMP => ":054203E4" ADS removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\tsnp2uvc" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\tsnp2uvc" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\seznam-listicka-distribuce" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\seznam-listicka-distribuce" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 5042141 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 530615647 B
Java, Flash, Steam htmlcache => 38832758 B
Windows/system/drivers => 16534 B
Edge => 993942 B
Chrome => 557748273 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 20841981 B
NetworkService => 1490652 B
Borovský Lukáš => 19483039 B
DefaultAppPool => 40738 B

RecycleBin => 0 B
EmptyTemp: => 1.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:35:34 ====

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: spustenie cmd.exe pri starte Windowsu

Příspěvekod jaro3 » 19 led 2018 10:29

Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt
Další odkazy:
http://ccm.net/download/download-24087-delfix
https://www.bleepingcomputer.com/download/delfix/

Aviru si ponechej.

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

luker13
nováček
Příspěvky: 11
Registrován: leden 18
Pohlaví: Muž
Stav:
Offline

Re: spustenie cmd.exe pri starte Windowsu  Vyřešeno

Příspěvekod luker13 » 19 led 2018 15:51

# DelFix v1.013 - Logfile created 19/01/2018 at 15:49:06
# Updated 17/04/2016 by Xplode
# Username : Borovský Lukáš - BOROVSKÝLUKÁŠ
# Operating System : Windows 10 Home (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\Users\Borovský Lukáš\Desktop\AdwCleaner.exe
Deleted : C:\Users\Borovský Lukáš\Desktop\ComboFix.exe
Deleted : C:\Users\Borovský Lukáš\Desktop\Fixlog.txt
Deleted : C:\Users\Borovský Lukáš\Desktop\FRST64.exe
Deleted : C:\Users\Borovský Lukáš\Desktop\JRT.exe
Deleted : C:\Users\Borovský Lukáš\Desktop\HijackThis.exe
Deleted : C:\Users\Borovský Lukáš\Desktop\RogueKiller_portable64.exe
Deleted : C:\Users\Borovský Lukáš\Desktop\TFC.exe
Deleted : C:\Users\Borovský Lukáš\Desktop\zoek-results.txt
Deleted : C:\Users\Borovský Lukáš\Desktop\zoek.exe
Deleted : C:\Users\Borovský Lukáš\Downloads\AdwCleaner.exe
Deleted : C:\Users\Borovský Lukáš\Downloads\ComboFix.exe
Deleted : C:\Users\Borovský Lukáš\Downloads\FRST64.exe
Deleted : C:\Users\Borovský Lukáš\Downloads\JRT.exe
Deleted : C:\Users\Borovský Lukáš\Downloads\RogueKiller_portable64.exe
Deleted : C:\Users\Borovský Lukáš\Downloads\TFC.exe
Deleted : C:\Users\Borovský Lukáš\Downloads\zoek.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Cleaning system restore ...

Deleted : RP #139 [Windows Update | 01/12/2018 20:06:43]
Deleted : RP #141 [Installed Sophos Virus Removal Tool. | 01/17/2018 20:19:42]

New restore point created !

########## - EOF - ##########


Zpět na “Viry, antiviry, firewally…”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 5 hostů